def lang(request): # Set language code = request.matchdict['code'] # TODO redirect where we came_from response = HTTPFound(location='/') response.set_cookie('lang', value=code, max_age=31536000) # max_age = year return response
def postLoginPage(self): user = {'email': self.request.params['email'], 'password': self.request.params['password']} credentials_db = {} credentials_db = DBSession.query(User).filter(User.mail == user['email']).first() error = {"email_required": False, "password_required": False, "incorrect_credentials": False} if credentials_db is None: if len(user['email']) == 0: error['email_required'] = True else: error['incorrect_credentials'] = True return render_to_response('templates/login.jinja2', error, request = self.request) if not sha256_crypt.verify(user['password'],credentials_db.as_dict()['parola']): if len(user['password']) == 0: error['password_required'] = True if (len(user['email']) > 0) and (len(user['password']) > 0): error['incorrect_credentials'] = True return render_to_response('templates/login.jinja2', error, request = self.request) credentials=credentials_db.as_dict() self.request.session['email'] = user['email'] self.request.session['tip'] = credentials['tip'] self.request.session['nume'] = credentials['nume'] self.request.session['prenume'] = credentials['prenume'] self.request.session['id_user'] = credentials['id_user'] token = sha256_crypt.encrypt(self.request.session.get_csrf_token()) response = HTTPFound(location = self.request.route_url('home')) response.set_cookie('XSRF-TOKEN', value=token) return response
def fbauth(request): code = request.params['code'] fb_user = User.fb_user(code) user_id = str(fb_user.id) response = HTTPFound(location="/") response.set_cookie('user_id', value=user_id, max_age=31536000) return response
def account_verify_email(request): login_store = request.find_service(name="redis_login") try: user_id = int(request.GET["user_id"].strip()) email_address = request.GET["email_address"].strip() token = request.GET["token"].strip() except (KeyError, ValueError): raise HTTPNotFound stored_token = login_store.get("verify_email:%s:%s" % (user_id, email_address)) if not user_id or not email_address or not token or not stored_token: raise HTTPNotFound stored_token = stored_token.decode("utf-8") if not stored_token == token: raise HTTPNotFound try: db = request.find_service(name="db") user = db.query(User).filter(User.id == user_id).one() except NoResultFound: raise HTTPNotFound user.email = email_address response = HTTPFound(request.route_path("account", _query={"saved": "email_address"})) if not request.user or request.user.id != user.id: new_session_id = str(uuid4()) login_store.set("session:" + new_session_id, user.id) response.set_cookie("cherubplay", new_session_id, 31536000) return response
def skip_persona_selection(self): # set cookie and redirect response = HTTPFound(location=get_redirect_url(self.request)) response.set_cookie( PERSONA_COOKIE_NAME, value=PERSONA_SKIP_COOKIE_VALUE, max_age=ONE_YEAR) return response
def log_in(request): # Disable logging in in read-only mode. if "cherubplay.read_only" in request.registry.settings: raise HTTPForbidden try: user = Session.query(User).filter( User.username == request.POST["username"].lower()).one() except NoResultFound: return {"log_in_error": "Username and/or password not recognised."} if hashpw(request.POST["password"].encode(), user.password.encode()) != user.password: return {"log_in_error": "Username and/or password not recognised."} # Generate session ID and add it to the login store. new_session_id = str(uuid.uuid4()) try: request.login_store.set("session:" + new_session_id, user.id) except ConnectionError: return { "log_in_error": "We can't log you in because we're having problems with the login server. Please try again later." } # Set cookie for session ID. response = HTTPFound(request.route_path("home")) response.set_cookie("cherubplay", new_session_id, 31536000) return response
