Exemplo n.º 1
0
	def index(self):
	    formLogin = AccountForm.LoginForm(request.form)
	    if request.method == 'GET' :
	    	return render_template('index.html',formLogin=formLogin)
	    if request.method == 'POST' :
	        if request.form.get('login', None)  == 'Login' :
	            return AccountController.authenticatePopUpLogin(formLogin,'index')	
Exemplo n.º 2
0
	def checkout(self):
	    """ To address user pop up login , we have to pass formLogin to each page """
	    formLogin = AccountForm.LoginForm(request.form)
	    if request.method == 'GET' :
	        return render_template('checkout.html',formLogin=formLogin)
	    if request.method == 'POST' :
	        if request.form.get('login', None)  == 'Login' :
	            return AccountController.authenticatePopUpLogin(formLogin,'checkout')
Exemplo n.º 3
0
 def index(self):
     formLogin = AccountForm.LoginForm(request.form)
     if request.method == 'GET':
         return render_template('index.html', formLogin=formLogin)
     if request.method == 'POST':
         if request.form.get('login', None) == 'Login':
             return AccountController.authenticatePopUpLogin(
                 formLogin, 'index')
Exemplo n.º 4
0
 def checkout(self):
     """ To address user pop up login , we have to pass formLogin to each page """
     formLogin = AccountForm.LoginForm(request.form)
     if request.method == 'GET':
         return render_template('checkout.html', formLogin=formLogin)
     if request.method == 'POST':
         if request.form.get('login', None) == 'Login':
             return AccountController.authenticatePopUpLogin(
                 formLogin, 'checkout')
Exemplo n.º 5
0
class ContactController(object):

	def __init__(self,request):
	    self.request = request

	def contactus(self):
		""" To address user pop up login , we have to pass formLogin to each page """
	    formLogin = AccountForm.LoginForm(request.form)
	    if request.method == 'GET' :
	        return render_template('contact.html',formLogin=formLogin)
	    
	    elif request.method == 'POST' :
	        if request.form.get('login', None)  == 'Login' :
	            return AccountController.authenticatePopUpLogin(formLogin,'contact')    
Exemplo n.º 6
0
class RootController:
    import FileController
    import ShareController
    import MessageController
    import AdminController
    import AccountController
    share = ShareController.ShareController()
    file = FileController.FileController()
    account = AccountController.AccountController()
    admin = AdminController.AdminController()
    message = MessageController.MessageController()

    #DropPrivileges(cherrypy.engine, umask=077, uid='nobody', gid='nogroup').subscribe()

    def __init__(self):
        pass

    @cherrypy.expose
    def local(self, **kwargs):
        raise cherrypy.HTTPRedirect(
            "%s/login?local=%s" %
            (cherrypy.request.app.config['filelocker']['root_url'], str(True)))

    @cherrypy.expose
    def login(self, **kwargs):
        msg, errorMessage, config = (None, None,
                                     cherrypy.request.app.config['filelocker'])
        authType = session.query(ConfigParameter).filter(
            ConfigParameter.name == "auth_type").one().value
        orgConfig = get_config_dict_from_objects(
            session.query(ConfigParameter).filter(
                ConfigParameter.name.like('org_%')).all())
        if kwargs.has_key("msg"):
            msg = kwargs['msg']
        if kwargs.has_key("local") and kwargs['local'] == str(True):
            authType = "local"

        loginPage = config['root_url'] + "/process_login"
        if msg is not None and str(strip_tags(msg)) == "1":
            errorMessage = "Invalid username or password"
        elif msg is not None and str(strip_tags(msg)) == "2":
            errorMessage = "You have been logged out of the application"
        elif msg is not None and str(strip_tags(msg)) == "3":
            errorMessage = "Password cannot be blank"

        if authType == "ldap" or authType == "local":
            currentYear = datetime.date.today().year
            footerText = str(
                Template(file=get_template_file('footer_text.tmpl'),
                         searchList=[locals(), globals()]))
            tpl = Template(file=get_template_file('login.tmpl'),
                           searchList=[locals(), globals()])
            return str(tpl)
        elif authType == "cas":
            raise cherrypy.HTTPRedirect(config['root_url'])
        else:
            cherrypy.log.error(
                "[system] [login] [No authentication variable set in config]")
            raise cherrypy.HTTPError(403, "No authentication mechanism")

