def check_login(self, username, password):
try:
session_id, data = self._get_fasclient().login(username, password)
return data.user
except AuthError:
return False
except Exception, ex:
log_warning('Error', {
'message': 'An error occured while checking username/password: %s'
% ex})
return False
def view_fas_login():
if not 'next' in request.args and not 'next' in get_session():
return redirect(url_for('view_main'))
if 'next' in request.args:
get_session()['next'] = request.args['next']
get_session().save()
if get_auth_module().logged_in() and not \
('timeout' in get_session() and get_session()['timeout']):
# We can also have "timeout" as of 0.4.0
# indicating PAPE or application configuration requires a re-auth
log_debug('Info', {
'message': 'User tried to login but is already authenticated'})
return redirect(get_session()['next'])
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
if (not app.config['FAS_AVAILABLE_FILTER']) or \
(username in app.config['FAS_AVAILABLE_TO']):
if username == '' or password == '':
user = None
else:
user = get_auth_module().check_login(username, password)
if user:
log_info('Success', {
'username': username,
'message': 'User authenticated succesfully'})
user = user.toDict() # A bunch is not serializable...
user['groups'] = [x['name'] for x in
user['approved_memberships']]
get_session()['user'] = user
get_session()['last_auth_time'] = time()
get_session()['timeout'] = False
get_session()['trust_root'] = ''
get_session().save()
return redirect(get_session()['next'])
else:
log_warning('Failure', {
'username': username,
'message': 'User entered incorrect username or password'})
flash(_('Incorrect username or password'))
else:
log_warning('Failure', {
'username': username,
'message': 'Tried to login with an account that is not '
'allowed to use this service'})
flash(_('This service is limited to the following '
'users: %(users)s',
users=', '.join(app.config['FAS_AVAILABLE_TO'])))
return render_template(
'auth_fas_login.html',
trust_root=get_session()['trust_root'])
def view_persona_fas_login():
if not 'username' in request.form or not 'password' in request.form:
return Response('No user or pw', status=400)
if get_auth_module().logged_in():
return Response('Already logged in', status=409)
username = request.form['username']
password = request.form['password']
if (not app.config['FAS_AVAILABLE_FILTER']) or \
(username in app.config['FAS_AVAILABLE_TO']):
if username == '' or password == '':
user = None
else:
user = get_auth_module().check_login(username, password)
if user:
log_info('Success', {
'username': username,
'message': 'User authenticated succesfully'})
user = user.toDict() # A bunch is not serializable...
user['groups'] = [x['name'] for x in
user['approved_memberships']]
get_session()['user'] = user
get_session()['last_auth_time'] = time()
get_session()['timeout'] = False
get_session()['trust_root'] = ''
get_session().save()
return Response('Success', status=200)
else:
log_warning('Failure', {
'username': username,
'message': 'User entered incorrect username or password'})
return Response('Incorrect username or password', status=403)
else:
log_warning('Failure', {
'username': username,
'message': 'Tried to login with an account that is not '
'allowed to use this service'})
return Response('Service limited to a restricted set of users', status=403)
elif authed == AUTH_TRUST_ROOT_ASK:
# User needs to confirm trust root
return user_ask_trust_root(openid_request)
elif authed == AUTH_TRUST_ROOT_NOT_OK:
log_info('Info', {
'trust_root': openid_request.trust_root,
'message': 'User chose not to trust trust_root'})
return openid_respond(openid_request.answer(False))
elif authed == AUTH_TRUST_ROOT_CONFIG_NOT_OK:
log_info('Info', {
'trust_root': openid_request.trust_root,
'message': 'Configuration blacklisted this trust_root'})
return openid_respond(openid_request.answer(False))
elif openid_request.immediate:
log_warning('Error', {
'trust_root': openid_request.trust_root,
'message': 'Trust root demanded checkid_immediate'})
return openid_respond(openid_request.answer(False))
elif authed == AUTH_TIMEOUT:
get_session()['timeout'] = True
get_session()['next'] = request.base_url
get_session().save()
return get_auth_module().start_authentication()
elif authed == AUTH_NOT_LOGGED_IN:
get_session()['next'] = request.base_url
get_session()['trust_root'] = openid_request.trust_root
get_session().save()
return get_auth_module().start_authentication()
else:
log_error('Failure', {
'username': get_auth_module().get_username(),