login.py
191 lines
| 7.5 KiB
| text/x-python
|
PythonLexer
r861 | # -*- coding: utf-8 -*- | |||
""" | ||||
rhodecode.controllers.login | ||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||||
Login controller for rhodeocode | ||||
r1203 | ||||
r861 | :created_on: Apr 22, 2010 | |||
:author: marcink | ||||
r1824 | :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> | |||
r861 | :license: GPLv3, see COPYING for more details. | |||
""" | ||||
r1206 | # This program is free software: you can redistribute it and/or modify | |||
# it under the terms of the GNU General Public License as published by | ||||
# the Free Software Foundation, either version 3 of the License, or | ||||
# (at your option) any later version. | ||||
r1203 | # | |||
r547 | # This program is distributed in the hope that it will be useful, | |||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
# GNU General Public License for more details. | ||||
r1203 | # | |||
r547 | # You should have received a copy of the GNU General Public License | |||
r1206 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
r547 | ||||
r861 | import logging | |||
import formencode | ||||
r2623 | import datetime | |||
r2678 | import urlparse | |||
r861 | ||||
r547 | from formencode import htmlfill | |||
r2623 | from webob.exc import HTTPFound | |||
r861 | from pylons.i18n.translation import _ | |||
from pylons.controllers.util import abort, redirect | ||||
r547 | from pylons import request, response, session, tmpl_context as c, url | |||
r861 | ||||
import rhodecode.lib.helpers as h | ||||
r547 | from rhodecode.lib.auth import AuthUser, HasPermissionAnyDecorator | |||
from rhodecode.lib.base import BaseController, render | ||||
r1400 | from rhodecode.model.db import User | |||
r547 | from rhodecode.model.forms import LoginForm, RegisterForm, PasswordResetForm | |||
r629 | from rhodecode.model.user import UserModel | |||
r1731 | from rhodecode.model.meta import Session | |||
r861 | ||||
r547 | ||||
log = logging.getLogger(__name__) | ||||
r1212 | ||||
r547 | class LoginController(BaseController): | |||
def __before__(self): | ||||
super(LoginController, self).__before__() | ||||
def index(self): | ||||
r1628 | # redirect if already logged in | |||
r2679 | c.came_from = request.GET.get('came_from') | |||
r3146 | not_default = self.rhodecode_user.username != 'default' | |||
ip_allowed = self.rhodecode_user.ip_allowed | ||||
if self.rhodecode_user.is_authenticated and not_default and ip_allowed: | ||||
r636 | return redirect(url('home')) | |||
r547 | if request.POST: | |||
r1718 | # import Login Form validator class | |||
r547 | login_form = LoginForm() | |||
try: | ||||
r2623 | session.invalidate() | |||
r547 | c.form_result = login_form.to_python(dict(request.POST)) | |||
r1628 | # form checks for username/password, now we're authenticated | |||
r547 | username = c.form_result['username'] | |||
r1530 | user = User.get_by_username(username, case_insensitive=True) | |||
r1117 | auth_user = AuthUser(user.user_id) | |||
auth_user.set_authenticated() | ||||
r1718 | cs = auth_user.get_cookie_store() | |||
session['rhodecode_user'] = cs | ||||
r2623 | user.update_lastlogin() | |||
Session().commit() | ||||
Matt Zuba
|
r1802 | # If they want to be remembered, update the cookie | ||
Mads Kiilerich
|
r3625 | if c.form_result['remember']: | ||
r2623 | _year = (datetime.datetime.now() + | |||
datetime.timedelta(seconds=60 * 60 * 24 * 365)) | ||||
session._set_cookie_expires(_year) | ||||
r547 | session.save() | |||
r636 | ||||
r1718 | log.info('user %s is now authenticated and stored in ' | |||
'session, session attrs %s' % (username, cs)) | ||||
r2623 | ||||
# dumps session attrs back to cookie | ||||
session._update_cookie_out() | ||||
