login.py
191 lines
| 7.5 KiB
| text/x-python
|
PythonLexer
| r861 | # -*- coding: utf-8 -*- | |||
| """ | ||||
| rhodecode.controllers.login | ||||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||||
| Login controller for rhodeocode | ||||
| r1203 | ||||
| r861 | :created_on: Apr 22, 2010 | |||
| :author: marcink | ||||
| r1824 | :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> | |||
| r861 | :license: GPLv3, see COPYING for more details. | |||
| """ | ||||
| r1206 | # This program is free software: you can redistribute it and/or modify | |||
| # it under the terms of the GNU General Public License as published by | ||||
| # the Free Software Foundation, either version 3 of the License, or | ||||
| # (at your option) any later version. | ||||
| r1203 | # | |||
| r547 | # This program is distributed in the hope that it will be useful, | |||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
| # GNU General Public License for more details. | ||||
| r1203 | # | |||
| r547 | # You should have received a copy of the GNU General Public License | |||
| r1206 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
| r547 | ||||
| r861 | import logging | |||
| import formencode | ||||
| r2623 | import datetime | |||
| r2678 | import urlparse | |||
| r861 | ||||
| r547 | from formencode import htmlfill | |||
| r2623 | from webob.exc import HTTPFound | |||
| r861 | from pylons.i18n.translation import _ | |||
| from pylons.controllers.util import abort, redirect | ||||
| r547 | from pylons import request, response, session, tmpl_context as c, url | |||
| r861 | ||||
| import rhodecode.lib.helpers as h | ||||
| r547 | from rhodecode.lib.auth import AuthUser, HasPermissionAnyDecorator | |||
| from rhodecode.lib.base import BaseController, render | ||||
| r1400 | from rhodecode.model.db import User | |||
| r547 | from rhodecode.model.forms import LoginForm, RegisterForm, PasswordResetForm | |||
| r629 | from rhodecode.model.user import UserModel | |||
| r1731 | from rhodecode.model.meta import Session | |||
| r861 | ||||
| r547 | ||||
| log = logging.getLogger(__name__) | ||||
| r1212 | ||||
| r547 | class LoginController(BaseController): | |||
| def __before__(self): | ||||
| super(LoginController, self).__before__() | ||||
| def index(self): | ||||
| r1628 | # redirect if already logged in | |||
| r2679 | c.came_from = request.GET.get('came_from') | |||
| r3146 | not_default = self.rhodecode_user.username != 'default' | |||
| ip_allowed = self.rhodecode_user.ip_allowed | ||||
| if self.rhodecode_user.is_authenticated and not_default and ip_allowed: | ||||
| r636 | return redirect(url('home')) | |||
| r547 | if request.POST: | |||
| r1718 | # import Login Form validator class | |||
| r547 | login_form = LoginForm() | |||
| try: | ||||
| r2623 | session.invalidate() | |||
| r547 | c.form_result = login_form.to_python(dict(request.POST)) | |||
| r1628 | # form checks for username/password, now we're authenticated | |||
| r547 | username = c.form_result['username'] | |||
| r1530 | user = User.get_by_username(username, case_insensitive=True) | |||
| r1117 | auth_user = AuthUser(user.user_id) | |||
| auth_user.set_authenticated() | ||||
| r1718 | cs = auth_user.get_cookie_store() | |||
| session['rhodecode_user'] = cs | ||||
| r2623 | user.update_lastlogin() | |||
| Session().commit() | ||||
Matt Zuba
|
r1802 | # If they want to be remembered, update the cookie | ||
| if c.form_result['remember'] is not False: | ||||
| r2623 | _year = (datetime.datetime.now() + | |||
| datetime.timedelta(seconds=60 * 60 * 24 * 365)) | ||||
| session._set_cookie_expires(_year) | ||||
| r547 | session.save() | |||
| r636 | ||||
| r1718 | log.info('user %s is now authenticated and stored in ' | |||
| 'session, session attrs %s' % (username, cs)) | ||||
| r2623 | ||||
| # dumps session attrs back to cookie | ||||
| session._update_cookie_out() | ||||
| # we set new cookie | ||||
