X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=blobdiff_plain;f=ipsilon%2Flogin%2Fcommon.py;h=94284b05a677b325a5acf46b18a144c24720388e;hp=7fb13420de79b982bc893c97700257e2fcbe7800;hb=5ea128eca075c19880419c072be36fd761aad4a4;hpb=e9e517a0385a321f2f42625f739469b79e33ac16

diff --git a/ipsilon/login/common.py b/ipsilon/login/common.py
index 7fb1342..94284b0 100755
--- a/ipsilon/login/common.py
+++ b/ipsilon/login/common.py
@@ -23,6 +23,8 @@ from ipsilon.util.user import UserSession
 from ipsilon.util.plugin import PluginLoader, PluginObject
 from ipsilon.util.plugin import PluginInstaller
 from ipsilon.info.common import Info
+from ipsilon.util.cookies import SecureCookie
+from ipsilon.util.trans import Transaction
 import cherrypy
 
 
@@ -41,20 +43,23 @@ class LoginManagerBase(PluginObject, Log):
         base = cherrypy.config.get('base.mount', "")
         raise cherrypy.HTTPRedirect('%s/login/%s' % (base, path))
 
-    def auth_successful(self, username, auth_type=None, userdata=None):
-        # save ref before calling UserSession login() as it
-        # may regenerate the session
+    def auth_successful(self, trans, username, auth_type=None, userdata=None):
         session = UserSession()
-        ref = session.get_data('login', 'Return')
-        if not ref:
-            ref = cherrypy.config.get('base.mount', "") + '/'
 
         if self.info:
             userattrs = self.info.get_user_attrs(username)
             if userdata:
-                userdata.update(userattrs or {})
+                userdata.update(userattrs.get('userdata', {}))
             else:
-                userdata = userattrs
+                userdata = userattrs.get('userdata', {})
+
+            # merge groups and extras from login plugin and info plugin
+            userdata['groups'] = list(set(userdata.get('groups', []) +
+                                          userattrs.get('groups', [])))
+
+            userdata['extras'] = userdata.get('extras', {})
+            userdata['extras'].update(userattrs.get('extras', {}))
+
             self.debug("User %s attributes: %s" % (username, repr(userdata)))
 
         if auth_type:
@@ -63,35 +68,50 @@ class LoginManagerBase(PluginObject, Log):
             else:
                 userdata = {'auth_type': auth_type}
 
+        # create session login including all the userdata just gathered
         session.login(username, userdata)
 
         # save username into a cookie if parent was form base auth
         if auth_type == 'password':
-            cherrypy.response.cookie[USERNAME_COOKIE] = username
-            cherrypy.response.cookie[USERNAME_COOKIE]['path'] = \
-                cherrypy.config.get('base.mount', '/')
-            cherrypy.response.cookie[USERNAME_COOKIE]['secure'] = True
-            cherrypy.response.cookie[USERNAME_COOKIE]['httponly'] = True
+            cookie = SecureCookie(USERNAME_COOKIE, username)
             # 15 days
-            cherrypy.response.cookie[USERNAME_COOKIE]['max-age'] = 1296000
-
-        raise cherrypy.HTTPRedirect(ref)
-
-    def auth_failed(self):
+            cookie.maxage = 1296000
+            cookie.send()
+
+        transdata = trans.retrieve()
+        self.debug(transdata)
+        redirect = transdata.get('login_return',
+                                 cherrypy.config.get('base.mount', "") + '/')
+        self.debug('Redirecting back to: %s' % redirect)
+
+        # on direct login the UI (ie not redirected by a provider) we ned to
+        # remove the transaction cookie as it won't be needed anymore
+        if trans.provider == 'login':
+            self.debug('Wiping transaction data')
+            trans.wipe()
+        raise cherrypy.HTTPRedirect(redirect)
+
+    def auth_failed(self, trans):
         # try with next module
         if self.next_login:
             return self.redirect_to_path(self.next_login.path)
 
