entrouvert
/
glasnost
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity
This repository has been archived on 2023-02-21. You can view files and clone it, but cannot push or open issues or pull requests.
glasnost/shared/web/AuthenticationLoginPassword...

631 lines
24 KiB
Python
Raw Blame History

# -*- coding: iso-8859-15 -*-
# Glasnost
# By: Odile Bénassy <obenassy@entrouvert.com>
# Romain Chantereau <rchantereau@entrouvert.com>
# Nicolas Clapiès <nclapies@easter-eggs.org>
# Pierre-Antoine Dejace <padejace@entrouvert.be>
# Thierry Dulieu <tdulieu@easter-eggs.com>
# Florent Monnier <monnier@codelutin.com>
# Cédric Musso <cmusso@easter-eggs.org>
# Frédéric Péters <fpeters@entrouvert.be>
# Benjamin Poussin <poussin@codelutin.com>
# Emmanuel Raviart <eraviart@entrouvert.com>
# Sébastien Régnier <regnier@codelutin.com>
# Emmanuel Saracco <esaracco@easter-eggs.com>
#
# Copyright (C) 2000, 2001 Easter-eggs & Emmanuel Raviart
# Copyright (C) 2002 Odile Bénassy, Code Lutin, Thierry Dulieu, Easter-eggs,
# Entr'ouvert, Frédéric Péters, Benjamin Poussin, Emmanuel Raviart,
# Emmanuel Saracco & Théridion
# Copyright (C) 2003 Odile Bénassy, Romain Chantereau, Nicolas Clapiès,
# Code Lutin, Pierre-Antoine Dejace, Thierry Dulieu, Easter-eggs,
# Entr'ouvert, Florent Monnier, Cédric Musso, Ouvaton, Frédéric Péters,
# Benjamin Poussin, Rodolphe Quiédeville, Emmanuel Raviart, Sébastien
# Régnier, Emmanuel Saracco, Théridion & Vecam
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
__doc__ = """Glasnost Authentication (Login/Password) Web"""
__version__ = '$Revision$'[11:-2]
import glasnost.common.context as context
import glasnost.common.faults as faults
from glasnost.common.ObjectsCommon import *
import glasnost.common.slots as slots
import glasnost.common.translation as translation
import glasnost.common.tools_new as commonTools
from glasnost.proxy.AuthenticationLoginPasswordProxy import *
from ObjectsWeb import register, AdminWithoutWritersMixin, WebMixin, BaseObjectWebMixin
from tools import *
class AdminAuthenticationLoginPassword(AdminWithoutWritersMixin,
AdminAuthenticationLoginPassword):
stockPasswordsInClearText_kind_stateInEditMode = 'hidden'
stockPasswordsInClearText_kind_stateInViewMode = 'hidden'
stockPasswordsInClearText_kind_widgetName = 'InputCheckBox'
userCanChoosePassword_kind_defaultValue = 0
userCanChoosePassword_kind_widget_fieldLabel = N_('Password')
userCanChoosePassword_kind_widget_labels = {
'0': N_('Automatically Generated'),
'1': N_('User Choice'),
}
userCanChoosePassword_kind_widgetName = 'InputCheckBox'
register(AdminAuthenticationLoginPassword)
class AccountLoginPassword(BaseObjectWebMixin, AccountLoginPassword):
def getEditLayoutSlotNames(self, fields, parentSlot = None):
slotNames = BaseObjectWebMixin.getEditLayoutSlotNames(self,
fields, parentSlot = parentSlot)
slotNames.remove('password')
return slotNames
register(AccountLoginPassword)
class LoginAccountLoginPassword(BaseObjectWebMixin, AccountLoginPassword):
login_kind_balloonHelp = N_('Enter the username you use on this site.')
password_kind_balloonHelp = N_('Enter your password.')
register(LoginAccountLoginPassword)
class ChangingPassword(BaseObjectWebMixin, ObjectCommon):
id_kindName = None
language_kindName = None
currentPassword = None
currentPassword_kind_balloonHelp = N_('Enter your current password.')
currentPassword_kind_isRequired = 1
currentPassword_kind_isTranslatable = 0
currentPassword_kind_widget_fieldLabel = N_('Current Password')
currentPassword_kind_widget_size = 15
currentPassword_kind_widgetName = 'InputPassword'
currentPassword_kindName = 'Password'
newPassword = None
newPassword_kind_balloonHelp = N_('Enter your new password.')
newPassword_kind_isRequired = 1
newPassword_kind_isTranslatable = 0
newPassword_kind_widget_fieldLabel = N_('New Password')
newPassword_kind_widget_size = 15
newPassword_kind_widgetName = 'InputPassword'
newPassword_kindName = 'Password'
new2Password = None
new2Password_kind_balloonHelp = N_('Re-enter your new password.')
new2Password_kind_isRequired = 1
new2Password_kind_isTranslatable = 0
new2Password_kind_widget_fieldLabel = N_('New Password (Confirmation)')
new2Password_kind_widget_size = 15
new2Password_kind_widgetName = 'InputPassword'
new2Password_kindName = 'Password'
version_kindName = None
def getOrderedLayoutSlotNames(self, parentSlot = None):
slotNames = ObjectCommon.getOrderedLayoutSlotNames(
self, parentSlot = parentSlot)
slotNames += ['currentPassword', 'newPassword', 'new2Password']
return slotNames
class ChangingUserPassword(BaseObjectWebMixin, ObjectCommon):
id_kindName = None
language_kindName = None
login = None
login_kind_widget_fieldLabel = N_('Username')
login_kind_stateInEditMode = 'read-only'
login_kindName = 'String'
password = None
password_kind_balloonHelp = N_('Enter the password.')
password_kind_isRequired = 1
password_kind_isTranslatable = 0
password_kind_widget_fieldLabel = N_('Password')
password_kind_widget_size = 15
password_kind_widgetName = 'InputPassword'
password_kindName = 'Password'
def getOrderedLayoutSlotNames(self, parentSlot = None):
slotNames = ObjectCommon.getOrderedLayoutSlotNames(
self, parentSlot = parentSlot)
slotNames += ['login', 'password',]
return slotNames
class AuthenticationLoginPasswordWeb(WebMixin,
AuthenticationLoginPasswordProxy):
def admin(self):
context.push(_level = 'admin',
defaultDispatcherId = context.getVar('dispatcherId'))
try:
if not self.canGetAdmin():
return accessForbidden()
admin = self.getAdmin()
keywords = {}
admin.makeFieldsFromInstance(keywords)
admin.repairFields(keywords)
layout = X.array()
layout += admin.getViewLayout(keywords)
buttonsBar = X.div(_class = 'buttons-bar')
layout += buttonsBar
if self.canModifyAdmin():
actionButtonsBar = X.span(_class = 'action-buttons-bar')
buttonsBar += actionButtonsBar
actionButtonsBar += X.buttonStandalone(
'edit', X.actionUrl('adminEdit'))
finally:
context.pull(_level = 'admin')
return writePageLayout(layout,
_('Authentication (Login/Password) Settings'))
admin.isPublicForWeb = 1
def adminEdit(self, again = '', error = '', **keywords):
context.push(_level = 'adminEdit',
defaultDispatcherId = context.getVar('dispatcherId'),
layoutMode = 'edit')
try:
if keywords is None:
keywords = {}
if not self.isAdmin():
return accessForbidden()
admin = self.getAdmin()
if not again:
admin.makeFieldsFromInstance(keywords)
admin.repairFields(keywords)
layout = X.array()
layout += admin.getErrorLayout(error, keywords)
form = X.form(
action = X.actionUrl('adminSubmit'),
enctype= 'multipart/form-data', method = 'post')
layout += form
form += admin.getEditLayout(keywords)
buttonsBar = X.div(_class = 'buttons-bar')
form += buttonsBar
actionButtonsBar = X.span(_class = 'action-buttons-bar')
buttonsBar += actionButtonsBar
actionButtonsBar += X.buttonInForm('modify', 'modifyButton')
finally:
context.pull(_level = 'adminEdit')
return writePageLayout(layout, _('Editing Authentication Settings'))
adminEdit.isPublicForWeb = 1
def adminSubmit(self, **keywords):
uri = None
context.push(_level = 'adminSubmit',
defaultDispatcherId = context.getVar('dispatcherId'))
try:
if keywords is None:
keywords = {}
if not self.isAdmin():
return accessForbidden()
admin = self.getAdmin()
if isButtonSelected('applyButton', keywords):
keywords['again'] = '1'
keywords['hideErrors'] = '1'
admin = self.newAdmin(keywords)
admin.submitFields(keywords)
if keywords.has_key('again') and keywords['again']:
uri = X.actionUrl('adminEdit')
uri.addKeywords(keywords)
return # The redirect(uri) will be returned by the finally
# instruction.
try:
self.modifyAdmin(admin)
except faults.WrongVersion:
keywords['again'] = '1'
keywords['error'] = '1'
keywords['versionError'] = '1'
uri = X.actionUrl('adminEdit')
uri.addKeywords(keywords)
return # The redirect(uri) will be returned by the finally
# instruction.
except:
if context.getVar('debug'):
raise
return accessForbidden()
uri = X.actionUrl('admin')
# The redirect(uri) will be returned by the finally instruction.
finally:
context.pull(_level = 'adminSubmit')
if uri:
return redirect(uri)
adminSubmit.isPublicForWeb = 1
def changePassword(self, again = '', error = '', **keywords):
if not self.getAdmin().userCanChoosePassword:
return accessForbidden()
passwordChange = ChangingPassword()
if not again:
passwordChange.initFields(keywords)
passwordChange.repairFields(keywords)
context.push(_level = 'index', layoutMode = 'edit',
authMode = 'login')
try:
layout = X.array()
layout += passwordChange.getErrorLayout(error, keywords)
form = X.form(
action = X.actionUrl('changePasswordSubmit'),
enctype= 'multipart/form-data', method = 'post')
layout += form
form += passwordChange.getEditLayout(keywords)
form += X.div(_class = 'buttons-bar')(
X.span(_class = 'action-buttons-bar')(
X.buttonInForm('ok', 'okButton')),
)
return writePageLayout(layout, _('Changing Password'))
finally:
context.pull(_level = 'index')
changePassword.isPublicForWeb = 1
def changePasswordSubmit(self, **keywords):
if not context.getVar('userToken'):
return accessForbidden()
admin = self.getAdmin()
if not admin.userCanChoosePassword:
return accessForbidden(dontAskForLogin = 1)
if keywords is None:
keywords = {}
error = 0
passwordChange = ChangingPassword()
if error:
keywords['again'] = '1'
keywords['error'] = '1'
else:
passwordChange.submitFields(keywords)
if not error:
authProxy = getProxyForServerRole('authentication')
authObject = authProxy.getAuthObject()
if authObject.password != passwordChange.currentPassword:
slot = passwordChange.getSlot('currentPassword')
slot.setFieldOption(keywords, 'error', 'wrongValue')
error = 1
if passwordChange.newPassword != passwordChange.new2Password:
error = 1
if error:
keywords['newPassword'] = ''
keywords['new2Password'] = ''
keywords['again'] = '1'
keywords['error'] = '1'
if keywords.has_key('again') and keywords['again']:
uri = X.actionUrl('changePassword')
uri.addKeywords(keywords)
return redirect(uri)
authObject.password = passwordChange.newPassword
self.modifyAccount(context.getVar('userId'), authObject)
return success(
_('The password has been modified successfully.'),
X.rootUrl())
changePasswordSubmit.isPublicForWeb = 1
def changeUserPassword(self, account, again = '', error = '', **keywords):
if not self.getAdmin().userCanChoosePassword:
return accessForbidden(dontAskForLogin = 1)
if not self.isAdmin():
return accessForbidden()
if not keywords:
keywords = {}
keywords['login'] = account
passwordChange = ChangingUserPassword()
if not again:
passwordChange.initFields(keywords)
passwordChange.repairFields(keywords)
context.push(_level = 'index', layoutMode = 'edit',
authMode = 'login')
try:
layout = X.array()
layout += passwordChange.getErrorLayout(error, keywords)
form = X.form(
action = X.actionUrl('changeUserPasswordSubmit'),
enctype= 'multipart/form-data', method = 'post')
layout += form
form += passwordChange.getEditLayout(keywords)
form += X.div(_class = 'buttons-bar')(
X.span(_class = 'action-buttons-bar')(
X.buttonInForm('ok', 'okButton')),
)
return writePageLayout(layout, _('Changing User Password'))
finally:
context.pull(_level = 'index')
changeUserPassword.isPublicForWeb = 1
def changeUserPasswordSubmit(self, **keywords):
if not self.getAdmin().userCanChoosePassword:
return accessForbidden(dontAskForLogin = 1)
if not self.isAdmin():
return accessForbidden()
if keywords is None:
keywords = {}
error = 0
passwordChange = ChangingUserPassword()
if error:
keywords['again'] = '1'
keywords['error'] = '1'
else:
passwordChange.submitFields(keywords)
if keywords.has_key('again') and keywords['again']:
uri = X.actionUrl('changeUserPassword')
uri.addKeywords(keywords)
return redirect(uri)
authObject = self.newAuthenticationObject()
authObject.login = passwordChange.login
authObject.password = passwordChange.password
self.modifyAccount(
self.getAccountUserId(authObject), authObject)
return success(
_('The password has been modified successfully.'),
X.roleUrl('authentication'))
changeUserPasswordSubmit.isPublicForWeb = 1
def deleteUser(self, account, **keywords):
if not self.isAdmin():
return accessForbidden()
if not keywords:
keywords = {}
authObject = self.newAuthenticationObject()
authObject.login = account
userId = self.getAccountUserId(authObject)
self.deleteAccount(authObject)
# TODO: propose to remove userId
return success(
_('The account has been removed successfully.'),
X.roleUrl('authentication'))
deleteUser.isPublicForWeb = 1
def getMenuCommands(self):
userToken = context.getVar('userToken')
admin = self.getAdmin()
options = []
if not userToken or self.isAdmin():
options.append(
X.a(href = X.roleUrl(self.serverRole, 'newAccount'))(
_('New Account')))
if userToken and admin.userCanChoosePassword:
options.append(
X.a(href = X.roleUrl(self.serverRole, 'changePassword'))(
_('Change Password')))
if self.isAdmin():
accounts = self.getAccounts()
accountsMenu = X.select(name = 'account')
for userId, account in accounts.items():
accountsMenu += X.option(value = account.login)(
getObjectLabelTranslated(userId,
context.getVar('readLanguages')))
else:
accounts = []
if self.isAdmin() and admin.userCanChoosePassword:
options.append(
X.form(
action = X.roleUrl(self.serverRole,
'changeUserPassword'),
method = 'post', enctype = 'multipart/form-data')(
X.asIs(_('Change password for user:')),
accountsMenu,
X.buttonInForm('ok', 'ok')))
if self.isAdmin():
options.append(
X.form(
action = X.roleUrl(self.serverRole,
'deleteUser'),
method = 'post', enctype = 'multipart/form-data')(
X.asIs(_('Delete user:')),
accountsMenu,
X.buttonInForm('ok', 'ok')))
return options
def getViewAllButtonsBarLayout(self):
layout = X.div(_class = 'buttons-bar')
userToken = context.getVar('userToken')
if self.canModifyAdmin() and userToken:
layout += X.buttonStandalone('settings', X.actionUrl('admin'))
return layout
def login(self, nextUri = '', access = '', again = '', error = '', **keywords):
req = context.getVar('req')
req.headers_out['Cache-Control'] = 'no-cache, must-revalidate'
req.headers_out['Pragma'] = 'no-cache'
if keywords is None:
keywords = {}
authObject = LoginAccountLoginPassword()
if not again:
authObject.initFields(keywords)
authObject.repairFields(keywords)
context.push(_level = 'index', layoutMode = 'edit')
try:
layout = X.array()
if access == 'forbidden':
layout += X.p(_(
'To access this part of the site, you need to sign in.'))