| headers = None | ||||
| if session.request['set_cookie']: | ||||
| # send set-cookie headers back to response to update cookie | ||||
| headers = [('Set-Cookie', session.request['cookie_out'])] | ||||
| r1818 | ||||
| r2679 | allowed_schemes = ['http', 'https'] | |||
| r547 | if c.came_from: | |||
| r2679 | parsed = urlparse.urlparse(c.came_from) | |||
| server_parsed = urlparse.urlparse(url.current()) | ||||
| if parsed.scheme and parsed.scheme not in allowed_schemes: | ||||
| log.error( | ||||
| 'Suspicious URL scheme detected %s for url %s' % | ||||
| (parsed.scheme, parsed)) | ||||
| c.came_from = url('home') | ||||
| elif server_parsed.netloc != parsed.netloc: | ||||
| log.error('Suspicious NETLOC detected %s for url %s' | ||||
| 'server url is: %s' % | ||||
| (parsed.netloc, parsed, server_parsed)) | ||||
| c.came_from = url('home') | ||||
| r2623 | raise HTTPFound(location=c.came_from, headers=headers) | |||
| r547 | else: | |||
| r2623 | raise HTTPFound(location=url('home'), headers=headers) | |||
| r636 | ||||
| r564 | except formencode.Invalid, errors: | |||
| r547 | return htmlfill.render( | |||
| render('/login.html'), | ||||
| defaults=errors.value, | ||||
| errors=errors.error_dict or {}, | ||||
| prefix_error=False, | ||||
| encoding="UTF-8") | ||||
| r636 | ||||
| r547 | return render('/login.html') | |||
| r636 | ||||
| r547 | @HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate', | |||
| 'hg.register.manual_activate') | ||||
| def register(self): | ||||
| r3370 | c.auto_active = 'hg.register.auto_activate' in User.get_by_username('default')\ | |||
| .AuthUser.permissions['global'] | ||||
| r636 | ||||
| r547 | if request.POST: | |||
| register_form = RegisterForm()() | ||||
| try: | ||||
| form_result = register_form.to_python(dict(request.POST)) | ||||
| form_result['active'] = c.auto_active | ||||
| r1749 | UserModel().create_registration(form_result) | |||
| r3370 | h.flash(_('You have successfully registered into RhodeCode'), | |||
| r636 | category='success') | |||
| r2623 | Session().commit() | |||
| r547 | return redirect(url('login_home')) | |||
| r636 | ||||
| r564 | except formencode.Invalid, errors: | |||
| r547 | return htmlfill.render( | |||
| render('/register.html'), | ||||
| defaults=errors.value, | ||||
| errors=errors.error_dict or {}, | ||||
| prefix_error=False, | ||||
| encoding="UTF-8") | ||||
| r636 | ||||
| r547 | return render('/register.html') | |||
| def password_reset(self): | ||||
| if request.POST: | ||||
| password_reset_form = PasswordResetForm()() | ||||
| try: | ||||
| form_result = password_reset_form.to_python(dict(request.POST)) | ||||
| r1749 | UserModel().reset_password_link(form_result) | |||
| r1417 | h.flash(_('Your password reset link was sent'), | |||
| r636 | category='success') | |||
| r547 | return redirect(url('login_home')) | |||
| r636 | ||||
| r564 | except formencode.Invalid, errors: | |||
| r547 | return htmlfill.render( | |||
| render('/password_reset.html'), | ||||
| defaults=errors.value, | ||||
| errors=errors.error_dict or {}, | ||||
| prefix_error=False, | ||||
| encoding="UTF-8") | ||||
| r636 | ||||
| r547 | return render('/password_reset.html') | |||
| r636 | ||||
| r1417 | def password_reset_confirmation(self): | |||
| if request.GET and request.GET.get('key'): | ||||
| try: | ||||
| user = User.get_by_api_key(request.GET.get('key')) | ||||
| data = dict(email=user.email) | ||||
| r1749 | UserModel().reset_password(data) | |||
| r1417 | h.flash(_('Your password reset was successful, ' | |||
| 'new password has been sent to your email'), | ||||
| category='success') | ||||
| except Exception, e: | ||||
| log.error(e) | ||||
| return redirect(url('reset_password')) | ||||
| return redirect(url('login_home')) | ||||
| r547 | def logout(self): | |||
|
Matt Zuba
|
r1802 | session.delete() | ||
| log.info('Logging out and deleting session for user') | ||||
| r636 | redirect(url('home')) | |||
