def reference_outline_view(context, request): # Look for moveUp or moveDown in QUERY_STRING, telling us to # reorder something status_message = None subpath = request.params.get('subpath') backto = { 'href': resource_url(context.__parent__, request), 'title': context.__parent__.title, } user_can_edit = False actions = [] if has_permission('create', context, request): addables = get_folder_addables(context, request) if addables is not None: actions.extend(addables()) if has_permission('edit', context, request): user_can_edit = True actions.append(('Edit', 'edit.html')) if subpath: direction = request.params['direction'] status_message = move_subpath(context, subpath, direction) if has_permission('delete', context, request): actions.append(('Delete', 'delete.html')) if has_permission('administer', context, request): actions.append(('Advanced', 'advanced.html')) page_title = context.title api = TemplateAPI(context, request, page_title) # Get a layout layout_provider = get_layout_provider(context, request) layout = layout_provider() # provide client data for rendering current tags in the tagbox client_json_data = dict( tagbox=get_tags_client_data(context, request), ) previous, next = get_previous_next(context, request) api.status_message = status_message return render_to_response( 'templates/show_referencemanual.pt', dict(api=api, actions=actions, user_can_edit=user_can_edit, head_data=convert_to_script(client_json_data), tree=getTree(context, request, api), backto=backto, layout=layout, previous_entry=previous, next_entry=next), request=request, )
def __call__(self): if self.request.params.get('form.submitted', None) is not None: resp = self.login() if resp: # if this returned with something, we deal with it return resp # Log in user seamlessly with kerberos if enabled try_kerberos = self.request.GET.get('try_kerberos', None) if try_kerberos: try_kerberos = asbool(try_kerberos) else: try_kerberos = asbool(get_config_setting('kerberos', 'False')) if try_kerberos: from karl.security.kerberos_auth import get_kerberos_userid userid = get_kerberos_userid(self.request) if userid: return remember_login(self.context, self.request, userid, None) # Break infinite loop if kerberos authorization fails if (self.request.authorization and self.request.authorization[0] == 'Negotiate'): try_kerberos = False page_title = 'Login to %s' % get_setting(self.context, 'title') api = TemplateAPI(self.context, self.request, page_title) sso_providers = [] sso = self.settings.get('sso') if sso: # importing here rather than in global scope allows to only require # velruse be installed for systems using it. from velruse import login_url for name in sso.split(): provider = self.settings.get('sso.%s.provider' % name) title = self.settings.get('sso.%s.title' % name) sso_providers.append({ 'title': title, 'name': name, 'url': login_url(self.request, provider) }) api.status_message = self.request.params.get('reason', None) response = render_to_response( 'templates/login.pt', dict(api=api, nothing='', try_kerberos=try_kerberos, sso_providers=sso_providers, came_from=self.request.params.get('came_from', ''), app_url=self.request.application_url), request=self.request) forget_headers = forget(self.request) response.headers.extend(forget_headers) return response
def reference_outline_view(context, request): # Look for moveUp or moveDown in QUERY_STRING, telling us to # reorder something status_message = None subpath = request.params.get('subpath') backto = { 'href': resource_url(context.__parent__, request), 'title': context.__parent__.title, } user_can_edit = False actions = [] if has_permission('create', context, request): addables = get_folder_addables(context, request) if addables is not None: actions.extend(addables()) if has_permission('edit', context, request): user_can_edit = True actions.append(('Edit', 'edit.html')) if subpath: direction = request.params['direction'] status_message = move_subpath(context, subpath, direction) if has_permission('delete', context, request): actions.append(('Delete', 'delete.html')) if has_permission('administer', context, request): actions.append(('Advanced', 'advanced.html')) page_title = context.title api = TemplateAPI(context, request, page_title) # Get a layout layout_provider = get_layout_provider(context, request) layout = layout_provider() # provide client data for rendering current tags in the tagbox client_json_data = dict(tagbox=get_tags_client_data(context, request), ) previous, next = get_previous_next(context, request) api.status_message = status_message return render_to_response( 'templates/show_referencemanual.pt', dict(api=api, actions=actions, user_can_edit=user_can_edit, head_data=convert_to_script(client_json_data), tree=getTree(context, request, api), backto=backto, layout=layout, previous_entry=previous, next_entry=next), request=request, )
