def specialGroups(event): """Set groups for IGroupAwarePrincipal.""" principal = event.principal # only apply to non groups because it will end in cycle dependencies # since the principal will have tis role anyway if (IGroup.providedBy(principal) or not (IGroupAwarePrincipal.providedBy(principal) or IUnauthenticatedPrincipal.providedBy(principal))): return # global utility registered by everybodyGroup directive everyone = zope.component.queryUtility(IEveryoneGroup) if everyone is not None and everyone.id != principal.id and \ everyone.id not in principal.groups: principal.groups.append(everyone.id) if IUnauthenticatedPrincipal.providedBy(principal): # global utility registered by unauthenticatedGroup directive unAuthGroup = zope.component.queryUtility(IUnauthenticatedGroup) if unAuthGroup is not None and unAuthGroup.id != principal.id and \ unAuthGroup.id not in principal.groups: principal.groups.append(unAuthGroup.id) else: # global utility registered by authenticatedGroup directive authGroup = zope.component.queryUtility(IAuthenticatedGroup) if authGroup is not None and authGroup.id != principal.id and \ authGroup.id not in principal.groups: principal.groups.append(authGroup.id)
def adjust_request_interface_for_preferred_languages(event): """ Checks the conditions outlined in this package's documentation and adds a marker interface (:class:`.IPreferredLanguagesRequest`) to the request if they hold true. This is registered as a subscriber for Pyramid's :class:`.IContextFound` event by this package's ``configure.zcml`` """ request = event.request # Does pyramid's default negotiator, which uses explicit settings # like a request param or cookie have an answer? If so, we need # our custom policy...these override the Accept-Language header if default_locale_negotiator(request): interface.alsoProvides(request, IPreferredLanguagesRequest) return # What about the zope/plone cookie? if request.cookies.get('I18N_LANGUAGE'): # For benefit of the default localization machinery # in case it's used, copy request._LOCALE_ = request.cookies.get('I18N_LANGUAGE') interface.alsoProvides(request, IPreferredLanguagesRequest) return # Ok, is there an authenticated user with preferred languages? # (We leave detecting defaults up to the actual policy) remote_user = IPrincipal(request, None) if remote_user and not IUnauthenticatedPrincipal.providedBy(remote_user): remote_user_langs = IUserPreferredLanguages(remote_user) if remote_user_langs and remote_user_langs.getPreferredLanguages(): # pylint:disable=too-many-function-args interface.alsoProvides(request, IPreferredLanguagesRequest)
def uninstall(self): """See `IDatabasePolicy`. If the request just handled was not read_only, we need to store this fact and the timestamp in the session. Subsequent requests can then keep using the master until they are sure any changes made have been propagated. """ if not self.read_only: # We need to further distinguish whether it's safe to write # to the session. This will be true if the principal is # authenticated or if there is already a session cookie # hanging around. if not IUnauthenticatedPrincipal.providedBy( self.request.principal) or self._hasSession(): # A non-readonly request has been made. Store this fact # in the session. Precision is hard coded at 1 minute # (so we don't update the timestamp if it is no more # than 1 minute out of date to avoid unnecessary and # expensive write operations). Feeds are always read # only, and since they run over http, browsers won't # send their session key that was set over https, so we # don't want to access the session which will overwrite # the cookie and log the user out. session_data = ISession(self.request)['lp.dbpolicy'] last_write = session_data.get('last_write', None) now = _now() if (last_write is None or last_write < now - timedelta(minutes=1)): # set value session_data['last_write'] = now
def _maybePlacefullyAuthenticate(self, request, ob): if not IUnauthenticatedPrincipal.providedBy(request.principal): # We've already got an authenticated user. There's nothing to do. # Note that beforeTraversal guarentees that user is not None. return if not zope.component.interfaces.ISite.providedBy(ob): # We won't find an authentication utility here, so give up. return sm = removeSecurityProxy(ob).getSiteManager() auth = sm.queryUtility(IAuthentication) if auth is None: # No auth utility here return # Try to authenticate against the auth utility principal = auth.authenticate(request) if principal is None: principal = auth.unauthenticatedPrincipal() if principal is None: # nothing to do here return request.setPrincipal(principal)
