def do_login(): # handle the sent login form err = None if html.var('_login'): try: username = html.get_unicode_input('_username', '').rstrip() if username == '': raise MKUserError('_username', _('No username given.')) password = html.var('_password', '') if password == '': raise MKUserError('_password', _('No password given.')) origtarget = html.var('_origtarget') # Disallow redirections to: # - logout.py: Happens after login # - side.py: Happens when invalid login is detected during sidebar refresh # - Full qualified URLs (http://...) to prevent redirection attacks if not origtarget or "logout.py" in origtarget or 'side.py' in origtarget or '://' in origtarget: origtarget = defaults.url_prefix + 'check_mk/' # None -> User unknown, means continue with other connectors # '<user_id>' -> success # False -> failed result = userdb.hook_login(username, password) if result: # use the username provided by the successful login function, this function # might have transformed the username provided by the user. e.g. switched # from mixed case to lower case. username = result # When single user session mode is enabled, check that there is not another # active session userdb.ensure_user_can_init_session(username) # reset failed login counts userdb.on_succeeded_login(username) # The login succeeded! Now: # a) Set the auth cookie # b) Unset the login vars in further processing # c) Redirect to really requested page create_auth_session(username) # Never use inplace redirect handling anymore as used in the past. This results # in some unexpected situations. We simpy use 302 redirects now. So we have a # clear situation. # userdb.need_to_change_pw returns either False or the reason description why the # password needs to be changed result = userdb.need_to_change_pw(username) if result: html.http_redirect('user_change_pw.py?_origtarget=%s&reason=%s' % (html.urlencode(origtarget), result)) else: html.http_redirect(origtarget) else: userdb.on_failed_login(username) raise MKUserError(None, _('Invalid credentials.')) except MKUserError, e: html.add_user_error(e.varname, e) return "%s" % e
def do_login(): # handle the sent login form if html.var('_login'): try: username = html.get_unicode_input('_username', '').rstrip() if username == '': raise MKUserError('_username', _('No username given.')) password = html.var('_password', '') if password == '': raise MKUserError('_password', _('No password given.')) origtarget = html.var('_origtarget') # Disallow redirections to: # - logout.py: Happens after login # - side.py: Happens when invalid login is detected during sidebar refresh # - Full qualified URLs (http://...) to prevent redirection attacks if not origtarget or "logout.py" in origtarget or 'side.py' in origtarget or '://' in origtarget: origtarget = config.url_prefix() + 'check_mk/' # None -> User unknown, means continue with other connectors # '<user_id>' -> success # False -> failed result = userdb.hook_login(username, password) if result: # use the username provided by the successful login function, this function # might have transformed the username provided by the user. e.g. switched # from mixed case to lower case. username = result # When single user session mode is enabled, check that there is not another # active session userdb.ensure_user_can_init_session(username) # reset failed login counts userdb.on_succeeded_login(username) # The login succeeded! Now: # a) Set the auth cookie # b) Unset the login vars in further processing # c) Redirect to really requested page create_auth_session(username) # Never use inplace redirect handling anymore as used in the past. This results # in some unexpected situations. We simpy use 302 redirects now. So we have a # clear situation. # userdb.need_to_change_pw returns either False or the reason description why the # password needs to be changed result = userdb.need_to_change_pw(username) if result: html.http_redirect('user_change_pw.py?_origtarget=%s&reason=%s' % (html.urlencode(origtarget), result)) else: html.http_redirect(origtarget) else: userdb.on_failed_login(username) raise MKUserError(None, _('Invalid credentials.')) except MKUserError, e: html.add_user_error(e.varname, e) return "%s" % e
def do_login(): # handle the sent login form err = None if html.var('_login'): try: username = html.var('_username', '').rstrip() if username == '': raise MKUserError('_username', _('No username given.')) password = html.var('_password', '') if password == '': raise MKUserError('_password', _('No password given.')) origtarget = html.var('_origtarget') if not origtarget or "logout.py" in origtarget: origtarget = defaults.url_prefix + 'check_mk/' # None -> User unknown, means continue with other connectors # '<user_id>' -> success # False -> failed result = userdb.hook_login(username, password) if result: # use the username provided by the successful login function, this function # might have transformed the username provided by the user. e.g. switched # from mixed case to lower case. username = result # reset failed login counts userdb.on_succeeded_login(username) # The login succeeded! Now: # a) Set the auth cookie # b) Unset the login vars in further processing # c) Show the real requested page (No redirect needed) set_auth_cookie(username, load_serial(username)) # Use redirects for URLs or simply execute other handlers for # mulitsite modules if '/' in origtarget or '?' in origtarget: html.set_http_header('Location', origtarget) raise apache.SERVER_RETURN, apache.HTTP_MOVED_TEMPORARILY else: # Remove login vars to hide them from the next page handler try: del html.req.vars['_username'] del html.req.vars['_password'] del html.req.vars['_login'] del html.req.vars['_origtarget'] except: pass return (username, origtarget) else: userdb.on_failed_login(username) raise MKUserError(None, _('Invalid credentials.')) except MKUserError, e: html.add_user_error(e.varname, e.message) return e.message
def do_login(): # handle the sent login form err = None if html.var('_login'): try: username = html.var('_username', '').rstrip() if username == '': raise MKUserError('_username', _('No username given.')) password = html.var('_password', '') if password == '': raise MKUserError('_password', _('No password given.')) origtarget = html.var('_origtarget') # Disallow redirections to: # - logout.py: Happens after login # - Full qualified URLs (http://...) to prevent redirection attacks if not origtarget or "logout.py" in origtarget or '://' in origtarget: origtarget = defaults.url_prefix + 'check_mk/' # None -> User unknown, means continue with other connectors # '<user_id>' -> success # False -> failed result = userdb.hook_login(username, password) if result: # use the username provided by the successful login function, this function # might have transformed the username provided by the user. e.g. switched # from mixed case to lower case. username = result # reset failed login counts userdb.on_succeeded_login(username) # The login succeeded! Now: # a) Set the auth cookie # b) Unset the login vars in further processing # c) Show the real requested page (No redirect needed) set_auth_cookie(username, load_serial(username)) # Never use inplace redirect handling anymore as used in the past. This results # in some unexpected situations. We simpy use 302 redirects now. So we have a # clear situation. html.set_http_header('Location', origtarget) raise apache.SERVER_RETURN, apache.HTTP_MOVED_TEMPORARILY else: userdb.on_failed_login(username) raise MKUserError(None, _('Invalid credentials.')) except MKUserError, e: html.add_user_error(e.varname, e.message) return e.message