示例#1
0
def auth_login():
    if not 'next' in request.args and not 'next' in session:
        return redirect(url_for('view_main'))
    if 'next' in request.args:
        session['next'] = request.args['next']
    if g.fas_user and not ('timeout' in session and session['timeout']): # We can also have "timeout" as of 0.4.0, indicating PAPE or application configuration requires a re-auth
        log_debug('Info', {'message': 'User tried to login but is already authenticated'})
        return redirect(session['next'])
    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']
        if (not app.config['AVAILABLE_FILTER']) or (username in app.config['AVAILABLE_TO']):
            if FAS.login(username, password):
                log_info('Success', {'username': username, 'message': 'User authenticated succesfully'})
                session['last_auth_time'] = time()
                session['timeout'] = False
                session['trust_root'] = ''
                session.modified = True
                return redirect(session['next'])
            else:
                log_warning('Failure', {'username': username, 'message': 'User entered incorrect username or password'})
                flash(_('Incorrect username or password'))
        else:
            log_warning('Failure', {'username': username, 'message': 'Tried to login with an account that is not allowed to use this service'})
            flash(_('This service is limited to the following users: %(users)s', users=', '.join(app.config['AVAILABLE_TO'])))
    return render_template('login.html', trust_root=session['trust_root'])
示例#2
0
def check_login(username, password):
    try:
        session_id, data = _get_fasclient().login(username, password)
        return data.user
    except AuthError:
        return False
    except Exception, ex:
        log_warning('Error', {
            'message': 'An error occured while checking username/password: %s'
            % ex})
        return False
示例#3
0
def auth_login():
    if not 'next' in request.args and not 'next' in get_session():
        return redirect(url_for('view_main'))
    if 'next' in request.args:
        get_session()['next'] = request.args['next']
        get_session().save()
    if logged_in() and not \
            ('timeout' in get_session() and get_session()['timeout']):
        # We can also have "timeout" as of 0.4.0
        # indicating PAPE or application configuration requires a re-auth
        log_debug('Info', {
            'message': 'User tried to login but is already authenticated'})
        return redirect(get_session()['next'])
    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']
        if (not app.config['AVAILABLE_FILTER']) or \
                (username in app.config['AVAILABLE_TO']):
            if username == '' or password == '':
                user = None
            else:
                user = check_login(username, password)
            if user:
                log_info('Success', {
                    'username': username,
                    'message': 'User authenticated succesfully'})
                user = user.toDict()  # A bunch is not serializable...
                user['groups'] = [x['name'] for x in
                                  user['approved_memberships']]
                get_session()['user'] = user
                get_session()['last_auth_time'] = time()
                get_session()['timeout'] = False
                get_session()['trust_root'] = ''
                get_session().save()
                return redirect(get_session()['next'])
            else:
                log_warning('Failure', {
                    'username': username,
                    'message': 'User entered incorrect username or password'})
                flash(_('Incorrect username or password'))
        else:
            log_warning('Failure', {
                'username': username,
                'message': 'Tried to login with an account that is not '
                           'allowed to use this service'})
            flash(_('This service is limited to the following '
                    'users: %(users)s',
                    users=', '.join(app.config['AVAILABLE_TO'])))
    return render_template(
        'auth_fas_login.html',
        trust_root=get_session()['trust_root'])
示例#4
0
 elif authed == AUTH_TRUST_ROOT_ASK:
     # User needs to confirm trust root
     return user_ask_trust_root(openid_request)
 elif authed == AUTH_TRUST_ROOT_NOT_OK:
     log_info('Info', {
         'trust_root': openid_request.trust_root,
         'message': 'User chose not to trust trust_root'})
     return openid_respond(openid_request.answer(False))
 elif authed == AUTH_TRUST_ROOT_CONFIG_NOT_OK:
     log_info('Info', {
         'trust_root': openid_request.trust_root,
         'message': 'Configuration blacklisted this trust_root'})
     return openid_respond(openid_request.answer(False))
 elif openid_request.immediate:
     log_warning('Error', {
         'trust_root': openid_request.trust_root,
         'message': 'Trust root demanded checkid_immediate'})
     return openid_respond(openid_request.answer(False))
 elif authed == AUTH_TIMEOUT:
     get_session()['timeout'] = True
     get_session()['next'] = request.base_url
     get_session().save()
     return redirect(app.config['LOGIN_URL'])
 elif authed == AUTH_NOT_LOGGED_IN:
     get_session()['next'] = request.base_url
     get_session()['trust_root'] = openid_request.trust_root
     get_session().save()
     return redirect(app.config['LOGIN_URL'])
 else:
     log_error('Failure', {
         'username': auth_module.get('username'),