← Back to branch summary

~azzar1/unity/add-show-desktop-key

« back to all changes in this revision

Viewing changes to ivle/webapp/security/views.py

Modified the database so that exercises are now stored in the database, rather
than in flat files.

This also necessitated adding new tables and storm classes for test suites
and test cases.

Note that this commit merely changes the database and adds a script to
upload exercises. The code for actually reading exercises has yet
to be changed.

Show diffs side-by-side

added added

removed removed

Lines of Context:
ivle/webapp/security/views.py
17
17
 
18
18
# Author: Will Grant, Nick Chadwick
19
19
 
20
 
import urllib
21
 
import datetime
22
 
try:
23
 
    import mod_python.Cookie
24
 
except ImportError:
25
 
    # This needs to be importable from outside Apache.
26
 
    pass
27
 
 
28
 
import ivle.pulldown_subj
29
 
import ivle.webapp.security
30
 
from ivle.auth import authenticate, AuthError
31
20
from ivle.webapp.base.xhtml import XHTMLView
32
 
from ivle.webapp.base.plugins import CookiePlugin
33
 
 
34
 
class LoginView(XHTMLView):
35
 
    '''A view to allow a user to log in.'''
36
 
    template = 'login.html'
37
 
    allow_overlays = False
38
 
 
39
 
    def authorize(self, req):
40
 
        return True
41
 
 
42
 
    def populate(self, req, ctx):
43
 
        fields = req.get_fieldstorage()
44
 
        nexturl = fields.getfirst('url')
45
 
 
46
 
        if nexturl is None:
47
 
            nexturl = '/'
48
 
 
49
 
        # We are already logged in. If it is a POST, they might be trying to
50
 
        # clobber their session with some new credentials. That's their own
51
 
        # business, so we let them do it. Otherwise, we don't bother prompting
52
 
        # and just redirect to the destination.
53
 
        # Note that req.user is None even if we are 'logged in', if the user is
54
 
        # invalid (state != enabled, or expired).
55
 
        if req.method != "POST" and req.user is not None:
56
 
            req.throw_redirect(nexturl)
57
 
 
58
 
        # Don't give any URL if we want /.
59
 
        if nexturl == '/':
60
 
            query_string = ''
61
 
        else:
62
 
            query_string = '?url=' + urllib.quote(nexturl, safe="/~")
63
 
 
64
 
        ctx['path'] = req.make_path('+login') + query_string
65
 
 
66
 
        # If this succeeds, the user is invalid.
67
 
        user = ivle.webapp.security.get_user_details(req)
68
 
        if user is not None:
69
 
            if user.state == "no_agreement":
70
 
                # Authenticated, but need to accept the ToS. Send them there.
71
 
                # IMPORTANT NOTE FOR HACKERS: You can't simply disable this
72
 
                # if you are not planning to display a ToS page - the ToS
73
 
                # acceptance process actually calls usrmgt to create the user
74
 
                # jails and related stuff.
75
 
                req.throw_redirect(req.make_path('+tos') + query_string)
76
 
            elif user.state == "pending":
77
 
                # FIXME: this isn't quite the right answer, but it
78
 
                # should be more robust in the short term.
79
 
                session = req.get_session()
80
 
                session.invalidate()
81
 
                session.delete()
82
 
                user.state = u'no_agreement'
83
 
                req.store.commit()
84
 
                req.throw_redirect(nexturl)
85
 
 
86
 
        if req.method == "POST":
87
 
            # While req.user is normally set to get_user_details, it won't set
88
 
            # it if the account isn't valid. So we get it ourselves.
89
 
            user = ivle.webapp.security.get_user_details(req)
90
 
 
91
 
            badlogin = None
92
 
 
93
 
            username = fields.getfirst('user')
94
 
            password = fields.getfirst('pass')
95
 
            if username is not None:
96
 
                # From this point onwards, we will be showing an error message
97
 
                # if unsuccessful.
98
 
                # Authenticate
99
 
                if password is None:
100
 
                    badlogin = "No password supplied."
101
 
                else:
102
 
                    user = None
103
 
                    try:
104
 
                        user = authenticate.authenticate(req.store,
105
 
                                    username.value, password.value)
106
 
                    except AuthError, msg:
107
 
                        badlogin = msg
108
 
                    if user is None:
109
 
                        # Must have got an error. Do not authenticate.
110
 
                        # The except: above will have set a message.
111
 
                        pass
112
 
                    else:
113
 
                        # Success - Set the session and redirect to the URL.
114
 
                        session = req.get_session()
115
 
                        session['login'] = user.login
116
 
                        session.save()
117
 
                        session.unlock()
118
 
                        user.last_login = datetime.datetime.now()
119
 
 
120
 
                        # Create cookies for plugins that might request them.
121
 
                        for plugin in req.config.plugin_index[CookiePlugin]:
122
 
                            for cookie in plugin.cookies:
123
 
                                # The function can be None if they just need to be
124
 
                                # deleted at logout.
125
 
                                if plugin.cookies[cookie] is not None:
126
 
                                    req.add_cookie(mod_python.Cookie.Cookie(cookie,
127
 
                                          plugin.cookies[cookie](user), path='/'))
128
 
 
129
 
                        # Add any new enrolments.
130
 
                        ivle.pulldown_subj.enrol_user(req.store, user)
131
 
                        req.store.commit()
132
 
 
133
 
                        req.throw_redirect(nexturl)
134
 
 
135
 
                # We didn't succeed.
136
 
                # Render the login form with the error message.
137
 
                ctx['error'] = badlogin
138
 
 
 
21
import ivle.util
139
22
 
140
23
class LogoutView(XHTMLView):
141
24
    '''A view to log the current session out.'''
142
25
    template = 'logout.html'
143
 
    allow_overlays = False
144
26
 
145
27
    def authorize(self, req):
146
 
        # This can be used by any authenticated user, even if they haven't
147
 
        # accepted the ToS yet.
148
 
        return ivle.webapp.security.get_user_details(req) is not None
 
28
        return req.user is not None
149
29
 
150
30
    def populate(self, req, ctx):
151
31
        if req.method == "POST":
152
32
            req.logout()
153
33
        else:
154
 
            ctx['path'] =  req.make_path('+logout')
 
34
            ctx['path'] =  ivle.util.make_path('logout')