def __call__(self): if IUnauthenticatedPrincipal.providedBy(self.request.principal): self.http_status_code = 401 self.additional_headers.update( [("WWW-Authenticate", "Basic realm=Bungeni")] ) return super(Unauthorized, self).__call__()
def homefolder_url(request): principal = request.principal if IUnauthenticatedPrincipal.providedBy(principal): return homefolders = getUtility(IHomefolders) homefolder = homefolders.get(principal.id) return homefolder and IAbsoluteURL(homefolder, request) or None
def render(self): if not IUnauthenticatedPrincipal.providedBy(self.request.principal): auth = component.getUtility(IAuthentication) ILogout(auth).logout(self.request) self.flash(_(u'Usted ha deslogueado'), type=u'message') return self.redirect(self.application_url())
def getURL(self, type=""): principal = self.request.principal if IUnauthenticatedPrincipal.providedBy(principal): return homeFolder = IHomeFolder(principal).homeFolder homeFolder = grok.url(self.request, homeFolder, type) return homeFolder
def getLoggedInPerson(self): """Return the currently logged-in person. If no one is logged in, return None. If there is an anonymous user logged in, then return ANONYMOUS. Otherwise, return the logged-in `IPerson`. """ # I don't really know the canonical way of asking for "the logged-in # person", so instead I'm using all the ways I can find and making # sure they match each other. -- jml by_launchbag = getUtility(IOpenLaunchBag).user principal = get_current_principal() if principal is None: return None elif IUnauthenticatedPrincipal.providedBy(principal): if by_launchbag is None: return ANONYMOUS else: raise ValueError( "Unauthenticated principal, but launchbag thinks " "%r is logged in." % (by_launchbag,)) else: by_principal = principal.person self.assertEqual(by_launchbag, by_principal) return by_principal
def setGroupsForPrincipal(event): """Set local group information when a principal is created. Note: IUnauthenticatedPrincipal does not provide IGroupAwarePrincipal which is just wrong and makes the conditions a little bit complicated. """ principal = event.principal # set only groups for group aware principals or unauthenticated which are # group aware too. This allows us to apply local roles to unautenticated # principals which allows to apply permissions/roles via local groups which # the application does not provide at global level. if not (IGroupAwarePrincipal.providedBy(principal) or IUnauthenticatedPrincipal.providedBy(principal)): return authentication = event.authentication for name, plugin in authentication.getAuthenticatorPlugins(): if not interfaces.IGroupContainer.providedBy(plugin): continue # set groups for principals but not a group to itself. This could happen # for global defined groups principal.groups.extend( [id for id in plugin.getGroupsForPrincipal(principal.id) if id != principal.id])
def getLoggedInPerson(self): """Return the currently logged-in person. If no one is logged in, return None. If there is an anonymous user logged in, then return ANONYMOUS. Otherwise, return the logged-in `IPerson`. """ # I don't really know the canonical way of asking for "the logged-in # person", so instead I'm using all the ways I can find and making # sure they match each other. -- jml by_launchbag = getUtility(IOpenLaunchBag).user principal = get_current_principal() if principal is None: return None elif IUnauthenticatedPrincipal.providedBy(principal): if by_launchbag is None: return ANONYMOUS else: raise ValueError( "Unauthenticated principal, but launchbag thinks " "%r is logged in." % (by_launchbag, )) else: by_principal = principal.person self.assertEqual(by_launchbag, by_principal) return by_principal
def __call__(node, request): if not checkPermission(permission, node.context): # You are not allowed here. if IUnauthenticatedPrincipal.providedBy(request.principal): raise Unauthorized raise Forbidden return method(node, request)