def oauth(request): oaserver = request.env.auth.oauth oauth_url = request.route_url('auth.oauth') oauth_path = request.route_path('auth.oauth') def cookie_name(state): return 'ngw-oastate-' + state if 'error' in request.params: raise AuthorizationException() elif 'code' in request.params and 'state' in request.params: # Extract data from state named cookie state = request.params['state'] try: data = json.loads(request.cookies[cookie_name(state)]) except ValueError: raise AuthorizationException("State cookie parse error") tresp = oaserver.grant_type_authorization_code( request.params['code'], oauth_url) if data['merge'] == '1' and request.user.keyname != 'guest': user = oaserver.access_token_to_user(tresp.access_token, merge_user=request.user) else: user = oaserver.access_token_to_user(tresp.access_token) if user is None: raise InvalidTokenException() DBSession.flush() headers = remember(request, (user.id, tresp)) event = OnUserLogin(user, request, data['next_url']) zope.event.notify(event) response = HTTPFound(location=event.next_url, headers=headers) response.delete_cookie(cookie_name(state), path=oauth_path) return response else: data = dict( next_url=request.params.get('next', request.application_url), merge=request.params.get('merge', '0') ) alphabet = string.ascii_letters + string.digits state = ''.join(secrets.choice(alphabet) for i in range(16)) ac_url = oaserver.authorization_code_url(oauth_url, state=state) response = HTTPFound(location=ac_url) # Store data in state named cookie response.set_cookie( cookie_name(state), value=json.dumps(data), path=oauth_path, max_age=600, httponly=True) return response
def logout(request): next = request.params.get('next') or request.route_url('index') if not authenticated_userid(request): return HTTPFound(location=request.route_url('login')) headers = forget(request) response = HTTPFound(location=next, headers=headers) response.set_cookie('csrf_token', value=None) return response
def sign_up(request): # Disable signing up in read-only mode. if "cherubplay.read_only" in request.registry.settings: raise HTTPForbidden # Make sure this IP address hasn't created an account recently. # Also don't explode if Redis is down. ip_check_key = "ip:" + request.environ["REMOTE_ADDR"] try: ip_check = request.login_store.get(ip_check_key) except ConnectionError: return { "sign_up_error": "We can't create your account because we're having problems with the login server. Please try again later." } if ip_check is not None: return { "sign_up_error": "An account has already been created from your IP address. Please try again in a few hours." } # Validate password. if request.POST["password"] == "": return {"sign_up_error": "Please don't use a blank password."} if request.POST["password"] != request.POST["password_again"]: return {"sign_up_error": "The two passwords didn't match."} # Make sure username hasn't been taken. username = request.POST["username"].lower()[:100] if username_validator.match(username) is None: return { "sign_up_error": "Usernames can only contain letters, numbers, hyphens and underscores." } existing_username = Session.query( User.id).filter(User.username == username).count() if existing_username == 1 or username in reserved_usernames: return { "sign_up_error": "The username \"%s\" has already been taken." % username } # Create the user. new_user = User( username=username, password=hashpw(request.POST["password"].encode(), gensalt()), last_ip=request.environ["REMOTE_ADDR"], ) Session.add(new_user) Session.flush() # Generate session ID and add it to the login store. new_session_id = str(uuid.uuid4()) request.login_store.set("session:" + new_session_id, new_user.id) # Remember their IP address for 12 hours. ip_check = request.login_store.set(ip_check_key, "1") ip_check = request.login_store.expire(ip_check_key, 43200) # Set cookie for session ID. response = HTTPFound(request.route_path("home")) response.set_cookie("cherubplay", new_session_id, 31536000) return response
def login(request): username = request.params.get('username', None) password = request.params.get('password', None) session = DBSession() user = session.query(User).filter(User.username==username).first() if user is not None and user.password == password: response = HTTPFound('/') # totally insecure, TODO in workshop: use auth token or something response.set_cookie('user_id', str(user.id), max_age=timedelta(30)) return response return {'username': username}
def auth(self): self.twitter = Twython(APP_KEY, APP_SECRET) auth = self.twitter.get_authentication_tokens(callback_url=CALLBACK_URL) OAUTH_TOKEN = auth['oauth_token'] OAUTH_TOKEN_SECRET = auth['oauth_token_secret'] auth_url = auth['auth_url'] # set cookies and redirect response = HTTPFound(location=auth_url) response.set_cookie('oauth_token', OAUTH_TOKEN, max_age=86400) response.set_cookie('oauth_token_secret', OAUTH_TOKEN_SECRET, max_age=86400) return response
def change_profile(request, profile): """ Sets a cookie for the given profile and deletes any location set in the cookies. Returns a response which directs to the map view. """ response = HTTPFound(location=request.route_url('map_view')) response.set_cookie('_PROFILE_', profile, timedelta(days=90)) if '_LOCATION_' in request.cookies: response.delete_cookie('_LOCATION_') return response
def change_profile(request, profile): """ Sets a cookie for the given profile and deletes any location set in the cookies. Returns a response which directs to the map view. """ response = HTTPFound(location=request.route_url('map_view')) response.set_cookie('_PROFILE_', profile, timedelta(days=90)) if '_LOCATION_' in request.cookies: response.delete_cookie('_LOCATION_') return response
def login(request): """ Login view. request - Reads AJAX request to get user data and checks permissions on database. """ try: login_url = route_url('login', request) referrer = request.url if referrer == login_url: referrer = '/' came_from = request.params.get('came_from', referrer) message = '' email = '' password = '' if 'form.submitted' in request.params: login = request.params['login'] password = request.params['password'] permissions = groupfinder(login, password, request) if permissions is None: message = 'BŁĘDNE HASŁO.' elif permissions is []: message = 'UŻYTKOWNIK %s NIE JEST ZAREJESTROWANY.' % email elif 'permission:' in permissions: headers = remember(request, permissions) response = HTTPFound(location=came_from, headers=headers) #Add user cookie response.set_cookie('user', value=login, max_age=31536000) return response return dict( message=message, url=request.application_url + '/login', came_from=came_from, login=email, password=password, ) except DBAPIError, ex: print ex return Response(conn_err_msg, content_type='text/plain', status_int=500)
def sudo_candidate(self): candidate_id = self.request.matchdict['id'] candidate = DBSession.query(Candidate).get(candidate_id) if not candidate: raise HTTPNotFound('Unknown candidate id') else: self.request.session['candidate_id'] = candidate.id location = self.request.params.get('furl') if not location: location = 'http://%s/candidate' % self.request.frontend_domain response = HTTPFound(location=location) response.set_cookie('__admin__', value='true') # max_age = year return response
def sudo_employer(self): employer_id = self.request.matchdict['id'] employer = DBSession.query(Employer).get(employer_id) if not employer: raise HTTPNotFound('Unknown employer id') else: self.request.session['employer_id'] = employer.id location = self.request.params.get('furl') if not location: location = 'http://%s/employer' % self.request.frontend_domain response = HTTPFound(location=location) response.set_cookie('__admin__', value='true') # max_age = year return response
def order(request): server = Settings.Session.query(Server).filter(Server.id == request.matchdict['server']).scalar() item = Settings.Session.query(Item).filter(Item.id == request.matchdict['product']).scalar() path = [{"href": request.route_url('home'), "name": "Home", "active": False}, {"href": '{href}?sid={sid}'.format(href=request.route_url('home'), sid=server.id), "name": server.name, "active": False}, {"href": request.route_url('order', server=server.id, product=item.id), "name": item.name, "active": True}] errors = [] if not server or not item or not item in [servitem.item for servitem in server.items]: return HTTPFound(location=request.route_url('home')) price = item.price for promotion in [promo.promotion for promo in item.promotions if promo.promotion.type == 1 and '%' not in promo.promotion.value and time.time() < promo.promotion.expires]: try: price = price - float(promotion.value) except: continue for promotion in [promo.promotion for promo in item.promotions if promo.promotion.type == 1 and '%' in promo.promotion.value and time.time() < promo.promotion.expires]: try: price = price - (price * (float(promotion.value.replace('%', '')) / 100)) except: continue; if price < 0: price = 0 if 'form.submitted' in request.params: try: steamid = SteamIDToCommunityID(request.params['input.steamid']) except SteamFormatException: errors.append('steamid') if not re.match(r'[^@]+@[^@]+\.