# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-from ipsilon.util.log import Log
from ipsilon.util.page import Page
from ipsilon.util.user import UserSession
from ipsilon.util.plugin import PluginLoader, PluginObject
from ipsilon.util.plugin import PluginInstaller
+from ipsilon.info.common import Info
+from ipsilon.util.cookies import SecureCookie
import cherrypy
USERNAME_COOKIE = 'ipsilon_default_username'
-class LoginManagerBase(PluginObject, Log):
+class LoginManagerBase(PluginObject):
def __init__(self):
super(LoginManagerBase, self).__init__()
+ self._site = None
self.path = '/'
self.next_login = None
+ self.info = None
+ self.is_enabled = False
def redirect_to_path(self, path):
base = cherrypy.config.get('base.mount', "")
raise cherrypy.HTTPRedirect('%s/login/%s' % (base, path))
- def auth_successful(self, username, auth_type=None, userdata=None):
- # save ref before calling UserSession login() as it
- # may regenerate the session
+ def auth_successful(self, trans, username, auth_type=None, userdata=None):
session = UserSession()
- ref = session.get_data('login', 'Return')
- if not ref:
- ref = cherrypy.config.get('base.mount', "") + '/'
+
+ if self.info:
+ userattrs = self.info.get_user_attrs(username)
+ if userdata:
+ userdata.update(userattrs.get('userdata', {}))
+ else:
+ userdata = userattrs.get('userdata', {})
+
+ # merge groups and extras from login plugin and info plugin
+ userdata['groups'] = list(set(userdata.get('groups', []) +
+ userattrs.get('groups', [])))
+
+ userdata['extras'] = userdata.get('extras', {})
+ userdata['extras'].update(userattrs.get('extras', {}))
+
+ self.debug("User %s attributes: %s" % (username, repr(userdata)))
if auth_type:
if userdata:
else:
userdata = {'auth_type': auth_type}
+ # create session login including all the userdata just gathered
session.login(username, userdata)
# save username into a cookie if parent was form base auth
if auth_type == 'password':
- cherrypy.response.cookie[USERNAME_COOKIE] = username
- cherrypy.response.cookie[USERNAME_COOKIE]['path'] = \
- cherrypy.config.get('base.mount', '/')
- cherrypy.response.cookie[USERNAME_COOKIE]['secure'] = True
- cherrypy.response.cookie[USERNAME_COOKIE]['httponly'] = True
+ cookie = SecureCookie(USERNAME_COOKIE, username)
# 15 days
- cherrypy.response.cookie[USERNAME_COOKIE]['max-age'] = 1296000
-
- raise cherrypy.HTTPRedirect(ref)
-
- def auth_failed(self):
+ cookie.maxage = 1296000
+ cookie.send()
+
+ transdata = trans.retrieve()
+ self.debug(transdata)
+ redirect = transdata.get('login_return',
+ cherrypy.config.get('base.mount', "") + '/')
+ self.debug('Redirecting back to: %s' % redirect)
+
+ # on direct login the UI (ie not redirected by a provider) we ned to
+ # remove the transaction cookie as it won't be needed anymore
+ if trans.provider == 'login':
+ self.debug('Wiping transaction data')
+ trans.wipe()
+ raise cherrypy.HTTPRedirect(redirect)
+
+ def auth_failed(self, trans):
# try with next module
if self.next_login:
return self.redirect_to_path(self.next_login.path)
# return to the caller if any
session = UserSession()
- ref = session.get_data('login', 'Return')
- # otherwise destroy session and return error
- if not ref:
+ transdata = trans.retrieve()
+
+ # on direct login the UI (ie not redirected by a provider) we ned to
+ # remove the transaction cookie as it won't be needed anymore
+ if trans.provider == 'login':
+ trans.wipe()
+
+ # destroy session and return error
+ if 'login_return' not in transdata:
session.logout(None)
raise cherrypy.HTTPError(401)
- raise cherrypy.HTTPRedirect(ref)
+ raise cherrypy.HTTPRedirect(transdata['login_return'])
def get_tree(self, site):
raise NotImplementedError
def enable(self, site):
