← Back to branch summary

~azzar1/unity/add-show-desktop-key

« back to all changes in this revision

Viewing changes to ivle/webapp/security/views.py

  • Committer: William Grant
  • Date: 2009-02-23 23:47:02 UTC
  • mfrom: (1099.1.211 new-dispatch)
  • Revision ID: grantw@unimelb.edu.au-20090223234702-db4b1llly46ignwo
Merge from lp:~ivle-dev/ivle/new-dispatch.

Pretty much everything changes. Reread the setup docs. Backup your databases.
Every file is now in a different installed location, the configuration system
is rewritten, the dispatch system is rewritten, URLs are different, the
database is different, worksheets and exercises are no longer on the
filesystem, we use a templating engine, jail service protocols are rewritten,
we don't repeat ourselves, we have authorization rewritten, phpBB is gone,
and probably lots of other things that I cannot remember.

This is certainly the biggest commit I have ever made, and hopefully
the largest I ever will.

Show diffs side-by-side

added added

removed removed

Lines of Context:
ivle/webapp/security/views.py
15
15
# along with this program; if not, write to the Free Software
16
16
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
17
17
 
18
 
# App: Logout
19
 
# Author: Nick Chadwick
20
 
# Date: 13/01/2009
21
 
 
22
 
from ivle import util
23
 
 
24
 
import genshi
25
 
import genshi.template
26
 
 
27
 
# url path for this app
28
 
THIS_APP = "logout"
29
 
 
30
 
def handle(req):
31
 
    if req.method == "POST":
32
 
        req.logout()
33
 
    else:
34
 
        req.content_type = "text/html"
35
 
        req.write_html_head_foot = True
36
 
        ctx = genshi.template.Context()
37
 
        ctx['path'] =  util.make_path('logout')
38
 
        loader = genshi.template.TemplateLoader(".", auto_reload=True)
39
 
        tmpl = loader.load(util.make_local_path("apps/logout/template.html"))
40
 
        req.write(tmpl.generate(ctx).render('html')) #'xhtml', doctype='xhtml'))
 
18
# Author: Will Grant, Nick Chadwick
 
19
 
 
20
import urllib
 
21
import datetime
 
22
try:
 
23
    import mod_python.Cookie
 
24
except ImportError:
 
25
    # This needs to be importable from outside Apache.
 
26
    pass
 
27
 
 
28
import ivle.util
 
29
import ivle.webapp.security
 
30
from ivle.auth import authenticate, AuthError
 
31
from ivle.webapp.base.xhtml import XHTMLView
 
32
from ivle.webapp.base.plugins import CookiePlugin
 
33
 
 
34
class LoginView(XHTMLView):
 
35
    '''A view to allow a user to log in.'''
 
36
    template = 'login.html'
 
37
    allow_overlays = False
 
38
 
 
39
    def authorize(self, req):
 
40
        return True
 
41
 
 
42
    def populate(self, req, ctx):
 
43
        fields = req.get_fieldstorage()
 
44
        nexturl = fields.getfirst('url')
 
45
 
 
46
        if nexturl is None:
 
47
            nexturl = '/'
 
48
 
 
49
        # We are already logged in. Don't bother logging in again.
 
50
        # Note that req.user is None even if we are 'logged in', if the user is
 
51
        # invalid.
 
52
        if req.user is not None:
 
53
            req.throw_redirect(nexturl)
 
54
 
 
55
        # Don't give any URL if we want /.
 
56
        if nexturl == '/':
 
57
            query_string = ''
 
58
        else:
 
59
            query_string = '?url=' + urllib.quote(nexturl, safe="/~")
 
60
 
 
61
        ctx['path'] = ivle.util.make_path('+login') + query_string
 
62
 
 
63
        # If this succeeds, the user is invalid.
 
64
        user = ivle.webapp.security.get_user_details(req)
 
65
        if user is not None:
 
66
            if user.state == "no_agreement":
 
67
                # Authenticated, but need to accept the ToS. Send them there.
 
68
                # IMPORTANT NOTE FOR HACKERS: You can't simply disable this
 
69
                # if you are not planning to display a ToS page - the ToS
 
70
                # acceptance process actually calls usrmgt to create the user
 
71
                # jails and related stuff.
 
72
                req.throw_redirect(ivle.util.make_path('+tos') + query_string)
 
73
            elif user.state == "pending":
 
74
                # FIXME: this isn't quite the right answer, but it
 
75
                # should be more robust in the short term.
 
76
                session = req.get_session()
 
77
                session.invalidate()
 
78
                session.delete()
 
79
                user.state = u'no_agreement'
 
80
                req.store.commit()
 
81
                req.throw_redirect(nexturl)
 
82
 
 
83
        if req.method == "POST":
 
84
            # While req.user is normally set to get_user_details, it won't set
 
85
            # it if the account isn't valid. So we get it ourselves.
 
86
            user = ivle.webapp.security.get_user_details(req)
 
87
 
 
88
            badlogin = None
 
89
 
 
90
            username = fields.getfirst('user')
 
91
            password = fields.getfirst('pass')
 
92
            if username is not None:
 
93
                # From this point onwards, we will be showing an error message
 
94
                # if unsuccessful.
 
95
                # Authenticate
 
96
                if password is None:
 
97
                    badlogin = "No password supplied."
 
98
                else:
 
99
                    user = None
 
100
                    try:
 
101
                        user = authenticate.authenticate(req.store,
 
102
                                    username.value, password.value)
 
103
                    except AuthError, msg:
 
104
                        badlogin = msg
 
105
                    if user is None:
 
106
                        # Must have got an error. Do not authenticate.
 
107
                        # The except: above will have set a message.
 
108
                        pass
 
109
                    else:
 
110
                        # Success - Set the session and redirect to the URL.
 
111
                        session = req.get_session()
 
112
                        session['login'] = user.login
 
113
                        session.save()
 
114
                        user.last_login = datetime.datetime.now()
 
115
                        req.store.commit()
 
116
 
 
117
                        # Create cookies for plugins that might request them.
 
118
                        for plugin in req.config.plugin_index[CookiePlugin]:
 
119
                            for cookie in plugin.cookies:
 
120
                                # The function can be None if they just need to be
 
121
                                # deleted at logout.
 
122
                                if plugin.cookies[cookie] is not None:
 
123
                                    req.add_cookie(mod_python.Cookie.Cookie(cookie,
 
124
                                          plugin.cookies[cookie](user), path='/'))
 
125
 
 
126
                        req.throw_redirect(nexturl)
 
127
 
 
128
                # We didn't succeed.
 
129
                # Render the login form with the error message.
 
130
                ctx['error'] = badlogin
 
131
 
 
132
 
 
133
class LogoutView(XHTMLView):
 
134
    '''A view to log the current session out.'''
 
135
    template = 'logout.html'
 
136
    allow_overlays = False
 
137
 
 
138
    def authorize(self, req):
 
139
        # This can be used by any authenticated user, even if they haven't
 
140
        # accepted the ToS yet.
 
141
        return ivle.webapp.security.get_user_details(req) is not None
 
142
 
 
143
    def populate(self, req, ctx):
 
144
        if req.method == "POST":
 
145
            req.logout()
 
146
        else:
 
147
            ctx['path'] =  ivle.util.make_path('+logout')