Use transactions throughout the code

[cascardo/ipsilon.git] / ipsilon / login / authkrb.py

diff --git a/ipsilon/login/authkrb.py b/ipsilon/login/authkrb.py
index c67b93b..5f2d682 100755 (executable)
--- a/ipsilon/login/authkrb.py
+++ b/ipsilon/login/authkrb.py
@@ -20,6 +20,7 @@
 from ipsilon.login.common import LoginPageBase, LoginManagerBase
 from ipsilon.login.common import FACILITY
 from ipsilon.util.plugin import PluginObject
+from ipsilon.util.trans import Transaction
 from string import Template
 import cherrypy
 import os
@@ -36,13 +37,15 @@ class Krb(LoginPageBase):
 class KrbAuth(LoginPageBase):
 
     def root(self, *args, **kwargs):
+        trans = Transaction('login', **kwargs)
         # If we can get here, we must be authenticated and remote_user
         # was set. Check the session has a user set already or error.
         if self.user and self.user.name:
             userdata = {'krb_principal_name': self.user.name}
-            return self.lm.auth_successful(self.user.name, userdata)
+            return self.lm.auth_successful(trans, self.user.name,
+                                           'krb', userdata)
         else:
-            return self.lm.auth_failed()
+            return self.lm.auth_failed(trans)
 
 
 class KrbError(LoginPageBase):
@@ -52,7 +55,7 @@ class KrbError(LoginPageBase):
         # If we have no negotiate header return whatever mod_auth_kerb
         # generated and wait for the next request
 
-        if not 'WWW-Authenticate' in cherrypy.request.headers:
+        if 'WWW-Authenticate' not in cherrypy.request.headers:
             cherrypy.response.status = 401
 
             if self.lm.next_login:
@@ -64,7 +67,7 @@ class KrbError(LoginPageBase):
                                   cont=conturl)
 
         # If we get here, negotiate failed
-        return self.lm.auth_failed()
+        return self.lm.auth_failed(Transaction('login', **kwargs))
 
 
 class LoginManager(LoginManagerBase):
@@ -82,6 +85,7 @@ plugin for actual authentication. """
         self.page = Krb(site, self)
         self.page.__dict__['negotiate'] = KrbAuth(site, self)
         self.page.__dict__['unauthorized'] = KrbError(site, self)
+        self.page.__dict__['failed'] = KrbError(site, self)
         return self.page
 
 
@@ -101,6 +105,7 @@ CONF_TEMPLATE = """
   Require valid-user
 
   ErrorDocument 401 /${instance}/login/krb/unauthorized
+  ErrorDocument 500 /${instance}/login/krb/failed
 </Location>
 """