def ViewHome(request):
logged_in = authenticated_userid(request)
loginurl = login_url(request, 'google')
return {
"loginurl": loginurl,
"logged_in": logged_in,
"logouturl": request.route_url('logout')
}
def login(request):
url = "/"
fas_url = "https://admin.fedoraproject.org/accounts/openid/id/"
username = request.params.get('fas_username')
if username:
identifier = "openid_identifier={0}{1}".format(fas_url, username)
url = velruse.login_url(request, 'openid') + "?" + identifier
return HTTPFound(location=url)
return {}
def login(request):
url = "/"
fas_url = "https://admin.fedoraproject.org/accounts/openid/id/"
username = request.params.get('fas_username')
if username:
identifier = "openid_identifier={0}{1}".format(fas_url, username)
url = velruse.login_url(request, 'openid') + "?" + identifier
return HTTPFound(location=url)
return {}
def do_login(request):
""" Store the redirect in the session and log in with google """
login_url = request.route_url('login')
if request.url != login_url:
request.session['next'] = request.url
elif 'next' in request.GET:
request.session['next'] = request.GET['next']
else:
request.session['next'] = _get_app_root(request)
return HTTPFound(location=velruse.login_url(request, 'google'))
def view_users(request):
logged_in = authenticated_userid(request)
loginurl = login_url(request, 'google')
UserList = get_users()
return {
"loginurl": loginurl,
"logged_in": logged_in,
"logouturl": request.route_url('logout'),
'users': UserList
}
def view_home(request):
logged_in = authenticated_userid(request)
loginurl = login_url(request, 'google')
PiList = get_pis()
return {
"loginurl": loginurl,
"logged_in": logged_in,
"logouturl": request.route_url('logout'),
'pis': PiList
}
def __call__(self):
if self.request.params.get('form.submitted', None) is not None:
resp = self.login()
if resp:
# if this returned with something, we deal with it
return resp
# Log in user seamlessly with kerberos if enabled
try_kerberos = self.request.GET.get('try_kerberos', None)
if try_kerberos:
try_kerberos = asbool(try_kerberos)
else:
try_kerberos = asbool(get_config_setting('kerberos', 'False'))
if try_kerberos:
from karl.security.kerberos_auth import get_kerberos_userid
userid = get_kerberos_userid(self.request)
if userid:
return remember_login(self.context, self.request, userid, None)
# Break infinite loop if kerberos authorization fails
if (self.request.authorization
and self.request.authorization[0] == 'Negotiate'):
try_kerberos = False
page_title = 'Login to %s' % get_setting(self.context, 'title')
api = TemplateAPI(self.context, self.request, page_title)
sso_providers = []
sso = self.settings.get('sso')
if sso:
# importing here rather than in global scope allows to only require
# velruse be installed for systems using it.
from velruse import login_url
for name in sso.split():
provider = self.settings.get('sso.%s.provider' % name)
title = self.settings.get('sso.%s.title' % name)
sso_providers.append({
'title': title,
'name': name,
'url': login_url(self.request, provider)
})
api.status_message = self.request.params.get('reason', None)
response = render_to_response(
'templates/login.pt',
dict(api=api,
nothing='',
try_kerberos=try_kerberos,
sso_providers=sso_providers,
came_from=self.request.params.get('came_from', ''),
app_url=self.request.application_url),
request=self.request)
forget_headers = forget(self.request)
response.headers.extend(forget_headers)
return response
def __call__(self):
if self.request.params.get('form.submitted', None) is not None:
resp = self.login()
if resp:
# if this returned with something, we deal with it
return resp
# Log in user seamlessly with kerberos if enabled
try_kerberos = self.request.GET.get('try_kerberos', None)
if try_kerberos:
try_kerberos = asbool(try_kerberos)
else:
try_kerberos = asbool(get_config_setting('kerberos', 'False'))
if try_kerberos:
from karl.security.kerberos_auth import get_kerberos_userid
userid = get_kerberos_userid(self.request)
if userid:
return remember_login(self.context, self.request, userid, None)
# Break infinite loop if kerberos authorization fails
if (self.request.authorization and
self.request.authorization[0] == 'Negotiate'):
try_kerberos = False
page_title = 'Login to %s' % get_setting(self.context, 'title')
api = TemplateAPI(self.context, self.request, page_title)
sso_providers = []
sso = self.settings.get('sso')
if sso:
# importing here rather than in global scope allows to only require
# velruse be installed for systems using it.
from velruse import login_url
for name in sso.split():
provider = self.settings.get('sso.%s.provider' % name)
title = self.settings.get('sso.%s.title' % name)
sso_providers.append({'title': title, 'name': name,
'url': login_url(self.request, provider)})
api.status_message = self.request.params.get('reason', None)
response = render_to_response(
'templates/login.pt',
dict(
api=api,
nothing='',
try_kerberos=try_kerberos,
sso_providers=sso_providers,
came_from=self.request.params.get('came_from', ''),
app_url=self.request.application_url),
request=self.request)
forget_headers = forget(self.request)
response.headers.extend(forget_headers)
return response
def get_providers(request):
"""external auth provider list
simple REST getter for a list of all registered auth providers.
