1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
1 |
# IVLE - Informatics Virtual Learning Environment
|
2 |
# Copyright (C) 2007-2008 The University of Melbourne
|
|
3 |
#
|
|
4 |
# This program is free software; you can redistribute it and/or modify
|
|
5 |
# it under the terms of the GNU General Public License as published by
|
|
6 |
# the Free Software Foundation; either version 2 of the License, or
|
|
7 |
# (at your option) any later version.
|
|
8 |
#
|
|
9 |
# This program is distributed in the hope that it will be useful,
|
|
10 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
11 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
12 |
# GNU General Public License for more details.
|
|
13 |
#
|
|
14 |
# You should have received a copy of the GNU General Public License
|
|
15 |
# along with this program; if not, write to the Free Software
|
|
16 |
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
17 |
||
18 |
# Module: dispatch.login
|
|
19 |
# Author: Matt Giuca
|
|
20 |
# Date: 21/12/2007
|
|
21 |
||
22 |
# Provides services for checking logins and presenting the login page.
|
|
23 |
import os |
|
1080.1.14
by me at id
ivle.auth.* now uses Storm, and not ivle.(db|user). This changes the interface |
24 |
import datetime |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
25 |
|
26 |
from mod_python import Session |
|
27 |
||
28 |
import ivle.conf |
|
1080.1.7
by matt.giuca
The new ivle.database.User class is now used in Request and usrmgt, which |
29 |
from ivle import (util, caps, forumutil) |
1080.1.14
by me at id
ivle.auth.* now uses Storm, and not ivle.(db|user). This changes the interface |
30 |
from ivle.auth import authenticate, AuthError |
1080.1.7
by matt.giuca
The new ivle.database.User class is now used in Request and usrmgt, which |
31 |
import ivle.database |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
32 |
|
33 |
def login(req): |
|
34 |
"""Determines whether the user is logged in or not (looking at sessions),
|
|
35 |
and if not, presents the login page. Returns a User object, or None
|
|
36 |
if not logged in.
|
|
37 |
||
38 |
If the user was already logged in, nothing is written to req. Returns
|
|
39 |
the User object for the logged in user.
|
|
40 |
||
41 |
If the user was not logged in, but manages to authenticate due to
|
|
42 |
included postdata with a valid username/password, throws a redirect
|
|
43 |
back to the same page (to avoid leaving POSTDATA in the browser).
|
|
44 |
||
45 |
If the user is not logged in, or fails to authenticate, a full page is
|
|
46 |
written to req. Returns None. The caller should immediately terminate.
|
|
47 |
"""
|
|
48 |
# Get the user details from the session, if already logged in
|
|
49 |
# (None means not logged in yet)
|
|
1080.1.7
by matt.giuca
The new ivle.database.User class is now used in Request and usrmgt, which |
50 |
user = get_user_details(req) |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
51 |
|
52 |
# Check the session to see if someone is logged in. If so, go with it.
|
|
53 |
# No security is required here. You must have already been authenticated
|
|
54 |
# in order to get a 'login_name' variable in the session.
|
|
1080.1.7
by matt.giuca
The new ivle.database.User class is now used in Request and usrmgt, which |
55 |
if user is not None and user.state == "enabled": |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
56 |
# Only allow users to authenticate if their account is ENABLED
|
1080.1.7
by matt.giuca
The new ivle.database.User class is now used in Request and usrmgt, which |
57 |
return user |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
58 |
|
59 |
badlogin = None |
|
60 |
||
61 |
# Check if there is any postdata containing login information
|
|
1080.1.7
by matt.giuca
The new ivle.database.User class is now used in Request and usrmgt, which |
62 |
if user is None and req.method == 'POST': |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
63 |
fields = req.get_fieldstorage() |
64 |
username = fields.getfirst('user') |
|
65 |
password = fields.getfirst('pass') |
|
66 |
if username is not None: |
|
67 |
# From this point onwards, we will be showing an error message
|
|
68 |
# if unsuccessful.
|
|
69 |
# Authenticate
|
|
70 |
if password is None: |
|
71 |
badlogin = "No password supplied." |
|
72 |
else: |
|
73 |
try: |
|
1080.1.14
by me at id
ivle.auth.* now uses Storm, and not ivle.(db|user). This changes the interface |
74 |
user = authenticate.authenticate(req.store, |
75 |
username.value, password.value) |
|
1080.1.11
by me at id
ivle.dispatch.login: Only catch AuthErrors from ivle.auth.authenticate; the |
76 |
except AuthError, msg: |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
77 |
badlogin = msg |
1080.1.7
by matt.giuca
The new ivle.database.User class is now used in Request and usrmgt, which |
78 |
if user is None: |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
79 |
# Must have got an error. Do not authenticate.
|
80 |
pass
|
|
1080.1.15
by me at id
Give ivle.database.User {password,account}_expired attributes, and get |
81 |
elif user.password_expired: |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
82 |
badlogin = "Your password has expired." |
1080.1.15
by me at id
Give ivle.database.User {password,account}_expired attributes, and get |
83 |
elif user.account_expired: |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
84 |
badlogin = "Your account has expired." |
85 |
else: |
|
86 |
# Success - Set the session and redirect to avoid POSTDATA
|
|
87 |
session = req.get_session() |
|
1080.1.7
by matt.giuca
The new ivle.database.User class is now used in Request and usrmgt, which |
88 |
session['login'] = user.login |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
89 |
session.save() |
1080.1.14
by me at id
ivle.auth.* now uses Storm, and not ivle.(db|user). This changes the interface |
90 |
user.last_login = datetime.datetime.now() |
1080.1.7
by matt.giuca
The new ivle.database.User class is now used in Request and usrmgt, which |
91 |
req.store.commit() |
92 |
req.add_cookie(forumutil.make_forum_cookie(user)) |
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
93 |
req.throw_redirect(req.uri) |
94 |
||
95 |
# Present the HTML login page
|
|
96 |
req.content_type = "text/html" |
|
97 |
req.title = "Login" |
|
98 |
req.write_html_head_foot = True |
|
99 |
||
100 |
# User is not logged in or their account is not enabled.
|
|
1080.1.7
by matt.giuca
The new ivle.database.User class is now used in Request and usrmgt, which |
101 |
if user is not None: |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
102 |
# Only possible if no errors occured thus far
|
1080.1.7
by matt.giuca
The new ivle.database.User class is now used in Request and usrmgt, which |
103 |
if user.state == "no_agreement": |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
104 |
# User has authenticated but has not accepted the TOS.
|
105 |
# Present them with the TOS page.
|
|
106 |
# First set their username for display at the top, but make sure
|
|
107 |
# the apps tabs are not displayed
|
|
1080.1.7
by matt.giuca
The new ivle.database.User class is now used in Request and usrmgt, which |
108 |
req.user = user |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
109 |
# IMPORTANT NOTE FOR HACKERS: You can't simply disable this check
|
110 |
# if you are not planning to display a TOS page - the TOS
|
|
111 |
# acceptance process actually calls usermgt to create the user
|
|
112 |
# jails and related stuff.
|
|
1080.1.7
by matt.giuca
The new ivle.database.User class is now used in Request and usrmgt, which |
113 |
present_tos(req, user.fullname) |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
114 |
return None |
1080.1.7
by matt.giuca
The new ivle.database.User class is now used in Request and usrmgt, which |
115 |
elif user.state == "disabled": |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
116 |
# User has authenticated but their account is disabled
|
117 |
badlogin = "Your account has been disabled." |
|
1080.1.7
by matt.giuca
The new ivle.database.User class is now used in Request and usrmgt, which |
118 |
elif user.state == "pending": |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
119 |
# FIXME: this isn't quite the right answer, but it
|
120 |
# should be more robust in the short term.
|
|
121 |
session = req.get_session() |
|
122 |
session.invalidate() |
|
123 |
session.delete() |
|
1080.1.7
by matt.giuca
The new ivle.database.User class is now used in Request and usrmgt, which |
124 |
user.state = u'no_agreement' |
125 |
req.store.commit() |
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
126 |
req.throw_redirect(req.uri) |
127 |
||
128 |
# Write the HTML for the login page
|
|
129 |
# If badlogin, display an error message indicating a failed login
|
|
130 |
req.write("""<div id="ivle_padding"> |
|
131 |
<p>Welcome to the Informatics Virtual Learning Environment.
|
|
132 |
Please log in to access your files and assessment.</p>
|
|
133 |
""") |
|
134 |
if badlogin is not None: |
|
135 |
req.write("""<p class="error">%s</p> |
|
136 |
""" % badlogin) |
|
137 |
req.write("""<form action="" method="post"> |
|
138 |
<table>
|
|
139 |
<tr><td>Username:</td><td><input name="user" type="text" /></td></tr>
|
|
140 |
<tr><td>Password:</td><td><input name="pass" type="password" /></td></tr>
|
|
141 |
<tr><td colspan="2"><input type="submit" value="Login" /></td></tr>
|
|
142 |
</table>
|
|
143 |
</form>
|
|
144 |
""") |
|
145 |
# Write the "Message of the Day" document, if it exists.
|
|
146 |
try: |
|
147 |
req.sendfile(ivle.conf.motd_path) |
|
148 |
except IOError: |
|
149 |
pass
|
|
150 |
req.write('</div>\n') |
|
151 |
||
152 |
return None |
|
153 |
||
154 |
def get_user_details(req): |
|
155 |
"""Gets the name of the logged in user, without presenting a login box
|
|
156 |
or attempting to authenticate.
|
|
157 |
Returns None if there is no user logged in.
|
|
158 |
"""
|
|
159 |
session = req.get_session() |
|
160 |
||
161 |
# Check the session to see if someone is logged in. If so, go with it.
|
|
162 |
try: |
|
1080.1.7
by matt.giuca
The new ivle.database.User class is now used in Request and usrmgt, which |
163 |
login = session['login'] |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
164 |
except KeyError: |
165 |
return None |
|
166 |
||
1080.1.7
by matt.giuca
The new ivle.database.User class is now used in Request and usrmgt, which |
167 |
# Get the full User object from the db associated with this login
|
168 |
return ivle.database.User.get_by_login(req.store, login) |
|
169 |
||
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
170 |
def present_tos(req, fullname): |
171 |
"""Present the Terms of Service screen to the user (who has just logged in
|
|
172 |
for the first time and needs to accept these before being admitted into
|
|
173 |
the system).
|
|
174 |
"""
|
|
175 |
req.title = "Terms of Service" |
|
176 |
# Include the JavaScript for the "makeuser" Ajax stuff
|
|
177 |
req.scripts = [ |
|
178 |
"media/common/json2.js", |
|
179 |
"media/common/util.js", |
|
180 |
"media/common/tos.js", |
|
181 |
]
|
|
182 |
req.write("""<div id="ivle_padding"> |
|
183 |
<p>Welcome, <b>%s</b>.</p> |
|
184 |
<p>As this is the first time you have logged into IVLE, you are required to
|
|
185 |
accept these Terms of Service before using the system.</p>
|
|
186 |
<p>You will be allowed to re-read these terms at any time from the "Help"
|
|
187 |
menu.</p>
|
|
188 |
<hr />
|
|
189 |
""" % fullname) |
|
190 |
# Write out the text of the license
|
|
191 |
util.send_terms_of_service(req) |
|
192 |
req.write("""<hr /> |
|
193 |
<div id="tos_acceptbuttons">
|
|
194 |
<p>Please click "I Accept" to indicate that you have read and understand these
|
|
195 |
terms, or click "I Decline" to log out of IVLE.</p>
|
|
196 |
<p>
|
|
197 |
<input type="button" value="I Accept" onclick="accept_license()" />
|
|
198 |
<input type="button" value="I Decline" onclick="decline_license()" />
|
|
199 |
</p>
|
|
200 |
</div>
|
|
201 |
""") |
|
202 |