[^@]+', request.params['input.email']): errors.append('email') if request.params['input.code'].strip(): print "Code: %s" % request.params['input.code'] code = None for promotion in [promo.promotion for promo in item.promotions if promo.promotion.type == 2 and time.time() < promo.promotion.expires]: if promotion.code == request.params['input.code']: code = promotion break if not code: errors.append('promo') if not errors: order = {'steamid': request.params['input.steamid'], 'email': request.params['input.email'], 'promocode': request.params['input.code'], 'server': server.id, 'item': item.id} response = HTTPFound(location=request.route_url('confirm')) response.set_cookie('order', value=json.dumps(order), max_age=300) return response path = [{"href": request.route_url('home'), "name": "Home", "active": False}, {"href": '{href}?sid={sid}'.format(href=request.route_url('home'), sid=server.id), "name": server.name, "active": False}, {"href": request.route_url('order', server=server.id, product=item.id), "name": item.name, "active": True}] return {'community': Settings.Community, 'item': item, 'server': server, 'path': path, 'errors': errors, 'price': round(price,2), 'path': path}
def login(request): next_url = request.params.get('next', request.application_url) if request.method == 'POST': if 'sid' in request.POST: sid = request.POST['sid'] expires = request.POST['expires'] try: store = SessionStore.filter_by( session_id=sid, key='auth.policy.current').one() except NoResultFound: raise InvalidCredentialsException( message=_("Session not found.")) value = json.loads(store.value) exp = datetime.fromtimestamp(value[2]) if datetime.fromisoformat(expires) != exp: raise InvalidCredentialsException( message=_("Invalid 'expires' parameter.")) now = datetime.utcnow() if exp <= now: raise InvalidCredentialsException( message=_("Session expired.")) cookie_settings = WebSession.cookie_settings(request) cookie_settings['max_age'] = int((exp - now).total_seconds()) cookie_name = request.env.pyramid.options['session.cookie.name'] response = HTTPFound(location=next_url) response.set_cookie(cookie_name, value=sid, **cookie_settings) return response else: try: user, headers = request.env.auth.authenticate( request, request.POST['login'].strip(), request.POST['password']) except (InvalidCredentialsException, UserDisabledException) as exc: return dict(error=exc.title, next_url=next_url) event = OnUserLogin(user, request, next_url) zope.event.notify(event) return HTTPFound(location=event.next_url, headers=headers) return dict(next_url=next_url)
def select_persona(self): slug = self.request.matchdict['slug'].upper() if slug not in PERSONAE: raise HTTPNotFound # set cookie and redirect response = HTTPFound(location=get_redirect_url(self.request)) response.set_cookie(PERSONA_COOKIE_NAME, value=slug, max_age=ONE_YEAR) # set persona dimension value on GA # NOTE: the persona dimension has to be configured with scope 'user' persona_dimension_id = self.settings.get('ga.persona_dimension_id') if persona_dimension_id: self.request.google_analytics[persona_dimension_id] = slug return response
def sign_up(request): # Disable signing up in read-only mode. if "cherubplay.read_only" in request.registry.settings: raise HTTPForbidden # Make sure this IP address hasn't created an account recently. # Also don't explode if Redis is down. ip_check_key = "ip:" + request.environ["REMOTE_ADDR"] try: ip_check = request.login_store.get(ip_check_key) except ConnectionError: return { "sign_up_error": "We can't create your account because we're having problems with the login server. Please try again later." } if ip_check is not None: return { "sign_up_error": "An account has already been created from your IP address. Please try again in a few hours." } # Validate password. if request.POST["password"] == "": return {"sign_up_error": "Please don't use a blank password."} if request.POST["password"] != request.POST["password_again"]: return {"sign_up_error": "The two passwords didn't match."} # Make sure username hasn't been taken. username = request.POST["username"].lower()[:100] if username_validator.match(username) is None: return {"sign_up_error": "Usernames can only contain letters, numbers, hyphens and underscores."