def admin_contents_moveup_view(context, request): api = TemplateAPI(context, request, 'Contents') name = request.GET['name'] order = context.order n = order.index(name) if n == 0: api.status_message = 'Already at top of list' else: order[n], order[n-1] = order[n-1], order[n] context.order = order return HTTPFound(location=resource_url(context, request, 'admin.html'))
def admin_contents_movedown_view(context, request): api = TemplateAPI(context, request, 'Contents') name = request.GET['name'] order = list(context.order) # in case it is raw OOBTreeItems n = order.index(name) if n + 1 == len(order): api.status_message = 'Already at bottom of list' else: order[n], order[n + 1] = order[n + 1], order[n] context.order = order return HTTPFound(location=resource_url(context, request, 'admin.html'))
def admin_contents_movedown_view(context, request): api = TemplateAPI(context, request, 'Contents') name = request.GET['name'] order = list(context.order) # in case it is raw OOBTreeItems n = order.index(name) if n+1 == len(order): api.status_message = 'Already at bottom of list' else: order[n], order[n+1] = order[n+1], order[n] context.order = order return HTTPFound(location=resource_url(context, request, 'admin.html'))
def admin_contents_moveup_view(context, request): api = TemplateAPI(context, request, 'Contents') name = request.GET['name'] order = context.order n = order.index(name) if n == 0: api.status_message = 'Already at top of list' else: order[n], order[n - 1] = order[n - 1], order[n] context.order = order return HTTPFound(location=resource_url(context, request, 'admin.html'))
def __call__(self): if self.request.params.get('form.submitted', None) is not None: resp = self.login() if resp: # if this returned with something, we deal with it return resp # Log in user seamlessly with kerberos if enabled try_kerberos = self.request.GET.get('try_kerberos', None) if try_kerberos: try_kerberos = asbool(try_kerberos) else: try_kerberos = asbool(get_config_setting('kerberos', 'False')) if try_kerberos: from karl.security.kerberos_auth import get_kerberos_userid userid = get_kerberos_userid(self.request) if userid: return remember_login(self.context, self.request, userid, None) # Break infinite loop if kerberos authorization fails if (self.request.authorization and self.request.authorization[0] == 'Negotiate'): try_kerberos = False page_title = 'Login to %s' % get_setting(self.context, 'title') api = TemplateAPI(self.context, self.request, page_title) sso_providers = [] sso = self.settings.get('sso') if sso: # importing here rather than in global scope allows to only require # velruse be installed for systems using it. from velruse import login_url for name in sso.split(): provider = self.settings.get('sso.%s.provider' % name) title = self.settings.get('sso.%s.title' % name) sso_providers.append({'title': title, 'name': name, 'url': login_url(self.request, provider)}) api.status_message = self.request.params.get('reason', None) response = render_to_response( 'templates/login.pt', dict( api=api, nothing='', try_kerberos=try_kerberos, sso_providers=sso_providers, came_from=self.request.params.get('came_from', ''), app_url=self.request.application_url), request=self.request) forget_headers = forget(self.request) response.headers.extend(forget_headers) return response
def admin_contents_moveup_view(context, request): peopledir = find_peopledirectory(context) api = TemplateAPI(context, request, "Contents") name = request.GET["name"] order = context.order n = order.index(name) if n == 0: api.status_message = "Already at top of list" else: order[n], order[n - 1] = order[n - 1], order[n] context.order = order return HTTPFound(location=resource_url(context, request, "admin.html"))
