def logout(self):
response = HTTPFound(headers=forget(self.request))
if self.request.referrer and same_origin(
self.request.referrer, self.request.current_route_url()):
response.location = self.request.referrer
else:
response.location = self.request.route_url(route_name='home')
return response
def logout(self):
response = HTTPFound(headers=forget(self.request))
if self.request.referrer and same_origin(
self.request.referrer, self.request.current_route_url()):
response.location = self.request.referrer
else:
response.location = self.request.route_url(route_name='home')
return response
def login(self):
hubclient = self.request.registry.hubclient
response = HTTPFound()
# redeem ticket to get user data
ticket = self.request.GET.get('ticket', None)
if ticket and hubclient:
try:
user = hubclient.get_user(
ticket, self.request.route_url('redirect_to_login'))
self.request.session[USER_DATA_SESSION_KEY] = user.data
user_id = user.get('uuid')
headers = remember(self.request, user_id)
response.headerlist.extend(headers)
except HubClientException:
# TODO: what to do when ticket is invalid?
pass
redirect_url = self.request.GET.get('url', None)
if not (redirect_url and same_origin(
redirect_url, self.request.current_route_url())):
redirect_url = self.request.route_url(route_name='home')
response.location = redirect_url
return response
def login(self):
hubclient = self.request.registry.hubclient
response = HTTPFound()
# redeem ticket to get user data
ticket = self.request.GET.get('ticket', None)
if ticket and hubclient:
try:
user = hubclient.get_user(
ticket, self.request.route_url('redirect_to_login'))
self.request.session[USER_DATA_SESSION_KEY] = user.data
user_id = user.get('uuid')
headers = remember(self.request, user_id)
response.headerlist.extend(headers)
except HubClientException:
# TODO: what to do when ticket is invalid?
pass
redirect_url = self.request.GET.get('url', None)
if not (redirect_url and same_origin(
redirect_url, self.request.current_route_url())):
redirect_url = self.request.route_url(route_name='home')
response.location = redirect_url
return response
def record_edit(self):
zonename = self.request.matchdict['zonename']
recordname = self.request.matchdict['recordname']
zonefile = settings.zones[zonename]
zone = Zone(zonename, zonefile)
protected = name_is_protected(zonename, recordname)
response = {"zonename": zonename,
"recordname": recordname}
if self.request.POST and protected:
return HTTPForbidden("You can not modify this domain name")
elif protected:
response['protected'] = protected
response['record'] = zone.get_record(recordname)
return response
schema = Record(validator=record_validator)
form = deform.Form(schema, buttons=('submit',))
if self.request.POST:
controls = self.request.POST.items()
try:
data = form.validate(controls)
except deform.ValidationFailure, e:
response['form'] = e.render()
return response
else:
zone.add_record(**data)
response = HTTPFound()
response.location = self.request.route_url('record',
zonename=zonename,
recordname=data['name'])
return response
def record_add(self):
zonename = self.request.matchdict['zonename']
zonefile = settings.zones[zonename]
zone = Zone(zonename, zonefile)
schema = Record(validator=record_validator)
form = deform.Form(schema, buttons=('submit',))
response = {"zonename": zonename,
"recordname": "new"}
response["form"] = form.render()
if 'submit' in self.request.POST:
controls = self.request.POST.items()
try:
data = form.validate(controls)
except deform.ValidationFailure, e:
response['form'] = e.render()
return response
if not name_is_protected(zonename, data['name']):
zone.add_record(**data)
response = HTTPFound()
response.location = self.request.route_url('record',
zonename=zonename,
recordname=data['name'])
return response
else:
return HTTPForbidden()
def record_add(self):
zonename = self.request.matchdict['zonename']
zonefile = settings.zones[zonename]
zone = Zone(zonename, zonefile)
schema = Record()
form = deform.Form(schema, buttons=('submit', ))
response = {"zonename": zonename}
response["form"] = form.render()
if 'submit' in self.request.POST:
controls = self.request.POST.items()
try:
data = form.validate(controls)
except ValidationFailure, e:
response['form'] = e.render()
return response
if not name_is_protected(zonename, data['name']):
zone.add_record(**data)
response = HTTPFound()
response.location = self.request.route_url(
'record', zonename=zonename, recordname=data['name'])
return response
else:
return HTTPForbidden()
def record_edit(self):
zonename = self.request.matchdict['zonename']
recordname = self.request.matchdict['recordname']
zonefile = settings.zones[zonename]
zone = Zone(zonename, zonefile)
protected = name_is_protected(zonename, recordname)
response = {"zonename": zonename}
if self.request.POST and protected:
return HTTPForbidden("You can not modify this domain name")
elif protected:
response['protected'] = protected
response['record'] = zone.get_record(recordname)
return response
schema = Record()
form = deform.Form(schema, buttons=('submit', ))
if self.request.POST:
controls = self.request.POST.items()
try:
data = form.validate(controls)
except ValidationFailure, e:
response['form'] = e.render()
return response
else:
zone.add_record(**data)
response = HTTPFound()
response.location = self.request.route_url(
'record', zonename=zonename, recordname=data['name'])
def item_add(self):
groupname = self.request.matchdict['groupname']
groupfile = self.files[groupname]
