1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
# IVLE
# Copyright (C) 2007-2009 The University of Melbourne
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
# Author: Will Grant, Nick Chadwick
import urllib
import datetime
try:
import mod_python.Cookie
except ImportError:
# This needs to be importable from outside Apache.
pass
import ivle.util
from ivle.auth import authenticate, AuthError
from ivle.webapp.base.xhtml import XHTMLView
from ivle.webapp.base.plugins import CookiePlugin
from ivle.dispatch.login import get_user_details
class LoginView(XHTMLView):
'''A view to allow a user to log in.'''
template = 'login.html'
def authorize(self, req):
return True
def populate(self, req, ctx):
fields = req.get_fieldstorage()
nexturl = fields.getfirst('url')
if nexturl is None:
nexturl = '/'
# We are already logged in. Don't bother logging in again.
if req.user is not None:
req.throw_redirect(nexturl)
ctx['path'] = ivle.util.make_path('+login') + \
'?' + urllib.urlencode([('url', nexturl)])
if req.method == "POST":
# While req.user is normally set to get_user_details, it won't set
# it if the account isn't valid. So we get it ourselves.
user = get_user_details(req)
badlogin = None
username = fields.getfirst('user')
password = fields.getfirst('pass')
if username is not None:
# From this point onwards, we will be showing an error message
# if unsuccessful.
# Authenticate
if password is None:
badlogin = "No password supplied."
else:
user = None
try:
user = authenticate.authenticate(req.store,
username.value, password.value)
except AuthError, msg:
badlogin = msg
if user is None:
# Must have got an error. Do not authenticate.
pass
elif user.password_expired:
badlogin = "Your password has expired."
elif user.account_expired:
badlogin = "Your account has expired."
else:
# Success - Set the session and redirect to the URL.
session = req.get_session()
session['login'] = user.login
session.save()
user.last_login = datetime.datetime.now()
req.store.commit()
# Create cookies for plugins that might request them.
for plugin in req.plugin_index[CookiePlugin]:
for cookie in plugin.cookies:
# The function can be None if they just need to be
# deleted at logout.
if plugin.cookies[cookie] is not None:
req.add_cookie(mod_python.Cookie.Cookie(cookie,
plugin.cookies[cookie](user), path='/'))
req.throw_redirect(nexturl)
# We didn't succeed.
# Render the login form with the error message.
ctx['error'] = badlogin
class LogoutView(XHTMLView):
'''A view to log the current session out.'''
template = 'logout.html'
def authorize(self, req):
return req.user is not None
def populate(self, req, ctx):
if req.method == "POST":
req.logout()
else:
ctx['path'] = ivle.util.make_path('+logout')
|