} existing_username = Session.query(User.id).filter(User.username == username).count() if existing_username == 1 or username in reserved_usernames: return {"sign_up_error": 'The username "%s" has already been taken.' % username} # Create the user. new_user = User( username=username, password=hashpw(request.POST["password"].encode(), gensalt()), last_ip=request.environ["REMOTE_ADDR"], ) Session.add(new_user) Session.flush() # Generate session ID and add it to the login store. new_session_id = str(uuid.uuid4()) request.login_store.set("session:" + new_session_id, new_user.id) # Remember their IP address for 12 hours. ip_check = request.login_store.set(ip_check_key, "1") ip_check = request.login_store.expire(ip_check_key, 43200) # Set cookie for session ID. response = HTTPFound(request.route_path("home")) response.set_cookie("cherubplay", new_session_id, 31536000) return response
def login(self, request): if request.method == 'POST': login = request.POST.get('login') password = request.POST.get('password') if login and password: user = dbs.query(StaffModel).filter_by(name=login).first() if user and user.password == sha256( password + user.salt).hexdigest(): now = datetime.datetime.utcnow() csrf = sha256(str(now)).hexdigest() val = signed_serialize({'time': now, 'csrf': csrf}, SECRET) response = HTTPFound(request.route_url('admin.index')) response.set_cookie('signed', val) return response return dict( error='Something went wrong. Try "admin" and "111111"') return {}
def post(self): form = self.form() request = self.request if form.validate(): login = form.data.get('login') password = form.data.get('password') user = User.by_login(login) if User.check_password(login, password): url = request.route_url('user_list') + '?login=%s' % (login) response = HTTPFound(location=url, headers=remember(request, login)) response.set_cookie('user_id', value=str(user.id), max_age=31536000) return response else: request.session.flash('Authentication Failed!', 'error') return self.get()
def switch_ui(request): using_ux2 = request.cookies.get('ux2') == 'true' if request.method == 'POST': response = HTTPFound(request.application_url) if using_ux2: response.set_cookie('ux2', 'false') else: response.set_cookie('ux2', 'true') return response if using_ux2: button_text = 'Switch to Classic UI' else: button_text = 'Switch to New and Improved UI' return Response( '<html><head><title>Karl: Change UI</title></head>' '<body><form method="POST"><input type="submit" value="%s"/></form>' '</body></html>' % button_text, content_type='text/html')
def callback(self): oauth_verifier = self.request.GET['oauth_verifier'] OAUTH_TOKEN = self.request.cookies['oauth_token'] OAUTH_TOKEN_SECRET = self.request.cookies['oauth_token_secret'] twitter = Twython(APP_KEY, APP_SECRET, OAUTH_TOKEN, OAUTH_TOKEN_SECRET) final_step = twitter.get_authorized_tokens(oauth_verifier) OAUTH_TOKEN = final_step['oauth_token'] OAUTH_TOKEN_SECRET = final_step['oauth_token_secret'] # set cookies and redirect response = HTTPFound(location='https://twittpane-dev.freegate.co') response.set_cookie('oauth_token', OAUTH_TOKEN, max_age=86400) response.set_cookie('oauth_token_secret', OAUTH_TOKEN_SECRET, max_age=86400) return response
def create(request): """Receives data to register a user.""" # TODO workshop: validation # TODO workshop: encrypt password username = request.params['username'] password = request.params['password'] name = request.params['name'] email = request.params['email'] location = request.params['location'] user = User(username, password, name, email, location) session = DBSession() session.add(user) session.flush() # TODO workshop: test email by mocking send_welcome_email(request.registry.settings, name, email) response = HTTPFound(route_url('user_single', request, user_id=user.id)) # totally insecure, TODO in workshop: use auth token or something response.set_cookie('user_id', str(user.id), max_age=timedelta(30)) return response
def set_lang(request): """Set current language """ lang = request.matchdict['lang'].lower() langs = dict(request.registry.settings['available_langs']) if lang not in langs: raise HTTPBadRequest('Not supported language %r' % lang) referrer = request.referer my_url = request.route_url('front.set_lang', lang=lang) if referrer == my_url or not referrer: # never use the set_lang itself as came_from # which could lead to a infinite loop referrer = '/' came_from = request.params.get('came_from', referrer) response = HTTPFound(location=came_from) response.set_cookie('_LOCALE_', normalize_locale_name(lang)) return response