    @cherrypy.expose
    @cherrypy.tools.requires_login()
    def logout(self):
        config = cherrypy.request.app.config['filelocker']
        orgConfig = get_config_dict_from_objects(
            session.query(ConfigParameter).filter(
                ConfigParameter.name.like('org_%')).all())
        authType = session.query(ConfigParameter).filter(
            ConfigParameter.name == "auth_type").one().value
        if authType == "cas":
            from lib.CAS import CAS
            casUrl = session.query(ConfigParameter).filter(
                ConfigParameter.name == "cas_url").one().value
            casConnector = CAS(casUrl)
            casLogoutUrl = casConnector.logout_url(
            ) + "?redirectUrl=" + config['root_url'] + "/logout_cas"
            currentYear = datetime.date.today().year
            footerText = str(
                Template(file=get_template_file('footer_text.tmpl'),
                         searchList=[locals(), globals()]))
            tpl = Template(file=get_template_file('cas_logout.tmpl'),
                           searchList=[locals(), globals()])
            cherrypy.session['user'], cherrypy.response.cookie['filelocker'][
                'expires'] = None, 0
            return str(tpl)
        else:
            cherrypy.session['user'], cherrypy.response.cookie['filelocker'][
                'expires'] = None, 0
            raise cherrypy.HTTPRedirect(config['root_url'] + '/login?msg=2')

    @cherrypy.expose
    def logout_cas(self):
        from lib.CAS import CAS
        config = cherrypy.request.app.config['filelocker']
        orgConfig = get_config_dict_from_objects(
            session.query(ConfigParameter).filter(
                ConfigParameter.name.like('org_%')).all())
        currentYear = datetime.date.today().year
        footerText = str(
            Template(file=get_template_file('footer_text.tmpl'),
                     searchList=[locals(), globals()]))
        tpl = Template(file=get_template_file('cas_logout_confirmation.tmpl'),
                       searchList=[locals(), globals()])
        return str(tpl)

    @cherrypy.expose
    def process_login(self, local, username, password, **kwargs):
        rootURL, local = cherrypy.request.app.config['filelocker'][
            'root_url'], False
        if kwargs.has_key("local") and local == str(True):
            local = True
        username = strip_tags(username)

        if password is None or password == "":
            raise cherrypy.HTTPRedirect("%s/login?msg=3&local=%s" %
                                        (rootURL, str(local)))
        else:
            directory = AccountService.ExternalDirectory(local)
            if directory.authenticate(username, password):
                currentUser = AccountService.get_user(
                    username, True
                )  #if they are authenticated and local, this MUST return a user object
                if currentUser is not None:
                    if not currentUser.authorized:
                        raise cherrypy.HTTPError(
                            403,
                            "You do not have permission to access this system")
                    session.add(
                        AuditLog(
                            cherrypy.session.get("user").id, "Login",
                            "User %s logged in successfully from IP %s" %
                            (currentUser.id, cherrypy.request.remote.ip)))
                    session.commit()
                    raise cherrypy.HTTPRedirect(rootURL)
                else:  #This should only happen in the case of a user existing in the external directory, but having never logged in before
                    try:
                        newUser = directory.lookup_user(username)
                        AccountService.install_user(newUser)
                        currentUser = AccountService.get_user(username, True)
                        if currentUser is not None and currentUser.authorized != False:
                            raise cherrypy.HTTPRedirect(rootURL)
                        else:
                            raise cherrypy.HTTPError(
                                403,
                                "You do not have permission to access this system"
                            )
                    except Exception, e:
                        return "Unable to install user: %s" % str(e)
            else:
Exemplo n.º 7
0
 def __init__(self):
     self.ac = AccountController.AccountController()
     self.bc = BookController.BookController()
     self.ofc = OrderFormController.OrderFormController()
     self.dc = DataController.DataController()