cubicweb: cubicweb/pyramid/login.py@3a6746dfc57f (annotated)

11537 caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11527 diff changeset	1	""" Provide login views that reproduce a classical CubicWeb behavior"""
11493 00e5cb9771c5 Put the login view in a separate module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	2	from pyramid import security
00e5cb9771c5 Put the login view in a separate module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	3	from pyramid.httpexceptions import HTTPSeeOther
11497 855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	4	from pyramid.view import view_config
11562 a49f08423f02 [auth] Use a second authtkt policy for 'rememberme' Christophe de Vienne <christophe@unlish.com> parents: 11537 diff changeset	5	from pyramid.settings import asbool
11493 00e5cb9771c5 Put the login view in a separate module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	6
00e5cb9771c5 Put the login view in a separate module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	7	import cubicweb
00e5cb9771c5 Put the login view in a separate module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	8
11631 faf279e33298 Merge with pyramid-cubicweb Yann Voté <yann.vote@logilab.fr> parents: 11628 diff changeset	9	from cubicweb.pyramid.core import render_view
11493 00e5cb9771c5 Put the login view in a separate module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	10
00e5cb9771c5 Put the login view in a separate module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	11
11497 855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	12	@view_config(route_name='login')
855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	13	def login_form(request):
11537 caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11527 diff changeset	14	""" Default view for the 'login' route.
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11527 diff changeset	15
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11527 diff changeset	16	Display the 'login' CubicWeb view, which is should be a login form"""
11497 855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	17	request.response.text = render_view(request, 'login')
855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	18	return request.response
855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	19
855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	20
855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	21	@view_config(route_name='login', request_param=('__login', '__password'))
855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	22	def login_password_login(request):
11537 caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11527 diff changeset	23	""" Handle GET/POST of __login/__password on the 'login' route.
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11527 diff changeset	24
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11527 diff changeset	25	The authentication itself is delegated to the CubicWeb repository.
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11527 diff changeset	26
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11527 diff changeset	27	Request parameters:
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11527 diff changeset	28
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11527 diff changeset	29	:param __login: The user login (or email if :confval:`allow-email-login` is
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11527 diff changeset	30	on.
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11527 diff changeset	31	:param __password: The user password
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11527 diff changeset	32	:param __setauthcookie: (optional) If defined and equal to '1', set the
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11527 diff changeset	33	authentication cookie maxage to 1 week.
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11527 diff changeset	34
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11527 diff changeset	35	If not, the authentication cookie is a session
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11527 diff changeset	36	cookie.
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11527 diff changeset	37	"""
11493 00e5cb9771c5 Put the login view in a separate module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	38	repo = request.registry['cubicweb.repository']
00e5cb9771c5 Put the login view in a separate module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	39
00e5cb9771c5 Put the login view in a separate module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	40	user_eid = None
00e5cb9771c5 Put the login view in a separate module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	41
11497 855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	42	login = request.params['__login']
855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	43	password = request.params['__password']
11493 00e5cb9771c5 Put the login view in a separate module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	44
11497 855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	45	try:
855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	46	with repo.internal_cnx() as cnx:
855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	47	user = repo.authenticate_user(cnx, login, password=password)
855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	48	user_eid = user.eid
855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	49	except cubicweb.AuthenticationError:
11816 6392f34fcdad [pyramid] Fix login error message language Florent Cayré <florent.cayre@logilab.fr> parents: 11631 diff changeset	50	if repo.vreg.config.get('language-mode') != '':
6392f34fcdad [pyramid] Fix login error message language Florent Cayré <florent.cayre@logilab.fr> parents: 11631 diff changeset	51	lang = request.cw_request.negotiated_language()
6392f34fcdad [pyramid] Fix login error message language Florent Cayré <florent.cayre@logilab.fr> parents: 11631 diff changeset	52	if lang is not None:
6392f34fcdad [pyramid] Fix login error message language Florent Cayré <florent.cayre@logilab.fr> parents: 11631 diff changeset	53	request.cw_request.set_language(lang)
11497 855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	54	request.cw_request.set_message(request.cw_request._(
855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	55	"Authentication failed. Please check your credentials."))
855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	56	request.cw_request.post = dict(request.params)
855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	57	del request.cw_request.post['__password']
11628 0f12ee84f30a Test and fix status code and content of the login form on authentication error Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11609 diff changeset	58	request.response.status_code = 403
11497 855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	59	return login_form(request)
11493 00e5cb9771c5 Put the login view in a separate module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	60
11562 a49f08423f02 [auth] Use a second authtkt policy for 'rememberme' Christophe de Vienne <christophe@unlish.com> parents: 11537 diff changeset	61	headers = security.remember(
a49f08423f02 [auth] Use a second authtkt policy for 'rememberme' Christophe de Vienne <christophe@unlish.com> parents: 11537 diff changeset	62	request, user_eid,
a49f08423f02 [auth] Use a second authtkt policy for 'rememberme' Christophe de Vienne <christophe@unlish.com> parents: 11537 diff changeset	63	persistent=asbool(request.params.get('__setauthcookie', False)))
11493 00e5cb9771c5 Put the login view in a separate module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	64
11609 cc1d4b66ca26 [login] fix the redirect url after login (closes #11689118) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11562 diff changeset	65	new_path = request.params.get('postlogin_path', '')
11497 855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	66
855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	67	if new_path == 'login':
11609 cc1d4b66ca26 [login] fix the redirect url after login (closes #11689118) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11562 diff changeset	68	new_path = ''
11493 00e5cb9771c5 Put the login view in a separate module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	69
11609 cc1d4b66ca26 [login] fix the redirect url after login (closes #11689118) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11562 diff changeset	70	url = request.cw_request.build_url(new_path)
cc1d4b66ca26 [login] fix the redirect url after login (closes #11689118) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11562 diff changeset	71	raise HTTPSeeOther(url, headers=headers)
11497 855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	72
11494 79ce84750c18 If the postlogin_path is 'login', redirect to '/' instead Christophe de Vienne <christophe@unlish.com> parents: 11493 diff changeset	73
11497 855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	74	@view_config(route_name='login', effective_principals=security.Authenticated)
855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	75	def login_already_loggedin(request):
11537 caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11527 diff changeset	76	""" 'login' route view for Authenticated users.
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11527 diff changeset	77
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11527 diff changeset	78	Simply redirect the user to '/'."""
11497 855219da7c70 Use a predicate based view selection for handling /login Christophe de Vienne <christophe@unlish.com> parents: 11494 diff changeset	79	raise HTTPSeeOther('/')
11493 00e5cb9771c5 Put the login view in a separate module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	80
00e5cb9771c5 Put the login view in a separate module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	81
00e5cb9771c5 Put the login view in a separate module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	82	def includeme(config):
11537 caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11527 diff changeset	83	""" Create the 'login' route ('/login') and load this module views"""
11493 00e5cb9771c5 Put the login view in a separate module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	84	config.add_route('login', '/login')
11631 faf279e33298 Merge with pyramid-cubicweb Yann Voté <yann.vote@logilab.fr> parents: 11628 diff changeset	85	config.scan('cubicweb.pyramid.login')

author	Sylvain Thénault <sylvain.thenault@logilab.fr>
	Fri, 20 Jan 2017 18:17:04 +0100
changeset 11919	3a6746dfc57f
parent 11816	6392f34fcdad
child 11924	4c949c28ce59
permissions	-rw-r--r--