def password_login_view(request): if request.method == 'GET': return {} main_view = '/' if hasattr(request.session, 'redirect_to'): came_from = request.session.redirect_to else: came_from = request.params.get('came_from', main_view) post_data = request.POST ref_path = request.referer.split('/')[-1] if request.referer else '' if 'submit' in post_data: login = post_data.get('login', '').lower() password = post_data.pop('password') request.session['login_data'] = post_data if User.check_password(login, password): user = User.get_by_login(login) assert user.activated, 'User is inactive, please contact ' \ '[email protected] for any requests.' headers = remember(request, user.id) if not user.has_logged_in: came_from = '/%s/%s' % (user.type.split(',')[-1], user.id) request.session.flash(u'<b>Welcome!</b> The Alchemist Portal is a repository of various Alchemist ' u'resources. To get started, please enter all profile details for you and your ' u'company in Founders Directory 2.0, especially general and specific tags for ' u'your Areas of Expertise and your company\'s Industry Keywords. Also upload your' u' profile picture and your company\'s logo.') user.has_logged_in = True redirect_home = HTTPFound(location=came_from, headers=headers) redirect_home.set_cookie('AIW_USER', '1') return redirect_home request.session.flash(u'Incorrect password. Please try again or reset your password.', 'error') elif request.referer and request.application_url in request.referer and ref_path not in \ ['about', '']: request.session.flash(u'You were logged out, please log in again!') return HTTPFound(location='/')
def switch_ui(request): using_ux2 = request.cookies.get("ux2_kachoo") == "true" if request.method == "POST": response = HTTPFound(request.application_url) if using_ux2: response.set_cookie("ux2_kachoo", "false") else: response.set_cookie("ux2_kachoo", "true") return response if using_ux2: button_text = "Switch to Classic UI" else: button_text = "Switch to New and Improved UI" return Response( "<html><head><title>Karl: Change UI</title></head>" '<body><form method="POST"><input type="submit" value="%s"/></form>' "</body></html>" % button_text, content_type="text/html", )
def set_language(context, request): import re settings = request.registry.settings lang = sanitize_get(request, 'lang', 'en') if lang not in settings['available_languages']: return HTTPNotFound() url = request.environ.get('HTTP_REFERER', None) host = request.environ.get('HTTP_HOST', None) dashboard_hostname = settings.get('dashboard_hostname') dashboard_baseurl = settings.get('dashboard_baseurl') # To avoid malicious redirects, using header injection, we only # allow the client to be redirected to an URL that is within the # predefined scope of the application. allowed_url = re.compile('^(http|https)://' + dashboard_hostname + '[:]{0,1}\d{0,5}($|/)') allowed_host = re.compile('^' + dashboard_hostname + '[:]{0,1}\d{0,5}$') if url is None or not allowed_url.match(url): url = dashboard_baseurl elif host is None or not allowed_host.match(host): url = dashboard_baseurl response = HTTPFound(location=url) cookie_domain = settings.get('lang_cookie_domain', None) cookie_name = settings.get('lang_cookie_name') extra_options = {} if cookie_domain is not None: extra_options['domain'] = cookie_domain extra_options['httponly'] = asbool(settings.get('session.httponly')) extra_options['secure'] = asbool(settings.get('session.secure')) response.set_cookie(cookie_name, value=lang, **extra_options) request.stats.count('set_language_cookie') return response
def account_reset_password_post(request): login_store = request.find_service(name="redis_login") user = _validate_reset_token(request) if not request.POST.get("password"): return {"error": "no_password"} if request.POST["password"] != request.POST["password_again"]: return {"error": "passwords_didnt_match"} user.set_password(request.POST["password"]) login_store.delete("reset_password:%s:%s" % (user.id, request.GET["email_address"].strip())) response = HTTPFound(request.route_path("home")) new_session_id = str(uuid4()) login_store.set("session:"+new_session_id, user.id) response.set_cookie("cherubplay", new_session_id, 31536000) return response
