Commit 36ad1a51 authored by Jean Michel Rouly's avatar Jean Michel Rouly
Browse files

Merged authentication into login page, outsourced logic to library function.

parent 8a63cbff
import ldap
import site
import Cookie
import cookielib
site.addsitedir('/srv/http/go/wsgi')
import library
import goconfig
def application(environ, start_response):
if( library.user_logged_in( environ ) ):
status = '303 See other'
response_headers = [('Location', '/')]
start_response(status, response_headers)
return ['Redirecting to index . . .']
if not (environ["REQUEST_METHOD"] == "POST"):
status = '303 See other'
response_headers = [('Location', '/login')]
start_response(status, response_headers)
return ['Redirecting to index . . .']
# If the page was requested via POST, that means the URL-input
# form was submitted. Scan over the input data, parse it, validate
# it, and then finally connect to the DB and store it. Then output.
# Grab user data, cut off non-relevant fields.
data = environ['wsgi.input']
data = library.parse_post_data( data )
# Determine the user credentials to authenticate.
usr = data['usr']
psw = data['pass']
bind = 'uid='+usr+',ou=people,o=gmu.edu'
success = False # authentication success
body = []
if( len(usr) > 0 and len(psw) > 0):
# Try to talk with the LDAP server.
ldap.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND)
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
try:
ld = ldap.initialize( goconfig.ldap_domain )
result = ld.simple_bind_s( bind, psw )
if result is not None:
success = True
except ldap.INVALID_CREDENTIALS:
pass
except ldap.INAPPROPRIATE_AUTH:
pass
except ldap.NO_SUCH_OBJECT:
pass
if( success ):
# create a hashed cookie
cookie = library.generate_cookie(usr)
cookie_value = cookie["user"].OutputString()
hash_value = cookie["user"].value
if( library.user_registered( usr ) ):
if( library.user_approved( usr ) ):
# deactivate the user, in case they're already in
###library.deactivate_user( hash_value )
# activate the hashed user with the SQL database
library.activate_user( hash_value, usr )
# push the cookie to the user and redirect
status = '303 See Other'
response_headers = [('Set-Cookie', cookie_value),
('Location', '/'),
('Content-type', 'text/plain')]
start_response(status, response_headers)
return [ str(cookie) ]
else:
body = [""]
body.append("<p>Your account has been registered and is being processed.</p>")
body.append("<p>You will be notified when you are granted access.</p>")
else:
body = [""]
body.append("<p>You do not currently have permission to use this ")
body.append("service. Please <a href=\"/signup\">apply</a> for access.</p>")
body.append("<p>If you believe this message is in error, please contact ")
body.append("a SRCT <a href=\"mailto:exec@srct.gmu.edu\">SysAdmin</a>.</p>")
else:
body = ["<p>Error: Invalid username or password.</p>"]
body = ''.join( body )
f = open(goconfig.doc_root + "/site_data/top.part", "r")
top = f.read()
f.close()
f = open(goconfig.doc_root + "/site_data/bottom.part", "r")
bottom = f.read()
f.close()
response = top + body + bottom
status = '200 OK'
response_headers = [('Content-type', 'text/html'),
('Content-Length', str(len(response)))]
start_response(status, response_headers)
return [response]
......@@ -6,6 +6,7 @@ import MySQLdb
import Cookie
import cookielib
import hashlib
import ldap
site.addsitedir('/srv/http/go/wsgi')
import goconfig
......@@ -306,3 +307,27 @@ def get_redirect_target( short_url ):
mdb.close()
return target
def ldap_authenticate( usr, psw ):
bind = 'uid='+usr+',ou=people,o=gmu.edu'
if( len(usr) > 0 and len(psw) > 0):
# Try to talk with the LDAP server.
ldap.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND)
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
try:
ld = ldap.initialize( goconfig.ldap_domain )
result = ld.simple_bind_s( bind, psw )
if result is not None:
return True
except ldap.INVALID_CREDENTIALS:
pass
except ldap.INAPPROPRIATE_AUTH:
pass
except ldap.NO_SUCH_OBJECT:
pass
return False
import ldap
import site
site.addsitedir('/srv/http/go/wsgi')
......@@ -17,7 +16,7 @@ def application(environ, start_response):
login_form = """
<h3>~Login~</h3>
<form action="/authenticate" method="post">
<form action="/login" method="post">
<label for="usr">username</label>
<br /><br />
<input type="text" id="usr" name="usr" value="" />
......@@ -36,7 +35,61 @@ def application(environ, start_response):
</form>
"""
body.append( login_form )
if not (environ["REQUEST_METHOD"] == "POST"):
body = []
body.append( login_form )
else:
body = []
# Grab user data, cut off non-relevant fields.
data = environ['wsgi.input']
data = library.parse_post_data( data )
# Determine the user credentials to authenticate.
usr = data['usr']
psw = data['pass']
success = library.ldap_authenticate( usr, psw )
if( success ):
# create a hashed cookie
cookie = library.generate_cookie(usr)
cookie_value = cookie["user"].OutputString()
hash_value = cookie["user"].value
if( library.user_registered( usr ) ):
if( library.user_approved( usr ) ):
# deactivate the user, in case they're already in
###library.deactivate_user( hash_value )
# activate the hashed user with the SQL database
library.activate_user( hash_value, usr )
# push the cookie to the user and redirect
status = '303 See Other'
response_headers = [('Set-Cookie', cookie_value),
('Location', '/'),
('Content-type', 'text/plain')]
start_response(status, response_headers)
return [ str(cookie) ]
else:
body = [""]
body.append("<p>Your account has been registered and is being processed.</p>")
body.append("<p>You will be notified when you are granted access.</p>")
else:
body = [""]
body.append("<p>You do not currently have permission to use this ")
body.append("service. Please <a href=\"/signup\">apply</a> for access.</p>")
body.append("<p>If you believe this message is in error, please contact ")
body.append("a SRCT <a href=\"mailto:exec@srct.gmu.edu\">SysAdmin</a>.</p>")
else:
body = ["<p>Error: Invalid username or password.</p>"]
f = open(goconfig.doc_root + "/site_data/top.part", "r")
top = f.read()
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment