login.py
267 lines
| 11.1 KiB
| text/x-python
|
PythonLexer
| r861 | # -*- coding: utf-8 -*- | |||
| r1206 | # This program is free software: you can redistribute it and/or modify | |||
| # it under the terms of the GNU General Public License as published by | ||||
| # the Free Software Foundation, either version 3 of the License, or | ||||
| # (at your option) any later version. | ||||
| r1203 | # | |||
| r547 | # This program is distributed in the hope that it will be useful, | |||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
| # GNU General Public License for more details. | ||||
| r1203 | # | |||
| r547 | # You should have received a copy of the GNU General Public License | |||
| r1206 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
Bradley M. Kuhn
|
r4116 | """ | ||
| rhodecode.controllers.login | ||||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||||
| Login controller for rhodeocode | ||||
| :created_on: Apr 22, 2010 | ||||
| :author: marcink | ||||
| :copyright: (c) 2013 RhodeCode GmbH. | ||||
| :license: GPLv3, see LICENSE for more details. | ||||
| """ | ||||
| r547 | ||||
| r861 | import logging | |||
| import formencode | ||||
| r2623 | import datetime | |||
| r2678 | import urlparse | |||
| r861 | ||||
| r547 | from formencode import htmlfill | |||
| r2623 | from webob.exc import HTTPFound | |||
| r861 | from pylons.i18n.translation import _ | |||
|
Bradley M. Kuhn
|
r4116 | from pylons.controllers.util import redirect | ||
| from pylons import request, session, tmpl_context as c, url | ||||
| r861 | ||||
| import rhodecode.lib.helpers as h | ||||
| r547 | from rhodecode.lib.auth import AuthUser, HasPermissionAnyDecorator | |||
|
Bradley M. Kuhn
|
r4116 | from rhodecode.lib.auth_modules import importplugin | ||
| r547 | from rhodecode.lib.base import BaseController, render | |||
| r4074 | from rhodecode.lib.exceptions import UserCreationError | |||
|
Bradley M. Kuhn
|
r4116 | from rhodecode.model.db import User, RhodeCodeSetting | ||
| r547 | from rhodecode.model.forms import LoginForm, RegisterForm, PasswordResetForm | |||
| r629 | from rhodecode.model.user import UserModel | |||
| r1731 | from rhodecode.model.meta import Session | |||
| r861 | ||||
| r547 | ||||
| log = logging.getLogger(__name__) | ||||
| r1212 | ||||
| r547 | class LoginController(BaseController): | |||
| def __before__(self): | ||||
| super(LoginController, self).__before__() | ||||
|
Bradley M. Kuhn
|
r4116 | def _store_user_in_session(self, username, remember=False): | ||
| user = User.get_by_username(username, case_insensitive=True) | ||||
| auth_user = AuthUser(user.user_id) | ||||
| auth_user.set_authenticated() | ||||
| cs = auth_user.get_cookie_store() | ||||
| session['rhodecode_user'] = cs | ||||
| user.update_lastlogin() | ||||
| Session().commit() | ||||
| # If they want to be remembered, update the cookie | ||||
| if remember: | ||||
| _year = (datetime.datetime.now() + | ||||
| datetime.timedelta(seconds=60 * 60 * 24 * 365)) | ||||
| session._set_cookie_expires(_year) | ||||
| session.save() | ||||
| log.info('user %s is now authenticated and stored in ' | ||||
| 'session, session attrs %s' % (username, cs)) | ||||
| # dumps session attrs back to cookie | ||||
| session._update_cookie_out() | ||||
| # we set new cookie | ||||
| headers = None | ||||
| if session.request['set_cookie']: | ||||
| # send set-cookie headers back to response to update cookie | ||||
| headers = [('Set-Cookie', session.request['cookie_out'])] | ||||
| return headers | ||||
| def _validate_came_from(self, came_from): | ||||
| if not came_from: | ||||
| return came_from | ||||
| parsed = urlparse.urlparse(came_from) | ||||
| server_parsed = urlparse.urlparse(url.current()) | ||||
| allowed_schemes = ['http', 'https'] | ||||
| if parsed.scheme and parsed.scheme not in allowed_schemes: | ||||
