-
-
Notifications
You must be signed in to change notification settings - Fork 183
/
login.py
283 lines (240 loc) · 9.37 KB
/
login.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
from .utils import has_logged_in
from plone.app.users.browser.passwordpanel import PasswordPanel
from plone.base import PloneMessageFactory as _
from plone.base.interfaces import IForcePasswordChange
from plone.base.interfaces import IInitialLogin
from plone.base.interfaces import ILoginForm
from plone.base.interfaces import ILoginFormSchema
from plone.base.interfaces import IRedirectAfterLogin
from plone.base.interfaces import ISecuritySchema
from plone.registry.interfaces import IRegistry
from Products.CMFCore.utils import getToolByName
from Products.Five.browser import BrowserView
from Products.statusmessages.interfaces import IStatusMessage
from urllib import parse
from z3c.form import button
from z3c.form import field
from z3c.form import form
from z3c.form.interfaces import HIDDEN_MODE
from zope.component import getMultiAdapter
from zope.component import queryMultiAdapter
from zope.component import queryUtility
from zope.interface import implementer
import logging
logger = logging.getLogger(__name__)
# TODO: Scale down this list now that we've removed a lot of
# templates.
LOGIN_TEMPLATE_IDS = [
"localhost",
"logged-out",
"logged_in",
"login",
"login_failed",
"login_form",
"login_password",
"login_success",
"logout",
"mail_password",
"mail_password_form",
"member_search_results",
"pwreset_finish",
"passwordreset",
"register",
"registered",
"require_login",
]
@implementer(ILoginForm)
class LoginForm(form.EditForm):
"""Implementation of the login form"""
fields = field.Fields(ILoginFormSchema)
id = "LoginForm"
label = _("label_log_in", default="Log in")
ignoreContext = True
prefix = ""
def render(self):
registry = queryUtility(IRegistry)
ext_login_url = registry["plone.external_login_url"]
if ext_login_url:
return self._handle_external_login(ext_login_url)
return self.index()
def _handle_external_login(self, url):
"""Handle login on this portal where login is external."""
next_ = self.request.get("next", None)
came_from = self.request.get("came_from")
urlparts = [part for part in parse.urlparse(url)]
qs = dict(parse.parse_qsl(urlparts[4]))
portal_url = getToolByName(self.context, "portal_url")
if next_ is not None and not portal_url.isURLInPortal(next_):
next_ = None
if next_ is not None:
qs["next"] = next_
if came_from:
qs["came_from"] = came_from
urlparts[4] = parse.urlencode(qs)
self.request.response.redirect(parse.urlunparse(urlparts))
def _get_auth(self):
try:
return self.context.acl_users.credentials_cookie_auth
except AttributeError:
try:
return self.context.cookie_authentication
except AttributeError:
pass
def updateWidgets(self):
super().updateWidgets(prefix="")
auth = self._get_auth()
if auth:
widgetname_login = auth.get("name_cookie", "__ac_name")
widgetname_password = auth.get("pw_cookie", "__ac_password")
else:
widgetname_login = "__ac_name"
widgetname_password = "__ac_password"
self.widgets["ac_name"].name = widgetname_login
self.widgets["ac_name"].id = widgetname_login
self.widgets["ac_password"].name = widgetname_password
self.widgets["ac_password"].id = widgetname_password
if self.use_email_as_login():
self.widgets["ac_name"].label = _("label_email", default="Email")
self.widgets["came_from"].mode = HIDDEN_MODE
self.widgets["came_from"].value = self.get_came_from()
def get_came_from(self):
came_from = self.request.get("came_from", None)
if not came_from:
came_from = self.request.get("HTTP_REFERER", None)
if not came_from:
return
url_tool = getToolByName(self.context, "portal_url")
if not url_tool.isURLInPortal(came_from):
return
came_from_path = parse.urlparse(came_from)[2].split("/")
for login_template_id in LOGIN_TEMPLATE_IDS:
if login_template_id in came_from_path:
return
return came_from
def updateActions(self):
super().updateActions()
self.actions["login"].addClass("btn-primary")
def _post_login(self):
membership_tool = getToolByName(self.context, "portal_membership")
member = membership_tool.getAuthenticatedMember()
must_change_password = member.getProperty("must_change_password", 0)
login_time = member.getProperty("login_time", None)
is_initial_login = not has_logged_in(login_time)
membership_tool.loginUser(self.request)
if is_initial_login:
self.handle_initial_login()
if must_change_password:
self.force_password_change()
return is_initial_login
@button.buttonAndHandler(_("Log in"), name="login")
def handleLogin(self, action):
data, errors = self.extractData()
if errors:
self.status = self.formErrorsMessage
return
membership_tool = getToolByName(self.context, "portal_membership")
status_msg = IStatusMessage(self.request)
if membership_tool.isAnonymousUser():
self.request.response.expireCookie("__ac", path="/")
if self.use_email_as_login():
status_msg.addStatusMessage(
_(
"Login failed. Both email address and password are "
"case sensitive, check that caps lock is not enabled."