# we set new cookie | ||||
headers = None | ||||
if session.request['set_cookie']: | ||||
# send set-cookie headers back to response to update cookie | ||||
headers = [('Set-Cookie', session.request['cookie_out'])] | ||||
r1818 | ||||
r2679 | allowed_schemes = ['http', 'https'] | |||
r547 | if c.came_from: | |||
r2679 | parsed = urlparse.urlparse(c.came_from) | |||
server_parsed = urlparse.urlparse(url.current()) | ||||
if parsed.scheme and parsed.scheme not in allowed_schemes: | ||||
log.error( | ||||
'Suspicious URL scheme detected %s for url %s' % | ||||
(parsed.scheme, parsed)) | ||||
c.came_from = url('home') | ||||
elif server_parsed.netloc != parsed.netloc: | ||||
log.error('Suspicious NETLOC detected %s for url %s' | ||||
'server url is: %s' % | ||||
(parsed.netloc, parsed, server_parsed)) | ||||
c.came_from = url('home') | ||||
r2623 | raise HTTPFound(location=c.came_from, headers=headers) | |||
r547 | else: | |||
r2623 | raise HTTPFound(location=url('home'), headers=headers) | |||
r636 | ||||
r564 | except formencode.Invalid, errors: | |||
r547 | return htmlfill.render( | |||
render('/login.html'), | ||||
defaults=errors.value, | ||||
errors=errors.error_dict or {}, | ||||
prefix_error=False, | ||||
encoding="UTF-8") | ||||
r636 | ||||
r547 | return render('/login.html') | |||
r636 | ||||
r547 | @HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate', | |||
'hg.register.manual_activate') | ||||
def register(self): | ||||
r3370 | c.auto_active = 'hg.register.auto_activate' in User.get_by_username('default')\ | |||
.AuthUser.permissions['global'] | ||||
r636 | ||||
r547 | if request.POST: | |||
register_form = RegisterForm()() | ||||
try: | ||||
form_result = register_form.to_python(dict(request.POST)) | ||||
form_result['active'] = c.auto_active | ||||
r1749 | UserModel().create_registration(form_result) | |||
r3370 | h.flash(_('You have successfully registered into RhodeCode'), | |||
r636 | category='success') | |||
r2623 | Session().commit() | |||
r547 | return redirect(url('login_home')) | |||
r636 | ||||
r564 | except formencode.Invalid, errors: | |||
r547 | return htmlfill.render( | |||
render('/register.html'), | ||||
defaults=errors.value, | ||||
errors=errors.error_dict or {}, | ||||
prefix_error=False, | ||||
encoding="UTF-8") | ||||
r636 | ||||
r547 | return render('/register.html') | |||
def password_reset(self): | ||||
if request.POST: | ||||
password_reset_form = PasswordResetForm()() | ||||
try: | ||||
form_result = password_reset_form.to_python(dict(request.POST)) | ||||
r1749 | UserModel().reset_password_link(form_result) | |||
r1417 | h.flash(_('Your password reset link was sent'), | |||
r636 | category='success') | |||
r547 | return redirect(url('login_home')) | |||
r636 | ||||
r564 | except formencode.Invalid, errors: | |||
r547 | return htmlfill.render( | |||
render('/password_reset.html'), | ||||
defaults=errors.value, | ||||
errors=errors.error_dict or {}, | ||||
prefix_error=False, | ||||
encoding="UTF-8") | ||||
r636 | ||||
r547 | return render('/password_reset.html') | |||
r636 | ||||
r1417 | def password_reset_confirmation(self): | |||
if request.GET and request.GET.get('key'): | ||||
try: | ||||
user = User.get_by_api_key(request.GET.get('key')) | ||||
data = dict(email=user.email) | ||||
r1749 | UserModel().reset_password(data) | |||
r1417 | h.flash(_('Your password reset was successful, ' | |||
'new password has been sent to your email'), | ||||
category='success') | ||||
except Exception, e: | ||||
log.error(e) | ||||
return redirect(url('reset_password')) | ||||
return redirect(url('login_home')) | ||||
r547 | def logout(self): | |||
Matt Zuba
|
r1802 | session.delete() | ||
log.info('Logging out and deleting session for user') | ||||
r636 | redirect(url('home')) | |||