~azzar1/unity/add-show-desktop-key : contents of ivle/webapp/security/views.py at revision 1643

~azzar1/unity/add-show-desktop-key : (revision 1643)

# IVLE
# Copyright (C) 2007-2009 The University of Melbourne
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

# Author: Will Grant, Nick Chadwick

import urllib
import datetime
try:
    import mod_python.Cookie
except ImportError:
    # This needs to be importable from outside Apache.
    pass

import ivle.pulldown_subj
import ivle.webapp.security
from ivle.auth import authenticate, AuthError
from ivle.webapp.base.xhtml import XHTMLView
from ivle.webapp.base.plugins import CookiePlugin

class LoginView(XHTMLView):
    '''A view to allow a user to log in.'''
    template = 'login.html'
    allow_overlays = False

    def authorize(self, req):
        return True

    def populate(self, req, ctx):
        fields = req.get_fieldstorage()
        nexturl = fields.getfirst('url')

        if nexturl is None:
            nexturl = '/'

        # We are already logged in. If it is a POST, they might be trying to
        # clobber their session with some new credentials. That's their own
        # business, so we let them do it. Otherwise, we don't bother prompting
        # and just redirect to the destination.
        # Note that req.user is None even if we are 'logged in', if the user is
        # invalid (state != enabled, or expired).
        if req.method != "POST" and req.user is not None:
            req.throw_redirect(nexturl)

        # Don't give any URL if we want /.
        if nexturl == '/':
            query_string = ''
        else:
            query_string = '?url=' + urllib.quote(nexturl, safe="/~")

        ctx['path'] = req.make_path('+login') + query_string

        # If this succeeds, the user is invalid.
        user = ivle.webapp.security.get_user_details(req)
        if user is not None:
            if user.state == "no_agreement":
                # Authenticated, but need to accept the ToS. Send them there.
                # IMPORTANT NOTE FOR HACKERS: You can't simply disable this
                # if you are not planning to display a ToS page - the ToS
                # acceptance process actually calls usrmgt to create the user
                # jails and related stuff.
                req.throw_redirect(req.make_path('+tos') + query_string)
            elif user.state == "pending":
                # FIXME: this isn't quite the right answer, but it
                # should be more robust in the short term.
                session = req.get_session()
                session.invalidate()
                session.delete()
                user.state = u'no_agreement'
                req.store.commit()
                req.throw_redirect(nexturl)

        if req.method == "POST":
            # While req.user is normally set to get_user_details, it won't set
            # it if the account isn't valid. So we get it ourselves.
            user = ivle.webapp.security.get_user_details(req)

            badlogin = None

            username = fields.getfirst('user')
            password = fields.getfirst('pass')
            if username is not None:
                # From this point onwards, we will be showing an error message
                # if unsuccessful.
                # Authenticate
                if password is None:
                    badlogin = "No password supplied."
                else:
                    user = None
                    try:
                        # Username is case insensitive
                        user = authenticate.authenticate(req.config, req.store,
                                    username.value.lower(), password.value)
                    except AuthError, msg:
                        badlogin = msg
                    if user is None:
                        # Must have got an error. Do not authenticate.
                        # The except: above will have set a message.
                        pass
                    else:
                        # Success - Set the session and redirect to the URL.
                        session = req.get_session()
                        session['login'] = user.login
                        session.save()
                        session.unlock()
                        user.last_login = datetime.datetime.now()

                        # Create cookies for plugins that might request them.
                        for plugin in req.config.plugin_index[CookiePlugin]:
                            for cookie in plugin.cookies:
                                # The function can be None if they just need to be
                                # deleted at logout.
                                if plugin.cookies[cookie] is not None:
                                    req.add_cookie(mod_python.Cookie.Cookie(cookie,
                                          plugin.cookies[cookie](user), path='/'))

                        # Add any new enrolments.
                        ivle.pulldown_subj.enrol_user(req.config, req.store, user)
                        req.store.commit()

                        req.throw_redirect(nexturl)

                # We didn't succeed.
                # Render the login form with the error message.
                ctx['error'] = badlogin


class LogoutView(XHTMLView):
    '''A view to log the current session out.'''
    template = 'logout.html'
    allow_overlays = False

    def authorize(self, req):
        # This can be used by any authenticated user, even if they haven't
        # accepted the ToS yet.
        return ivle.webapp.security.get_user_details(req) is not None

    def populate(self, req, ctx):
        if req.method == "POST":
            req.logout()
        else:
            ctx['path'] =  req.make_path('+logout')

