Better session management at login

[cascardo/ipsilon.git] / ipsilon / login / common.py

diff --git a/ipsilon/login/common.py b/ipsilon/login/common.py
index 416ff31..5879fda 100755 (executable)
--- a/ipsilon/login/common.py
+++ b/ipsilon/login/common.py
@@ -37,22 +37,30 @@ class LoginManagerBase(PluginObject):
     def auth_successful(self, username):
         # save ref before calling UserSession login() as it
         # may regenerate the session
-        ref = '/idp'
-        if 'referral' in cherrypy.session:
-            ref = cherrypy.session['referral']
+        session = UserSession()
+        ref = session.get_data('login', 'Return')
+        if not ref:
+            ref = cherrypy.config.get('base.mount', "") + '/'
 
-        UserSession().login(username)
+        session.login(username)
         raise cherrypy.HTTPRedirect(ref)
 
     def auth_failed(self):
-        # Just make sure we destroy the session
-        UserSession().logout(None)
-
+        # try with next module
         if self.next_login:
             return self.redirect_to_path(self.next_login.path)
 
-        # FIXME: show an error page instead
-        raise cherrypy.HTTPError(401)
+        # return to the caller if any
+        session = UserSession()
+        ref = session.get_data('login', 'Return')
+
+        # otherwise destroy session and return error
+        if not ref:
+            ref = cherrypy.config.get('base.mount', "") + '/unauthorized'
+            # Just make sure we destroy the session
+            session.logout(None)
+
+        raise cherrypy.HTTPRedirect(ref)
 
 
 class LoginPageBase(Page):
@@ -78,12 +86,15 @@ class Login(Page):
         self._site[FACILITY] = loader.get_plugin_data()
         plugins = self._site[FACILITY]
 
+        available = plugins['available'].keys()
+        self._debug('Available login managers: %s' % str(available))
+
         prev_obj = None
-        for item in plugins['available']:
-            self._log('Login plugin available: %s' % item)
-            if item not in plugins['whitelist']:
+        for item in plugins['whitelist']:
+            self._debug('Login plugin in whitelist: %s' % item)
+            if item not in plugins['available']:
                 continue
-            self._log('Login plugin enabled: %s' % item)
+            self._debug('Login plugin enabled: %s' % item)
             plugins['enabled'].append(item)
             obj = plugins['available'][item]
             if prev_obj:
@@ -95,10 +106,6 @@ class Login(Page):
                 obj.set_config(plugins['config'][item])
             self.__dict__[item] = obj.get_tree(self._site)
 
-    def _log(self, fact):
-        if cherrypy.config.get('debug', False):
-            cherrypy.log(fact)
-
     def root(self, *args, **kwargs):
         if self.first_login:
             raise cherrypy.HTTPRedirect('%s/login/%s' %