← Back to branch summary

~azzar1/unity/add-show-desktop-key

« back to all changes in this revision

Viewing changes to ivle/webapp/security/views.py

Merge from new-dispatch.

Show diffs side-by-side

added added

removed removed

Lines of Context:
ivle/webapp/security/views.py
25
25
    # This needs to be importable from outside Apache.
26
26
    pass
27
27
 
28
 
import ivle.pulldown_subj
29
 
import ivle.webapp.security
 
28
import ivle.util
 
29
import ivle.dispatch.login
30
30
from ivle.auth import authenticate, AuthError
31
31
from ivle.webapp.base.xhtml import XHTMLView
32
32
from ivle.webapp.base.plugins import CookiePlugin
 
33
from ivle.dispatch.login import get_user_details
33
34
 
34
35
class LoginView(XHTMLView):
35
36
    '''A view to allow a user to log in.'''
36
37
    template = 'login.html'
37
 
    allow_overlays = False
38
38
 
39
39
    def authorize(self, req):
40
40
        return True
43
43
        fields = req.get_fieldstorage()
44
44
        nexturl = fields.getfirst('url')
45
45
 
46
 
        # XXX Warning that Internet Explorer is unsupported
47
 
        # Test if the user is in Internet Explorer
48
 
        try:
49
 
            useragent = req.headers_in['User-Agent']
50
 
            # A bit of very basic UA string detection
51
 
            ctx['msie'] = ('MSIE' in useragent
52
 
                           and 'AppleWebKit' not in useragent
53
 
                           and 'Gecko' not in useragent
54
 
                           and 'Opera' not in useragent)
55
 
        except KeyError:
56
 
            ctx['msie'] = False
57
 
 
58
46
        if nexturl is None:
59
47
            nexturl = '/'
60
48
 
61
 
        # We are already logged in. If it is a POST, they might be trying to
62
 
        # clobber their session with some new credentials. That's their own
63
 
        # business, so we let them do it. Otherwise, we don't bother prompting
64
 
        # and just redirect to the destination.
 
49
        # We are already logged in. Don't bother logging in again.
65
50
        # Note that req.user is None even if we are 'logged in', if the user is
66
 
        # invalid (state != enabled, or expired).
67
 
        if req.method != "POST" and req.user is not None:
 
51
        # invalid.
 
52
        if req.user is not None:
68
53
            req.throw_redirect(nexturl)
69
54
 
70
 
        # Don't give any URL if we want /.
71
 
        if nexturl == '/':
72
 
            query_string = ''
73
 
        else:
74
 
            query_string = '?url=' + urllib.quote(nexturl, safe="/~")
75
 
 
76
 
        ctx['path'] = req.make_path('+login') + query_string
 
55
        ctx['path'] = ivle.util.make_path('+login') + \
 
56
                         '?' + urllib.urlencode([('url', nexturl)])
77
57
 
78
58
        # If this succeeds, the user is invalid.
79
 
        user = ivle.webapp.security.get_user_details(req)
 
59
        user = get_user_details(req)
80
60
        if user is not None:
81
61
            if user.state == "no_agreement":
82
62
                # Authenticated, but need to accept the ToS. Send them there.
84
64
                # if you are not planning to display a ToS page - the ToS
85
65
                # acceptance process actually calls usrmgt to create the user
86
66
                # jails and related stuff.
87
 
                req.throw_redirect(req.make_path('+tos') + query_string)
 
67
                req.throw_redirect(ivle.util.make_path('+tos') + \
 
68
                        '?' + urllib.urlencode([('url', nexturl)]))
88
69
            elif user.state == "pending":
89
70
                # FIXME: this isn't quite the right answer, but it
90
71
                # should be more robust in the short term.
98
79
        if req.method == "POST":
99
80
            # While req.user is normally set to get_user_details, it won't set
100
81
            # it if the account isn't valid. So we get it ourselves.
101
 
            user = ivle.webapp.security.get_user_details(req)
 
82
            user = get_user_details(req)
102
83
 
103
84
            badlogin = None
104
85
 
113
94
                else:
114
95
                    user = None
115
96
                    try:
116
 
                        # Username is case insensitive
117
 
                        user = authenticate.authenticate(req.config, req.store,
118
 
                                    username.value.lower(), password.value)
 
97
                        user = authenticate.authenticate(req.store,
 
98
                                    username.value, password.value)
119
99
                    except AuthError, msg:
120
100
                        badlogin = msg
121
101
                    if user is None:
127
107
                        session = req.get_session()
128
108
                        session['login'] = user.login
129
109
                        session.save()
130
 
                        session.unlock()
131
110
                        user.last_login = datetime.datetime.now()
 
111
                        req.store.commit()
132
112
 
133
113
                        # Create cookies for plugins that might request them.
134
 
                        for plugin in req.config.plugin_index[CookiePlugin]:
 
114
                        for plugin in req.plugin_index[CookiePlugin]:
135
115
                            for cookie in plugin.cookies:
136
116
                                # The function can be None if they just need to be
137
117
                                # deleted at logout.
139
119
                                    req.add_cookie(mod_python.Cookie.Cookie(cookie,
140
120
                                          plugin.cookies[cookie](user), path='/'))
141
121
 
142
 
                        # Add any new enrolments.
143
 
                        ivle.pulldown_subj.enrol_user(req.config, req.store, user)
144
 
                        req.store.commit()
145
 
 
146
122
                        req.throw_redirect(nexturl)
147
123
 
148
124
                # We didn't succeed.
153
129
class LogoutView(XHTMLView):
154
130
    '''A view to log the current session out.'''
155
131
    template = 'logout.html'
156
 
    allow_overlays = False
157
132
 
158
133
    def authorize(self, req):
159
134
        # This can be used by any authenticated user, even if they haven't
160
135
        # accepted the ToS yet.
161
 
        return ivle.webapp.security.get_user_details(req) is not None
 
136
        return ivle.dispatch.login.get_user_details(req) is not None
162
137
 
163
138
    def populate(self, req, ctx):
164
139
        if req.method == "POST":
165
140
            req.logout()
166
141
        else:
167
 
            ctx['path'] =  req.make_path('+logout')
 
142
            ctx['path'] =  ivle.util.make_path('+logout')