         # return to the caller if any
         session = UserSession()
-        ref = session.get_data('login', 'Return')
 
-        # otherwise destroy session and return error
-        if not ref:
+        transdata = trans.retrieve()
+
+        # on direct login the UI (ie not redirected by a provider) we ned to
+        # remove the transaction cookie as it won't be needed anymore
+        if trans.provider == 'login':
+            trans.wipe()
+
+        # destroy session and return error
+        if 'login_return' not in transdata:
             session.logout(None)
             raise cherrypy.HTTPError(401)
 
-        raise cherrypy.HTTPRedirect(ref)
+        raise cherrypy.HTTPRedirect(transdata['login_return'])
 
     def get_tree(self, site):
         raise NotImplementedError
@@ -153,6 +173,7 @@ class LoginPageBase(Page):
     def __init__(self, site, mgr):
         super(LoginPageBase, self).__init__(site)
         self.lm = mgr
+        self._Transaction = None
 
     def root(self, *args, **kwargs):
         raise cherrypy.HTTPError(500)
@@ -164,6 +185,7 @@ class LoginFormBase(LoginPageBase):
         super(LoginFormBase, self).__init__(site, mgr)
         self.formpage = page
         self.formtemplate = template or 'login/form.html'
+        self.trans = None
 
     def GET(self, *args, **kwargs):
         context = self.create_tmpl_context()
@@ -171,6 +193,7 @@ class LoginFormBase(LoginPageBase):
         return self._template(self.formtemplate, **context)
 
     def root(self, *args, **kwargs):
+        self.trans = Transaction('login', **kwargs)
         op = getattr(self, cherrypy.request.method, self.GET)
         if callable(op):
             return op(*args, **kwargs)
@@ -178,11 +201,21 @@ class LoginFormBase(LoginPageBase):
     def create_tmpl_context(self, **kwargs):
         next_url = None
         if self.lm.next_login is not None:
-            next_url = self.lm.next_login.path
-
-        username = ''
-        if USERNAME_COOKIE in cherrypy.request.cookie:
-            username = cherrypy.request.cookie[USERNAME_COOKIE].value
+            next_url = '%s?%s' % (self.lm.next_login.path,
+                                  self.trans.get_GET_arg())
+
+        cookie = SecureCookie(USERNAME_COOKIE)
+        cookie.receive()
+        username = cookie.value
+        if username is None:
+            username = ''
+
+        target = None
+        if self.trans is not None:
+            tid = self.trans.transaction_id
+            target = self.trans.retrieve().get('login_target')
+        if tid is None:
+            tid = ''
 
         context = {
             "title": 'Login',
@@ -193,8 +226,13 @@ class LoginFormBase(LoginPageBase):
             "description": self.lm.help_text,
             "next_url": next_url,
             "username": username,
+            "login_target": target,
         }
         context.update(kwargs)
+        if self.trans is not None:
+            t = self.trans.get_POST_tuple()
+            context.update({t[0]: t[1]})
+
         return context
 
 
@@ -206,7 +244,7 @@ class Login(Page):
     def __init__(self, *args, **kwargs):
         super(Login, self).__init__(*args, **kwargs)
         self.first_login = None
-        self.info = Info()
+        self.info = Info(self._site)
 
         loader = PluginLoader(Login, FACILITY, 'LoginManager')
         self._site[FACILITY] = loader.get_plugin_data()
@@ -227,9 +265,11 @@ class Login(Page):
 
     def root(self, *args, **kwargs):
         if self.first_login:
-            raise cherrypy.HTTPRedirect('%s/login/%s' %
-                                        (self.basepath,
-                                         self.first_login.path))
+            trans = Transaction('login', **kwargs)
+            redirect = '%s/login/%s?%s' % (self.basepath,
+                                           self.first_login.path,
+                                           trans.get_GET_arg())
+            raise cherrypy.HTTPRedirect(redirect)
         return self._template('login/index.html', title='Login')