def admin_contents_movedown_view(context, request): peopledir = find_peopledirectory(context) api = TemplateAPI(context, request, 'Contents') name = request.GET['name'] order = context.order n = order.index(name) if n+1 == len(order): api.status_message = 'Already at bottom of list' else: order[n], order[n+1] = order[n+1], order[n] context.order = order return HTTPFound(location=model_url(context, request, 'admin.html'))
def admin_contents(context, request): peopledir = find_peopledirectory(context) api = TemplateAPI(context, request, "Contents") if "form.delete" in request.POST: if "selected" not in request.POST: api.status_message = "Please select a value" else: selected = request.POST["selected"] if isinstance(selected, basestring): selected = [selected] for name in selected: del context[name] return HTTPFound(location=resource_url(context, request, "admin.html")) actions = get_admin_actions(context, request) del actions[0] # Get rid of "Edit" action--doesn't make sense here. actions += get_actions(context, request) return dict(api=api, peopledir=peopledir, actions=actions, has_categories=peopledir is context)
def admin_contents(context, request): peopledir = find_peopledirectory(context) api = TemplateAPI(context, request, 'Contents') if 'form.delete' in request.POST: if 'selected' not in request.POST: api.status_message = 'Please select a value' else: for name in request.POST.getall('selected'): del context[name] return HTTPFound( location=resource_url(context, request, 'admin.html')) actions = get_admin_actions(context, request) del actions[0] # Get rid of "Edit" action--doesn't make sense here. actions += get_actions(context, request) return dict( api=api, peopledir=peopledir, actions=actions, has_categories=peopledir is context, )
def admin_contents(context, request): peopledir = find_peopledirectory(context) api = TemplateAPI(context, request, 'Contents') if 'form.delete' in request.POST: if 'selected' not in request.POST: api.status_message = 'Please select a value' else: for name in request.POST.getall('selected'): del context[name] return HTTPFound(location=resource_url(context, request, 'admin.html') ) actions = get_admin_actions(context, request) del actions[0] # Get rid of "Edit" action--doesn't make sense here. actions += get_actions(context, request) return dict(api=api, peopledir=peopledir, actions=actions, has_categories=peopledir is context, )
def login_view(context, request): settings = request.registry.settings came_from = request.session.get('came_from', request.url) came_from = _fixup_came_from(request, came_from) request.session['came_from'] = came_from if request.params.get('form.submitted', None) is not None: # identify login = request.POST.get('login') password = request.POST.get('password') if login is None or password is None: return HTTPFound(location='%s/login.html' % request.application_url) max_age = request.POST.get('max_age') if max_age is not None: max_age = int(max_age) # authenticate userid = None reason = 'Bad username or password' users = find_users(context) for authenticate in (password_authenticator, impersonate_authenticator): userid = authenticate(users, login, password) if userid: break # if not successful, try again if not userid: redirect = request.resource_url( request.root, 'login.html', query={'reason': reason}) return HTTPFound(location=redirect) # else, remember return remember_login(context, request, userid, max_age) # Log in user seamlessly with kerberos if enabled try_kerberos = request.GET.get('try_kerberos', None) if try_kerberos: try_kerberos = asbool(try_kerberos) else: try_kerberos = asbool(get_setting(context, 'kerberos', 'False')) if try_kerberos: from karl.security.kerberos_auth import get_kerberos_userid userid = get_kerberos_userid(request) if userid: return remember_login(context, request, userid, None) # Break infinite loop if kerberos authorization fails if request.authorization and request.authorization[0] == 'Negotiate': try_kerberos = False page_title = 'Login to %s' % settings.get('system_name', 'KARL') # Per #366377, don't say what screen api = TemplateAPI(context, request, page_title) sso_providers = [] sso = settings.get('sso') if sso: # importing here rather than in global scope allows to only require # velruse be installed for systems using it. from velruse import login_url for name in sso.split(): provider = settings.get('sso.%s.provider' % name) title = settings.get('sso.%s.title' % name) sso_providers.append({'title': title, 'name': name, 'url': login_url(request, provider)}) api.status_message = request.params.get('reason', None) response = render_to_response( 'templates/login.pt', dict( api=api, nothing='', try_kerberos=try_kerberos, sso_providers=sso_providers, app_url=request.application_url), request=request) forget_headers = forget(request) response.headers.extend(forget_headers) return response