def login_view(request): """ The login view """ form = Form(get_auth_schema(), buttons=(Button(name="submit", title="Connexion", type='submit'),)) nextpage = request.params.get('nextpage') or request.route_url('index') # avoid redirection looping if nextpage == request.route_url('login'): nextpage = request.route_url('index') app_struct = {'nextpage': nextpage} myform = form.render(app_struct) fail_message = None if 'submit' in request.params: controls = request.params.items() log.info(u"Authenticating : '{0}'".format(request.params.get('login'))) try: datas = form.validate(controls) except ValidationFailure, err: log.exception(u" - Authentication error") myform = err.render() fail_message = u"Erreur d'authentification" return {'title': "Authentification", 'html_form': myform, 'message': fail_message } else: login = datas['login'] log.info(u" + '{0}' has been authenticated".format(login)) # Storing the datas in the request object remember(request, login) remember_me = datas.get('remember_me', False) response = HTTPFound(location=nextpage) if remember_me: log.debug(" * The user wants to be remembered") longtimeout = get_longtimeout() response.set_cookie('remember_me', "ok", max_age=longtimeout) return response
def set_locale_cookie(self): """ This view will set a language cookie """ settings = get_current_registry().settings default_lang = settings.get('pyramid.default_locale_name') available_languages = settings.get('available_languages', default_lang).split() [x.lower() for x in available_languages] language = self.request.GET.get('language', default_lang).lower() if language not in available_languages: language = default_lang referer = self.request.referer if referer is not None: response = HTTPFound(location=referer) else: response = HTTPFound(location=self.request.route_url('home')) response.set_cookie('_LOCALE_', value=language, max_age=31536000) # max_age = year return response
def set_locale_cookie(self): """ This view will set a language cookie """ settings = get_current_registry().settings default_lang = settings.get('pyramid.default_locale_name') available_languages = settings.get('available_languages', default_lang).split() [x.lower() for x in available_languages] language = self.request.GET.get('language', default_lang).lower() if language not in available_languages: language = default_lang referer = self.request.referer if referer is not None: response = HTTPFound(location=referer) else: response = HTTPFound(location=self.request.route_url('home')) response.set_cookie('_LOCALE_', value=language, max_age=31536000) # max_age = year return response
def session_invite(request): next_url = request.params.get('next', request.application_url) if request.method == 'GET': if any(k not in request.GET for k in ('sid', 'expires')): raise HTTPNotFound() return dict(session_id=request.GET['sid'], expires=request.GET['expires'], next_url=next_url) elif request.method == 'POST': sid = request.POST['sid'] expires = request.POST['expires'] try: store = SessionStore.filter_by(session_id=sid, key='auth.policy.current').one() except NoResultFound: raise InvalidCredentialsException(message=_("Session not found.")) value = json.loads(store.value) exp = datetime.fromtimestamp(value[2]) if datetime.fromisoformat(expires) != exp: raise InvalidCredentialsException( message=_("Invalid 'expires' parameter.")) now = datetime.utcnow() if exp <= now: raise InvalidCredentialsException(message=_("Session expired.")) cookie_settings = WebSession.cookie_settings(request) cookie_settings['max_age'] = int((exp - now).total_seconds()) cookie_name = request.env.pyramid.options['session.cookie.name'] response = HTTPFound(location=next_url) response.set_cookie(cookie_name, value=sid, **cookie_settings) return response
def log_in(request): # Disable logging in in read-only mode. if "cherubplay.read_only" in request.registry.settings: raise HTTPForbidden try: user = Session.query(User).filter(User.username == request.POST["username"].lower()).one() except NoResultFound: return {"log_in_error": "Username and/or password not recognised."} if hashpw(request.POST["password"].encode(), user.password.encode()) != user.password: return {"log_in_error": "Username and/or password not recognised."} # Generate session ID and add it to the login store. new_session_id = str(uuid.uuid4()) try: request.login_store.set("session:" + new_session_id, user.id) except ConnectionError: return { "log_in_error": "We can't log you in because we're having problems with the login server. Please try again later." } # Set cookie for session ID. response = HTTPFound(request.route_path("home")) response.set_cookie("cherubplay", new_session_id, 31536000) return response
