|
1076
by chadnickbok
Created a new app, logout, which when given a GET |
1 |
# IVLE
|
2 |
# Copyright (C) 2007-2009 The University of Melbourne
|
|
3 |
#
|
|
4 |
# This program is free software; you can redistribute it and/or modify
|
|
5 |
# it under the terms of the GNU General Public License as published by
|
|
6 |
# the Free Software Foundation; either version 2 of the License, or
|
|
7 |
# (at your option) any later version.
|
|
8 |
#
|
|
9 |
# This program is distributed in the hope that it will be useful,
|
|
10 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
11 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
12 |
# GNU General Public License for more details.
|
|
13 |
#
|
|
14 |
# You should have received a copy of the GNU General Public License
|
|
15 |
# along with this program; if not, write to the Free Software
|
|
16 |
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
17 |
||
|
1099.1.41
by William Grant
Port www/apps/logout to new framework (in ivle.webapp.security). |
18 |
# Author: Will Grant, Nick Chadwick
|
19 |
||
|
1099.1.120
by William Grant
Move the login machinery to the new framework. |
20 |
import urllib |
21 |
import datetime |
|
22 |
try: |
|
23 |
import mod_python.Cookie |
|
24 |
except ImportError: |
|
25 |
# This needs to be importable from outside Apache.
|
|
26 |
pass
|
|
27 |
||
|
1137
by William Grant
Attempt to use subject pulldown modules to enrol users whenever they log in. |
28 |
import ivle.pulldown_subj |
|
1099.1.161
by William Grant
Move ivle.dispatch.login.get_user_details() to ivle.webapp.security. |
29 |
import ivle.webapp.security |
|
1099.1.120
by William Grant
Move the login machinery to the new framework. |
30 |
from ivle.auth import authenticate, AuthError |
|
1099.1.41
by William Grant
Port www/apps/logout to new framework (in ivle.webapp.security). |
31 |
from ivle.webapp.base.xhtml import XHTMLView |
|
1099.1.120
by William Grant
Move the login machinery to the new framework. |
32 |
from ivle.webapp.base.plugins import CookiePlugin |
33 |
||
34 |
class LoginView(XHTMLView): |
|
35 |
'''A view to allow a user to log in.'''
|
|
36 |
template = 'login.html' |
|
|
1099.1.129
by William Grant
Allow XHTML views to specify that they cannot have overlays. |
37 |
allow_overlays = False |
|
1099.1.120
by William Grant
Move the login machinery to the new framework. |
38 |
|
39 |
def authorize(self, req): |
|
40 |
return True |
|
41 |
||
42 |
def populate(self, req, ctx): |
|
43 |
fields = req.get_fieldstorage() |
|
44 |
nexturl = fields.getfirst('url') |
|
45 |
||
46 |
if nexturl is None: |
|
47 |
nexturl = '/' |
|
48 |
||
|
1154
by William Grant
Only redirect +login for logged in users if the method is not POST. We do this |
49 |
# We are already logged in. If it is a POST, they might be trying to
|
50 |
# clobber their session with some new credentials. That's their own
|
|
51 |
# business, so we let them do it. Otherwise, we don't bother prompting
|
|
52 |
# and just redirect to the destination.
|
|
|
1099.1.125
by William Grant
Move the pending/no_agreement handling into the new login machinery. |
53 |
# Note that req.user is None even if we are 'logged in', if the user is
|
|
1154
by William Grant
Only redirect +login for logged in users if the method is not POST. We do this |
54 |
# invalid (state != enabled, or expired).
|
55 |
if req.method != "POST" and req.user is not None: |
|
|
1099.1.120
by William Grant
Move the login machinery to the new framework. |
56 |
req.throw_redirect(nexturl) |
57 |
||
|
1099.1.209
by William Grant
Don't escape / in paths when they are in +login/+tos URLs. |
58 |
# Don't give any URL if we want /.
|
59 |
if nexturl == '/': |
|
60 |
query_string = '' |
|
61 |
else: |
|
62 |
query_string = '?url=' + urllib.quote(nexturl, safe="/~") |
|
63 |
||
|
1210
by William Grant
Use Request.make_path everywhere. |
64 |
ctx['path'] = req.make_path('+login') + query_string |
|
1099.1.120
by William Grant
Move the login machinery to the new framework. |
65 |
|
|
1099.1.125
by William Grant
Move the pending/no_agreement handling into the new login machinery. |
66 |
# If this succeeds, the user is invalid.
|
|
1099.1.161
by William Grant
Move ivle.dispatch.login.get_user_details() to ivle.webapp.security. |
67 |
user = ivle.webapp.security.get_user_details(req) |
|
1099.1.125
by William Grant
Move the pending/no_agreement handling into the new login machinery. |
68 |
if user is not None: |
69 |
if user.state == "no_agreement": |
|
70 |
# Authenticated, but need to accept the ToS. Send them there.
|
|
71 |
# IMPORTANT NOTE FOR HACKERS: You can't simply disable this
|
|
72 |
# if you are not planning to display a ToS page - the ToS
|
|
73 |
# acceptance process actually calls usrmgt to create the user
|
|
74 |
# jails and related stuff.
|
|
|
1210
by William Grant
Use Request.make_path everywhere. |
75 |
req.throw_redirect(req.make_path('+tos') + query_string) |
|
1099.1.125
by William Grant
Move the pending/no_agreement handling into the new login machinery. |
76 |
elif user.state == "pending": |
77 |
# FIXME: this isn't quite the right answer, but it
|
|
78 |
# should be more robust in the short term.
|
|
79 |
session = req.get_session() |
|
80 |
session.invalidate() |
|
81 |
session.delete() |
|
82 |
user.state = u'no_agreement' |
|
83 |
req.store.commit() |
|
84 |
req.throw_redirect(nexturl) |
|
85 |
||
|
1099.1.120
by William Grant
Move the login machinery to the new framework. |
86 |
if req.method == "POST": |
87 |
# While req.user is normally set to get_user_details, it won't set
|
|
88 |
# it if the account isn't valid. So we get it ourselves.
|
|
|
1099.1.161
by William Grant
Move ivle.dispatch.login.get_user_details() to ivle.webapp.security. |
89 |
user = ivle.webapp.security.get_user_details(req) |
|
1099.1.120
by William Grant
Move the login machinery to the new framework. |
90 |
|
91 |
badlogin = None |
|
92 |
||
93 |
username = fields.getfirst('user') |
|
94 |
password = fields.getfirst('pass') |
|
95 |
if username is not None: |
|
96 |
# From this point onwards, we will be showing an error message
|
|
97 |
# if unsuccessful.
|
|
98 |
# Authenticate
|
|
99 |
if password is None: |
|
100 |
badlogin = "No password supplied." |
|
101 |
else: |
|
102 |
user = None |
|
103 |
try: |
|
104 |
user = authenticate.authenticate(req.store, |
|
105 |
username.value, password.value) |
|
106 |
except AuthError, msg: |
|
107 |
badlogin = msg |
|
108 |
if user is None: |
|
109 |
# Must have got an error. Do not authenticate.
|
|
|
1099.1.123
by William Grant
Don't crash when not authenticated, and display an error on password absence. |
110 |
# The except: above will have set a message.
|
|
1099.1.120
by William Grant
Move the login machinery to the new framework. |
111 |
pass
|
112 |
else: |
|
113 |
# Success - Set the session and redirect to the URL.
|
|
114 |
session = req.get_session() |
|
115 |
session['login'] = user.login |
|
116 |
session.save() |
|
|
1130
by William Grant
Unlock the session everywhere as soon as we are done with it, and add a warning |
117 |
session.unlock() |
|
1099.1.120
by William Grant
Move the login machinery to the new framework. |
118 |
user.last_login = datetime.datetime.now() |
119 |
||
120 |
# Create cookies for plugins that might request them.
|
|
|
1092.1.59
by William Grant
Move the plugin loading/indexing logic into ivle.config.Config. |
121 |
for plugin in req.config.plugin_index[CookiePlugin]: |
|
1099.1.120
by William Grant
Move the login machinery to the new framework. |
122 |
for cookie in plugin.cookies: |
123 |
# The function can be None if they just need to be
|
|
124 |
# deleted at logout.
|
|
125 |
if plugin.cookies[cookie] is not None: |
|
126 |
req.add_cookie(mod_python.Cookie.Cookie(cookie, |
|
127 |
plugin.cookies[cookie](user), path='/')) |
|
128 |
||
|
1137
by William Grant
Attempt to use subject pulldown modules to enrol users whenever they log in. |
129 |
# Add any new enrolments.
|
130 |
ivle.pulldown_subj.enrol_user(req.store, user) |
|
131 |
req.store.commit() |
|
132 |
||
|
1099.1.120
by William Grant
Move the login machinery to the new framework. |
133 |
req.throw_redirect(nexturl) |
134 |
||
|
1099.1.123
by William Grant
Don't crash when not authenticated, and display an error on password absence. |
135 |
# We didn't succeed.
|
136 |
# Render the login form with the error message.
|
|
137 |
ctx['error'] = badlogin |
|
|
1099.1.120
by William Grant
Move the login machinery to the new framework. |
138 |
|
|
1099.1.41
by William Grant
Port www/apps/logout to new framework (in ivle.webapp.security). |
139 |
|
140 |
class LogoutView(XHTMLView): |
|
141 |
'''A view to log the current session out.'''
|
|
142 |
template = 'logout.html' |
|
|
1099.1.129
by William Grant
Allow XHTML views to specify that they cannot have overlays. |
143 |
allow_overlays = False |
|
1099.1.41
by William Grant
Port www/apps/logout to new framework (in ivle.webapp.security). |
144 |
|
|
1099.1.110
by William Grant
Implement an authorization system in the new framework. This breaks the REST |
145 |
def authorize(self, req): |
|
1099.1.126
by William Grant
Allow any authenticated (even invalid) user to use the logout view. |
146 |
# This can be used by any authenticated user, even if they haven't
|
147 |
# accepted the ToS yet.
|
|
|
1099.1.161
by William Grant
Move ivle.dispatch.login.get_user_details() to ivle.webapp.security. |
148 |
return ivle.webapp.security.get_user_details(req) is not None |
|
1099.1.110
by William Grant
Implement an authorization system in the new framework. This breaks the REST |
149 |
|
|
1099.1.41
by William Grant
Port www/apps/logout to new framework (in ivle.webapp.security). |
150 |
def populate(self, req, ctx): |
151 |
if req.method == "POST": |
|
152 |
req.logout() |
|
153 |
else: |
|
|
1210
by William Grant
Use Request.make_path everywhere. |
154 |
ctx['path'] = req.make_path('+logout') |