1076 by chadnickbok Created a new app, logout, which when given a GET	1	# IVLE
	2	# Copyright (C) 2007-2009 The University of Melbourne
	3	#
	4	# This program is free software; you can redistribute it and/or modify
	5	# it under the terms of the GNU General Public License as published by
	6	# the Free Software Foundation; either version 2 of the License, or
	7	# (at your option) any later version.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU General Public License
	15	# along with this program; if not, write to the Free Software
	16	# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	17
1099.1.41 by William Grant Port www/apps/logout to new framework (in ivle.webapp.security).	18	# Author: Will Grant, Nick Chadwick
	19
1099.1.120 by William Grant Move the login machinery to the new framework.	20	import urllib
	21	import datetime
	22	try:
	23	import mod_python.Cookie
	24	except ImportError:
	25	# This needs to be importable from outside Apache.
	26	pass
	27
1137 by William Grant Attempt to use subject pulldown modules to enrol users whenever they log in.	28	import ivle.pulldown_subj
1099.1.161 by William Grant Move ivle.dispatch.login.get_user_details() to ivle.webapp.security.	29	import ivle.webapp.security
1099.1.120 by William Grant Move the login machinery to the new framework.	30	from ivle.auth import authenticate, AuthError
1099.1.41 by William Grant Port www/apps/logout to new framework (in ivle.webapp.security).	31	from ivle.webapp.base.xhtml import XHTMLView
1099.1.120 by William Grant Move the login machinery to the new framework.	32	from ivle.webapp.base.plugins import CookiePlugin
	33
	34	class LoginView(XHTMLView):
	35	'''A view to allow a user to log in.'''
	36	template = 'login.html'
1099.1.129 by William Grant Allow XHTML views to specify that they cannot have overlays.	37	allow_overlays = False
1099.1.120 by William Grant Move the login machinery to the new framework.	38
	39	def authorize(self, req):
	40	return True
	41
	42	def populate(self, req, ctx):
	43	fields = req.get_fieldstorage()
	44	nexturl = fields.getfirst('url')
	45
	46	if nexturl is None:
	47	nexturl = '/'
	48
1154 by William Grant Only redirect +login for logged in users if the method is not POST. We do this	49	# We are already logged in. If it is a POST, they might be trying to
	50	# clobber their session with some new credentials. That's their own
	51	# business, so we let them do it. Otherwise, we don't bother prompting
	52	# and just redirect to the destination.
1099.1.125 by William Grant Move the pending/no_agreement handling into the new login machinery.	53	# Note that req.user is None even if we are 'logged in', if the user is
1154 by William Grant Only redirect +login for logged in users if the method is not POST. We do this	54	# invalid (state != enabled, or expired).
	55	if req.method != "POST" and req.user is not None:
1099.1.120 by William Grant Move the login machinery to the new framework.	56	req.throw_redirect(nexturl)
	57
1099.1.209 by William Grant Don't escape / in paths when they are in +login/+tos URLs.	58	# Don't give any URL if we want /.
	59	if nexturl == '/':
	60	query_string = ''
	61	else:
	62	query_string = '?url=' + urllib.quote(nexturl, safe="/~")
	63
1210 by William Grant Use Request.make_path everywhere.	64	ctx['path'] = req.make_path('+login') + query_string
1099.1.120 by William Grant Move the login machinery to the new framework.	65
1099.1.125 by William Grant Move the pending/no_agreement handling into the new login machinery.	66	# If this succeeds, the user is invalid.
1099.1.161 by William Grant Move ivle.dispatch.login.get_user_details() to ivle.webapp.security.	67	user = ivle.webapp.security.get_user_details(req)
1099.1.125 by William Grant Move the pending/no_agreement handling into the new login machinery.	68	if user is not None:
	69	if user.state == "no_agreement":
	70	# Authenticated, but need to accept the ToS. Send them there.
	71	# IMPORTANT NOTE FOR HACKERS: You can't simply disable this
	72	# if you are not planning to display a ToS page - the ToS
	73	# acceptance process actually calls usrmgt to create the user
	74	# jails and related stuff.
1210 by William Grant Use Request.make_path everywhere.	75	req.throw_redirect(req.make_path('+tos') + query_string)
1099.1.125 by William Grant Move the pending/no_agreement handling into the new login machinery.	76	elif user.state == "pending":
	77	# FIXME: this isn't quite the right answer, but it
	78	# should be more robust in the short term.
	79	session = req.get_session()
	80	session.invalidate()
	81	session.delete()
	82	user.state = u'no_agreement'
	83	req.store.commit()
	84	req.throw_redirect(nexturl)
	85
1099.1.120 by William Grant Move the login machinery to the new framework.	86	if req.method == "POST":
	87	# While req.user is normally set to get_user_details, it won't set
	88	# it if the account isn't valid. So we get it ourselves.
1099.1.161 by William Grant Move ivle.dispatch.login.get_user_details() to ivle.webapp.security.	89	user = ivle.webapp.security.get_user_details(req)
1099.1.120 by William Grant Move the login machinery to the new framework.	90
	91	badlogin = None
	92
	93	username = fields.getfirst('user')
	94	password = fields.getfirst('pass')
	95	if username is not None:
	96	# From this point onwards, we will be showing an error message
	97	# if unsuccessful.
	98	# Authenticate
	99	if password is None:
	100	badlogin = "No password supplied."
	101	else:
	102	user = None
	103	try:
1317 by David Coles Normalise usernames to lowercase so that they are case insensitive.	104	# Username is case insensitive
1278 by William Grant No more ivle.conf in ivle.auth.	105	user = authenticate.authenticate(req.config, req.store,
1317 by David Coles Normalise usernames to lowercase so that they are case insensitive.	106	username.value.lower(), password.value)
1099.1.120 by William Grant Move the login machinery to the new framework.	107	except AuthError, msg:
	108	badlogin = msg
	109	if user is None:
	110	# Must have got an error. Do not authenticate.
1099.1.123 by William Grant Don't crash when not authenticated, and display an error on password absence.	111	# The except: above will have set a message.
1099.1.120 by William Grant Move the login machinery to the new framework.	112	pass
	113	else:
	114	# Success - Set the session and redirect to the URL.
	115	session = req.get_session()
	116	session['login'] = user.login
	117	session.save()
1130 by William Grant Unlock the session everywhere as soon as we are done with it, and add a warning	118	session.unlock()
1099.1.120 by William Grant Move the login machinery to the new framework.	119	user.last_login = datetime.datetime.now()
	120
	121	# Create cookies for plugins that might request them.
1092.1.59 by William Grant Move the plugin loading/indexing logic into ivle.config.Config.	122	for plugin in req.config.plugin_index[CookiePlugin]:
1099.1.120 by William Grant Move the login machinery to the new framework.	123	for cookie in plugin.cookies:
	124	# The function can be None if they just need to be
	125	# deleted at logout.
	126	if plugin.cookies[cookie] is not None:
	127	req.add_cookie(mod_python.Cookie.Cookie(cookie,
	128	plugin.cookies[cookie](user), path='/'))
	129
1137 by William Grant Attempt to use subject pulldown modules to enrol users whenever they log in.	130	# Add any new enrolments.
1279 by William Grant Drop ivle.conf usage from ivle.pulldown_subj.	131	ivle.pulldown_subj.enrol_user(req.config, req.store, user)
1137 by William Grant Attempt to use subject pulldown modules to enrol users whenever they log in.	132	req.store.commit()
	133
1099.1.120 by William Grant Move the login machinery to the new framework.	134	req.throw_redirect(nexturl)
	135
1099.1.123 by William Grant Don't crash when not authenticated, and display an error on password absence.	136	# We didn't succeed.
	137	# Render the login form with the error message.
	138	ctx['error'] = badlogin
1099.1.120 by William Grant Move the login machinery to the new framework.	139
1099.1.41 by William Grant Port www/apps/logout to new framework (in ivle.webapp.security).	140
	141	class LogoutView(XHTMLView):
	142	'''A view to log the current session out.'''
	143	template = 'logout.html'
1099.1.129 by William Grant Allow XHTML views to specify that they cannot have overlays.	144	allow_overlays = False
1099.1.41 by William Grant Port www/apps/logout to new framework (in ivle.webapp.security).	145
1099.1.110 by William Grant Implement an authorization system in the new framework. This breaks the REST	146	def authorize(self, req):
1099.1.126 by William Grant Allow any authenticated (even invalid) user to use the logout view.	147	# This can be used by any authenticated user, even if they haven't
	148	# accepted the ToS yet.
1099.1.161 by William Grant Move ivle.dispatch.login.get_user_details() to ivle.webapp.security.	149	return ivle.webapp.security.get_user_details(req) is not None
1099.1.110 by William Grant Implement an authorization system in the new framework. This breaks the REST	150
1099.1.41 by William Grant Port www/apps/logout to new framework (in ivle.webapp.security).	151	def populate(self, req, ctx):
	152	if req.method == "POST":
	153	req.logout()
	154	else:
1210 by William Grant Use Request.make_path everywhere.	155	ctx['path'] = req.make_path('+logout')