"""
return {
'providers': [{
'name': provider.name,
'url': login_url(request, provider.name),
'scope': provider.scope
} for provider in request.registry.velruse_providers.values()]
}
def forbidden_view(request):
userid = authenticated_userid(request)
if userid:
if not hasattr(request, 'user'):
request.user = User.get_by_id(userid)
if not request.user.verified:
next = route_url('signup', request)
return HTTPFound(location=next)
return Response('forbidden')
next = login_url(request, 'google')
return HTTPFound(location=next)
def twitter_login_url(self):
return login_url(self.request, 'twitter')
def _login_form(context, request):
response = {'login_url': login_url(request, 'openid')}
return render("templates/openid.pt", response, request = request)
def login_view(context, request):
settings = request.registry.settings
request.layout_manager.use_layout('anonymous')
came_from = _fixup_came_from(request, request.POST.get('came_from'))
if request.params.get('form.submitted', None) is not None:
challenge_qs = {'came_from': came_from}
# identify
login = request.POST.get('login')
password = request.POST.get('password')
if login is None or password is None:
return HTTPFound(location='%s/login.html' %
request.application_url)
max_age = request.POST.get('max_age')
if max_age is not None:
max_age = int(max_age)
# authenticate
userid = None
reason = 'Bad username or password'
users = find_users(context)
for authenticate in (password_authenticator,
impersonate_authenticator):
userid = authenticate(users, login, password)
if userid:
break
# if not successful, try again
if not userid:
challenge_qs['reason'] = reason
return HTTPFound(
location='%s/login.html?%s' %
(request.application_url, urlencode(challenge_qs, doseq=True)))
# else, remember
return remember_login(context, request, userid, max_age, came_from)
# Log in user seamlessly with kerberos if enabled
try_kerberos = request.GET.get('try_kerberos', None)
if try_kerberos:
try_kerberos = asbool(try_kerberos)
else:
try_kerberos = asbool(get_setting(context, 'kerberos', 'False'))
if try_kerberos:
from karl.security.kerberos_auth import get_kerberos_userid
userid = get_kerberos_userid(request)
if userid:
return remember_login(context, request, userid, None, came_from)
# Break infinite loop if kerberos authorization fails
if request.authorization and request.authorization[0] == 'Negotiate':
try_kerberos = False
page_title = 'Login to %s' % settings.get(
'system_name', 'KARL') # Per #366377, don't say what screen
layout = request.layout_manager.layout
layout.page_title = page_title
api = TemplateAPI(context, request, page_title)
came_from = _fixup_came_from(request,
request.params.get('came_from', request.url))
request.session['came_from'] = came_from
sso_providers = []
sso = settings.get('sso')
if sso:
# importing here rather than in global scope allows to only require
# velruse be installed for systems using it.
from velruse import login_url
for name in sso.split():
provider = settings.get('sso.%s.provider' % name)
title = settings.get('sso.%s.title' % name)
sso_providers.append({
'title': title,
'name': name,
'url': login_url(request, provider)
})
api.status_message = request.params.get('reason', None)
response = render_to_response('templates/login.pt',
dict(api=api,
came_from=came_from,
nothing='',
try_kerberos=try_kerberos,
sso_providers=sso_providers,
app_url=request.application_url),
request=request)
forget_headers = forget(request)
response.headers.extend(forget_headers)
return response
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
# inject the url from the environment
settings['sqlalchemy.url'] = os.environ.get(
'DATABASE_URL', 'postgresql://cewing:@localhost:5432/lj2')
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.bind = engine
# authn/authz configuration
auth_secret = os.environ.get('LJ_AUTH_SECRET', 'itsaseekrit')
authentication_policy = AuthTktAuthenticationPolicy(
secret=auth_secret,
hashalg='sha512',
callback=groupfinder,
)
authorization_policy = ACLAuthorizationPolicy()
config = Configurator(
settings=settings,
authentication_policy=authentication_policy,
authorization_policy=authorization_policy,
root_factory=DefaultRoot,
)
# add a view predicate to validate api keys:
config.add_view_predicate('valid_api_key', APIKeyPredicate)
# github authentication configuration:
config.include('velruse.providers.github')
github_key = os.environ.get('LJ_GITHUB_KEY', None)
github_secret = os.environ.get('LJ_GITHUB_SECRET', None)
if not github_key and not github_secret:
raise ConfigurationError(
'Github Login requires LJ_GITHUB_SECRET and LJ_GITHUB_KEY set in the environment'
)
config.add_github_login(
consumer_key=github_key,