group = self.backend(groupname, groupfile)
schema = group.get_add_schema()
form = deform.Form(schema, buttons=('submit',))
response = {"groupname": groupname,
"itemname": "new"}
response["form"] = form.render()
if 'submit' in self.request.POST and self.request.POST['submit'] == 'submit':
controls = self.request.POST.items()
try:
data = form.validate(controls)
except deform.ValidationFailure, e:
response['form'] = e.render()
return response
if data['name'] not in self.protected_names[groupname]:
group.add_item(data)
response = HTTPFound()
response.location = self.request.route_url('item',
groupname=groupname,
itemname=data['name'])
return response
else:
return HTTPForbidden()
def record_delete(self):
zonename = self.request.matchdict['zonename']
recordname = self.request.matchdict['recordname']
zonefile = settings.zones[zonename]
zone = Zone(zonename, zonefile)
if name_is_protected(zonename, recordname):
raise HTTPForbidden("You can not modify this domain name")
zone.del_record(recordname)
response = HTTPFound()
response.location = self.request.route_url('zoneview',
zonename=zonename)
return response
def record_delete(self):
zonename = self.request.matchdict['zonename']
recordname = self.request.matchdict['recordname']
zonefile = settings.zones[zonename]
zone = Zone(zonename, zonefile)
if name_is_protected(zonename, recordname):
raise HTTPForbidden("You can not modify this domain name")
zone.del_record(recordname)
response = HTTPFound()
response.location = self.request.route_url('zoneview',
zonename=zonename)
return response
def item_delete(self):
groupname = self.request.matchdict['groupname']
itemname = self.request.matchdict['itemname']
groupfile = self.files[groupname]
group = self.backend(groupname, groupfile)
if itemname in self.protected_names[groupname]:
raise HTTPForbidden("You can not modify this domain name")
group.del_item(itemname)
response = HTTPFound()
response.location = self.request.route_url('groupview',
groupname=groupname)
return response
def __call__(self):
""" login view callable """
# convenient method to set Cache-Control and Expires headers
self.request.response.cache_expires = 0
dbsession = DBSession()
params = self.request.params
login_url = route_url('login', self.request)
message = ''
# playerid, password from cookie
playerid = ''
password = ''
passwordFromCookie = False
lc = self.request.cookies.get('cis_login_credentials', '')
if lc:
lc = lc.split('|')
if len(lc) == 3:
passwordFromCookie = True
playerid = lc[0]
password = lc[1]
activeUser = User()
activeUser.playerid = playerid
activeUser.password = password
user = None
errors = {}
passwordOk = False
referrer = self.request.url
if referrer == login_url:
referrer = '/'
came_from = self.request.params.get('came_from', referrer)
url = came_from
logged_in = authenticated_userid(self.request)
headers = ''
initial_login = not logged_in
storeplayeridPwd = params.get('remember', '')
# if already logged in and requesting this page, redirect to forbidden
if logged_in:
message = 'You do not have the required permissions to see this page.'
return dict(
message=message,
url=url,
came_from=came_from,
password=password,
user=activeUser,
headers=headers,
errors=errors,
logged_in=logged_in,
remember=storeplayeridPwd
)
# check whether we are asked to do an autologin (from pwdreset.py)
autologin = 0 #self.request.session.pop_flash(queue='autologin')
# 'SECURITY RISK'
forcelogin = lc and self.request.params.get('forcelogin', '')
if forcelogin or autologin or 'form.submitted' in params:
if autologin:
autologin = autologin[0].split('|')
playerid = autologin[0]
password = autologin[1] #encrypted
elif forcelogin:
pass
else:
playerid = params['playerid']
# when we get a password from a cookie, we already receive it encrypted. If not, encrypt it here
password = (passwordFromCookie and password) or params['password']
if not password:
errors['password'] = "******"
else:
# if autologin, we already receive it encrypted. If not, encrypt it here
password = ((forcelogin or autologin) and password) or hashlib.md5(params['password']).hexdigest()
if not playerid:
errors['playerid'] = "Enter your player id"
if playerid and password:
user = dbsession.query(User).filter_by(playerid=playerid).first()
if user:
passwordOk = (user.password == password)
if not user:
message = 'You do not have a CIS account'
elif user.banned:
message = 'Your account has been banned.'
elif not user.activated:
message = 'Your account has not yet been activated'
elif not passwordOk:
message = 'Your account/password do not match'
else:
# READY TO LOGIN, SOME FINAL CHECKS
now = datetime.now()
headers = remember(self.request, user.playerid)
last_login = now.strftime('%Y-%m-%d %H:%M:%S')
user.last_web = last_login
response = HTTPFound()
user.last_login = last_login
response.headers = headers
response.content_type = 'text/html'
response.charset = 'UTF-8'
if storeplayeridPwd:
cookie_val = '%s|%s' % (playerid, password)
response.set_cookie('cis_login_credentials', cookie_val, max_age=timedelta(days=365), path='/')
response.location = came_from
if (not forcelogin) and (not storeplayeridPwd):
response.delete_cookie('cis_login_credentials')
response.cache_control = 'no-cache'
return response
activeUser.playerid = playerid
storeplayeridPwd = self.request.cookies.get('cis_login_credentials') and '1' or ''
return dict(
message=message,
url=url,
came_from=came_from,
password=password,
user=activeUser,
headers=headers,
errors=errors,
logged_in=logged_in,
remember=storeplayeridPwd
)
