1 """ Provide login views that reproduce a classical CubicWeb behavior"""

     2 from pyramid import security

     3 from pyramid.httpexceptions import HTTPSeeOther

     4 from pyramid.view import view_config

     5 from pyramid.settings import asbool

     6 

     7 import cubicweb

     8 

     9 from cubicweb.pyramid.core import render_view

    10 

    11 

    12 @view_config(route_name='login')

    13 def login_form(request):

    14     """ Default view for the 'login' route.

    15 

    16     Display the 'login' CubicWeb view, which is should be a login form"""

    17     request.response.text = render_view(request, 'login')

    18     return request.response

    19 

    20 

    21 @view_config(route_name='login', request_param=('__login', '__password'))

    22 def login_password_login(request):

    23     """ Handle GET/POST of __login/__password on the 'login' route.

    24 

    25     The authentication itself is delegated to the CubicWeb repository.

    26 

    27     Request parameters:

    28 

    29     :param __login: The user login (or email if :confval:`allow-email-login` is

    30                     on.

    31     :param __password: The user password

    32     :param __setauthcookie: (optional) If defined and equal to '1', set the

    33                             authentication cookie maxage to 1 week.

    34 

    35                             If not, the authentication cookie is a session

    36                             cookie.

    37     """

    38     repo = request.registry['cubicweb.repository']

    39 

    40     user_eid = None

    41 

    42     login = request.params['__login']

    43     password = request.params['__password']

    44 

    45     try:

    46         with repo.internal_cnx() as cnx:

    47             user = repo.authenticate_user(cnx, login, password=password)

    48             user_eid = user.eid

    49     except cubicweb.AuthenticationError:

    50         request.cw_request.set_message(request.cw_request._(

    51             "Authentication failed. Please check your credentials."))

    52         request.cw_request.post = dict(request.params)

    53         del request.cw_request.post['__password']

    54         request.response.status_code = 403

    55         return login_form(request)

    56 

    57     headers = security.remember(

    58         request, user_eid,

    59         persistent=asbool(request.params.get('__setauthcookie', False)))

    60 

    61     new_path = request.params.get('postlogin_path', '')

    62 

    63     if new_path == 'login':

    64         new_path = ''

    65 

    66     url = request.cw_request.build_url(new_path)

    67     raise HTTPSeeOther(url, headers=headers)

    68 

    69 

    70 @view_config(route_name='login', effective_principals=security.Authenticated)

    71 def login_already_loggedin(request):

    72     """ 'login' route view for Authenticated users.

    73 

    74     Simply redirect the user to '/'."""

    75     raise HTTPSeeOther('/')

    76 

    77 

    78 def includeme(config):

    79     """ Create the 'login' route ('/login') and load this module views"""

    80     config.add_route('login', '/login')

    81     config.scan('cubicweb.pyramid.login')