- plugins = site[FACILITY]
- if self in plugins['enabled']:
+ if self.is_enabled:
return
+ if not self._site:
+ self._site = site
+ plugins = self._site[FACILITY]
+
# configure self
if self.name in plugins['config']:
self.set_config(plugins['config'][self.name])
root.first_login = self
plugins['enabled'].append(self)
+ self.is_enabled = True
self._debug('Login plugin enabled: %s' % self.name)
+ # Get handle of the info plugin
+ self.info = root.info
+
def disable(self, site):
- plugins = site[FACILITY]
- if self not in plugins['enabled']:
+ if not self.is_enabled:
return
+ plugins = self._site[FACILITY]
+
# remove self from chain
root = plugins['root']
if root.first_login == self:
self.next_login = None
plugins['enabled'].remove(self)
+ self.is_enabled = False
self._debug('Login plugin disabled: %s' % self.name)
def __init__(self, site, mgr):
super(LoginPageBase, self).__init__(site)
self.lm = mgr
+ self._Transaction = None
def root(self, *args, **kwargs):
raise cherrypy.HTTPError(500)
super(LoginFormBase, self).__init__(site, mgr)
self.formpage = page
self.formtemplate = template or 'login/form.html'
+ self.trans = None
def GET(self, *args, **kwargs):
context = self.create_tmpl_context()
return self._template(self.formtemplate, **context)
def root(self, *args, **kwargs):
+ self.trans = self.get_valid_transaction('login', **kwargs)
op = getattr(self, cherrypy.request.method, self.GET)
if callable(op):
return op(*args, **kwargs)
def create_tmpl_context(self, **kwargs):
next_url = None
if self.lm.next_login is not None:
- next_url = self.lm.next_login.path
-
- username = ''
- if USERNAME_COOKIE in cherrypy.request.cookie:
- username = cherrypy.request.cookie[USERNAME_COOKIE].value
+ next_url = '%s?%s' % (self.lm.next_login.path,
+ self.trans.get_GET_arg())
+
+ cookie = SecureCookie(USERNAME_COOKIE)
+ cookie.receive()
+ username = cookie.value
+ if username is None:
+ username = ''
+
+ target = None
+ if self.trans is not None:
+ tid = self.trans.transaction_id
+ target = self.trans.retrieve().get('login_target')
+ if tid is None:
+ tid = ''
context = {
"title": 'Login',
"description": self.lm.help_text,
"next_url": next_url,
"username": username,
+ "login_target": target,
+ "cancel_url": '%s/login/cancel?%s' % (self.basepath,
+ self.trans.get_GET_arg()),
}
context.update(kwargs)
+ if self.trans is not None:
+ t = self.trans.get_POST_tuple()
+ context.update({t[0]: t[1]})
+
return context
def __init__(self, *args, **kwargs):
super(Login, self).__init__(*args, **kwargs)
+ self.cancel = Cancel(*args, **kwargs)
self.first_login = None
+ self.info = Info(self._site)
loader = PluginLoader(Login, FACILITY, 'LoginManager')
self._site[FACILITY] = loader.get_plugin_data()
def root(self, *args, **kwargs):
if self.first_login:
- raise cherrypy.HTTPRedirect('%s/login/%s' %
- (self.basepath,
- self.first_login.path))
+ trans = self.get_valid_transaction('login', **kwargs)
+ redirect = '%s/login/%s?%s' % (self.basepath,
+ self.first_login.path,
+ trans.get_GET_arg())
+ raise cherrypy.HTTPRedirect(redirect)
return self._template('login/index.html', title='Login')
return self._template('logout.html', title='Logout')
+class Cancel(Page):
+
+ def GET(self, *args, **kwargs):
+
+ session = UserSession()
+ session.logout(None)
+
+ # return to the caller if any
+ transdata = self.get_valid_transaction('login', **kwargs).retrieve()
+ if 'login_return' not in transdata:
+ raise cherrypy.HTTPError(401)
+ raise cherrypy.HTTPRedirect(transdata['login_return'])
+
+ def root(self, *args, **kwargs):
+ op = getattr(self, cherrypy.request.method, self.GET)
+ if callable(op):
+ return op(*args, **kwargs)
+
+
class LoginMgrsInstall(object):
def __init__(self):
projects / cascardo / ipsilon.git / blobdiff