def update(self): if not IUnauthenticatedPrincipal.providedBy(self.request.principal): for key in self.KEYS: self.request.response.expireCookie(key, path='/', domain="bgetem.de") self.request.response.expireCookie(key, path='/') self.request.response.expireCookie('beaker.session.id', path='/') self.request['beaker.session'].delete()
def __call__(self): request = self.request if (not IUnauthenticatedPrincipal.providedBy(request.principal) and 'gum.Login' in request): request.response.redirect( self.url(grok.getApplication()) ) else: return self.template.render(self)
def handleLogin(self, action): """Handle the subscribe action will register and login a user.""" if not IUnauthenticatedPrincipal.providedBy(self.request.principal): session = ISession(self.request, None) sessionData = session.get('z3c.authenticator.credential.session') if sessionData is not None and sessionData.get('camefrom'): self.nextURL = sessionData['camefrom'] sessionData['camefrom'] = None
def login(self, nextURL=None): # we don't want to keep challenging if we're authenticated if IUnauthenticatedPrincipal.providedBy(self.request.principal): component.getUtility(IAuthentication).unauthorized( self.request.principal.id, self.request) return self.failed() else: return self._confirm(nextURL)
def redirect_on_empty_props(event): principal = event.request.principal if IUnauthenticatedPrincipal.providedBy(principal): return if "stammdaten" in event.request.environment.get("PATH_INFO"): return if event.request.principal.id == u"servicetelefon-0": return
def url(self): principal = self.request.principal if IUnauthenticatedPrincipal.providedBy(principal): return hf = IHomeFolder(principal, None) if hf: return urllib.parse.unquote(grok.util.url(self.request, hf)) return ""
def login(self, nextURL=None): # we don't want to keep challenging if we're authenticated if IUnauthenticatedPrincipal.providedBy(self.request.principal): # hard-code basic auth challenge self.request.unauthorized('basic realm="Zope"') return self.failed() else: return self._confirm(nextURL)
def url(self): principal = self.request.principal if IUnauthenticatedPrincipal.providedBy(principal): return homeFolder = IHomeFolder(principal, None) if homeFolder: return str(absoluteURL(homeFolder, self.request)) + "/enms" return ""
def update(self): if not IUnauthenticatedPrincipal.providedBy(self.request.principal): for key in self.KEYS: self.request.response.expireCookie(key, path='/', domain="bg-kooperation.de") else: self.request.response.expireCookie("auth_pubtkt", path='/', domain="bg-kooperation.de")
def test_traverse(url): """Traverse the url in the same way normal publishing occurs. Returns a tuple of (object, view, request) where: object is the last model object in the traversal chain view is the defined view for the object at the specified url (if the url didn't directly specify a view, then the view is the default view for the object. request is the request object resulting from the traversal. This contains a populated traversed_objects list just as a browser request would from a normal call into the app servers. This call uses the currently logged in user, and does not start a new transaction. """ url_parts = urlsplit(url) server_url = '://'.join(url_parts[0:2]) path_info = url_parts[2] request, publication = get_request_and_publication( host=url_parts[1], extra_environment={ 'SERVER_URL': server_url, 'PATH_INFO': path_info}) request.setPublication(publication) # We avoid calling publication.beforePublication because this starts a new # transaction, which causes an abort of the existing transaction, and the # removal of any created and uncommitted objects. # Set the default layer. adapters = getGlobalSiteManager().adapters layer = adapters.lookup((providedBy(request),), IDefaultSkin, '') if layer is not None: layers.setAdditionalLayer(request, layer) principal = get_current_principal() if IUnauthenticatedPrincipal.providedBy(principal): login = None else: login = principal.person setupInteraction(principal, login, request) getUtility(IOpenLaunchBag).clear() app = publication.getApplication(request) view = request.traverse(app) # Find the object from the view instead on relying that it stays # in the traversed_objects stack. That doesn't apply to the web # service for example. try: obj = removeSecurityProxy(view).context except AttributeError: # But sometime the view didn't store the context... # Use the last traversed object in these cases. obj = request.traversed_objects[-2] restoreInteraction() return obj, view, request
