Show login target on the login screen
[cascardo/ipsilon.git] / ipsilon / login / common.py
index b7000b2..94284b0 100755 (executable)
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+from ipsilon.util.log import Log
 from ipsilon.util.page import Page
 from ipsilon.util.user import UserSession
 from ipsilon.util.plugin import PluginLoader, PluginObject
 from ipsilon.util.page import Page
 from ipsilon.util.user import UserSession
 from ipsilon.util.plugin import PluginLoader, PluginObject
+from ipsilon.util.plugin import PluginInstaller
+from ipsilon.info.common import Info
+from ipsilon.util.cookies import SecureCookie
+from ipsilon.util.trans import Transaction
 import cherrypy
 
 
 import cherrypy
 
 
-class LoginManagerBase(PluginObject):
+USERNAME_COOKIE = 'ipsilon_default_username'
+
+
+class LoginManagerBase(PluginObject, Log):
 
     def __init__(self):
         super(LoginManagerBase, self).__init__()
         self.path = '/'
         self.next_login = None
 
     def __init__(self):
         super(LoginManagerBase, self).__init__()
         self.path = '/'
         self.next_login = None
+        self.info = None
 
     def redirect_to_path(self, path):
         base = cherrypy.config.get('base.mount', "")
         raise cherrypy.HTTPRedirect('%s/login/%s' % (base, path))
 
 
     def redirect_to_path(self, path):
         base = cherrypy.config.get('base.mount', "")
         raise cherrypy.HTTPRedirect('%s/login/%s' % (base, path))
 
-    def auth_successful(self, username, userdata=None):
-        # save ref before calling UserSession login() as it
-        # may regenerate the session
+    def auth_successful(self, trans, username, auth_type=None, userdata=None):
         session = UserSession()
         session = UserSession()
-        ref = session.get_data('login', 'Return')
-        if not ref:
-            ref = cherrypy.config.get('base.mount', "") + '/'
 
 
-        session.login(username)
+        if self.info:
+            userattrs = self.info.get_user_attrs(username)
+            if userdata:
+                userdata.update(userattrs.get('userdata', {}))
+            else:
+                userdata = userattrs.get('userdata', {})
+
+            # merge groups and extras from login plugin and info plugin
+            userdata['groups'] = list(set(userdata.get('groups', []) +
+                                          userattrs.get('groups', [])))
+
+            userdata['extras'] = userdata.get('extras', {})
+            userdata['extras'].update(userattrs.get('extras', {}))
 
 
-        # Save additional data provided by the login manager
-        if userdata:
-            for key in userdata:
-                session.save_data('user', key, userdata[key])
+            self.debug("User %s attributes: %s" % (username, repr(userdata)))
 
 
-        raise cherrypy.HTTPRedirect(ref)
+        if auth_type:
+            if userdata:
+                userdata.update({'auth_type': auth_type})
+            else:
+                userdata = {'auth_type': auth_type}
 
 
-    def auth_failed(self):
+        # create session login including all the userdata just gathered
+        session.login(username, userdata)
+
+        # save username into a cookie if parent was form base auth
+        if auth_type == 'password':
+            cookie = SecureCookie(USERNAME_COOKIE, username)
+            # 15 days
+            cookie.maxage = 1296000
+            cookie.send()
+
+        transdata = trans.retrieve()
+        self.debug(transdata)
+        redirect = transdata.get('login_return',
+                                 cherrypy.config.get('base.mount', "") + '/')
+        self.debug('Redirecting back to: %s' % redirect)
+
+        # on direct login the UI (ie not redirected by a provider) we ned to
+        # remove the transaction cookie as it won't be needed anymore
+        if trans.provider == 'login':
+            self.debug('Wiping transaction data')
+            trans.wipe()
+        raise cherrypy.HTTPRedirect(redirect)
+
+    def auth_failed(self, trans):
         # try with next module
         if self.next_login:
             return self.redirect_to_path(self.next_login.path)
 