consumer_secret=github_secret,
scope=settings.get('velruse.providers.github.scope',
'user, public_repo'),
)
# provide constructing the login url as a request method
config.add_request_method(lambda req, svc='github': login_url(req, svc),
name='login_url')
# session configuration
session_secret = os.environ.get('LJ_SESSION_SECRET', 'itsaseekrit')
session_factory = SignedCookieSessionFactory(session_secret)
config.set_session_factory(session_factory)
# templating configuration
config.include('pyramid_jinja2')
# view configuration
config.add_static_view('static', 'static', cache_max_age=3600)
config.add_route('home', '/')
config.add_route('mine', '/mine')
config.add_route('about', '/about')
config.add_route('create', '/entry/create')
config.add_route('entry',
'/entry/{id:\d+}',
factory=EntryRoot,
traverse='/{id:\d+}')
config.add_route('edit',
'/entry/{id:\d+}/edit',
factory=EntryRoot,
traverse='/{id:\d+}')
config.add_route('delete',
'/entry/{id:\d+}/delete',
factory=EntryRoot,
traverse='/{id:\d+}')
config.add_route('apikey', '/api/key')
config.add_route('export', '/api/export')
config.add_route('logout', '/logout')
# add user to the request
config.add_request_method(get_user, 'user', reify=True)
# approved and admin usernames, too
config.add_request_method(get_approved_users, 'approved', reify=True)
config.add_request_method(get_admin_users, 'admins', reify=True)
config.add_request_method(get_active_courses, 'courses', reify=True)
config.scan()
return config.make_wsgi_app()
def _login_btn(context, request):
response = {'login_url': login_url(request, 'twitter')}
return render("templates/twitter.pt", response, request = request)
def google_login_url(self):
return login_url(self.request, 'google')
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
# inject the url from the environment
settings['sqlalchemy.url'] = os.environ.get(
'DATABASE_URL',
'postgresql://cewing:@localhost:5432/lj2'
)
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.bind = engine
# authn/authz configuration
auth_secret = os.environ.get('LJ_AUTH_SECRET', 'itsaseekrit')
authentication_policy=AuthTktAuthenticationPolicy(
secret=auth_secret,
hashalg='sha512',
callback=groupfinder,
)
authorization_policy=ACLAuthorizationPolicy()
config = Configurator(
settings=settings,
authentication_policy=authentication_policy,
authorization_policy=authorization_policy,
root_factory=DefaultRoot,
)
# add a view predicate to validate api keys:
config.add_view_predicate('valid_api_key', APIKeyPredicate)
# github authentication configuration:
config.include('velruse.providers.github')
github_key = os.environ.get('LJ_GITHUB_KEY', None)
github_secret = os.environ.get('LJ_GITHUB_SECRET', None)
if not github_key and not github_secret:
raise ConfigurationError(
'Github Login requires LJ_GITHUB_SECRET and LJ_GITHUB_KEY set in the environment'
)
config.add_github_login(
consumer_key=github_key,
consumer_secret=github_secret,
scope=settings.get(
'velruse.providers.github.scope', 'user, public_repo'
),
)
# provide constructing the login url as a request method
config.add_request_method(
lambda req, svc='github': login_url(req, svc),
name='login_url'
)
# session configuration
session_secret = os.environ.get('LJ_SESSION_SECRET', 'itsaseekrit')
session_factory = SignedCookieSessionFactory(session_secret)
config.set_session_factory(session_factory)
# templating configuration
config.include('pyramid_jinja2')
# view configuration
config.add_static_view('static', 'static', cache_max_age=3600)
config.add_route('home', '/')
config.add_route('mine', '/mine')
config.add_route('about', '/about')
config.add_route('create', '/entry/create')
config.add_route(
'entry', '/entry/{id:\d+}', factory=EntryRoot, traverse='/{id:\d+}'
)
config.add_route(
'edit', '/entry/{id:\d+}/edit', factory=EntryRoot, traverse='/{id:\d+}'
)
config.add_route(
'delete', '/entry/{id:\d+}/delete', factory=EntryRoot, traverse='/{id:\d+}'
)
config.add_route('apikey', '/api/key')
config.add_route('export', '/api/export')
config.add_route('logout', '/logout')
# add user to the request
config.add_request_method(get_user, 'user', reify=True)
# approved and admin usernames, too
config.add_request_method(get_approved_users, 'approved', reify=True)
config.add_request_method(get_admin_users, 'admins', reify=True)
config.add_request_method(get_active_courses, 'courses', reify=True)
config.scan()
return config.make_wsgi_app()
def _login_btn(context, request):
response = {'login_url': login_url(request, 'facebook')}
return render("templates/facebook.pt", response, request = request)
def login(context, request):
request.session['came_from'] = request.params.get(
'came_from', request.resource_url(context))
