示例#1
0
def login(request):
    url = request.current_route_url()
    login = ''
    password = ''
    error = ''

    if 'form.submitted' in request.POST:
        login = request.POST['login']
        password = request.POST['password']
        connector = get_ldap_connector(request)
        data = connector.authenticate(login, password)
        if data is not None:
            pprint.pprint(data)
            dn = data[0]
            headers = remember(request, dn)
            return HTTPFound('/', headers=headers)
        else:
            error = 'Invalid credentials'
            
    return dict(
        login_url=url,
        login=login,
        password=password,
        error=error,
        )
示例#2
0
def login(request):
    url = request.current_route_url()
    login = ''
    password = ''
    error = ''

    if 'form.submitted' in request.POST:
        login = request.POST['login']
        password = request.POST['password']
        connector = get_ldap_connector(request)
        data = connector.authenticate(login, password)
        if data is not None:
            pprint.pprint(data)
            dn = data[0]
            headers = remember(request, dn)
            return HTTPFound('/', headers=headers)
        else:
            error = 'Invalid credentials'

    return dict(
        login_url=url,
        login=login,
        password=password,
        error=error,
    )
示例#3
0
 def login(self):
     loginURL = self.request.route_url('login')
     referrer = self.request.url
     if referrer == loginURL:
         referrer = '/'
     cameFrom = self.request.params.get('cameFrom', referrer)
     message = username = password = u''
     if 'submit' in self.request.params:
         username, password = self.request.params['username'], self.request.params['password']
         connector = get_ldap_connector(self.request)
         result = connector.authenticate(username, password)
         if result is not None:
             dn = result[0]
             fullName = result[1].get(u'cn', result[1][u'uid'])
             fullName = fullName[0]
             self.request.session['fullName'] = fullName
             self.request.session.flash(u'Welcome {}. You are now logged in.'.format(fullName), 'info')
             headers = remember(self.request, dn)
             return HTTPFound(location=cameFrom, headers=headers)
         else:
             message = 'Login failed'
     return dict(
         url=self.request.application_url + '/login',
         cameFrom=cameFrom,
         username=username,
         message=message,
         form=self.form.render()
     )
示例#4
0
文件: login.py 项目: faanwar/avrc
def process(request, view_items):
    login_url = request.route_path('login')
    referrer = request.url
    if referrer == login_url:
        referrer = '/'  # never use the login form itself as came_from
    came_from = request.params.get('came_from', referrer)
    message = ''
    login = ''
    if 'form.submitted' in request.params:
        login = request.params['login']
        password = request.params['password']
        connector = get_ldap_connector(request)
        data = connector.authenticate(login, password)
        if data is not None:
            dn = data[0]
            groups = connector.user_groups(dn)
            if groups:
                for u in groups:
                    # check to ensure the dn is an ET member before allowing any further...
                    if models.members_cn == u[0]:
                        headers = remember(request, dn)
                        return HTTPFound(location=came_from, headers=headers)
            message = "Your credentials are correct but your account does not have sufficient permission to access this page. Please contact your system administrator."
        else:
            message = "Invalid username or password. Please try again or contact your system administrator."

    out = {
        'message': message,
        'url': request.route_path("login"),
        'came_from': came_from,
        'login': login,
    }
    return dict(view_items.items() + out.items())
示例#5
0
def get_user_from_request(request):
    from c2cgeoportal.models import DBSession, Role

    class O(object):
        pass

    username = unauthenticated_userid(request)
    if username is not None:
        user = O()
        user.id = 0
        user.username = username
        user.email = None
        connector = get_ldap_connector(request)
        cm = connector.manager

        # 0 means 'Tous publics'
        roletheme = 0
        with cm.connection() as conn:
            result = conn.search_s("ou=portail,dc=act,dc=lu", ldap.SCOPE_SUBTREE, "(login=%s)" % username)
            if len(result) == 1:
                if "roleTheme" in result[0][1]:
                    roletheme = result[0][1]["roleTheme"][0]
                if "mail" in result[0][1]:
                    user.mail = result[0][1]["mail"][0]
                if "sn" in result[0][1]:
                    user.sn = result[0][1]["sn"][0]

        user.role = DBSession.query(Role).filter_by(id=roletheme).one()

        user.functionalities = []
        return user
示例#6
0
    def _handle_appstruct(self, appstruct):
        """
        Handle LDAP login.
        """
        username = self.request.params.get('username')
        password = self.request.params.get('password')

        # Performing ldap login
        from pyramid_ldap import get_ldap_connector
        connector = get_ldap_connector(self.request)
        auth = connector.authenticate(username, password)

        if auth is not None:
            # Get user name and email
            ldap_settings = self.request.db.ldap.find_one()
            name = (auth[1].get(ldap_settings['name'])[0]
                    if ldap_settings['name'] != '' else 'Unknown')
            email = (auth[1].get(ldap_settings['email'])[0]
                     if ldap_settings['email'] != '' else '')

            # Authentication successful
            return self.login_success(login_id=auth[0], name=name,
                                      email=email)  # login_id=user_dn
        else:
            # Authentification failed
            return self.login_failure()
示例#7
0
def ldap_user_validator(request, username, password):
    connector = get_ldap_connector(request)
    data = connector.authenticate(username, password)
    if data is not None:
        return data[0]

    return None
示例#8
0
def groupfinder(dn, request):
    connector = get_ldap_connector(request)
    group_list = connector.user_groups(dn)
    if group_list is None:
        return None
    group_dns = []
    for dn, attrs in group_list:
        group_dns.append(dn)
    return group_dns
示例#9
0
def get_ldap_groups(dn, request):
    """Get the groups set in the ldap and transform them to permission

    .. note:: We try to only get the cn from the group and we prefix the
    permission with 'ldap:'
    """
    connector = get_ldap_connector(request)
    group_list = connector.user_groups(dn)
    if group_list is None:
        return []
    lis = [('ldap:%s' % attrs.get('cn', [dn_])[0]).encode('utf-8')
           for dn_, attrs in group_list]
    return lis
示例#10
0
def login(request):
    login_url = request.current_route_url()
    # detectem des de quina URL ve el visitant
    referrer = request.url
    # retornem l'usuari a la home page si ha vingut directe al login
    if referrer == login_url:
        referrer = '/' # never use the login form itself as came_from
    came_from = request.params.get('came_from', referrer)
    user = authenticated_userid(request)
    connector = get_ldap_connector( request )
    if user:
        lloc = came_from.split("/")
        message = "Ets %s, i com a tal no pots entrar a %s" % (user,came_from)#lloc[len(lloc)-1])
    else:
        message = "Identifica't per entrar al sagrat mon d'Egipte"
    login = ''
    password = ''
    if 'form.submitted' in request.params:
        login = request.params['login']
        password = request.params['password']
        #connector = get_ldap_connector( request )
        data = connector.authenticate( login, password )
        if data is not None:
            # DN complert. És una mica llarg però ha de ser així
            dn = data[0]
            # Seria més còmode utilitzar el UID o CN, però llavors no lliga amb Pyramid Auth
            #uid = data[1]["uid"][0]
            #print "DADES=" + str(data)
            print "login OK per " + data[1]["uid"][0] + " DN:"+dn
            print "GRUPS per " + str(dn) +": " + str(groupfinder(dn,request))
            #print str( connector.user_groups(dn) )
            for g in connector.user_groups( dn ):
                print "\t"+ str(g[0])
            headers = remember(request,data[0])
            return HTTPFound( location=came_from, headers=headers )
            
        # autenticació Pyramid sense LDAP (a esborrar)
        #if comprova_usuari(login,password):
        #    headers = remember(request, login)
        #    return HTTPFound(location = came_from,
        #                     headers = headers)
        message = 'Failed login'

    return dict(
        message = message,
        url = request.application_url + '/login',
        came_from = came_from,
        login = login,
        password = password,
        user = authenticated_userid(request), # afegim usuari autenticat si l'hi ha
        )
示例#11
0
def get_user_from_request(request):
    from c2cgeoportal.models import DBSession, Role

    class O(object):
        pass

    username = unauthenticated_userid(request)
    if username is not None:
        user = O()
        user.id = 0
        user.username = username
        user.email = None
        user.is_admin = False
        user.mymaps_role = 999
        user.ogc_role = -1
        user.sn = None