def getSession(self): """Get the session data container that stores the OpenID request.""" if IUnauthenticatedPrincipal.providedBy(self.request.principal): # A dance to assert that we want to break the rules about no # unauthenticated sessions. Only after this next line is it # safe to set session values. allowUnauthenticatedSession( self.request, duration=timedelta(minutes=60)) return ISession(self.request)[SESSION_PKG_KEY]
def url(self): principal = self.request.principal if IUnauthenticatedPrincipal.providedBy(principal): return hf = IHomeFolder(principal, None) if None: return "" viewname = "personalpanelview" return urllib.parse.unquote(grok.util.url(self.request, hf, viewname))
def getSession(self): """Get the session data container that stores the OpenID request.""" if IUnauthenticatedPrincipal.providedBy(self.request.principal): # A dance to assert that we want to break the rules about no # unauthenticated sessions. Only after this next line is it # safe to set session values. allowUnauthenticatedSession(self.request, duration=timedelta(minutes=60)) return ISession(self.request)[SESSION_PKG_KEY]
def traverse(self, path): if path == 'profile': if IUnauthenticatedPrincipal.providedBy(self.request.principal): return self.context else: session = ISession(self.request)['OAuth2'] if 'principal' in session.keys(): user = session['principal'] return IUserProfile(user)
def logout(self, nextURL=None): if not IUnauthenticatedPrincipal.providedBy(self.request.principal): auth = component.getUtility(IAuthentication) ILogout(auth).logout(self.request) if nextURL: return self.redirect() if nextURL is None: return self.confirmation() else: return self.request.response.redirect(nextURL)
def __call__(self): if IUnauthenticatedPrincipal.providedBy(self.request.principal): self.request.principal.__parent__.unauthorized( self.request.principal.id, self.request) return 'Launchpad basic auth login page' referer = self.request.getHeader('referer') # Traditional w3c speling if referer and self.isSameHost(referer): self.request.response.redirect(referer) else: self.request.response.redirect(self.request.getURL(1)) return ''
def __call__(self): logged_out = IUnauthenticatedPrincipal.providedBy( self.request.principal) if not logged_out: auth = zope.component.getUtility( zope.authentication.interfaces.IAuthentication) zope.authentication.interfaces.ILogout(auth).logout(self.request) self._delete_sso_cookies() return self.request.response.redirect( zope.traversing.browser.absoluteURL(self.context, self.request))
def _maybePlacefullyAuthenticate(self, request, ob): if not IUnauthenticatedPrincipal.providedBy(request.principal): # We've already got an authenticated user. There's nothing to do. # Note that beforeTraversal guarentees that user is not None. return if not ISite.providedBy(ob): # We won't find an authentication utility here, so give up. return sm = removeSecurityProxy(ob).getSiteManager() self.authenticate(request, sm)
def __call__(self): if IUnauthenticatedPrincipal.providedBy(self.request.principal): return u'<a href="@@login.html?nextURL=%s">%s</a>' % ( urllib.quote(self.request.getURL()), translate(_('[Login]'), context=self.request, default='[Login]')) elif ILogoutSupported(self.request, None) is not None: return u'<a href="@@logout.html?nextURL=%s">%s</a>' % ( urllib.quote(self.request.getURL()), translate(_('[Logout]'), context=self.request, default='[Logout]')) else: return None
def handle_login(self, **data): authenticated = not IUnauthenticatedPrincipal.providedBy( self.request.principal, ) if authenticated: camefrom = self.request.form.get('camefrom') if camefrom: self.redirect(camefrom, self.url(grok.getSite())) else: self.redirect(self.url(grok.getSite())) self.flash(u'Logueado!', type=u'message') else: self.status = u'Autenticación fallida' self.errors += (Invalid(u'Usuario y/o contraseña invalidos'), ) self.form_reset = False