def login_view(context, request): plugins = request.environ.get('repoze.who.plugins', {}) auth_tkt = plugins.get('auth_tkt') came_from = _fixup_came_from(request, request.POST.get('came_from')) if request.params.get('form.submitted', None) is not None: challenge_qs = {'came_from': came_from} # identify login = request.POST.get('login') password = request.POST.get('password') if login is None or password is None: return HTTPFound(location='%s/login.html' % request.application_url) credentials = {'login': login, 'password': password} max_age = request.POST.get('max_age') if max_age is not None: credentials['max_age'] = int(max_age) # authenticate authenticators = filter(None, [plugins.get(name) for name in ['zodb', 'zodb_impersonate']]) userid = None if authenticators: reason = 'Bad username or password' else: reason = 'No authenticatable users' for plugin in authenticators: userid = plugin.authenticate(request.environ, credentials) if userid: break # if not successful, try again if not userid: challenge_qs['reason'] = reason return HTTPFound(location='%s/login.html?%s' % (request.application_url, urlencode(challenge_qs, doseq=True))) # else, remember credentials['repoze.who.userid'] = userid if auth_tkt is not None: remember_headers = auth_tkt.remember(request.environ, credentials) else: remember_headers = [] # log the time on the user's profile, unless in read only mode read_only = get_setting(context, 'read_only', False) if not read_only: profiles = find_profiles(context) if profiles is not None: profile = profiles.get(userid) if profile is not None: profile.last_login_time = datetime.utcnow() # and redirect return HTTPFound(headers=remember_headers, location=came_from) page_title = '' # Per #366377, don't say what screen api = TemplateAPI(context, request, page_title) came_from = _fixup_came_from(request, request.params.get('came_from', request.url)) api.status_message = request.params.get('reason', None) response = render_to_response( 'templates/login.pt', dict(api=api, came_from=came_from, nothing='', app_url=request.application_url), request=request, ) if auth_tkt is not None: forget_headers = auth_tkt.forget(request.environ, {}) response.headers.extend(forget_headers) return response
def login_view(context, request): settings = request.registry.settings came_from = request.session.get('came_from', request.url) if 'login.html' in came_from or 'logout.html' in came_from: came_from = request.application_url request.session['came_from'] = came_from submitted = request.params.get('form.submitted', None) if submitted: # identify login = request.POST.get('login') password = request.POST.get('password') if login is None or password is None: return HTTPFound(location='%s/login.html' % request.application_url) max_retries = request.registry.settings.get('max_login_retries', 8) left = context.login_tries.get(login, max_retries) left = left - 1 users = find_users(context) user = users.get_by_login(login) profiles = find_profiles(context) profile = profiles.get(user['id']) if user else None # max tries almost reached, send email warning if left == 2 and profile is not None: reset_url = request.resource_url(profile, 'change_password.html') mail = Message() system_name = settings.get('system_name', 'KARL') admin_email = settings.get('admin_email') mail["From"] = "%s Administrator <%s>" % (system_name, admin_email) mail["To"] = "%s <%s>" % (profile.title, profile.email) mail["Subject"] = "Too many failed logins to %s" % system_name body = render( "templates/email_locked_warning.pt", dict(login=login, reset_url=reset_url, system_name=system_name), request=request, ) if isinstance(body, unicode): body = body.encode("UTF-8") mail.set_payload(body, "UTF-8") mail.set_type("text/html") recipients = [profile.email] mailer = getUtility(IMailDelivery) mailer.send(recipients, mail) # if max tries reached, send password reset and lock if left < 1: log_failed_login(request, login) # only send email the first time if profile is not None and left == 0: context.login_tries[login] = -1 request_password_reset(user, profile, request) page_title = 'Access to %s is locked' % settings.get( 'system_name', 'KARL') api = TemplateAPI(context, request, page_title) response = render_to_response('templates/locked.pt', dict( api=api, app_url=request.application_url), request=request) return response # authenticate reason = 'Bad username or password.' try: userid = _authenticate(context, login, password) except TypeError: userid = None # if not successful, try again if not userid: log_failed_login(request, login) reason = "%s You have %d attempts left." % (reason, left) context.login_tries[login] = left redirect = request.resource_url(request.root, 'login.html', query={'reason': reason}) return HTTPFound(location=redirect) # all ok, remember context.login_tries[login] = max_retries return login_user(request, profile, login, userid) page_title = 'Login to %s' % settings.get( 'system_name', 'KARL') # Per #366377, don't say what screen api = TemplateAPI(context, request, page_title) status_message = request.params.get('reason', None) if status_message != '@@@one-session-only@@@': api.status_message = status_message status_message = None response = render_to_response('templates/login.pt', dict(api=api, status_message=status_message, app_url=request.application_url), request=request) forget_headers = forget(request) response.headers.extend(forget_headers) return response
def login_view(context, request): settings = request.registry.settings request.layout_manager.use_layout('anonymous') came_from = _fixup_came_from(request, request.POST.get('came_from')) if request.params.get('form.submitted', None) is not None: challenge_qs = {'came_from': came_from} # identify login = request.POST.get('login') password = request.POST.get('password') if login is None or password is None: return HTTPFound(location='%s/login.html' % request.application_url) max_age = request.POST.get('max_age') if max_age is not None: max_age = int(max_age) # authenticate userid = None reason = 'Bad username or password' users = find_users(context) for authenticate in (password_authenticator, impersonate_authenticator): userid = authenticate(users, login, password) if userid: break # if not successful, try again if not userid: challenge_qs['reason'] = reason return HTTPFound( location='%s/login.html?%s' % (request.application_url, urlencode(challenge_qs, doseq=True))) # else, remember return remember_login(context, request, userid, max_age, came_from) # Log in user seamlessly with kerberos if enabled try_kerberos = request.GET.get('try_kerberos', None) if try_kerberos: try_kerberos = asbool(try_kerberos) else: try_kerberos = asbool(get_setting(context, 'kerberos', 'False')) if try_kerberos: from karl.security.kerberos_auth import get_kerberos_userid userid = get_kerberos_userid(request) if userid: return remember_login(context, request, userid, None, came_from) # Break infinite loop if kerberos authorization fails if request.authorization and request.authorization[0] == 'Negotiate': try_kerberos = False page_title = 'Login to %s' % settings.get( 'system_name', 'KARL') # Per #366377, don't say what screen layout = request.layout_manager.layout layout.page_title = page_title api = TemplateAPI(context, request, page_title) came_from = _fixup_came_from(request, request.params.get('came_from', request.url)) request.session['came_from'] = came_from sso_providers = [] sso = settings.get('sso') if sso: # importing here rather than in global scope allows to only require # velruse be installed for systems using it. from velruse import login_url for name in sso.split(): provider = settings.get('sso.%s.provider' % name) title = settings.get('sso.%s.title' % name) sso_providers.append({ 'title': title, 'name': name, 'url': login_url(request, provider) }) api.status_message = request.params.get('reason', None) response = render_to_response('templates/login.pt', dict(api=api, came_from=came_from, nothing='', try_kerberos=try_kerberos, sso_providers=sso_providers, app_url=request.application_url), request=request) forget_headers = forget(request) response.headers.extend(forget_headers) return response
