def ViewHome(request): logged_in = authenticated_userid(request) loginurl = login_url(request, 'google') return { "loginurl": loginurl, "logged_in": logged_in, "logouturl": request.route_url('logout') }
def login(request): url = "/" fas_url = "https://admin.fedoraproject.org/accounts/openid/id/" username = request.params.get('fas_username') if username: identifier = "openid_identifier={0}{1}".format(fas_url, username) url = velruse.login_url(request, 'openid') + "?" + identifier return HTTPFound(location=url) return {}
def do_login(request): """ Store the redirect in the session and log in with google """ login_url = request.route_url('login') if request.url != login_url: request.session['next'] = request.url elif 'next' in request.GET: request.session['next'] = request.GET['next'] else: request.session['next'] = _get_app_root(request) return HTTPFound(location=velruse.login_url(request, 'google'))
def view_users(request): logged_in = authenticated_userid(request) loginurl = login_url(request, 'google') UserList = get_users() return { "loginurl": loginurl, "logged_in": logged_in, "logouturl": request.route_url('logout'), 'users': UserList }
def view_home(request): logged_in = authenticated_userid(request) loginurl = login_url(request, 'google') PiList = get_pis() return { "loginurl": loginurl, "logged_in": logged_in, "logouturl": request.route_url('logout'), 'pis': PiList }
def __call__(self): if self.request.params.get('form.submitted', None) is not None: resp = self.login() if resp: # if this returned with something, we deal with it return resp # Log in user seamlessly with kerberos if enabled try_kerberos = self.request.GET.get('try_kerberos', None) if try_kerberos: try_kerberos = asbool(try_kerberos) else: try_kerberos = asbool(get_config_setting('kerberos', 'False')) if try_kerberos: from karl.security.kerberos_auth import get_kerberos_userid userid = get_kerberos_userid(self.request) if userid: return remember_login(self.context, self.request, userid, None) # Break infinite loop if kerberos authorization fails if (self.request.authorization and self.request.authorization[0] == 'Negotiate'): try_kerberos = False page_title = 'Login to %s' % get_setting(self.context, 'title') api = TemplateAPI(self.context, self.request, page_title) sso_providers = [] sso = self.settings.get('sso') if sso: # importing here rather than in global scope allows to only require # velruse be installed for systems using it. from velruse import login_url for name in sso.split(): provider = self.settings.get('sso.%s.provider' % name) title = self.settings.get('sso.%s.title' % name) sso_providers.append({ 'title': title, 'name': name, 'url': login_url(self.request, provider) }) api.status_message = self.request.params.get('reason', None) response = render_to_response( 'templates/login.pt', dict(api=api, nothing='', try_kerberos=try_kerberos, sso_providers=sso_providers, came_from=self.request.params.get('came_from', ''), app_url=self.request.application_url), request=self.request) forget_headers = forget(self.request) response.headers.extend(forget_headers) return response
def __call__(self): if self.request.params.get('form.submitted', None) is not None: resp = self.login() if resp: # if this returned with something, we deal with it return resp # Log in user seamlessly with kerberos if enabled try_kerberos = self.request.GET.get('try_kerberos', None) if try_kerberos: try_kerberos = asbool(try_kerberos) else: try_kerberos = asbool(get_config_setting('kerberos', 'False')) if try_kerberos: from karl.security.kerberos_auth import get_kerberos_userid userid = get_kerberos_userid(self.request) if userid: return remember_login(self.context, self.request, userid, None) # Break infinite loop if kerberos authorization fails if (self.request.authorization and self.request.authorization[0] == 'Negotiate'): try_kerberos = False page_title = 'Login to %s' % get_setting(self.context, 'title') api = TemplateAPI(self.context, self.request, page_title) sso_providers = [] sso = self.settings.get('sso') if sso: # importing here rather than in global scope allows to only require # velruse be installed for systems using it. from velruse import login_url for name in sso.split(): provider = self.settings.get('sso.%s.provider' % name) title = self.settings.get('sso.%s.title' % name) sso_providers.append({'title': title, 'name': name, 'url': login_url(self.request, provider)}) api.status_message = self.request.params.get('reason', None) response = render_to_response( 'templates/login.pt', dict( api=api, nothing='', try_kerberos=try_kerberos, sso_providers=sso_providers, came_from=self.request.params.get('came_from', ''), app_url=self.request.application_url), request=self.request) forget_headers = forget(self.request) response.headers.extend(forget_headers) return response
