|
1 """ Provide login views that reproduce a classical CubicWeb behavior""" |
|
2 from pyramid import security |
|
3 from pyramid.httpexceptions import HTTPSeeOther |
|
4 from pyramid.view import view_config |
|
5 from pyramid.settings import asbool |
|
6 |
|
7 import cubicweb |
|
8 |
|
9 from cubicweb.pyramid.core import render_view |
|
10 |
|
11 |
|
12 @view_config(route_name='login') |
|
13 def login_form(request): |
|
14 """ Default view for the 'login' route. |
|
15 |
|
16 Display the 'login' CubicWeb view, which is should be a login form""" |
|
17 request.response.text = render_view(request, 'login') |
|
18 return request.response |
|
19 |
|
20 |
|
21 @view_config(route_name='login', request_param=('__login', '__password')) |
|
22 def login_password_login(request): |
|
23 """ Handle GET/POST of __login/__password on the 'login' route. |
|
24 |
|
25 The authentication itself is delegated to the CubicWeb repository. |
|
26 |
|
27 Request parameters: |
|
28 |
|
29 :param __login: The user login (or email if :confval:`allow-email-login` is |
|
30 on. |
|
31 :param __password: The user password |
|
32 :param __setauthcookie: (optional) If defined and equal to '1', set the |
|
33 authentication cookie maxage to 1 week. |
|
34 |
|
35 If not, the authentication cookie is a session |
|
36 cookie. |
|
37 """ |
|
38 repo = request.registry['cubicweb.repository'] |
|
39 |
|
40 user_eid = None |
|
41 |
|
42 login = request.params['__login'] |
|
43 password = request.params['__password'] |
|
44 |
|
45 try: |
|
46 with repo.internal_cnx() as cnx: |
|
47 user = repo.authenticate_user(cnx, login, password=password) |
|
48 user_eid = user.eid |
|
49 except cubicweb.AuthenticationError: |
|
50 request.cw_request.set_message(request.cw_request._( |
|
51 "Authentication failed. Please check your credentials.")) |
|
52 request.cw_request.post = dict(request.params) |
|
53 del request.cw_request.post['__password'] |
|
54 request.response.status_code = 403 |
|
55 return login_form(request) |
|
56 |
|
57 headers = security.remember( |
|
58 request, user_eid, |
|
59 persistent=asbool(request.params.get('__setauthcookie', False))) |
|
60 |
|
61 new_path = request.params.get('postlogin_path', '') |
|
62 |
|
63 if new_path == 'login': |
|
64 new_path = '' |
|
65 |
|
66 url = request.cw_request.build_url(new_path) |
|
67 raise HTTPSeeOther(url, headers=headers) |
|
68 |
|
69 |
|
70 @view_config(route_name='login', effective_principals=security.Authenticated) |
|
71 def login_already_loggedin(request): |
|
72 """ 'login' route view for Authenticated users. |
|
73 |
|
74 Simply redirect the user to '/'.""" |
|
75 raise HTTPSeeOther('/') |
|
76 |
|
77 |
|
78 def includeme(config): |
|
79 """ Create the 'login' route ('/login') and load this module views""" |
|
80 config.add_route('login', '/login') |
|
81 config.scan('cubicweb.pyramid.login') |