layout += authObject.getErrorLayout(error, keywords)
submitUrl = X.roleUrl(self.serverRole, 'loginSubmit')
if context.getVar('virtualHost').useHTTPS:
hostNameAndPort = commonTools.makeHttpHostNameAndPort(
context.getVar('httpHostName'),
context.getVar('httpPort'))
submitUrl = 'https://%s%s' % (hostNameAndPort, submitUrl)
form = X.form(action = submitUrl, enctype = 'multipart/form-data',
method = 'post')
layout += form
form += authObject.getEditLayout(keywords)
if nextUri:
form += X.div(X.input(name = 'nextUri', type = 'hidden',
value = nextUri))
buttonsBar = X.div(_class = 'buttons-bar')
form += buttonsBar
buttonsBar += X.buttonInForm('login', 'loginButton')
if 1: # TODO: check if emailPassword is available
buttonsBar += X.buttonInForm(
'send-password-by-email', 'sendButton')
return writePageLayout(layout, _('Login'))
finally:
context.pull(_level = 'index')
login.isPublicForWeb = 1
def loginSubmit(self, nextUri = '', **keywords):
if keywords is None:
keywords = {}
error = 0
sendPasswordByEmail = isButtonSelected('sendButton', keywords)
authObject = self.newAuthenticationObject()
if error:
keywords['again'] = 1
keywords['error'] = 1
else:
authObject.submitFields(keywords)
if keywords.has_key('again') and keywords['again']:
uri = X.roleUrl(self.serverRole, 'login')
uri.add('nextUri', nextUri)
uri.addKeywords(keywords)
return redirect(uri)
if sendPasswordByEmail:
self.emailPassword(authObject)
return redirect('/')
authWeb = getWebForServerRole('authentication')
try:
return authWeb.loginSubmitted(
'login-password', authObject, nextUri)
except faults.WrongLogin:
keywords['again'] = '1'
keywords['error'] = '1'
keywords['login_error'] = 'wrongValue'
uri = X.roleUrl(self.serverRole, 'login')
uri.add('nextUri', nextUri)
uri.addKeywords(keywords)
return redirect(uri)
except faults.WrongPassword:
keywords['again'] = '1'
keywords['error'] = '1'
keywords['password_error'] = 'wrongValue'
uri = X.roleUrl(self.serverRole, 'login')
uri.add('nextUri', nextUri)
uri.addKeywords(keywords)
return redirect(uri)
except:
if context.getVar('debug'):
raise
return accessForbidden()
loginSubmit.isPublicForWeb = 1
def newAccount(self, again = '', error = '', **keywords):
usercardWeb = getProxyForServerRole('people')
if not usercardWeb.canAddObject():
return accessForbidden()
if keywords is None:
keywords = {}
userCardObject = usercardWeb.newObject(None)
userCardSlot = slots.Root(userCardObject, name = 'userCard')
if not again:
userCardObject.initFields(keywords, parentSlot = userCardSlot)
userCardObject.repairFields(keywords, parentSlot = userCardSlot)
authObject = self.newAuthenticationObject()
if not again:
authObject.initFields(keywords)
authObject.repairFields(keywords)
context.push(_level = 'index', layoutMode = 'edit')
try:
layout = X.array()
form = X.form(action = X.actionUrl('newAccountSubmit'),
method = 'post')
layout += form
form += userCardObject.getEditLayout(
keywords, parentSlot = userCardSlot)
form += authObject.getEditLayout(keywords)
form += X.div(_class = 'buttons-bar')(
X.span(_class = 'action-buttons-bar')(
X.buttonInForm('create', 'createButton')),
)
return writePageLayout(layout, _('New Account'))
finally:
context.pull(_level = 'index')
newAccount.isPublicForWeb = 1
def newAccountSubmit(self, **keywords):
usercardWeb = getProxyForServerRole('people')
if not usercardWeb.canAddObject():
return accessForbidden()
if keywords is None:
keywords = {}
userCardObject = usercardWeb.newObject(None)
userCardSlot = slots.Root(userCardObject, name = 'userCard')
userCardObject.submitFields(keywords, parentSlot = userCardSlot)
authObject = self.newAuthenticationObject()
authObject.submitFields(keywords)
if keywords.has_key('again') and keywords['again']:
uri = X.actionUrl('newAccount')
uri.addKeywords(keywords)
return redirect(uri)
userId = usercardWeb.addObject(userCardObject)
self.addAccount(userId, authObject)
return redirect(X.idUrl(userId))
newAccountSubmit.isPublicForWeb = 1
View Git Blame Copy Permalink