diff options
author | Simo Sorce <simo@redhat.com> | 2014-08-01 08:15:49 -0400 |
---|---|---|
committer | Patrick Uiterwijk <puiterwijk@redhat.com> | 2014-09-24 20:29:20 +0200 |
commit | 25b8eaf83e681a9322cffe61aad5254bcbe0c917 (patch) | |
tree | 8ccfe8a892e669b85b5930a43fd2cbb0017c807d /ipsilon | |
parent | a511d8ab35cc0f2872eac640ed4120766f92704a (diff) | |
download | ipsilon-25b8eaf83e681a9322cffe61aad5254bcbe0c917.tar.gz ipsilon-25b8eaf83e681a9322cffe61aad5254bcbe0c917.tar.xz ipsilon-25b8eaf83e681a9322cffe61aad5254bcbe0c917.zip |
Use helper cookie to remember the username
This makes the login page a lot more friendy
Available only over HTTPS
Max age set to 15 days
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Diffstat (limited to 'ipsilon')
-rwxr-xr-x | ipsilon/login/authform.py | 2 | ||||
-rwxr-xr-x | ipsilon/login/authkrb.py | 2 | ||||
-rwxr-xr-x | ipsilon/login/authpam.py | 2 | ||||
-rwxr-xr-x | ipsilon/login/authtest.py | 2 | ||||
-rwxr-xr-x | ipsilon/login/common.py | 26 |
5 files changed, 29 insertions, 5 deletions
diff --git a/ipsilon/login/authform.py b/ipsilon/login/authform.py index c59e722..85b31bd 100755 --- a/ipsilon/login/authform.py +++ b/ipsilon/login/authform.py @@ -33,7 +33,7 @@ class Form(LoginFormBase): us.remote_login() user = us.get_user() if not user.is_anonymous: - return self.lm.auth_successful(user.name) + return self.lm.auth_successful(user.name, 'password') else: try: error = cherrypy.request.headers['EXTERNAL_AUTH_ERROR'] diff --git a/ipsilon/login/authkrb.py b/ipsilon/login/authkrb.py index af659e7..d5ceaf3 100755 --- a/ipsilon/login/authkrb.py +++ b/ipsilon/login/authkrb.py @@ -40,7 +40,7 @@ class KrbAuth(LoginPageBase): # was set. Check the session has a user set already or error. if self.user and self.user.name: userdata = {'krb_principal_name': self.user.name} - return self.lm.auth_successful(self.user.name, userdata) + return self.lm.auth_successful(self.user.name, 'krb', userdata) else: return self.lm.auth_failed() diff --git a/ipsilon/login/authpam.py b/ipsilon/login/authpam.py index c88f0a0..58e07cf 100755 --- a/ipsilon/login/authpam.py +++ b/ipsilon/login/authpam.py @@ -49,7 +49,7 @@ class Pam(LoginFormBase): if username and password: user = self._authenticate(username, password) if user: - return self.lm.auth_successful(user) + return self.lm.auth_successful(user, 'password') else: error = "Authentication failed" cherrypy.log.error(error) diff --git a/ipsilon/login/authtest.py b/ipsilon/login/authtest.py index df826c8..8eae0b6 100755 --- a/ipsilon/login/authtest.py +++ b/ipsilon/login/authtest.py @@ -33,7 +33,7 @@ class TestAuth(LoginFormBase): if username and password: if password == 'ipsilon': cherrypy.log("User %s successfully authenticated." % username) - return self.lm.auth_successful(username) + return self.lm.auth_successful(username, 'password') else: cherrypy.log("User %s failed authentication." % username) error = "Authentication failed" diff --git a/ipsilon/login/common.py b/ipsilon/login/common.py index b451550..9dbcc0f 100755 --- a/ipsilon/login/common.py +++ b/ipsilon/login/common.py @@ -25,6 +25,9 @@ from ipsilon.util.plugin import PluginInstaller import cherrypy +USERNAME_COOKIE = 'ipsilon_default_username' + + class LoginManagerBase(PluginObject, Log): def __init__(self): @@ -36,7 +39,7 @@ class LoginManagerBase(PluginObject, Log): base = cherrypy.config.get('base.mount', "") raise cherrypy.HTTPRedirect('%s/login/%s' % (base, path)) - def auth_successful(self, username, userdata=None): + def auth_successful(self, username, auth_type=None, userdata=None): # save ref before calling UserSession login() as it # may regenerate the session session = UserSession() @@ -44,8 +47,24 @@ class LoginManagerBase(PluginObject, Log): if not ref: ref = cherrypy.config.get('base.mount', "") + '/' + if auth_type: + if userdata: + userdata.update({'auth_type': auth_type}) + else: + userdata = {'auth_type': auth_type} + session.login(username, userdata) + # save username into a cookie if parent was form base auth + if auth_type == 'password': + cherrypy.response.cookie[USERNAME_COOKIE] = username + cherrypy.response.cookie[USERNAME_COOKIE]['path'] = \ + cherrypy.config.get('base.mount', '/') + cherrypy.response.cookie[USERNAME_COOKIE]['secure'] = True + cherrypy.response.cookie[USERNAME_COOKIE]['httponly'] = True + # 15 days + cherrypy.response.cookie[USERNAME_COOKIE]['max-age'] = 1296000 + raise cherrypy.HTTPRedirect(ref) def auth_failed(self): @@ -148,6 +167,10 @@ class LoginFormBase(LoginPageBase): if self.lm.next_login is not None: next_url = self.lm.next_login.path + username = '' + if USERNAME_COOKIE in cherrypy.request.cookie: + username = cherrypy.request.cookie[USERNAME_COOKIE].value + context = { "title": 'Login', "action": '%s/%s' % (self.basepath, self.formpage), @@ -156,6 +179,7 @@ class LoginFormBase(LoginPageBase): "password_text": self.lm.password_text, "description": self.lm.help_text, "next_url": next_url, + "username": username, } context.update(kwargs) return context |