def get_providers(request): """external auth provider list simple REST getter for a list of all registered auth providers. """ return { 'providers': [{ 'name': provider.name, 'url': login_url(request, provider.name), 'scope': provider.scope } for provider in request.registry.velruse_providers.values()] }
def forbidden_view(request): userid = authenticated_userid(request) if userid: if not hasattr(request, 'user'): request.user = User.get_by_id(userid) if not request.user.verified: next = route_url('signup', request) return HTTPFound(location=next) return Response('forbidden') next = login_url(request, 'google') return HTTPFound(location=next)
def twitter_login_url(self): return login_url(self.request, 'twitter')
def _login_form(context, request): response = {'login_url': login_url(request, 'openid')} return render("templates/openid.pt", response, request = request)
def login_view(context, request): settings = request.registry.settings request.layout_manager.use_layout('anonymous') came_from = _fixup_came_from(request, request.POST.get('came_from')) if request.params.get('form.submitted', None) is not None: challenge_qs = {'came_from': came_from} # identify login = request.POST.get('login') password = request.POST.get('password') if login is None or password is None: return HTTPFound(location='%s/login.html' % request.application_url) max_age = request.POST.get('max_age') if max_age is not None: max_age = int(max_age) # authenticate userid = None reason = 'Bad username or password' users = find_users(context) for authenticate in (password_authenticator, impersonate_authenticator): userid = authenticate(users, login, password) if userid: break # if not successful, try again if not userid: challenge_qs['reason'] = reason return HTTPFound( location='%s/login.html?%s' % (request.application_url, urlencode(challenge_qs, doseq=True))) # else, remember return remember_login(context, request, userid, max_age, came_from) # Log in user seamlessly with kerberos if enabled try_kerberos = request.GET.get('try_kerberos', None) if try_kerberos: try_kerberos = asbool(try_kerberos) else: try_kerberos = asbool(get_setting(context, 'kerberos', 'False')) if try_kerberos: from karl.security.kerberos_auth import get_kerberos_userid userid = get_kerberos_userid(request) if userid: return remember_login(context, request, userid, None, came_from) # Break infinite loop if kerberos authorization fails if request.authorization and request.authorization[0] == 'Negotiate': try_kerberos = False page_title = 'Login to %s' % settings.get( 'system_name', 'KARL') # Per #366377, don't say what screen layout = request.layout_manager.layout layout.page_title = page_title api = TemplateAPI(context, request, page_title) came_from = _fixup_came_from(request, request.params.get('came_from', request.url)) request.session['came_from'] = came_from sso_providers = [] sso = settings.get('sso') if sso: # importing here rather than in global scope allows to only require # velruse be installed for systems using it. from velruse import login_url for name in sso.split(): provider = settings.get('sso.%s.provider' % name) title = settings.get('sso.%s.title' % name) sso_providers.append({ 'title': title, 'name': name, 'url': login_url(request, provider) }) api.status_message = request.params.get('reason', None) response = render_to_response('templates/login.pt', dict(api=api, came_from=came_from, nothing='', try_kerberos=try_kerberos, sso_providers=sso_providers, app_url=request.application_url), request=request) forget_headers = forget(request) response.headers.extend(forget_headers) return response
def main(global_config, **settings): """ This function returns a Pyramid WSGI application. """ # inject the url from the environment settings['sqlalchemy.url'] = os.environ.get( 'DATABASE_URL', 'postgresql://cewing:@localhost:5432/lj2') engine = engine_from_config(settings, 'sqlalchemy.') DBSession.configure(bind=engine) Base.metadata.bind = engine # authn/authz configuration auth_secret = os.environ.get('LJ_AUTH_SECRET', 'itsaseekrit') authentication_policy = AuthTktAuthenticationPolicy( secret=auth_secret, hashalg='sha512', callback=groupfinder, ) authorization_policy = ACLAuthorizationPolicy() config = Configurator( settings=settings, authentication_policy=authentication_policy, authorization_policy=authorization_policy, root_factory=DefaultRoot, ) # add a view predicate to validate api keys: config.add_view_predicate('valid_api_key', APIKeyPredicate) # github authentication configuration: config.include('velruse.providers.github') github_key = os.environ.get('LJ_GITHUB_KEY', None) github_secret = os.environ.get('LJ_GITHUB_SECRET', None) if not github_key and not github_secret: raise ConfigurationError( 'Github Login requires LJ_GITHUB_SECRET and LJ_GITHUB_KEY set in the environment' ) config.add_github_login( consumer_key=github_key, consumer_secret=github_secret, scope=settings.get('velruse.providers.github.scope', 'user, public_repo'), ) # provide constructing the login url as a request method config.add_request_method(lambda req, svc='github': login_url(req, svc), name='login_url') # session configuration session_secret = os.environ.get('LJ_SESSION_SECRET', 'itsaseekrit') session_factory = SignedCookieSessionFactory(session_secret) config.set_session_factory(session_factory) # templating configuration config.include('pyramid_jinja2') # view configuration config.add_static_view('static', 'static', cache_max_age=3600) config.add_route('home', '/') config.add_route('mine', '/mine') config.add_route('about', '/about') config.add_route('create', '/entry/create') config.add_route('entry', '/entry/{id:\d+}', factory=EntryRoot, traverse='/{id:\d+}') config.add_route('edit', '/entry/{id:\d+}/edit', factory=EntryRoot, traverse='/{id:\d+}') config.add_route('delete', '/entry/{id:\d+}/delete', factory=EntryRoot, traverse='/{id:\d+}') config.add_route('apikey', '/api/key') config.add_route('export', '/api/export') config.add_route('logout', '/logout') # add user to the request config.add_request_method(get_user, 'user', reify=True) # approved and admin usernames, too config.add_request_method(get_approved_users, 'approved', reify=True) config.add_request_method(get_admin_users, 'admins', reify=True) config.add_request_method(get_active_courses, 'courses', reify=True) config.scan() return config.make_wsgi_app()
def _login_btn(context, request): response = {'login_url': login_url(request, 'twitter')} return render("templates/twitter.pt", response, request = request)
def google_login_url(self): return login_url(self.request, 'google')
def main(global_config, **settings): """ This function returns a Pyramid WSGI application. """ # inject the url from the environment settings['sqlalchemy.url'] = os.environ.get( 'DATABASE_URL', 'postgresql://cewing:@localhost:5432/lj2' ) engine = engine_from_config(settings, 'sqlalchemy.') DBSession.configure(bind=engine) Base.metadata.bind = engine # authn/authz configuration auth_secret = os.environ.get('LJ_AUTH_SECRET', 'itsaseekrit') authentication_policy=AuthTktAuthenticationPolicy( secret=auth_secret, hashalg='sha512', callback=groupfinder, ) authorization_policy=ACLAuthorizationPolicy() config = Configurator( settings=settings, authentication_policy=authentication_policy, authorization_policy=authorization_policy, root_factory=DefaultRoot, ) # add a view predicate to validate api keys: config.add_view_predicate('valid_api_key', APIKeyPredicate) # github authentication configuration: config.include('velruse.providers.github') github_key = os.environ.get('LJ_GITHUB_KEY', None) github_secret = os.environ.get('LJ_GITHUB_SECRET', None) if not github_key and not github_secret: raise ConfigurationError( 'Github Login requires LJ_GITHUB_SECRET and LJ_GITHUB_KEY set in the environment' ) config.add_github_login( consumer_key=github_key, consumer_secret=github_secret, scope=settings.get( 'velruse.providers.github.scope', 'user, public_repo' ), ) # provide constructing the login url as a request method config.add_request_method( lambda req, svc='github': login_url(req, svc), name='login_url' ) # session configuration session_secret = os.environ.get('LJ_SESSION_SECRET', 'itsaseekrit') session_factory = SignedCookieSessionFactory(session_secret) config.set_session_factory(session_factory) # templating configuration config.include('pyramid_jinja2') # view configuration config.add_static_view('static', 'static', cache_max_age=3600) config.add_route('home', '/') config.add_route('mine', '/mine') config.add_route('about', '/about') config.add_route('create', '/entry/create') config.add_route( 'entry', '/entry/{id:\d+}', factory=EntryRoot, traverse='/{id:\d+}' ) config.add_route( 'edit', '/entry/{id:\d+}/edit', factory=EntryRoot, traverse='/{id:\d+}' ) config.add_route( 'delete', '/entry/{id:\d+}/delete', factory=EntryRoot, traverse='/{id:\d+}' ) config.add_route('apikey', '/api/key') config.add_route('export', '/api/export') config.add_route('logout', '/logout') # add user to the request config.add_request_method(get_user, 'user', reify=True) # approved and admin usernames, too config.add_request_method(get_approved_users, 'approved', reify=True) config.add_request_method(get_admin_users, 'admins', reify=True) config.add_request_method(get_active_courses, 'courses', reify=True) config.scan() return config.make_wsgi_app()