),
"error",
)
else:
status_msg.addStatusMessage(
_(
"Login failed. Both login name and password are case "
"sensitive, check that caps lock is not enabled."
),
"error",
)
return
is_initial_login = self._post_login()
status_msg.addStatusMessage(
_(
"you_are_now_logged_in",
default="Welcome! You are now logged in.",
),
"info",
)
came_from = data.get("came_from", None)
self.redirect_after_login(came_from, is_initial_login)
def handle_initial_login(self):
handler = queryMultiAdapter(
(self.context, self.request),
IInitialLogin,
)
if handler:
handler()
def force_password_change(self):
handler = queryMultiAdapter(
(self.context, self.request),
IForcePasswordChange,
)
if handler:
handler()
def redirect_after_login(self, came_from=None, is_initial_login=False):
adapter = queryMultiAdapter((self.context, self.request), IRedirectAfterLogin)
if adapter:
came_from = adapter(came_from, is_initial_login)
if not came_from:
came_from = self.context.absolute_url()
self.request.response.redirect(came_from)
def self_registration_enabled(self):
registry = queryUtility(IRegistry)
security_settings = registry.forInterface(ISecuritySchema, prefix="plone")
return security_settings.enable_self_reg
def use_email_as_login(self):
registry = queryUtility(IRegistry)
security_settings = registry.forInterface(ISecuritySchema, prefix="plone")
return security_settings.use_email_as_login
class FailsafeLoginForm(LoginForm):
def render(self):
return self.index()
class RequireLoginView(BrowserView):
def __call__(self):
portal_state = getMultiAdapter(
(self.context, self.request),
name="plone_portal_state",
)
portal = portal_state.portal()
if portal_state.anonymous():
url = f"{portal.absolute_url():s}/login"
came_from = self.request.get("came_from", None)
if came_from:
url += f"?came_from={parse.quote(came_from):s}"
else:
url = f"{portal.absolute_url():s}/insufficient-privileges"
self.request.response.redirect(url)
class InsufficientPrivilegesView(BrowserView):
def request_url(self):
return self.request.get("came_from")
class InitialLoginPasswordChange(PasswordPanel):
def render(self):
return self.index()
@button.buttonAndHandler(
_("label_change_password", default="Change Password"),
name="reset_passwd",
)
def action_reset_passwd(self, action):
super().action_reset_passwd(self, action)
if not action.form.widgets.errors:
self.request.response.redirect(self.context.portal_url())
class ForcedPasswordChange(PasswordPanel):
def render(self):
return self.index()
@button.buttonAndHandler(
_("label_change_password", default="Change Password"),
name="reset_passwd",
)
def action_reset_passwd(self, action):
super().action_reset_passwd(self, action)
if not action.form.widgets.errors:
membership_tool = getToolByName(self.context, "portal_membership")
member = membership_tool.getAuthenticatedMember()
member.setProperties(must_change_password=0)
self.request.response.redirect(self.context.portal_url())