annotate libervia/pages/login/page_meta.py @ 1227:15f90fd688b5

pages (login): catch ProfileUnknownError and show a C.PROFILE_AUTH_ERROR: ProfileUnknownError where not catched, resulting in an internal error when an invalid profile was entered. This patch fixes it by displaying a PROFILE_AUTH_ERROR, the same one as for invalid password.
author Goffi <goffi@goffi.org>
date Fri, 08 Nov 2019 17:07:02 +0100
parents b2d067339de3
children f511f8fbbf8a
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1216
b2d067339de3 python 3 port:
Goffi <goffi@goffi.org>
parents: 1145
diff changeset
1 #!/usr/bin/env python3
963
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
2 # -*- coding: utf-8 -*-
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
3
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
4 from sat.core.i18n import _
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
5 from sat.core import exceptions
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
6 from libervia.server.constants import Const as C
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
7 from libervia.server import session_iface
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
8 from twisted.internet import defer
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
9 from sat.core.log import getLogger
1113
cdd389ef97bc server: code style reformatting using black
Goffi <goffi@goffi.org>
parents: 963
diff changeset
10
1145
29eb15062416 pages: set __name__ for imported pages
Goffi <goffi@goffi.org>
parents: 1124
diff changeset
11 log = getLogger(__name__)
963
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
12
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
13 """SàT log-in page, with link to create an account"""
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
14
1216
b2d067339de3 python 3 port:
Goffi <goffi@goffi.org>
parents: 1145
diff changeset
15 name = "login"
963
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
16 access = C.PAGES_ACCESS_PUBLIC
1216
b2d067339de3 python 3 port:
Goffi <goffi@goffi.org>
parents: 1145
diff changeset
17 template = "login/login.html"
963
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
18
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
19
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
20 def prepare_render(self, request):
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
21 template_data = request.template_data
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
22
1113
cdd389ef97bc server: code style reformatting using black
Goffi <goffi@goffi.org>
parents: 963
diff changeset
23 #  we redirect to logged page if a session is active
963
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
24 profile = self.getProfile(request)
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
25 if profile is not None:
1113
cdd389ef97bc server: code style reformatting using black
Goffi <goffi@goffi.org>
parents: 963
diff changeset
26 self.pageRedirect("/login/logged", request)
963
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
27
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
28 # login error message
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
29 session_data = self.host.getSessionData(request, session_iface.ISATSession)
1113
cdd389ef97bc server: code style reformatting using black
Goffi <goffi@goffi.org>
parents: 963
diff changeset
30 login_error = session_data.popPageData(self, "login_error")
963
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
31 if login_error is not None:
1113
cdd389ef97bc server: code style reformatting using black
Goffi <goffi@goffi.org>
parents: 963
diff changeset
32 template_data["S_C"] = C # we need server constants in template
cdd389ef97bc server: code style reformatting using black
Goffi <goffi@goffi.org>
parents: 963
diff changeset
33 template_data["login_error"] = login_error
cdd389ef97bc server: code style reformatting using black
Goffi <goffi@goffi.org>
parents: 963
diff changeset
34 template_data["empty_password_allowed"] = bool(
cdd389ef97bc server: code style reformatting using black
Goffi <goffi@goffi.org>
parents: 963
diff changeset
35 self.host.options["empty_password_allowed_warning_dangerous_list"]
cdd389ef97bc server: code style reformatting using black
Goffi <goffi@goffi.org>
parents: 963
diff changeset
36 )
963
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
37
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
38 # register page url
1113
cdd389ef97bc server: code style reformatting using black
Goffi <goffi@goffi.org>
parents: 963
diff changeset
39 template_data["register_url"] = self.getPageRedirectURL(request, "register")
963
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
40
1113
cdd389ef97bc server: code style reformatting using black
Goffi <goffi@goffi.org>
parents: 963
diff changeset
41 #  if login is set, we put it in template to prefill field
cdd389ef97bc server: code style reformatting using black
Goffi <goffi@goffi.org>
parents: 963
diff changeset
42 template_data["login"] = session_data.popPageData(self, "login")
cdd389ef97bc server: code style reformatting using black
Goffi <goffi@goffi.org>
parents: 963
diff changeset
43
963
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
44
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
45 def login_error(self, request, error_const):
