1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
|
# IVLE - Informatics Virtual Learning Environment
# Copyright (C) 2007-2008 The University of Melbourne
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
# Module: dispatch.login
# Author: Matt Giuca
# Date: 21/12/2007
# Provides services for checking logins and presenting the login page.
import os
import datetime
from mod_python import Session
import ivle.conf
from ivle import (util, caps, forumutil)
from ivle.auth import authenticate, AuthError
import ivle.database
def login(req):
"""Determines whether the user is logged in or not (looking at sessions),
and if not, presents the login page. Returns a User object, or None
if not logged in.
If the user was already logged in, nothing is written to req. Returns
the User object for the logged in user.
If the user was not logged in, but manages to authenticate due to
included postdata with a valid username/password, throws a redirect
back to the same page (to avoid leaving POSTDATA in the browser).
If the user is not logged in, or fails to authenticate, a full page is
written to req. Returns None. The caller should immediately terminate.
"""
# Get the user details from the session, if already logged in
# (None means not logged in yet)
user = get_user_details(req)
# Check the session to see if someone is logged in. If so, go with it.
# No security is required here. You must have already been authenticated
# in order to get a 'login_name' variable in the session.
if user is not None and user.state == "enabled":
# Only allow users to authenticate if their account is ENABLED
return user
badlogin = None
# Check if there is any postdata containing login information
if user is None and req.method == 'POST':
fields = req.get_fieldstorage()
username = fields.getfirst('user')
password = fields.getfirst('pass')
if username is not None:
# From this point onwards, we will be showing an error message
# if unsuccessful.
# Authenticate
if password is None:
badlogin = "No password supplied."
else:
try:
user = authenticate.authenticate(req.store,
username.value, password.value)
except AuthError, msg:
badlogin = msg
if user is None:
# Must have got an error. Do not authenticate.
pass
elif user.password_expired:
badlogin = "Your password has expired."
elif user.account_expired:
badlogin = "Your account has expired."
else:
# Success - Set the session and redirect to avoid POSTDATA
session = req.get_session()
session['login'] = user.login
session.save()
user.last_login = datetime.datetime.now()
req.store.commit()
req.add_cookie(forumutil.make_forum_cookie(user))
req.throw_redirect(req.uri)
# Present the HTML login page
req.content_type = "text/html"
req.title = "Login"
req.write_html_head_foot = True
# User is not logged in or their account is not enabled.
if user is not None:
# Only possible if no errors occured thus far
if user.state == "no_agreement":
# User has authenticated but has not accepted the TOS.
# Present them with the TOS page.
# First set their username for display at the top, but make sure
# the apps tabs are not displayed
req.user = user
# IMPORTANT NOTE FOR HACKERS: You can't simply disable this check
# if you are not planning to display a TOS page - the TOS
# acceptance process actually calls usermgt to create the user
# jails and related stuff.
present_tos(req, user.fullname)
return None
elif user.state == "disabled":
# User has authenticated but their account is disabled
badlogin = "Your account has been disabled."
elif user.state == "pending":
# FIXME: this isn't quite the right answer, but it
# should be more robust in the short term.
session = req.get_session()
session.invalidate()
session.delete()
user.state = u'no_agreement'
req.store.commit()
req.throw_redirect(req.uri)
# Write the HTML for the login page
# If badlogin, display an error message indicating a failed login
req.write("""<div id="ivle_padding">
<p>Welcome to the Informatics Virtual Learning Environment.
Please log in to access your files and assessment.</p>
""")
if badlogin is not None:
req.write("""<p class="error">%s</p>
""" % badlogin)
req.write("""<form action="" method="post">
<table>
<tr><td>Username:</td><td><input name="user" type="text" /></td></tr>
<tr><td>Password:</td><td><input name="pass" type="password" /></td></tr>
<tr><td colspan="2"><input type="submit" value="Login" /></td></tr>
</table>
</form>
""")
# Write the "Message of the Day" document, if it exists.
try:
req.sendfile(ivle.conf.motd_path)
except IOError:
pass
req.write('</div>\n')
return None
def get_user_details(req):
"""Gets the name of the logged in user, without presenting a login box
or attempting to authenticate.
Returns None if there is no user logged in.
"""
session = req.get_session()
# Check the session to see if someone is logged in. If so, go with it.
try:
login = session['login']
except KeyError:
return None
# Get the full User object from the db associated with this login
return ivle.database.User.get_by_login(req.store, login)
def present_tos(req, fullname):
"""Present the Terms of Service screen to the user (who has just logged in
for the first time and needs to accept these before being admitted into
the system).
"""
req.title = "Terms of Service"
# Include the JavaScript for the "makeuser" Ajax stuff
req.scripts = [
"media/common/json2.js",
"media/common/util.js",
"media/common/tos.js",
]
req.write("""<div id="ivle_padding">
<p>Welcome, <b>%s</b>.</p>
<p>As this is the first time you have logged into IVLE, you are required to
accept these Terms of Service before using the system.</p>
<p>You will be allowed to re-read these terms at any time from the "Help"
menu.</p>
<hr />
""" % fullname)
# Write out the text of the license
util.send_terms_of_service(req)
req.write("""<hr />
<div id="tos_acceptbuttons">
<p>Please click "I Accept" to indicate that you have read and understand these
terms, or click "I Decline" to log out of IVLE.</p>
<p>
<input type="button" value="I Accept" onclick="accept_license()" />
<input type="button" value="I Decline" onclick="decline_license()" />
</p>
</div>
""")
|