def login_view(context, request): settings = request.registry.settings came_from = request.session.get('came_from', request.url) came_from = _fixup_came_from(request, came_from) request.session['came_from'] = came_from submitted = request.params.get('form.submitted', None) if submitted: # identify login = request.POST.get('login') password = request.POST.get('password') if login is None or password is None: return HTTPFound(location='%s/login.html' % request.application_url) max_age = request.registry.settings.get('login_cookie_max_age', '36000') max_age = int(max_age) max_retries = request.registry.settings.get('max_login_retries', 8) left = context.login_tries.get(login, max_retries) left = left - 1 profiles = find_profiles(context) profile = profiles.get(login) # max tries almost reached, send email warning if left == 2 and profile is not None: reset_url = request.resource_url(profile, 'change_password.html') mail = Message() system_name = settings.get('system_name', 'KARL') admin_email = settings.get('admin_email') mail["From"] = "%s Administrator <%s>" % (system_name, admin_email) mail["To"] = "%s <%s>" % (profile.title, profile.email) mail["Subject"] = "Too many failed logins to %s" % system_name body = render( "templates/email_locked_warning.pt", dict(login=login, reset_url=reset_url, system_name=system_name), request=request, ) if isinstance(body, unicode): body = body.encode("UTF-8") mail.set_payload(body, "UTF-8") mail.set_type("text/html") recipients = [profile.email] mailer = getUtility(IMailDelivery) mailer.send(recipients, mail) # if max tries reached, send password reset and lock if left < 1: # only send email the first time if profile is not None and left == 0: context.login_tries[login] = -1 users = find_users(context) user = users.get_by_id(login) request_password_reset(user, profile, request) page_title = 'Access to %s is locked' % settings.get('system_name', 'KARL') api = TemplateAPI(context, request, page_title) response = render_to_response( 'templates/locked.pt', dict( api=api, app_url=request.application_url), request=request) return response # authenticate reason = 'Bad username or password.' userid = _authenticate(context, login, password) # if not successful, try again if not userid: reason = "%s You have %d attempts left." % (reason, left) context.login_tries[login] = left redirect = request.resource_url( request.root, 'login.html', query={'reason': reason}) return HTTPFound(location=redirect) device_cookie_name = request.registry.settings.get('device_cookie', 'CxR61DzG3P0Ae1') # all ok, remember admin_only = asbool(request.registry.settings.get('admin_only', '')) admins = aslist(request.registry.settings.get('admin_userids', '')) if not admin_only or userid in admins: context.login_tries[login] = max_retries response = remember_login(context, request, userid, max_age) # have we logged in from this computer & browser before? active_device = request.cookies.get(device_cookie_name, None) if active_device is None: # if not, send email reset_url = request.resource_url(profile, 'change_password.html') mail = Message() system_name = settings.get('system_name', 'KARL') admin_email = settings.get('admin_email') mail["From"] = "%s Administrator <%s>" % (system_name, admin_email) mail["To"] = "%s <%s>" % (profile.title, profile.email) mail["Subject"] = "New %s Login Notification" % system_name # TODO Carlos needs to come back and get this working # https://bugs.launchpad.net/karl4/+bug/1648569/comments/10 # user_agent = user_agents.parse(request.user_agent) body = render( "templates/email_suspicious_login.pt", dict(login=login, reset_url=reset_url, device_info=request.user_agent), request=request, ) if isinstance(body, unicode): body = body.encode("UTF-8") mail.set_payload(body, "UTF-8") mail.set_type("text/html") recipients = [profile.email] mailer = getUtility(IMailDelivery) mailer.send(recipients, mail) # set cookie to avoid further notifications for this device active_device = ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(16)) response.set_cookie(device_cookie_name, active_device, max_age=315360000) profile.active_device = active_device request.session['logout_reason'] = None return response else: return site_down_view(context, request) page_title = 'Login to %s' % settings.get('system_name', 'KARL') # Per #366377, don't say what screen api = TemplateAPI(context, request, page_title) status_message = request.params.get('reason', None) if status_message != '@@@one-session-only@@@': api.status_message = status_message status_message = None response = render_to_response( 'templates/login.pt', dict( api=api, status_message = status_message, app_url=request.application_url), request=request) forget_headers = forget(request) response.headers.extend(forget_headers) return response