        connector = get_ldap_connector(request)
        cm = connector.manager

        # 0 means 'Tous publics'
        roletheme = 0
        with cm.connection() as conn:
            result = conn.search_s('ou=portail,dc=act,dc=lu',
                                   ldap.SCOPE_SUBTREE, '(login=%s)' % username)
            if len(result) == 1:
                if 'roleTheme' in result[0][1]:
                    roletheme = result[0][1]['roleTheme'][0]
                if 'mail' in result[0][1]:
                    user.mail = result[0][1]['mail'][0]
                if 'sn' in result[0][1]:
                    user.sn = result[0][1]['sn'][0]
                else:
                    user.sn = user.mail
                if 'isMymapsAdmin' in result[0][1]:
                    user.is_admin =\
                        "TRUE" == (result[0][1]['isMymapsAdmin'][0]).upper()
                if 'roleMymaps' in result[0][1]:
                    user.mymaps_role = int(result[0][1]['roleMymaps'][0])
                if 'roleOGC' in result[0][1]:
                    user.ogc_role = result[0][1]['roleOGC'][0]
        try:
            user.role = DBSession.query(Role).filter_by(id=roletheme).one()
        except Exception as e:
            user.role = DBSession.query(Role).filter_by(id=0).one()
            log.exception(e)

        user.functionalities = []
        return user
示例#12
0
def ldap_user_validator(request, username, password):
    connector = get_ldap_connector(request)
    data = connector.authenticate(username, password)
    connection = Connections()
    connection.login = username
    connection.application = request.host

    if data is not None:
        connection.action = "CONNECT"
        PortailSession.add(connection)
        PortailSession.commit()
        return data[0]
    else:
        connection.action = "CONNECT ERROR"
        PortailSession.add(connection)
        PortailSession.commit()

    return None
def ldap_user_validator(request, username, password):
    connector = get_ldap_connector(request)
    data = connector.authenticate(username, password)
    connection = Connections()
    connection.login = username
    connection.application = request.host

    if data is not None:
        connection.action = "CONNECT"
        PortailSession.add(connection)
        PortailSession.commit()
        return data[0]
    else:
        connection.action = "CONNECT ERROR"
        PortailSession.add(connection)
        PortailSession.commit()

    return None
示例#14
0
def validate_ldap(request, login, password):
    """"Validate ldap login and password.

    We just check there is an entry in the ldap.

    :param request: the request
    :type request: pyramid.request
    :param login: the user login
    :type login: str
    :param password: the user password
    :type password: str
    :return: True if there is an entry for the given params in the ldap
    :rtype: bool
    """
    connector = get_ldap_connector(request)
    data = connector.authenticate(login, password)
    if not data:
        return False
    return True
def get_user_from_request(request):
    from c2cgeoportal.models import DBSession, Role

    class O(object):
        pass
    username = unauthenticated_userid(request)
    if username is not None:
        user = O()
        user.id = 0
        user.username = username
        user.email = None
        user.is_admin = False
        user.mymaps_role = 999
        user.ogc_role = -1
        connector = get_ldap_connector(request)
        cm = connector.manager

        # 0 means 'Tous publics'
        roletheme = 0
        with cm.connection() as conn:
            result = conn.search_s('ou=portail,dc=act,dc=lu',
                                   ldap.SCOPE_SUBTREE, '(login=%s)' % username)
            if len(result) == 1:
                if 'roleTheme' in result[0][1]:
                    roletheme = result[0][1]['roleTheme'][0]
                if 'mail' in result[0][1]:
                    user.mail = result[0][1]['mail'][0]
                if 'sn' in result[0][1]:
                    user.sn = result[0][1]['sn'][0]
                if 'isMymapsAdmin' in result[0][1]:
                    user.is_admin = result[0][1]['isMymapsAdmin'][0]
                if 'roleMymaps' in result[0][1]:
                    user.mymaps_role = result[0][1]['roleMymaps'][0]
                if 'roleOGC' in result[0][1]:
                    user.ogc_role = result[0][1]['roleOGC'][0]

        user.role = DBSession.query(Role).filter_by(id=roletheme).one()

        user.functionalities = []
        return user
示例#16
0
    def ldap_login(self):
        """LDAP login"""
        username = self.request.params.get("username")
        password = self.request.params.get("password")