def handle_login(self, **data): authenticated = not IUnauthenticatedPrincipal.providedBy( self.request.principal, ) if authenticated: camefrom = self.request.form.get('camefrom') if camefrom: self.redirect(camefrom, self.url(grok.getSite())) else: self.redirect(self.url(grok.getSite())) self.flash(u'Logueado!', type=u'message') else: self.status = u'Autenticación fallida' self.errors += (Invalid(u'Usuario y/o contraseña invalidos'),) self.form_reset = False
def allowUnauthenticatedSession(request, duration=timedelta(minutes=10)): # As a rule, we do not want to send a cookie to an unauthenticated user, # because it breaks cacheing; and we do not want to create a session for # an unauthenticated user, because it unnecessarily consumes valuable # database resources. We have an assertion to ensure this. However, # sometimes we want to break the rules. To do this, first we set the # session cookie; then we assert that we only want it to last for a given # duration, so that, if the user does not log in, they can go back to # getting cached pages. Only after an unauthenticated user's session # cookie is set is it safe to write to it. if not IUnauthenticatedPrincipal.providedBy(request.principal): return client_id_manager = getUtility(IClientIdManager) if request.response.getCookie(client_id_manager.namespace) is None: client_id_manager.setRequestId( request, client_id_manager.getClientId(request)) expireSessionCookie(request, client_id_manager, duration)
def allowUnauthenticatedSession(request, duration=timedelta(minutes=10)): # As a rule, we do not want to send a cookie to an unauthenticated user, # because it breaks cacheing; and we do not want to create a session for # an unauthenticated user, because it unnecessarily consumes valuable # database resources. We have an assertion to ensure this. However, # sometimes we want to break the rules. To do this, first we set the # session cookie; then we assert that we only want it to last for a given # duration, so that, if the user does not log in, they can go back to # getting cached pages. Only after an unauthenticated user's session # cookie is set is it safe to write to it. if not IUnauthenticatedPrincipal.providedBy(request.principal): return client_id_manager = getUtility(IClientIdManager) if request.response.getCookie(client_id_manager.namespace) is None: client_id_manager.setRequestId(request, client_id_manager.getClientId(request)) expireSessionCookie(request, client_id_manager, duration)
def maybeRestrictToTeam(self, request): restrict_to_team = config.launchpad.restrict_to_team if not restrict_to_team: return restrictedlogin = '******' restrictedinfo = '+restricted-info' # Always allow access to +restrictedlogin and +restrictedinfo. traversal_stack = request.getTraversalStack() if (traversal_stack == [restrictedlogin] or traversal_stack == [restrictedinfo]): return principal = request.principal team = getUtility(IPersonSet).getByName(restrict_to_team) if team is None: raise AssertionError( 'restrict_to_team "%s" not found' % restrict_to_team) elif not ITeam.providedBy(team): raise AssertionError( 'restrict_to_team "%s" is not a team' % restrict_to_team) if IUnauthenticatedPrincipal.providedBy(principal): location = '/%s' % restrictedlogin else: # We have a team we can work with. user = IPerson(principal) if (user.inTeam(team) or user.inTeam(getUtility(ILaunchpadCelebrities).admin)): return else: location = '/%s' % restrictedinfo non_restricted_url = self.getNonRestrictedURL(request) if non_restricted_url is not None: location += '?production=%s' % urllib.quote(non_restricted_url) request.response.setResult('') request.response.redirect(location, temporary_if_possible=True) # Quash further traversal. request.setTraversalStack([])
def _ensureClientId(self): if self._have_ensured_client_id: return # We want to make sure the browser cookie and the database both know # about our client id. We're doing it lazily to try and keep anonymous # users from having a session. self.store.execute("SELECT ensure_session_client_id(?)", (self.client_id, ), noresult=True) request = get_current_browser_request() if request is not None: client_id_manager = getUtility(IClientIdManager) if IUnauthenticatedPrincipal.providedBy(request.principal): # it would be nice if this could be a monitored, logged # message instead of an instant-OOPS. assert ( client_id_manager.namespace in request.cookies or request.response.getCookie( client_id_manager.namespace) is