124
by mattgiuca
dispatch/request: Added new fields: method and username. |
1 |
# IVLE - Informatics Virtual Learning Environment
|
2 |
# Copyright (C) 2007-2008 The University of Melbourne
|
|
3 |
#
|
|
4 |
# This program is free software; you can redistribute it and/or modify
|
|
5 |
# it under the terms of the GNU General Public License as published by
|
|
6 |
# the Free Software Foundation; either version 2 of the License, or
|
|
7 |
# (at your option) any later version.
|
|
8 |
#
|
|
9 |
# This program is distributed in the hope that it will be useful,
|
|
10 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
11 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
12 |
# GNU General Public License for more details.
|
|
13 |
#
|
|
14 |
# You should have received a copy of the GNU General Public License
|
|
15 |
# along with this program; if not, write to the Free Software
|
|
16 |
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
17 |
||
18 |
# Module: dispatch.login
|
|
19 |
# Author: Matt Giuca
|
|
20 |
# Date: 21/12/2007
|
|
21 |
||
22 |
# Provides services for checking logins and presenting the login page.
|
|
23 |
||
24 |
from mod_python import (util, Session) |
|
25 |
||
26 |
from auth import authenticate |
|
27 |
||
28 |
def login(req): |
|
29 |
"""Determines whether the user is logged in or not (looking at sessions),
|
|
30 |
and if not, presents the login page. Returns a String username, or None
|
|
31 |
if not logged in.
|
|
32 |
||
33 |
If the user was already logged in, nothing is written to req. Returns
|
|
34 |
a string of the username.
|
|
35 |
||
36 |
If the user was not logged in, but manages to authenticate due to
|
|
37 |
included postdata with a valid username/password, throws a redirect
|
|
38 |
back to the same page (to avoid leaving POSTDATA in the browser).
|
|
39 |
||
40 |
If the user is not logged in, or fails to authenticate, a full page is
|
|
41 |
written to req. Returns None. The caller should immediately terminate.
|
|
42 |
"""
|
|
43 |
session = req.get_session() |
|
44 |
||
45 |
# Check the session to see if someone is logged in. If so, go with it.
|
|
46 |
# No security is required here. You must have already been authenticated
|
|
47 |
# in order to get a 'login_name' variable in the session.
|
|
48 |
try: |
|
49 |
return session['login_name'] |
|
50 |
except KeyError: |
|
51 |
pass
|
|
52 |
||
53 |
badlogin = False |
|
54 |
# Check if there is any postdata containing login information
|
|
55 |
if req.method == 'POST': |
|
56 |
fields = req.get_fieldstorage() |
|
57 |
username = fields.getfirst('user').value |
|
58 |
password = fields.getfirst('pass').value |
|
59 |
if username is not None: |
|
60 |
# From this point onwards, we will be showing an error message
|
|
61 |
# if unsuccessful.
|
|
62 |
# Authenticate
|
|
63 |
if (password is not None and |
|
64 |
authenticate.authenticate(username, password)): |
|
65 |
# Success - Set the session and redirect to avoid POSTDATA
|
|
66 |
session['login_name'] = username |
|
67 |
session.save() |
|
68 |
req.throw_redirect(req.uri) |
|
69 |
else: |
|
70 |
badlogin = True |
|
71 |
||
72 |
# User is not logged in. Present the login box.
|
|
73 |
# Give a 403 Forbidden status, but present a full HTML login page
|
|
74 |
# instead of the usual 403 error.
|
|
75 |
req.status = req.HTTP_FORBIDDEN |
|
76 |
req.content_type = "text/html" |
|
77 |
req.title = "Login" |
|
78 |
req.write_html_head_foot = True |
|
79 |
||
80 |
# Write the HTML for the login page
|
|
81 |
# If badlogin, display an error message indicating a failed login
|
|
82 |
if badlogin: |
|
83 |
req.write("""<p class="error">Invalid username or password.</p>""") |
|
84 |
req.write("""<form action="" method="post"> |
|
85 |
<table>
|
|
86 |
<tr><td>Username:</td><td><input name="user" type="text" /></td></tr>
|
|
87 |
<tr><td>Password:</td><td><input name="pass" type="password" /></td></tr>
|
|
88 |
<tr><td colspan="2"><input type="submit" value="Login" /></td></tr>
|
|
89 |
</table>
|
|
90 |
</form>
|
|
91 |
""") |
|
92 |
||
93 |
return None |
|
94 |
||
95 |
def get_username(req): |
|
96 |
"""Gets the name of the logged in user, without presenting a login box
|
|
97 |
or attempting to authenticate.
|
|
98 |
Returns None if there is no user logged in.
|
|
99 |
"""
|
|
100 |
session = req.get_session() |
|
101 |
||
102 |
# Check the session to see if someone is logged in. If so, go with it.
|
|
103 |
# No security is required here. You must have already been authenticated
|
|
104 |
# in order to get a 'login_name' variable in the session.
|
|
105 |
try: |
|
106 |
return session['login_name'] |
|
107 |
except KeyError: |
|
108 |
return None |