~azzar1/unity/add-show-desktop-key

Viewing changes to www/dispatch/login.py

Committer: mattgiuca
Date: 2008-02-15 05:43:52 UTC
Revision ID: svn-v3-trunk0:2b9c9e99-6f39-0410-b283-7f802c844ae2:trunk:475

Commited some earlier changes to users.sql (not committed earlier due to
misunderstanding :|) Previous changes today actually depended on the database
being updated with this schema.

users.sql: Added "pending" option to login.state, and added a bunch of new
fields to login: expiry timers, time of last login.

login.py: Checks if account has expired. Sets last login.
(Currently buggy with some XXXs, because we don't have a way to convert
Python time values into SQL).

db.py: Added last_login to list of allowable fields for login.

files modified:
lib/common/db.py

userdb/users.sql

www/dispatch/login.py

Show diffs side-by-side

added added

removed removed

# Provides services for checking logins and presenting the login page.

import os

import time

from mod_python import Session

from common import util

from common import db

from auth import authenticate

def has_expired(details, field):

"""Determines whether the given expiry field indicates that

"""

return field in details \

and details[field] \

and time.localtime() > details[field]

def login(req):

"""Determines whether the user is logged in or not (looking at sessions),

and if not, presents the login page. Returns a String username, or None

# Check the session to see if someone is logged in. If so, go with it.

# No security is required here. You must have already been authenticated

# in order to get a 'login_name' variable in the session.

try:

if session['state'] == "enabled":

# Only allow users to authenticate if their account is ENABLED

return session['login_name']

except KeyError:

pass

if 'state' in session and session['state'] == "enabled":

# Only allow users to authenticate if their account is ENABLED

return session['login_name']

badlogin = None

# Check if there is any postdata containing login information

authenticate.authenticate(username.value, password.value)

if login_details is None:

badlogin = "Invalid username or password."

elif has_expired(login_details, 'pass_exp'):

badlogin = "Your password has expired."

elif has_expired(login_details, 'acct_exp'):

badlogin = "Your account has expired."

else:

# Success - Set the session and redirect to avoid POSTDATA

session['login_name'] = username.value

session['rolenm'] = login_details['rolenm']

session['studentid'] = login_details['studentid']

session.save()

# XXX time.localtime() (a tuple of ints) is not valid for

# inserting as a TIMESTAMP in the DB.

#db.DB().update_user(username.value,

# last_login=time.localtime())

100

req.throw_redirect(req.uri)

101

102

# Give a 403 Forbidden status, but present a full HTML login page

107

req.write_html_head_foot = True

108

109

# User is not logged in or their account is not enabled.

if 'state' in session:

110

if 'state' in session: # Only possible if no errors occured thus far

111

if session['state'] == "no_agreement":

112

# User has authenticated but has not accepted the TOS.

113

# Present them with the TOS page.

108

123

return None

109

124

elif session['state'] == "disabled":

110

125

# User has authenticated but their account is disabled

111

badlogin = "Can't log in: Your account has been disabled."

126

badlogin = "Your account has been disabled."

112

127

# Else, just fall through (failed to authenticate)

113

128

114

129

# Write the HTML for the login page

Older »