def login_view(self): message = '' if 'form.submitted' in self.request.params: username = self.request.params['login'].lower() password = self.request.params['password'] try: r = select_from('user_info', 'username', username) if r[2] == encrypt(username, password) and username == r[1]: temp = generate_random() self.request.session['username'] = username self.request.session['enpass'] = encrypt(password, temp) res = HTTPFound(location='/school') res.set_cookie('r', temp) return res else: message = 'Failed Login' except: message = 'Failed Login' message = 'Failed Login' re = {'page_title': LINKS['login']['title'], 'url' : self.request.application_url + '/login', 'message' : message } re.update(self.get_header()) return re
def set_language(context, request): settings = request.registry.settings lang = request.GET.get("lang", "en") if lang not in settings["available_languages"]: return HTTPNotFound() url = request.environ.get("HTTP_REFERER", None) if url is None: url = request.route_path("home") response = HTTPFound(location=url) cookie_domain = settings.get("lang_cookie_domain", None) cookie_name = settings.get("lang_cookie_name") extra_options = {} if cookie_domain is not None: extra_options["domain"] = cookie_domain extra_options["httponly"] = asbool(settings.get("session.httponly")) extra_options["secure"] = asbool(settings.get("session.secure")) response.set_cookie(cookie_name, value=lang, **extra_options) return response
def student_login(self): request = self.request student_login = self.request.cookies.get('student_login') student = DBSession.query(Student).filter_by( login=student_login).first() if student: return HTTPFound(self.request.route_url('student_profile')) login_url = request.route_url('student_login') referrer = request.url if referrer == login_url: referrer = '/' # never use login form itself as came_from came_from = request.route_url('home') message = '' login = '' password = '' if 'form.submitted' in request.params: login = request.params['login'] password = request.params['password'] # if check_password(password, USERS.get(login)): student = DBSession.query(Student).filter_by(login=login).first() if not student: message = 'Failed login' elif password == student.password: response = HTTPFound(location=came_from) response.set_cookie('student_login', value=login, max_age=31536000) # max_age = year return response message = 'Failed login' return dict( name='Login', message=message, url=login_url, came_from=came_from, login=login, password=password, )
def password_login_view(request): if request.method == 'GET': return {} main_view = '/' if hasattr(request.session, 'redirect_to'): came_from = request.session.redirect_to else: came_from = request.params.get('came_from', main_view) post_data = request.POST ref_path = request.referer.split('/')[-1] if request.referer else '' if 'submit' in post_data: login = post_data.get('login', '').lower() password = post_data.pop('password') request.session['login_data'] = post_data if User.check_password(login, password): user = User.get_by_login(login) assert user.activated, 'User is inactive, please contact ' \ '[email protected] for any requests.' headers = remember(request, user.id) if not user.has_logged_in: came_from = '/%s/%s' % (user.primary_type, user.id) user.has_logged_in = True redirect_home = HTTPFound(location=came_from, headers=headers) redirect_home.set_cookie('AIW_USER', '1') return redirect_home request.session.flash(u'Incorrect password. Please try again or reset your password.', 'error') elif request.referer and request.application_url in request.referer and ref_path not in \ ['about', '']: request.session.flash(u'You were logged out, please log in again!') return HTTPFound(location='/')
def lang(request): lang_name = request.matchdict['name'] response = HTTPFound(location=request.environ['HTTP_REFERER']) response.set_cookie('_LOCALE_', value=lang_name, max_age=31536000) # max_age = year return response