def auth_login(auth, **kwargs): """If GET request, show login page. If POST, attempt to log user in if login form passsed; else send forgot password email. """ campaign = request.args.get('campaign') next_url = request.args.get('next') must_login_warning = True if campaign: next_url = campaigns.campaign_url_for(campaign) if not next_url: next_url = request.args.get('redirect_url') must_login_warning = False if next_url: # Only allow redirects which are relative root or full domain, disallows external redirects. if not (next_url[0] == '/' or next_url.startswith(settings.DOMAIN) or next_url.startswith(settings.CAS_SERVER_URL) or next_url.startswith(settings.MFR_SERVER_URL)): raise HTTPError(http.InvalidURL) if auth.logged_in: if not request.args.get('logout'): if next_url: return redirect(next_url) return redirect('/') # redirect user to CAS for logout, return here w/o authentication return auth_logout(redirect_url=request.url) if kwargs.get('first', False): status.push_status_message('You may now log in', kind='info', trust=False) status_message = request.args.get('status', '') if status_message == 'expired': status.push_status_message('The private link you used is expired.', trust=False) status.push_status_message('The private link you used is expired. Please <a href="/settings/account/">' 'resend email.</a>', trust=False) if next_url and must_login_warning: status.push_status_message(language.MUST_LOGIN, trust=False) # set login_url to form action, upon successful authentication specifically w/o logout=True, # allows for next to be followed or a redirect to the dashboard. redirect_url = web_url_for('auth_login', next=next_url, _absolute=True) data = {} if campaign and campaign in campaigns.CAMPAIGNS: if (campaign == 'institution' and settings.ENABLE_INSTITUTIONS) or campaign != 'institution': data['campaign'] = campaign data['login_url'] = cas.get_login_url(redirect_url, auto=True) data['institution_redirect'] = cas.get_institution_target(redirect_url) data['redirect_url'] = next_url data['sign_up'] = request.args.get('sign_up', False) data['existing_user'] = request.args.get('existing_user', None) return data, http.OK
def auth_login(auth, **kwargs): """If GET request, show login page. If POST, attempt to log user in if login form passsed; else send forgot password email. """ campaign = request.args.get('campaign') next_url = request.args.get('next') must_login_warning = True if campaign: next_url = campaigns.campaign_url_for(campaign) if not next_url: next_url = request.args.get('redirect_url') must_login_warning = False if next_url: # Only allow redirects which are relative root or full domain, disallows external redirects. if not (next_url[0] == '/' or next_url.startswith(settings.DOMAIN)): raise HTTPError(http.InvalidURL) if auth.logged_in: if not request.args.get('logout'): if next_url: return redirect(next_url) return redirect('/') # redirect user to CAS for logout, return here w/o authentication return auth_logout(redirect_url=request.url) if kwargs.get('first', False): status.push_status_message('You may now log in', kind='info', trust=False) status_message = request.args.get('status', '') if status_message == 'expired': status.push_status_message('The private link you used is expired.', trust=False) if next_url and must_login_warning: status.push_status_message(language.MUST_LOGIN, trust=False) # set login_url to form action, upon successful authentication specifically w/o logout=True, # allows for next to be followed or a redirect to the dashboard. redirect_url = web_url_for('auth_login', next=next_url, _absolute=True) data = {} if campaign and campaign in campaigns.CAMPAIGNS: if (campaign == 'institution' and settings.ENABLE_INSTITUTIONS) or campaign != 'institution': data['campaign'] = campaign data['login_url'] = cas.get_login_url(redirect_url, auto=True) data['institution_redirect'] = cas.get_institution_target(redirect_url) data['redirect_url'] = next_url data['sign_up'] = request.args.get('sign_up', False) return data, http.OK
def auth_login(auth, **kwargs): """ This view serves as the entry point for OSF login and campaign login. HTTP Method: GET GET '/login/' without any query parameter: redirect to CAS login page with dashboard as target service GET '/login/?logout=true log user out and redirect to CAS login page with redirect_url or next_url as target service GET '/login/?campaign=instituion: if user is logged in, redirect to 'dashboard' show institution login GET '/login/?campaign=prereg: if user is logged in, redirect to prereg home page else show sign up page and notify user to sign in, set next to prereg home page GET '/login/?next=next_url: if user is logged in, redirect to next_url else redirect to CAS login page with next_url as