Mercurial > libervia-web
annotate libervia/pages/login/page_meta.py @ 1227:15f90fd688b5
pages (login): catch ProfileUnknownError and show a C.PROFILE_AUTH_ERROR:
ProfileUnknownError where not catched, resulting in an internal error when an invalid
profile was entered. This patch fixes it by displaying a PROFILE_AUTH_ERROR, the same one
as for invalid password.
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Fri, 08 Nov 2019 17:07:02 +0100 |
| parents | b2d067339de3 |
| children | f511f8fbbf8a |
| rev | line source |
|---|---|
| 1216 | 1 #!/usr/bin/env python3 |
|
963
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
2 # -*- coding: utf-8 -*- |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
3 |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
4 from sat.core.i18n import _ |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
5 from sat.core import exceptions |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
6 from libervia.server.constants import Const as C |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
7 from libervia.server import session_iface |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
8 from twisted.internet import defer |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
9 from sat.core.log import getLogger |
|
1113
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
963
diff
changeset
|
10 |
|
1145
29eb15062416
pages: set __name__ for imported pages
Goffi <goffi@goffi.org>
parents:
1124
diff
changeset
|
11 log = getLogger(__name__) |
|
963
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
12 |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
13 """SàT log-in page, with link to create an account""" |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
14 |
| 1216 | 15 name = "login" |
|
963
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
16 access = C.PAGES_ACCESS_PUBLIC |
| 1216 | 17 template = "login/login.html" |
|
963
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
18 |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
19 |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
20 def prepare_render(self, request): |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
21 template_data = request.template_data |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
22 |
|
1113
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
963
diff
changeset
|
23 # we redirect to logged page if a session is active |
|
963
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
24 profile = self.getProfile(request) |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
25 if profile is not None: |
|
1113
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
963
diff
changeset
|
26 self.pageRedirect("/login/logged", request) |
|
963
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
27 |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
28 # login error message |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
29 session_data = self.host.getSessionData(request, session_iface.ISATSession) |
|
1113
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
963
diff
changeset
|
30 login_error = session_data.popPageData(self, "login_error") |
|
963
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
31 if login_error is not None: |
|
1113
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
963
diff
changeset
|
32 template_data["S_C"] = C # we need server constants in template |
|
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
963
diff
changeset
|
33 template_data["login_error"] = login_error |
|
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
963
diff
changeset
|
34 template_data["empty_password_allowed"] = bool( |
|
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
963
diff
changeset
|
35 self.host.options["empty_password_allowed_warning_dangerous_list"] |
|
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
963
diff
changeset
|
36 ) |
|
963
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
37 |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
38 # register page url |
|
1113
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
963
diff
changeset
|
39 template_data["register_url"] = self.getPageRedirectURL(request, "register") |
|
963
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
40 |
|
1113
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
963
diff
changeset
|
41 # if login is set, we put it in template to prefill field |
|
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
963
diff
changeset
|
42 template_data["login"] = session_data.popPageData(self, "login") |
|
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
963
diff
changeset
|
43 |
|
963
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
44 |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
45 def login_error(self, request, error_const): |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
46 """set login_error in page data |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
47 |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
48 @param error_const(unicode): one of login error constant |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
49 @return C.POST_NO_CONFIRM: avoid confirm message |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
50 """ |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
51 session_data = self.host.getSessionData(request, session_iface.ISATSession) |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
52 session_data.setPageData(self, "login_error", error_const) |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
53 return C.POST_NO_CONFIRM |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
54 |
|
1113
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
963
diff
changeset
|
55 |
|
963
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
56 @defer.inlineCallbacks |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
57 def on_data_post(self, request): |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
58 profile = self.getProfile(request) |
|
1113
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
963
diff
changeset
|
59 type_ = self.getPostedData(request, "type") |
|
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
963
diff
changeset
|
60 if type_ == "disconnect": |
|
963
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
61 if profile is None: |
| 1216 | 62 log.warning(_("Disconnect called when no profile is logged")) |
|
963
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
63 self.pageError(request, C.HTTP_BAD_REQUEST) |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
64 else: |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
65 self.host.purgeSession(request) |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
66 defer.returnValue(C.POST_NO_CONFIRM) |
|
1113
cdd389ef97bc
server: code style reformatting using black
Goffi <goffi@goffi.org>
parents:
963
diff
changeset
|
67 elif type_ == "login": |
| 1216 | 68 login, password = self.getPostedData(request, ("login", "password")) |
|
963
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
69 try: |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
70 status = yield self.host.connect(request, login, password) |
|
1227
15f90fd688b5
pages (login): catch ProfileUnknownError and show a C.PROFILE_AUTH_ERROR:
Goffi <goffi@goffi.org>
parents:
1216
diff
changeset
|
71 except exceptions.ProfileUnknownError: |
|
15f90fd688b5
pages (login): catch ProfileUnknownError and show a C.PROFILE_AUTH_ERROR:
Goffi <goffi@goffi.org>
parents:
1216
diff
changeset
|
72 # the profile doesn't exist, we return the same error as for invalid password |
|
15f90fd688b5
pages (login): catch ProfileUnknownError and show a C.PROFILE_AUTH_ERROR:
Goffi <goffi@goffi.org>
parents:
1216
diff
changeset
|
73 # to avoid bruteforcing valid profiles |
|
15f90fd688b5
pages (login): catch ProfileUnknownError and show a C.PROFILE_AUTH_ERROR:
Goffi <goffi@goffi.org>
parents:
1216
diff
changeset
|
74 log.warning(f"login tentative with invalid profile: {login!r}") |
|
15f90fd688b5
pages (login): catch ProfileUnknownError and show a C.PROFILE_AUTH_ERROR:
Goffi <goffi@goffi.org>
parents:
1216
diff
changeset
|
75 defer.returnValue(login_error(self, request, C.PROFILE_AUTH_ERROR)) |
|
963
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
76 except ValueError as e: |
|
1227
15f90fd688b5
pages (login): catch ProfileUnknownError and show a C.PROFILE_AUTH_ERROR:
Goffi <goffi@goffi.org>
parents:
1216
diff
changeset
|
77 if e.message in (C.XMPP_AUTH_ERROR, C.PROFILE_AUTH_ERROR): |
|
15f90fd688b5
pages (login): catch ProfileUnknownError and show a C.PROFILE_AUTH_ERROR:
Goffi <goffi@goffi.org>
parents:
1216
diff
changeset
|
78 defer.returnValue(login_error(self, request, e.message)) |
|
963
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
79 else: |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
80 # this error was not expected! |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
81 raise e |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
82 except exceptions.TimeOutError: |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
83 defer.returnValue(login_error(self, request, C.NO_REPLY)) |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
84 else: |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
85 if status in (C.PROFILE_LOGGED, C.PROFILE_LOGGED_EXT_JID, C.SESSION_ACTIVE): |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
86 # Profile has been logged correctly |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
87 self.redirectOrContinue(request) |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
88 else: |
| 1216 | 89 log.error(_("Unhandled status: {status}".format(status=status))) |
|
963
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
90 else: |
|
2932170bb526
pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
91 self.pageError(request, C.HTTP_BAD_REQUEST) |