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
46 """set login_error in page data
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
47
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
48 @param error_const(unicode): one of login error constant
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
49 @return C.POST_NO_CONFIRM: avoid confirm message
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
50 """
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
51 session_data = self.host.getSessionData(request, session_iface.ISATSession)
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
52 session_data.setPageData(self, "login_error", error_const)
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
53 return C.POST_NO_CONFIRM
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
54
1113
cdd389ef97bc server: code style reformatting using black
Goffi <goffi@goffi.org>
parents: 963
diff changeset
55
963
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
56 @defer.inlineCallbacks
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
57 def on_data_post(self, request):
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
58 profile = self.getProfile(request)
1113
cdd389ef97bc server: code style reformatting using black
Goffi <goffi@goffi.org>
parents: 963
diff changeset
59 type_ = self.getPostedData(request, "type")
cdd389ef97bc server: code style reformatting using black
Goffi <goffi@goffi.org>
parents: 963
diff changeset
60 if type_ == "disconnect":
963
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
61 if profile is None:
1216
b2d067339de3 python 3 port:
Goffi <goffi@goffi.org>
parents: 1145
diff changeset
62 log.warning(_("Disconnect called when no profile is logged"))
963
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
63 self.pageError(request, C.HTTP_BAD_REQUEST)
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
64 else:
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
65 self.host.purgeSession(request)
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
66 defer.returnValue(C.POST_NO_CONFIRM)
1113
cdd389ef97bc server: code style reformatting using black
Goffi <goffi@goffi.org>
parents: 963
diff changeset
67 elif type_ == "login":
1216
b2d067339de3 python 3 port:
Goffi <goffi@goffi.org>
parents: 1145
diff changeset
68 login, password = self.getPostedData(request, ("login", "password"))
963
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
69 try:
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
70 status = yield self.host.connect(request, login, password)
1227
15f90fd688b5 pages (login): catch ProfileUnknownError and show a C.PROFILE_AUTH_ERROR:
Goffi <goffi@goffi.org>
parents: 1216
diff changeset
71 except exceptions.ProfileUnknownError:
15f90fd688b5 pages (login): catch ProfileUnknownError and show a C.PROFILE_AUTH_ERROR:
Goffi <goffi@goffi.org>
parents: 1216
diff changeset
72 # the profile doesn't exist, we return the same error as for invalid password
15f90fd688b5 pages (login): catch ProfileUnknownError and show a C.PROFILE_AUTH_ERROR:
Goffi <goffi@goffi.org>
parents: 1216
diff changeset
73 # to avoid bruteforcing valid profiles
15f90fd688b5 pages (login): catch ProfileUnknownError and show a C.PROFILE_AUTH_ERROR:
Goffi <goffi@goffi.org>
parents: 1216
diff changeset
74 log.warning(f"login tentative with invalid profile: {login!r}")
15f90fd688b5 pages (login): catch ProfileUnknownError and show a C.PROFILE_AUTH_ERROR:
Goffi <goffi@goffi.org>
parents: 1216
diff changeset
75 defer.returnValue(login_error(self, request, C.PROFILE_AUTH_ERROR))
963
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
76 except ValueError as e:
1227
15f90fd688b5 pages (login): catch ProfileUnknownError and show a C.PROFILE_AUTH_ERROR:
Goffi <goffi@goffi.org>
parents: 1216
diff changeset
77 if e.message in (C.XMPP_AUTH_ERROR, C.PROFILE_AUTH_ERROR):
15f90fd688b5 pages (login): catch ProfileUnknownError and show a C.PROFILE_AUTH_ERROR:
Goffi <goffi@goffi.org>
parents: 1216
diff changeset
78 defer.returnValue(login_error(self, request, e.message))
963
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
79 else:
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
80 # this error was not expected!
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
81 raise e
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
82 except exceptions.TimeOutError:
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
83 defer.returnValue(login_error(self, request, C.NO_REPLY))
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
84 else:
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
85 if status in (C.PROFILE_LOGGED, C.PROFILE_LOGGED_EXT_JID, C.SESSION_ACTIVE):
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
86 # Profile has been logged correctly
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
87 self.redirectOrContinue(request)
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
88 else:
1216
b2d067339de3 python 3 port:
Goffi <goffi@goffi.org>
parents: 1145
diff changeset
89 log.error(_("Unhandled status: {status}".format(status=status)))
963
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
90 else:
2932170bb526 pages: added login/logged and register pages
Goffi <goffi@goffi.org>
parents:
diff changeset
91 self.pageError(request, C.HTTP_BAD_REQUEST)