target service """ campaign = request.args.get('campaign') next_url = request.args.get('next') log_out = request.args.get('logout') must_login_warning = True if not campaign and not next_url and not log_out: if auth.logged_in: return redirect(web_url_for('dashboard')) return redirect(cas.get_login_url(web_url_for('dashboard', _absolute=True))) if campaign: next_url = campaigns.campaign_url_for(campaign) if not next_url: next_url = request.args.get('redirect_url') must_login_warning = False if next_url: # Only allow redirects which are relative root or full domain, disallows external redirects. if not (next_url[0] == '/' or next_url.startswith(settings.DOMAIN) or next_url.startswith(settings.CAS_SERVER_URL) or next_url.startswith(settings.MFR_SERVER_URL)): raise HTTPError(http.InvalidURL) if auth.logged_in: if not log_out: if next_url: return redirect(next_url) return redirect('dashboard') # redirect user to CAS for logout, return here w/o authentication return auth_logout(redirect_url=request.url) status_message = request.args.get('status', '') if status_message == 'expired': status.push_status_message('The private link you used is expired.', trust=False) status.push_status_message('The private link you used is expired. Please <a href="/settings/account/">' 'resend email.</a>', trust=False) if next_url and must_login_warning: status.push_status_message(language.MUST_LOGIN, trust=False) # set login_url to form action, upon successful authentication specifically w/o logout=True, # allows for next to be followed or a redirect to the dashboard. redirect_url = web_url_for('auth_login', next=next_url, _absolute=True) data = {} if campaign and campaign in campaigns.CAMPAIGNS: if (campaign == 'institution' and settings.ENABLE_INSTITUTIONS) or campaign != 'institution': data['campaign'] = campaign data['login_url'] = cas.get_login_url(redirect_url) data['institution_redirect'] = cas.get_institution_target(redirect_url) data['redirect_url'] = next_url data['sign_up'] = request.args.get('sign_up', False) data['existing_user'] = request.args.get('existing_user', None) return data, http.OK
def auth_login(auth, **kwargs): """ This view serves as the entry point for OSF login and campaign login. HTTP Method: GET GET '/login/' without any query parameter: redirect to CAS login page with dashboard as target service GET '/login/?logout=true log user out and redirect to CAS login page with redirect_url or next_url as target service GET '/login/?campaign=instituion: if user is logged in, redirect to 'dashboard' show institution login GET '/login/?campaign=prereg: if user is logged in, redirect to prereg home page else show sign up page and notify user to sign in, set next to prereg home page GET '/login/?next=next_url: if user is logged in, redirect to next_url else redirect to CAS login page with next_url as target service """ campaign = request.args.get('campaign') next_url = request.args.get('next') log_out = request.args.get('logout') must_login_warning = True if not campaign and not next_url and not log_out: if auth.logged_in: return redirect(web_url_for('dashboard')) return redirect(cas.get_login_url(web_url_for('dashboard', _absolute=True))) if campaign: must_login_warning = False next_url = campaigns.campaign_url_for(campaign) if not next_url: next_url = request.args.get('redirect_url') must_login_warning = False if not validate_next_url(next_url): raise HTTPError(http.BAD_REQUEST) if auth.logged_in: if not log_out: if next_url: return redirect(next_url) return redirect('dashboard') # redirect user to CAS for logout, return here w/o authentication return auth_logout(redirect_url=request.url) status_message = request.args.get('status', '') if status_message == 'expired': status.push_status_message('The private link you used is expired.', trust=False) status.push_status_message('The private link you used is expired. Please <a href="/settings/account/">' 'resend email.</a>', trust=False) if next_url and must_login_warning: status.push_status_message(language.MUST_LOGIN, trust=False) # set login_url to form action, upon successful authentication specifically w/o logout=True, # allows for next to be followed or a redirect to the dashboard. redirect_url = web_url_for('auth_login', next=next_url, _absolute=True) data = {} if campaign and campaign in campaigns.CAMPAIGNS: if (campaign == 'institution' and settings.ENABLE_INSTITUTIONS) or campaign != 'institution': data['campaign'] = campaign data['login_url'] = cas.get_login_url(redirect_url) data['institution_redirect'] = cas.get_institution_target(redirect_url) data['redirect_url'] = next_url data['sign_up'] = request.args.get('sign_up', False) data['existing_user'] = request.args.get('existing_user', None) return data, http.OK