         # return to the caller if any
         session = UserSession()
         # try with next module
         if self.next_login:
             return self.redirect_to_path(self.next_login.path)
 
         # return to the caller if any
         session = UserSession()
-        ref = session.get_data('login', 'Return')
 
 
-        # otherwise destroy session and return error
-        if not ref:
+        transdata = trans.retrieve()
+
+        # on direct login the UI (ie not redirected by a provider) we ned to
+        # remove the transaction cookie as it won't be needed anymore
+        if trans.provider == 'login':
+            trans.wipe()
+
+        # destroy session and return error
+        if 'login_return' not in transdata:
             session.logout(None)
             raise cherrypy.HTTPError(401)
 
             session.logout(None)
             raise cherrypy.HTTPError(401)
 
-        raise cherrypy.HTTPRedirect(ref)
+        raise cherrypy.HTTPRedirect(transdata['login_return'])
+
+    def get_tree(self, site):
+        raise NotImplementedError
+
+    def enable(self, site):
+        plugins = site[FACILITY]
+        if self in plugins['enabled']:
+            return
+
+        # configure self
+        if self.name in plugins['config']:
+            self.set_config(plugins['config'][self.name])
+
+        # and add self to the root
+        root = plugins['root']
+        root.add_subtree(self.name, self.get_tree(site))
+
+        # finally add self in login chain
+        prev_obj = None
+        for prev_obj in plugins['enabled']:
+            if prev_obj.next_login:
+                break
+        if prev_obj:
+            while prev_obj.next_login:
+                prev_obj = prev_obj.next_login
+            prev_obj.next_login = self
+        if not root.first_login:
+            root.first_login = self
+
+        plugins['enabled'].append(self)
+        self._debug('Login plugin enabled: %s' % self.name)
+
+        # Get handle of the info plugin
+        self.info = root.info
+
+    def disable(self, site):
+        plugins = site[FACILITY]
+        if self not in plugins['enabled']:
+            return
+
+        # remove self from chain
+        root = plugins['root']
+        if root.first_login == self:
+            root.first_login = self.next_login
+        elif root.first_login:
+            prev_obj = root.first_login
+            while prev_obj.next_login != self:
+                prev_obj = prev_obj.next_login
+            if prev_obj:
+                prev_obj.next_login = self.next_login
+        self.next_login = None
+
+        plugins['enabled'].remove(self)
+        self._debug('Login plugin disabled: %s' % self.name)
 
 
 class LoginPageBase(Page):
 
 
 class LoginPageBase(Page):
@@ -73,11 +173,69 @@ class LoginPageBase(Page):
     def __init__(self, site, mgr):
         super(LoginPageBase, self).__init__(site)
         self.lm = mgr
     def __init__(self, site, mgr):
         super(LoginPageBase, self).__init__(site)
         self.lm = mgr
+        self._Transaction = None
 
     def root(self, *args, **kwargs):
         raise cherrypy.HTTPError(500)
 
 
 
     def root(self, *args, **kwargs):
         raise cherrypy.HTTPError(500)
 
