def view_fas_login(): if not 'next' in request.args and not 'next' in get_session(): return redirect(url_for('view_main')) if 'next' in request.args: get_session()['next'] = request.args['next'] get_session().save() if get_auth_module().logged_in() and not \ ('timeout' in get_session() and get_session()['timeout']): # We can also have "timeout" as of 0.4.0 # indicating PAPE or application configuration requires a re-auth log_debug('Info', { 'message': 'User tried to login but is already authenticated'}) return redirect(get_session()['next']) if request.method == 'POST': username = request.form['username'] password = request.form['password'] if (not app.config['FAS_AVAILABLE_FILTER']) or \ (username in app.config['FAS_AVAILABLE_TO']): if username == '' or password == '': user = None else: user = get_auth_module().check_login(username, password) if user: log_info('Success', { 'username': username, 'message': 'User authenticated succesfully'}) user = user.toDict() # A bunch is not serializable... user['groups'] = [x['name'] for x in user['approved_memberships']] get_session()['user'] = user get_session()['last_auth_time'] = time() get_session()['timeout'] = False get_session()['trust_root'] = '' get_session().save() return redirect(get_session()['next']) else: log_warning('Failure', { 'username': username, 'message': 'User entered incorrect username or password'}) flash(_('Incorrect username or password')) else: log_warning('Failure', { 'username': username, 'message': 'Tried to login with an account that is not ' 'allowed to use this service'}) flash(_('This service is limited to the following ' 'users: %(users)s', users=', '.join(app.config['FAS_AVAILABLE_TO']))) return render_template( 'auth_fas_login.html', trust_root=get_session()['trust_root'])
sreg_info = addSReg(openid_request, openid_response) teams_info = addTeams( openid_request, openid_response, filter_cla_groups(get_auth_module().get_groups())) cla_info = addCLAs( openid_request, openid_response, get_cla_uris(get_auth_module().get_groups())) auth_level = addPape(openid_request, openid_response) log_info('Success', { 'claimed_id': get_claimed_id(get_auth_module().get_username()), 'trust_root': openid_request.trust_root, 'security_level': auth_level, 'message': 'The user succesfully claimed the identity'}) log_debug('Info', {'teams': teams_info}) return openid_respond(openid_response) elif authed == AUTH_TRUST_ROOT_ASK: # User needs to confirm trust root return user_ask_trust_root(openid_request) elif authed == AUTH_TRUST_ROOT_NOT_OK: log_info('Info', { 'trust_root': openid_request.trust_root, 'message': 'User chose not to trust trust_root'}) return openid_respond(openid_request.answer(False)) elif authed == AUTH_TRUST_ROOT_CONFIG_NOT_OK: log_info('Info', { 'trust_root': openid_request.trust_root, 'message': 'Configuration blacklisted this trust_root'}) return openid_respond(openid_request.answer(False)) elif openid_request.immediate: