Пример #1
0
    def secure_url_with_token(self, url, user_data=None):
        if user_data is None:
            (user_data, _) = self.resolve_user_info()
        if not user_data:
            if not self.request_string("reset_token", default=""):
                logging.warn("No user detected for password change")
            return util.secure_url(url)

        token = TransferAuthToken.for_user(user_data).value
        if url.find('?') == -1:
            return "%s?transfer_token=%s" % (util.secure_url(url),
                                             urllib.quote_plus(token))
        else:
            return "%s&transfer_token=%s" % (util.secure_url(url),
                                             urllib.quote_plus(token))
Пример #2
0
def _resolve_user_in_https_frame(handler):
    """Determine the current logged in user for the HTTPS request.

    This has logic in additional to UserData.current(), since it should also
    accept TransferAuthTokens, since HTTPS requests may not have normal HTTP
    cookies sent.
    """

    user_data = UserData.current()
    if user_data:
        return user_data

    if not App.is_dev_server and not handler.request.uri.startswith('https'):
        return None

    # On https, users aren't recognized through the normal means of cookie auth
    # since their cookies were set on HTTP domains.
    token_value = handler.request_string("transfer_token", default=None)
    return TransferAuthToken.get_user_for_value(
        token_value, UserData.get_from_user_id)
Пример #3
0
    def render_outer(self):
        """Render the second part of the user signup step, after the user
        has verified ownership of their e-mail account.

        The request URI must include a valid token from an UnverifiedUser, and
        can be made via build_link(), or be made by a user without an existing
        password set.

        Note that the contents are actually rendered in an iframe so it
        can be sent over https (generated in render_form).
        """
        (valid_token, _) = self.resolve_token()
        user_data = UserData.current()
        if valid_token and user_data:
            if not user_data.is_phantom:
                logging.info("User tried to verify e-mail and complete a " +
                             "signup in a browser with an existing " +
                             "signed-in user. Forcefully signing old user " +
                             "out to avoid conflicts")
                self.redirect(util.create_logout_url(self.request.uri))
                return

            # Ignore phantom users.
            user_data = None

        if not valid_token and not user_data:
            # Just take them to the homepage for now.
            self.redirect("/")
            return

        transfer_token = None
        if user_data:
            if user_data.has_password():
                # The user already has a KA login - redirect them to their profile
                self.redirect(user_data.profile_root)
                return
            elif not user_data.has_sendable_email():
                # This is a case where a Facebook user logged in and tried
                # to signup for a KA password. Unfortunately, since we don't
                # have their e-mail, we can't let them proceed, since, without
                # a valid e-mail we can't reset passwords, etc.
                logging.error("User tried to signup for password with "
                              "no email associated with the account")
                self.redirect("/")
                return
            else:
                # Here we have a valid user, and need to transfer their identity
                # to the inner iframe that will be hosted on https.
                # Since their current cookies may not be transferred/valid in
                # https, mint a custom, short-lived token to transfer identity.
                transfer_token = TransferAuthToken.for_user(user_data).value

        template_values = {
            'params': util.build_params({
                                         'token': valid_token,
                                         'transfer_token': transfer_token,
                                         }),
            'continue': self.request_string("continue", default="/")
        }

        self.render_jinja2_template('completesignup.html', template_values)