| log.error('Suspicious URL scheme detected %s for url %s' % | ||||
| (parsed.scheme, parsed)) | ||||
| came_from = url('home') | ||||
| elif server_parsed.netloc != parsed.netloc: | ||||
| log.error('Suspicious NETLOC detected %s for url %s server url ' | ||||
| 'is: %s' % (parsed.netloc, parsed, server_parsed)) | ||||
| came_from = url('home') | ||||
| return came_from | ||||
| r547 | def index(self): | |||
|
Bradley M. Kuhn
|
r4116 | _default_came_from = url('home') | ||
| came_from = self._validate_came_from(request.GET.get('came_from')) | ||||
| c.came_from = came_from or _default_came_from | ||||
| not_default = self.rhodecode_user.username != User.DEFAULT_USER | ||||
| ip_allowed = self.rhodecode_user.ip_allowed | ||||
| r1628 | # redirect if already logged in | |||
| r3146 | if self.rhodecode_user.is_authenticated and not_default and ip_allowed: | |||
|
Bradley M. Kuhn
|
r4116 | raise HTTPFound(location=c.came_from) | ||
| r636 | ||||
| r547 | if request.POST: | |||
| r1718 | # import Login Form validator class | |||
| r547 | login_form = LoginForm() | |||
| try: | ||||
| r2623 | session.invalidate() | |||
| r547 | c.form_result = login_form.to_python(dict(request.POST)) | |||
| r1628 | # form checks for username/password, now we're authenticated | |||
|
Bradley M. Kuhn
|
r4116 | headers = self._store_user_in_session( | ||
| username=c.form_result['username'], | ||||
| remember=c.form_result['remember']) | ||||
| raise HTTPFound(location=c.came_from, headers=headers) | ||||
| r564 | except formencode.Invalid, errors: | |||
| r4095 | defaults = errors.value | |||
| # remove password from filling in form again | ||||
| del defaults['password'] | ||||
| r547 | return htmlfill.render( | |||
| render('/login.html'), | ||||
| defaults=errors.value, | ||||
| errors=errors.error_dict or {}, | ||||
| prefix_error=False, | ||||
| encoding="UTF-8") | ||||
| r4074 | except UserCreationError, e: | |||
| # container auth or other auth functions that create users on | ||||
| # the fly can throw this exception signaling that there's issue | ||||
| # with user creation, explanation should be provided in | ||||
| # Exception itself | ||||
| h.flash(e, 'error') | ||||
| r636 | ||||
|
Bradley M. Kuhn
|
r4116 | # check if we use container plugin, and try to login using it. | ||
| auth_plugins = RhodeCodeSetting.get_auth_plugins() | ||||
| if any((importplugin(name).is_container_auth for name in auth_plugins)): | ||||
| from rhodecode.lib import auth_modules | ||||
| try: | ||||
| auth_info = auth_modules.authenticate('', '', request.environ) | ||||
| except UserCreationError, e: | ||||
| log.error(e) | ||||
| h.flash(e, 'error') | ||||
| # render login, with flash message about limit | ||||
| return render('/login.html') | ||||
| if auth_info: | ||||
| headers = self._store_user_in_session(auth_info.get('username')) | ||||
| raise HTTPFound(location=c.came_from, headers=headers) | ||||
| r547 | return render('/login.html') | |||
| r636 | ||||
| r547 | @HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate', | |||
| 'hg.register.manual_activate') | ||||
| def register(self): | ||||
| r3734 | c.auto_active = 'hg.register.auto_activate' in User.get_default_user()\ | |||
| r3370 | .AuthUser.permissions['global'] | |||
| r636 | ||||
|
Bradley M. Kuhn
|
r4116 | settings = RhodeCodeSetting.get_app_settings() | ||
| captcha_private_key = settings.get('rhodecode_captcha_private_key') | ||||
| c.captcha_active = bool(captcha_private_key) | ||||
| c.captcha_public_key = settings.get('rhodecode_captcha_public_key') | ||||
| r547 | if request.POST: | |||
| register_form = RegisterForm()() | ||||
| try: | ||||
| form_result = register_form.to_python(dict(request.POST)) | ||||
| form_result['active'] = c.auto_active | ||||
|
Bradley M. Kuhn
|