        # Performing ldap login
        from pyramid_ldap import get_ldap_connector

        connector = get_ldap_connector(self.request)
        auth = connector.authenticate(username, password)

        if auth is not None:
            # Get user name and email
            ldap_settings = self.db.ldap.find_one()
            name = auth[1].get(ldap_settings["name"])[0] if ldap_settings["name"] != "" else "Unknown"
            email = auth[1].get(ldap_settings["email"])[0] if ldap_settings["email"] != "" else None

            # Authentication successful
            return self.login_success(login_id=auth[0], name=name, email=email)  # userdn
        else:
            # Authentification failed
            return self.login_failure()
示例#17
0
    def _handle_appstruct(self, appstruct):
        """
        Handle LDAP login.
        """
        username = self.request.params.get('username')
        password = self.request.params.get('password')

        # Performing ldap login
        from pyramid_ldap import get_ldap_connector
        connector = get_ldap_connector(self.request)
        auth = connector.authenticate(username, password)

        if auth is not None:
            # Get user name and email
            ldap_settings = self.request.db.ldap.find_one()
            name = (auth[1].get(ldap_settings['name'])[0] if ldap_settings['name'] != '' else 'Unknown')
            email = (auth[1].get(ldap_settings['email'])[0] if ldap_settings['email'] != '' else '')

            # Authentication successful
            return self.login_success(login_id=auth[0], name=name, email=email)  # login_id=user_dn
        else:
            # Authentification failed
            return self.login_failure()
示例#18
0
    def get_user_info(self, user):
        connector = get_ldap_connector(self.request)
        cm = connector.manager
        with cm.connection() as conn:
            dn_list = conn.search_s('ou=portail,dc=act,dc=lu',
                                    ldap.SCOPE_SUBTREE, '(login=%s)' % user)
            if len(dn_list) != 1:
                return HTTPInternalServerError()

            dn = dn_list[0][0]
            attributes = conn.search_s(dn,
                                       ldap.SCOPE_BASE,
                                       '(objectClass=*)',
                                       ['mail'])
            if len(attributes) == 0 or len(attributes[0]) != 2:
                return HTTPInternalServerError()
            attributes = attributes[0][1]
            if 'mail' not in attributes or len(attributes['mail']) == 0:
                return HTTPNotFound()
            mail_address = attributes['mail'][0]
            if not mail_address:
                return HTTPNotFound()

            return (user, mail_address)
示例#19
0
 def _callFUT(self, request):
     from pyramid_ldap import get_ldap_connector
     return get_ldap_connector(request)
示例#20
0
 def __call__(self):
     c = get_ldap_connector(self.request)
     ldapGroups = [dn for dn, attrs in c.user_groups(u'uid=*') if not dn.startswith(u'system.')]
     groupNames = [_cnHunter.match(i).group(1) for i in ldapGroups if _cnHunter.match(i)]
     return self._getMatches(groupNames)
示例#21
0
def login(request):
    page_title = 'Login'

    au = get_authenticated_user(request)

    if request.referer:
        referer_host = request.referer.split('/')[2]
    else:
        referer_host = None

    # Need to send the client a 401 so it can send a user/pass to auth. Need a second condition to check for authenticated user
    if request.path_info.split('/')[1][:3] == 'api':
        logging.debug('request came from the api, sending request to re-auth')
        return HTTPUnauthorized()

    if request.referer and referer_host == request.host and request.referer.split('/')[3][:6] != 'logout':
        return_url = request.referer
    elif request.path != '/login':
        return_url = request.url
    else:
        return_url = '/'

    login = ''
    password = ''
    error = ''

    if 'form.submitted' in request.POST:
        login = request.POST['login']
        password = request.POST['password']