return HTTPFound(velruse.login_url(request, 'google'))
def get_login_url(self, request):
return login_url(request, self.connector_id)
def get_login_url(self, request):
return login_url(request, self.connector_id)
def do_login(request):
""" Store the redirect in the session and log in with google """
if 'next' in request.GET:
request.session['next'] = request.GET['next']
raise HTTPFound(location=velruse.login_url(request, 'google'))
def login_view(request):
return {
'login_url': login_url(request, 'facebook')
}
def login(request):
log.debug('login')
login_url = velruse.login_url(request, 'github')
return {'login_url': login_url}
def login_view(context, request):
settings = request.registry.settings
came_from = request.session.get('came_from', request.url)
came_from = _fixup_came_from(request, came_from)
request.session['came_from'] = came_from
if request.params.get('form.submitted', None) is not None:
# identify
login = request.POST.get('login')
password = request.POST.get('password')
if login is None or password is None:
return HTTPFound(location='%s/login.html'
% request.application_url)
max_age = request.POST.get('max_age')
if max_age is not None:
max_age = int(max_age)
# authenticate
userid = None
reason = 'Bad username or password'
users = find_users(context)
for authenticate in (password_authenticator, impersonate_authenticator):
userid = authenticate(users, login, password)
if userid:
break
# if not successful, try again
if not userid:
redirect = request.resource_url(
request.root, 'login.html', query={'reason': reason})
return HTTPFound(location=redirect)
# else, remember
return remember_login(context, request, userid, max_age)
# Log in user seamlessly with kerberos if enabled
try_kerberos = request.GET.get('try_kerberos', None)
if try_kerberos:
try_kerberos = asbool(try_kerberos)
else:
try_kerberos = asbool(get_setting(context, 'kerberos', 'False'))
if try_kerberos:
from karl.security.kerberos_auth import get_kerberos_userid
userid = get_kerberos_userid(request)
if userid:
return remember_login(context, request, userid, None)
# Break infinite loop if kerberos authorization fails
if request.authorization and request.authorization[0] == 'Negotiate':
try_kerberos = False
page_title = 'Login to %s' % settings.get('system_name', 'KARL') # Per #366377, don't say what screen
api = TemplateAPI(context, request, page_title)
sso_providers = []
sso = settings.get('sso')
if sso:
# importing here rather than in global scope allows to only require
# velruse be installed for systems using it.
from velruse import login_url
for name in sso.split():
provider = settings.get('sso.%s.provider' % name)
title = settings.get('sso.%s.title' % name)
sso_providers.append({'title': title, 'name': name,
'url': login_url(request, provider)})
api.status_message = request.params.get('reason', None)
response = render_to_response(
'templates/login.pt',
dict(
api=api,
nothing='',
try_kerberos=try_kerberos,
sso_providers=sso_providers,
app_url=request.application_url),
request=request)
forget_headers = forget(request)
response.headers.extend(forget_headers)
return response
def login(request):
settings = request.registry.settings
ident = "openid_identifier=" + settings.get('tahrir.openid_identifier')
url = velruse.login_url(request, 'openid') + "?" + ident
return HTTPFound(location=url)
def login_view(request):
return HTTPFound(location=login_url(request, 'github'))
def login_view(request):
return {
'login_url': lambda name: login_url(request, name),
'providers': request.registry.settings['login_providers'],
}
def location(self):
request = get_current_request()
return velruse.login_url(request, self.id)
def view_home(request):
logged_in = authenticated_userid(request)
loginurl = login_url(request, 'google')
PiList = get_pis()
return {"loginurl": loginurl, "logged_in": logged_in, "logouturl": request.route_url('logout'), 'pis': PiList}
def view_users(request):
logged_in = authenticated_userid(request)
loginurl = login_url(request, 'google')
UserList = get_users()
return {"loginurl": loginurl, "logged_in": logged_in, "logouturl": request.route_url('logout'), 'users': UserList}
def login_view(request):
return {
'login_url': lambda name: login_url(request, name),
'providers': request.registry.settings['login_providers'],
}
def home_unauth(request):
return {'login_url': login_url(request, 'google')}
def login(request):
settings = request.registry.settings
ident = "openid_identifier=" + settings.get('tahrir.openid_identifier')
url = velruse.login_url(request, 'openid') + "?" + ident
return HTTPFound(location=url)
def home_view(request):
return {
'github_login_url': login_url(request, 'github'),
}