 
+class LoginFormBase(LoginPageBase):
+
+    def __init__(self, site, mgr, page, template=None):
+        super(LoginFormBase, self).__init__(site, mgr)
+        self.formpage = page
+        self.formtemplate = template or 'login/form.html'
+        self.trans = None
+
+    def GET(self, *args, **kwargs):
+        context = self.create_tmpl_context()
+        # pylint: disable=star-args
+        return self._template(self.formtemplate, **context)
+
+    def root(self, *args, **kwargs):
+        self.trans = Transaction('login', **kwargs)
+        op = getattr(self, cherrypy.request.method, self.GET)
+        if callable(op):
+            return op(*args, **kwargs)
+
+    def create_tmpl_context(self, **kwargs):
+        next_url = None
+        if self.lm.next_login is not None:
+            next_url = '%s?%s' % (self.lm.next_login.path,
+                                  self.trans.get_GET_arg())
+
+        cookie = SecureCookie(USERNAME_COOKIE)
+        cookie.receive()
+        username = cookie.value
+        if username is None:
+            username = ''
+
+        target = None
+        if self.trans is not None:
+            tid = self.trans.transaction_id
+            target = self.trans.retrieve().get('login_target')
+        if tid is None:
+            tid = ''
+
+        context = {
+            "title": 'Login',
+            "action": '%s/%s' % (self.basepath, self.formpage),
+            "service_name": self.lm.service_name,
+            "username_text": self.lm.username_text,
+            "password_text": self.lm.password_text,
+            "description": self.lm.help_text,
+            "next_url": next_url,
+            "username": username,
+            "login_target": target,
+        }
+        context.update(kwargs)
+        if self.trans is not None:
+            t = self.trans.get_POST_tuple()
+            context.update({t[0]: t[1]})
+
+        return context
+
+
 FACILITY = 'login_config'
 
 
 FACILITY = 'login_config'
 
 
@@ -86,6 +244,7 @@ class Login(Page):
     def __init__(self, *args, **kwargs):
         super(Login, self).__init__(*args, **kwargs)
         self.first_login = None
     def __init__(self, *args, **kwargs):
         super(Login, self).__init__(*args, **kwargs)
         self.first_login = None
+        self.info = Info(self._site)
 
         loader = PluginLoader(Login, FACILITY, 'LoginManager')
         self._site[FACILITY] = loader.get_plugin_data()
 
         loader = PluginLoader(Login, FACILITY, 'LoginManager')
         self._site[FACILITY] = loader.get_plugin_data()
@@ -94,28 +253,23 @@ class Login(Page):
         available = plugins['available'].keys()
         self._debug('Available login managers: %s' % str(available))
 
         available = plugins['available'].keys()
         self._debug('Available login managers: %s' % str(available))
 
-        prev_obj = None
+        plugins['root'] = self
         for item in plugins['whitelist']:
             self._debug('Login plugin in whitelist: %s' % item)
             if item not in plugins['available']:
                 continue
         for item in plugins['whitelist']:
             self._debug('Login plugin in whitelist: %s' % item)
             if item not in plugins['available']:
                 continue
-            self._debug('Login plugin enabled: %s' % item)
-            plugins['enabled'].append(item)
-            obj = plugins['available'][item]
-            if prev_obj:
-                prev_obj.next_login = obj
-            else:
-                self.first_login = obj
-            prev_obj = obj
-            if item in plugins['config']:
-                obj.set_config(plugins['config'][item])
-            self.__dict__[item] = obj.get_tree(self._site)
+            plugins['available'][item].enable(self._site)
+
+    def add_subtree(self, name, page):
+        self.__dict__[name] = page
 
     def root(self, *args, **kwargs):
         if self.first_login:
 
     def root(self, *args, **kwargs):
         if self.first_login:
-            raise cherrypy.HTTPRedirect('%s/login/%s' %
-                                        (self.basepath,
-                                         self.first_login.path))
+            trans = Transaction('login', **kwargs)
+            redirect = '%s/login/%s?%s' % (self.basepath,
+                                           self.first_login.path,
+                                           trans.get_GET_arg())
+            raise cherrypy.HTTPRedirect(redirect)
         return self._template('login/index.html', title='Login')
 
 
         return self._template('login/index.html', title='Login')
 
 
@@ -124,3 +278,10 @@ class Logout(Page):
     def root(self, *args, **kwargs):
         UserSession().logout(self.user)
         return self._template('logout.html', title='Logout')
     def root(self, *args, **kwargs):
         UserSession().logout(self.user)
         return self._template('logout.html', title='Logout')
+
+
+class LoginMgrsInstall(object):
+
+    def __init__(self):
+        pi = PluginInstaller(LoginMgrsInstall)
+        self.plugins = pi.get_plugins()