def _login_btn(context, request): response = {'login_url': login_url(request, 'facebook')} return render("templates/facebook.pt", response, request = request)
def login(context, request): request.session['came_from'] = request.params.get( 'came_from', request.resource_url(context)) return HTTPFound(velruse.login_url(request, 'google'))
def get_login_url(self, request): return login_url(request, self.connector_id)
def do_login(request): """ Store the redirect in the session and log in with google """ if 'next' in request.GET: request.session['next'] = request.GET['next'] raise HTTPFound(location=velruse.login_url(request, 'google'))
def login_view(request): return { 'login_url': login_url(request, 'facebook') }
def login(request): log.debug('login') login_url = velruse.login_url(request, 'github') return {'login_url': login_url}
def login_view(context, request): settings = request.registry.settings came_from = request.session.get('came_from', request.url) came_from = _fixup_came_from(request, came_from) request.session['came_from'] = came_from if request.params.get('form.submitted', None) is not None: # identify login = request.POST.get('login') password = request.POST.get('password') if login is None or password is None: return HTTPFound(location='%s/login.html' % request.application_url) max_age = request.POST.get('max_age') if max_age is not None: max_age = int(max_age) # authenticate userid = None reason = 'Bad username or password' users = find_users(context) for authenticate in (password_authenticator, impersonate_authenticator): userid = authenticate(users, login, password) if userid: break # if not successful, try again if not userid: redirect = request.resource_url( request.root, 'login.html', query={'reason': reason}) return HTTPFound(location=redirect) # else, remember return remember_login(context, request, userid, max_age) # Log in user seamlessly with kerberos if enabled try_kerberos = request.GET.get('try_kerberos', None) if try_kerberos: try_kerberos = asbool(try_kerberos) else: try_kerberos = asbool(get_setting(context, 'kerberos', 'False')) if try_kerberos: from karl.security.kerberos_auth import get_kerberos_userid userid = get_kerberos_userid(request) if userid: return remember_login(context, request, userid, None) # Break infinite loop if kerberos authorization fails if request.authorization and request.authorization[0] == 'Negotiate': try_kerberos = False page_title = 'Login to %s' % settings.get('system_name', 'KARL') # Per #366377, don't say what screen api = TemplateAPI(context, request, page_title) sso_providers = [] sso = settings.get('sso') if sso: # importing here rather than in global scope allows to only require # velruse be installed for systems using it. from velruse import login_url for name in sso.split(): provider = settings.get('sso.%s.provider' % name) title = settings.get('sso.%s.title' % name) sso_providers.append({'title': title, 'name': name, 'url': login_url(request, provider)}) api.status_message = request.params.get('reason', None) response = render_to_response( 'templates/login.pt', dict( api=api, nothing='', try_kerberos=try_kerberos, sso_providers=sso_providers, app_url=request.application_url), request=request) forget_headers = forget(request) response.headers.extend(forget_headers) return response
def login(request): settings = request.registry.settings ident = "openid_identifier=" + settings.get('tahrir.openid_identifier') url = velruse.login_url(request, 'openid') + "?" + ident return HTTPFound(location=url)
def login_view(request): return HTTPFound(location=login_url(request, 'github'))
def login_view(request): return { 'login_url': lambda name: login_url(request, name), 'providers': request.registry.settings['login_providers'], }
def location(self): request = get_current_request() return velruse.login_url(request, self.id)
def view_home(request): logged_in = authenticated_userid(request) loginurl = login_url(request, 'google') PiList = get_pis() return {"loginurl": loginurl, "logged_in": logged_in, "logouturl": request.route_url('logout'), 'pis': PiList}
def view_users(request): logged_in = authenticated_userid(request) loginurl = login_url(request, 'google') UserList = get_users() return {"loginurl": loginurl, "logged_in": logged_in, "logouturl": request.route_url('logout'), 'users': UserList}
def home_unauth(request): return {'login_url': login_url(request, 'google')}
def home_view(request): return { 'github_login_url': login_url(request, 'github'), }