not None ), ('Session data should generally only be stored for ' 'authenticated users, and for users who have just logged ' 'out. If an unauthenticated user has just logged out, ' 'they should have a session cookie set for ten minutes. ' 'This should be plenty of time for passing notifications ' 'about successfully logging out. Because this assertion ' 'failed, it means that some code is trying to set ' 'session data for an unauthenticated user who has been ' 'logged out for more than ten minutes: something that ' 'should not happen. The code setting the session data ' 'should be reviewed; and failing that, the cookie ' 'timeout after logout (set in ' 'webapp.login) should perhaps be ' 'increased a bit, if a ten minute fudge factor is not ' 'enough to handle the vast majority of computers with ' 'not-very-accurate system clocks. In an exceptional ' 'case, the code may set the necessary cookies itself to ' 'assert that yes, it *should* set the session for an ' 'unauthenticated user. See the webapp.login module for ' 'an example of this, as well.') else: client_id_manager.setRequestId(request, self.client_id) self._have_ensured_client_id = True
def maybeRestrictToTeam(self, request): restrict_to_team = config.launchpad.restrict_to_team if not restrict_to_team: return restrictedlogin = '******' restrictedinfo = '+restricted-info' # Always allow access to +restrictedlogin and +restrictedinfo. traversal_stack = request.getTraversalStack() if (traversal_stack == [restrictedlogin] or traversal_stack == [restrictedinfo]): return principal = request.principal team = getUtility(IPersonSet).getByName(restrict_to_team) if team is None: raise AssertionError('restrict_to_team "%s" not found' % restrict_to_team) elif not ITeam.providedBy(team): raise AssertionError('restrict_to_team "%s" is not a team' % restrict_to_team) if IUnauthenticatedPrincipal.providedBy(principal): location = '/%s' % restrictedlogin else: # We have a team we can work with. user = IPerson(principal) if (user.inTeam(team) or user.inTeam(getUtility(ILaunchpadCelebrities).admin)): return else: location = '/%s' % restrictedinfo non_restricted_url = self.getNonRestrictedURL(request) if non_restricted_url is not None: location += '?production=%s' % urllib.quote(non_restricted_url) request.response.setResult('') request.response.redirect(location, temporary_if_possible=True) # Quash further traversal. request.setTraversalStack([])
def __call__(self): request = self.request principal = request.principal unauthenticated = IUnauthenticatedPrincipal.providedBy(principal) self.unauthenticated = unauthenticated camefrom = request.get('camefrom') if isinstance(camefrom, list): # this can happen on python2.6, as it changed the # behaviour of cgi.FieldStorage a bit. camefrom = camefrom[0] self.camefrom = camefrom if (not unauthenticated) and ('SUBMIT' in request): # authenticated by submitting request.response.redirect(camefrom or '.') return '' return self.index() # call template
def _ensureClientId(self): if self._have_ensured_client_id: return # We want to make sure the browser cookie and the database both know # about our client id. We're doing it lazily to try and keep anonymous # users from having a session. self.store.execute( "SELECT ensure_session_client_id(?)", (self.client_id,), noresult=True) request = get_current_browser_request() if request is not None: client_id_manager = getUtility(IClientIdManager) if IUnauthenticatedPrincipal.providedBy(request.principal): # it would be nice if this could be a monitored, logged # message instead of an instant-OOPS. assert (client_id_manager.namespace in request.cookies or request.response.getCookie( client_id_manager.namespace) is not None), ( 'Session data should generally only be stored for ' 'authenticated users, and for users who have just logged ' 'out. If an unauthenticated user has just logged out, ' 'they should have a session cookie set for ten minutes. ' 'This should be plenty of time for passing notifications ' 'about successfully logging out. Because this assertion ' 'failed, it means that some code is trying to set ' 'session data for an unauthenticated user who has been ' 'logged out for more than ten minutes: something that ' 'should not happen. The code setting the session data ' 'should be reviewed; and failing that, the cookie ' 'timeout after logout (set in ' 'webapp.login) should perhaps be ' 'increased a bit, if a ten minute fudge factor is not ' 'enough to handle the vast majority of computers with ' 'not-very-accurate system clocks. In an exceptional ' 'case, the code may set the necessary cookies itself to ' 'assert that yes, it *should* set the session for an ' 'unauthenticated user. See the webapp.login module for ' 'an example of this, as well.') else: client_id_manager.setRequestId(request, self.client_id) self._have_ensured_client_id = True