def show_referencemanual_view(context, request): # Look for moveUp or moveDown in QUERY_STRING, telling us to # reorder something status_message = None sectionUp = request.params.get('sectionUp', False) if sectionUp: section = context.get(sectionUp) context.ordering.moveUp(sectionUp) status_message = 'Moved section <em>%s</em> up' % section.title else: sectionDown = request.params.get('sectionDown', False) if sectionDown: section = context.get(sectionDown) context.ordering.moveDown(sectionDown) status_message = 'Moved section <em>%s</em> down' % section.title else: itemUp = request.params.get('itemUp', False) if itemUp: section = context.get(request.params.get('section')) section.ordering.moveUp(itemUp) title = section.get(itemUp).title status_message = 'Moved item <em>%s</em> up' % title else: itemDown = request.params.get('itemDown', False) if itemDown: section = context.get(request.params.get('section')) section.ordering.moveDown(itemDown) title = section.get(itemDown).title status_message = 'Moved item <em>%s</em> down' % title backto = { 'href': model_url(context.__parent__, request), 'title': context.__parent__.title, } actions = [] if has_permission('create', context, request): addables = get_folder_addables(context, request) if addables is not None: actions.extend(addables()) actions.append(('Edit', 'edit.html')) if has_permission('delete', context, request): actions.append(('Delete', 'delete.html')) page_title = context.title api = TemplateAPI(context, request, page_title) # Get a layout layout_provider = get_layout_provider(context, request) layout = layout_provider('intranet') # provide client data for rendering current tags in the tagbox client_json_data = dict( tagbox = get_tags_client_data(context, request), ) api.status_message = status_message return render_template_to_response( 'templates/show_referencemanual.pt', api=api, actions=actions, head_data=convert_to_script(client_json_data), sections=_get_toc(context, api.here_url), backto=backto, layout=layout, )
def login_view(context, request): request.layout_manager.use_layout('anonymous') came_from = _fixup_came_from(request, request.POST.get('came_from')) if request.params.get('form.submitted', None) is not None: challenge_qs = {'came_from': came_from} # identify login = request.POST.get('login') password = request.POST.get('password') if login is None or password is None: return HTTPFound(location='%s/login.html' % request.application_url) max_age = request.POST.get('max_age') if max_age is not None: max_age = int(max_age) # authenticate userid = None reason = 'Bad username or password' users = find_users(context) for authenticate in (password_authenticator, impersonate_authenticator): userid = authenticate(users, login, password) if userid: break # if not successful, try again if not userid: challenge_qs['reason'] = reason return HTTPFound(location='%s/login.html?%s' % (request.application_url, urlencode(challenge_qs, doseq=True))) # else, remember return remember_login(context, request, userid, max_age, came_from) # Log in user seamlessly with kerberos if enabled try_kerberos = request.GET.get('try_kerberos', None) if try_kerberos: try_kerberos = asbool(try_kerberos) else: try_kerberos = asbool(get_setting(context, 'kerberos', 'False')) if try_kerberos: from karl.security.kerberos_auth import get_kerberos_userid userid = get_kerberos_userid(request) if userid: return remember_login(context, request, userid, None, came_from) # Break infinite loop if kerberos authorization fails if request.authorization and request.authorization[0] == 'Negotiate': try_kerberos = False page_title = 'Login to %s' % request.registry.settings.get('system_name', 'KARL') # Per #366377, don't say what screen layout = request.layout_manager.layout layout.page_title = page_title api = TemplateAPI(context, request, page_title) came_from = _fixup_came_from(request, request.params.get('came_from', request.url)) api.status_message = request.params.get('reason', None) response = render_to_response( 'templates/login.pt', dict( api=api, came_from=came_from, nothing='', try_kerberos=try_kerberos, app_url=request.application_url), request=request) forget_headers = forget(request) response.headers.extend(forget_headers) return response