        # Try local first, ldap second
        data = local_authenticate(login, password)
        if data is None:
            connector = get_ldap_connector(request)
            data = connector.authenticate(login, password)
            
        if data is not None:
            dn = data[0]
            encrypted = signed_serialize(login, request.registry.settings['arsenal.cookie_token'])
            headers = remember(request, dn)
            headers.append(('Set-Cookie', 'un=' + str(encrypted) + '; Max-Age=604800; Path=/'))

            if 'api.client' in request.POST:
                return HTTPOk(headers=headers)
            else:
                return HTTPFound(request.POST['return_url'], headers=headers)
        else:
            error = 'Invalid credentials'
            if 'api.client' in request.POST:
                return HTTPForbidden()

    if request.authenticated_userid:

        if request.path == '/login':
            error = 'You are already logged in'
            page_title = 'Already Logged In'
        else:
            error = 'You do not have permission to access this page'
            page_title = 'Access Denied'
            if 'api.client' in request.POST:
                return HTTPForbidden()

    return {'layout': site_layout('max'),
            'page_title': page_title,
            'au': au,
            'return_url': return_url,
            'login': login,
            'password': password,
            'error': error,
           }
示例#22
0
 def _createSchema(self, workflow):
     # Find the task with order 1:
     schema = colander.SchemaNode(colander.Mapping())
     for task in workflow.tasks:
         if task.get('order', '-1') == '1':
             # build the form
             conf = task.get('configuration', {})
             for fieldName in task.get('requiredMetFields', []):
                 # CA-1394, LabCAS UI will generate dataset IDs
                 if fieldName == 'DatasetId': continue
                 title = conf.get(u'input.dataset.{}.title'.format(fieldName), u'Unknown Field')
                 description = conf.get(u'input.dataset.{}.description'.format(fieldName), u'Not sure what to put here.')
                 dataType = conf.get(u'input.dataset.{}.type'.format(fieldName), u'http://www.w3.org/2001/XMLSchema/string')
                 missing = colander.required if conf.get(u'input.dataset.{}.required'.format(fieldName)) == u'true' else None
                 # FIXME:
                 if dataType in (
                     u'http://www.w3.org/2001/XMLSchema/string',
                     u'http://edrn.nci.nih.gov/xml/schema/types.xml#discipline',
                     u'http://edrn.nci.nih.gov/xml/schema/types.xml#organSite',
                 ):
                     # Check for enumerated values
                     if u'input.dataset.{}.value.1'.format(fieldName) in conf:
                         # Collect the values
                         exp = re.compile(u'input.dataset.{}.value.[0-9]+'.format(fieldName))
                         values = []
                         for key, val in conf.items():
                             if exp.match(key) is not None:
                                 values.append((val, val))
                         values.sort()
                         schema.add(colander.SchemaNode(
                             colander.String(),
                             name=fieldName,
                             title=title,
                             description=description,
                             validator=colander.OneOf([i[0] for i in values]),
                             widget=deform.widget.RadioChoiceWidget(values=values, inline=True),
                             missing=missing
                         ))
                     else:
                         schema.add(colander.SchemaNode(
                             colander.String(),
                             name=fieldName,
                             title=title,
                             description=description,
                             missing=missing
                         ))
                 elif dataType == u'http://edrn.nci.nih.gov/xml/schema/types.xml#text':
                     schema.add(colander.SchemaNode(
                         colander.String(),
                         name=fieldName,
                         title=title,
                         description=description,
                         missing=missing,
                         widget=deform.widget.RichTextWidget()
                     ))
                 elif dataType == u'http://edrn.nci.nih.gov/xml/schema/types.xml#nistDatasetId':
                     # Skip this; we generated this dataset ID based on other fields
                     pass
                 elif dataType == u'http://edrn.nci.nih.gov/xml/schema/types.xml#collaborativeGroup':
                     # CA-1356 ugly fix but I'm in a hurry and these groups haven't changed in 10 years.
                     # FIXME: correct solution: use IVocabularies
                     schema.add(colander.SchemaNode(
                         colander.String(),
                         name=fieldName,
                         title=title,
                         description=description,
                         missing=missing,
                         validator=colander.OneOf(_collaborativeGroups),
                         widget=deform.widget.RadioChoiceWidget(values=[(i, i) for i in _collaborativeGroups])
                     ))
                 elif dataType == u'urn:ldap:attributes:dn':
                     principals = [
                         _cnHunter.match(i).group(1).strip() for i in self.request.effective_principals
                         if i.startswith(u'cn=')
                     ]
                     principals.sort()
                     c = get_ldap_connector(self.request)
                     ldapGroups = [
                         _cnHunter.match(i).group(1).strip() for i, attrs in c.user_groups(u'uid=*')
                         if i.startswith(u'cn=')
                     ]
                     group = colander.SchemaNode(
                         colander.String(),
                         widget=deform.widget.AutocompleteInputWidget(values=self.request.route_url('ldapGroups')),
                         name='group',
                         title=u'Group',
                         description=u'Name of an EDRN group that should be able to access this data'
                     )
                     groups = colander.SchemaNode(
                         colander.Sequence(),
                         group,
                         validator=colander.ContainsOnly(ldapGroups),
                         name=fieldName,
                         title=title,
                         description=description,
                         missing=missing,
                         default=principals
                     )
                     schema.add(groups)
                 elif dataType == u'http://edrn.nci.nih.gov/xml/schema/types.xml#principalInvestigator':
                     schema.add(colander.SchemaNode(
                         colander.String(),
                         name=fieldName,
                         title=title,
                         description=description,
                         missing=missing,
                         widget=deform.widget.AutocompleteInputWidget(values=self.request.route_url('people'))
                     ))
                 elif dataType == u'http://edrn.nci.nih.gov/xml/schema/types.xml#protocolName':
                     schema.add(colander.SchemaNode(
                         colander.String(),
                         name=fieldName,
                         title=title,
                         description=description,
                         missing=missing,
                         widget=deform.widget.AutocompleteInputWidget(values=self.request.route_url('protocols'))
                     ))
                 elif dataType == u'http://www.w3.org/2001/XMLSchema/integer':
                     schema.add(colander.SchemaNode(
                         colander.Int(),
                         name=fieldName,
                         title=title,
                         description=description,
                         missing=missing
                     ))
                 elif dataType == u'http://www.w3.org/2001/XMLSchema/boolean':
                     schema.add(colander.SchemaNode(
                         colander.Boolean(),
                         name=fieldName,
                         title=title,
                         description=description,
                         missing=missing
                     ))
                 elif dataType == u'http://www.w3.org/2001/XMLSchema/anyURI':
                     schema.add(colander.SchemaNode(
                         colander.String(),
                         name=fieldName,
                         title=title,
                         description=description,
                         missing=missing,
                         validator=colander.Regex(re_python_rfc3986_URI_reference)
                     ))
                 elif dataType == u'http://www.w3.org/2001/XMLSchema/date':
                     schema.add(colander.SchemaNode(
                         colander.Date(),
                         name=fieldName,
                         title=title,
                         description=description,
                         missing=missing
                     ))
                 else:
                     _logger.warn(u'Unknown data type "%s" for field "%s"', dataType, fieldName)
             break
     return schema
示例#23
0
 def _callFUT(self, request):
     from pyramid_ldap import get_ldap_connector
     return get_ldap_connector(request)
示例#24
0
def login(request):
    page_title = 'Login'

    user = get_user(request)

    if request.referer:
        referer_host = request.referer.split('/')[2]
    else:
        referer_host = None

    if request.referer and referer_host == request.host and request.referer.split(
            '/')[3][:6] != 'logout':
        return_url = request.referer
    elif request.path != '/login':
        return_url = request.url
    else:
        return_url = '/applications'

    login = ''
    password = ''
    error = ''

    if 'form.submitted' in request.POST:
        login = request.POST['login']
        password = request.POST['password']

        # AD/LDAP
        if request.registry.settings['tcw.auth_mode'] == 'ldap':
            connector = get_ldap_connector(request)
            data = connector.authenticate(login, password)
        # LOCAL
        else:
            data = local_authenticate(login, password)

        if data is not None:
            dn = data[0]
            encrypted = signed_serialize(
                login, request.registry.settings['tcw.cookie_token'])
            headers = remember(request, dn)
            headers.append(
                ('Set-Cookie',
                 'un=' + str(encrypted) + '; Max-Age=604800; Path=/'))

            return HTTPFound(request.POST['return_url'], headers=headers)
        else:
            error = 'Invalid credentials'

    if request.authenticated_userid:

        if request.path == '/login':
            error = 'You are already logged in'
            page_title = 'Already Logged In'
        else:
            error = 'You do not have permission to access this page'
            page_title = 'Access Denied'

    return {
        'layout': site_layout(),
        'page_title': page_title,
        'user': user,
        'return_url': return_url,
        'login': login,
        'password': password,
        'error': error,
    }