def __call__(self): if IUnauthenticatedPrincipal.providedBy(self.request.principal): if 'loggingout' in self.request.form: target = '%s?loggingout=1' % self.request.URL[-2] self.request.response.redirect(target) return '' if self.request.method == 'POST': # If we got a POST then that's a problem. We can only # redirect with a GET, so when we redirect after a successful # login, the wrong method would be used. # If we get a POST here, it is an application error. We # must ensure that form pages require the same rights # as the pages that process those forms. So, we should never # need to newly authenticate on a POST. self.request.response.setStatus(500) # Internal Server Error self.request.response.setHeader('Content-type', 'text/plain') return ('Application error. Unauthenticated user POSTing to ' 'page that requires authentication.') # If we got any query parameters, then preserve them in the # new URL. Except for the BrowserNotifications current_url = self.request.getURL() while True: nextstep = self.request.stepstogo.consume() if nextstep is None: break current_url = urlappend(current_url, nextstep) query_string = self.request.get('QUERY_STRING', '') if query_string: query_string = '?' + query_string target = self.getRedirectURL(current_url, query_string) # A dance to assert that we want to break the rules about no # unauthenticated sessions. Only after this next line is it safe # to use the ``addInfoNotification`` method. allowUnauthenticatedSession(self.request) self.request.response.redirect(target) # Maybe render page with a link to the redirection? return '' else: self.request.response.setStatus(403) # Forbidden return self.template()
def login(self): data, errors = self.extractData() if errors: return FAILURE principal = self.request.principal if IUnauthenticatedPrincipal.providedBy(principal): self.status = _(u"Login failed") return FAILURE self.flash(_('You are now logged in as ${name}', mapping={"name": principal.id})) notify(UserLoginEvent(principal)) camefrom = self.request.get('camefrom', None) if not camefrom: if ILocation.providedBy(principal): camefrom = absoluteURL(principal, self.request) else: camefrom = absoluteURL(self.context, self.request) self.redirect(camefrom) return SUCCESS
def new_import(code_import, event): """Email the vcs-imports team about a new code import.""" if (event.user is None or IUnauthenticatedPrincipal.providedBy(event.user)): # If there is no logged in user, then we are most likely in a # test. return user = IPerson(event.user) subject = 'New code import: %s/%s' % ( code_import.branch.target.name, code_import.branch.name) if code_import.rcs_type == RevisionControlSystems.CVS: location = '%s, %s' % (code_import.cvs_root, code_import.cvs_module) else: location = code_import.url rcs_type_map = { RevisionControlSystems.CVS: 'CVS', RevisionControlSystems.SVN: 'subversion', RevisionControlSystems.BZR_SVN: 'subversion', RevisionControlSystems.GIT: 'git', RevisionControlSystems.BZR: 'bazaar', } body = get_email_template('new-code-import.txt', app='code') % { 'person': code_import.registrant.displayname, 'branch': canonical_url(code_import.branch), 'rcs_type': rcs_type_map[code_import.rcs_type], 'location': location, } from_address = format_address( user.displayname, user.preferredemail.email) vcs_imports = getUtility(ILaunchpadCelebrities).vcs_imports headers = {'X-Launchpad-Branch': code_import.branch.unique_name, 'X-Launchpad-Message-Rationale': 'Operator @%s' % vcs_imports.name, 'X-Launchpad-Notification-Type': 'code-import', } for address in get_contact_email_addresses(vcs_imports): simple_sendmail(from_address, address, subject, body, headers)