r4116 | |||
| if c.captcha_active: | ||||
| from rhodecode.lib.recaptcha import submit | ||||
| response = submit(request.POST.get('recaptcha_challenge_field'), | ||||
| request.POST.get('recaptcha_response_field'), | ||||
| private_key=captcha_private_key, | ||||
| remoteip=self.ip_addr) | ||||
| if c.captcha_active and not response.is_valid: | ||||
| _value = form_result | ||||
| _msg = _('bad captcha') | ||||
| error_dict = {'recaptcha_field': _msg} | ||||
| raise formencode.Invalid(_msg, _value, None, | ||||
| error_dict=error_dict) | ||||
| r1749 | UserModel().create_registration(form_result) | |||
| r3370 | h.flash(_('You have successfully registered into RhodeCode'), | |||
|
Bradley M. Kuhn
|
r4116 | category='success') | ||
| r2623 | Session().commit() | |||
| r547 | return redirect(url('login_home')) | |||
| r636 | ||||
| r564 | except formencode.Invalid, errors: | |||
| r547 | return htmlfill.render( | |||
| render('/register.html'), | ||||
| defaults=errors.value, | ||||
| errors=errors.error_dict or {}, | ||||
| prefix_error=False, | ||||
| encoding="UTF-8") | ||||
| r4074 | except UserCreationError, e: | |||
| # container auth or other auth functions that create users on | ||||
| # the fly can throw this exception signaling that there's issue | ||||
| # with user creation, explanation should be provided in | ||||
| # Exception itself | ||||
| h.flash(e, 'error') | ||||
| r636 | ||||
| r547 | return render('/register.html') | |||
| def password_reset(self): | ||||
|
Bradley M. Kuhn
|
r4116 | settings = RhodeCodeSetting.get_app_settings() | ||
| captcha_private_key = settings.get('rhodecode_captcha_private_key') | ||||
| c.captcha_active = bool(captcha_private_key) | ||||
| c.captcha_public_key = settings.get('rhodecode_captcha_public_key') | ||||
| r547 | if request.POST: | |||
| password_reset_form = PasswordResetForm()() | ||||
| try: | ||||
| form_result = password_reset_form.to_python(dict(request.POST)) | ||||
|
Bradley M. Kuhn
|
r4116 | if c.captcha_active: | ||
| from rhodecode.lib.recaptcha import submit | ||||
| response = submit(request.POST.get('recaptcha_challenge_field'), | ||||
| request.POST.get('recaptcha_response_field'), | ||||
| private_key=captcha_private_key, | ||||
| remoteip=self.ip_addr) | ||||
| if c.captcha_active and not response.is_valid: | ||||
| _value = form_result | ||||
| _msg = _('bad captcha') | ||||
| error_dict = {'recaptcha_field': _msg} | ||||
| raise formencode.Invalid(_msg, _value, None, | ||||
| error_dict=error_dict) | ||||
| r1749 | UserModel().reset_password_link(form_result) | |||
| r1417 | h.flash(_('Your password reset link was sent'), | |||
| r636 | category='success') | |||
| r547 | return redirect(url('login_home')) | |||
| r636 | ||||
| r564 | except formencode.Invalid, errors: | |||
| r547 | return htmlfill.render( | |||
| render('/password_reset.html'), | ||||
| defaults=errors.value, | ||||
| errors=errors.error_dict or {}, | ||||
| prefix_error=False, | ||||
| encoding="UTF-8") | ||||
| r636 | ||||
| r547 | return render('/password_reset.html') | |||
| r636 | ||||
| r1417 | def password_reset_confirmation(self): | |||
| if request.GET and request.GET.get('key'): | ||||
| try: | ||||
| user = User.get_by_api_key(request.GET.get('key')) | ||||
| data = dict(email=user.email) | ||||
| r1749 | UserModel().reset_password(data) | |||
| r1417 | h.flash(_('Your password reset was successful, ' | |||
| 'new password has been sent to your email'), | ||||
| category='success') | ||||
| except Exception, e: | ||||
| log.error(e) | ||||
| return redirect(url('reset_password')) | ||||
| return redirect(url('login_home')) | ||||
| r547 | def logout(self): | |||
Matt Zuba
|
r1802 | session.delete() | ||
| log.info('Logging out and deleting session for user') | ||||
| r636 | redirect(url('home')) | |||