def authenticated(self): """Check whether context is an authenticated principal. Sample usage in a page template: <tal:span tal:define="user request/principal" tal:condition="user/schooltool:authenticated" tal:replace="user/title"> User title </tal:span> <tal:span tal:define="user request/principal" tal:condition="not:user/schooltool:authenticated"> Anonymous </tal:span> """ if self.context is None: # no one is logged in return False if not IPrincipal.providedBy(self.context): raise TypeError("schooltool:authenticated can only be applied" " to a principal but was applied on %r" % self.context) return not IUnauthenticatedPrincipal.providedBy(self.context)
def new_import(code_import, event): """Email the vcs-imports team about a new code import.""" if (event.user is None or IUnauthenticatedPrincipal.providedBy(event.user)): # If there is no logged in user, then we are most likely in a # test. return user = IPerson(event.user) subject = 'New code import: %s/%s' % (code_import.branch.target.name, code_import.branch.name) if code_import.rcs_type == RevisionControlSystems.CVS: location = '%s, %s' % (code_import.cvs_root, code_import.cvs_module) else: location = code_import.url rcs_type_map = { RevisionControlSystems.CVS: 'CVS', RevisionControlSystems.SVN: 'subversion', RevisionControlSystems.BZR_SVN: 'subversion', RevisionControlSystems.GIT: 'git', RevisionControlSystems.BZR: 'bazaar', } body = get_email_template('new-code-import.txt', app='code') % { 'person': code_import.registrant.displayname, 'branch': canonical_url(code_import.branch), 'rcs_type': rcs_type_map[code_import.rcs_type], 'location': location, } from_address = format_address(user.displayname, user.preferredemail.email) vcs_imports = getUtility(ILaunchpadCelebrities).vcs_imports headers = { 'X-Launchpad-Branch': code_import.branch.unique_name, 'X-Launchpad-Message-Rationale': 'Operator @%s' % vcs_imports.name, 'X-Launchpad-Notification-Type': 'code-import', } for address in get_contact_email_addresses(vcs_imports): simple_sendmail(from_address, address, subject, body, headers)
def login(self): data, errors = self.extractData() if errors: return FAILURE principal = self.request.principal if IUnauthenticatedPrincipal.providedBy(principal): self.status = _("Login failed") return FAILURE self.flash( _("You are now logged in as ${name}", mapping={"name": principal.id})) grok.notify(UserLoggedInEvent(principal)) camefrom = self.request.get("camefrom", None) if not camefrom: if ILocation.providedBy(principal): camefrom = absoluteURL(principal, self.request) else: camefrom = absoluteURL(self.context, self.request) self.redirect(camefrom) return SUCCESS
def setupInteraction(principal, login=None, participation=None): """Sets up a new interaction with the given principal. The login gets added to the launch bag. You can optionally pass in a participation to be used. If no participation is given, a Participation is used. """ # If principal is None, this method acts just like endInteraction. if principal is None: endInteraction() return if principal == ANONYMOUS: authutil = getUtility(IPlacelessAuthUtility) principal = authutil.unauthenticatedPrincipal() if participation is None: participation = Participation() # First end any running interaction, and start a new one. endInteraction() newInteraction(participation) launchbag = getUtility(IOpenLaunchBag) if IUnauthenticatedPrincipal.providedBy(principal): launchbag.setLogin(None) else: launchbag.setLogin(login) if IPublicationRequest.providedBy(participation): # principal is a read-only attribute on requests. participation.setPrincipal(principal) else: # Try setting the attribute directly. participation.principal = principal
def __call__(self): if IUnauthenticatedPrincipal.providedBy(self.request.principal): self.http_status_code = 401 self.additional_headers.update([("WWW-Authenticate", "Basic realm=Bungeni")]) return super(Unauthorized, self).__call__()
def getHomeFolder(request): principal = request.principal if IUnauthenticatedPrincipal.providedBy(principal): return return IHomeFolder(principal).homeFolder
def isLoggedIn(request): return not IUnauthenticatedPrincipal.providedBy(request.principal)
def update(self): if not IUnauthenticatedPrincipal.providedBy(self.request.principal): for key in self.KEYS: self.request.response.expireCookie(key, path="/", domain="ukh.de")