Mercurial > libervia-web

comparison src/server/server.py @ 794:6a2fd7807770

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
server_side: if a user tries to login with a full JID but his host is the local domain, login with the user part only
author souliane <souliane@mailoo.org>
date Mon, 07 Dec 2015 21:21:44 +0100
parents 249e49f56f67
children fad9c9f82ae3
comparison
equal deleted inserted replaced
793:249e49f56f67 794:6a2fd7807770
772 return C.BAD_REQUEST 772 return C.BAD_REQUEST
773 773
774 if submit_type == 'register': 774 if submit_type == 'register':
775 return self._registerNewAccount(request) 775 return self._registerNewAccount(request)
776 elif submit_type == 'login': 776 elif submit_type == 'login':
777 return self._loginAccount(request) 777 d = self.asyncBridgeCall("getNewAccountDomain")
778 d.addCallback(lambda domain: self._loginAccount(request, domain))
779 return server.NOT_DONE_YET
778 return Exception('Unknown submit type') 780 return Exception('Unknown submit type')
779 781
780 def _loginAccount(self, request): 782 def _loginAccount(self, request, new_account_domain):
781 """Try to authenticate the user with the request information. 783 """Try to authenticate the user with the request information.
784
782 @param request: request of the register form 785 @param request: request of the register form
786 @param new_account_domain (unicode): host corresponding to the local domain
783 @return: a constant indicating the state: 787 @return: a constant indicating the state:
784 - C.BAD_REQUEST: something is wrong in the request (bad arguments) 788 - C.BAD_REQUEST: something is wrong in the request (bad arguments)
785 - C.PROFILE_AUTH_ERROR: either the profile (login) or the profile password is wrong 789 - C.PROFILE_AUTH_ERROR: either the profile (login) or the profile password is wrong
786 - C.XMPP_AUTH_ERROR: the profile is authenticated but the XMPP password is wrong 790 - C.XMPP_AUTH_ERROR: the profile is authenticated but the XMPP password is wrong
787 - C.ALREADY_WAITING: a request has already been submitted for this profile 791 - C.ALREADY_WAITING: a request has already been submitted for this profile
790 """ 794 """
791 try: 795 try:
792 login = request.args['login'][0] 796 login = request.args['login'][0]
793 password = request.args['login_password'][0] 797 password = request.args['login_password'][0]
794 except KeyError: 798 except KeyError:
795 return C.BAD_REQUEST 799 request.write(C.BAD_REQUEST)
800 request.finish()
801 return
796 802
797 if login.startswith('@'): # this is checked by javascript but also here for security reason 803 if login.startswith('@'): # this is checked by javascript but also here for security reason
798 raise Exception('No profile_key allowed') 804 raise Exception('No profile_key allowed')
799 805
800 try: 806 try:
807 login_jid = jid.JID(login)
808 except (RuntimeError, jid.InvalidFormat, AttributeError):
809 request.write(C.PROFILE_AUTH_ERROR)
810 request.finish()
811 return
812
813 # redirect "user@libervia.org" to the "user" profile
814 if login_jid.host == new_account_domain:
815 login = login_jid.user
816
817 try:
801 profile = self.sat_host.bridge.getProfileName(login) 818 profile = self.sat_host.bridge.getProfileName(login)
802 except Exception as e: 819 except Exception:
803 try: # try to connect using XMPP credentials instead of SàT profile credentials 820 # try to connect using XMPP credentials instead of SàT profile credentials
804 jid.JID(login)
805 except (RuntimeError, jid.InvalidFormat, AttributeError):
806 return C.PROFILE_AUTH_ERROR
807 profile = login 821 profile = login
808 connect_method = "asyncConnectWithXMPPCredentials" 822 connect_method = "asyncConnectWithXMPPCredentials"
809 else: 823 else:
810 if profile != login: 824 if profile != login or (not password and profile not in self.sat_host.empty_password_allowed_warning_dangerous_list):
811 return C.PROFILE_AUTH_ERROR 825 # profiles with empty passwords are restricted to local frontends
812 if not password and profile not in self.sat_host.empty_password_allowed_warning_dangerous_list: 826 request.write(C.PROFILE_AUTH_ERROR)
813 return C.PROFILE_AUTH_ERROR # profiles with empty passwords are restricted to local frontends 827 request.finish()
828 return
829
814 connect_method = "asyncConnect" 830 connect_method = "asyncConnect"
815 831
816 if self.waiting_profiles.getRequest(profile): 832 if self.waiting_profiles.getRequest(profile):
817 return C.ALREADY_WAITING 833 request.write(C.ALREADY_WAITING)
834 request.finish()
835 return
818 836
819 def auth_eb(failure): 837 def auth_eb(failure):
820 fault = failure.value.faultString 838 fault = failure.value.faultString
821 self.waiting_profiles.purgeRequest(profile) 839 self.waiting_profiles.purgeRequest(profile)
822 if fault in ('PasswordError', 'ProfileUnknownError'): 840 if fault in ('PasswordError', 'ProfileUnknownError'):
834 request.finish() 852 request.finish()
835 853
836 self.waiting_profiles.setRequest(request, profile) 854 self.waiting_profiles.setRequest(request, profile)
837 d = self.asyncBridgeCall(connect_method, profile, password) 855 d = self.asyncBridgeCall(connect_method, profile, password)
838 d.addCallbacks(lambda connected: self._logged(profile, request) if connected else None, auth_eb) 856 d.addCallbacks(lambda connected: self._logged(profile, request) if connected else None, auth_eb)
839
840 return server.NOT_DONE_YET
841
842 857
843 def _registerNewAccount(self, request): 858 def _registerNewAccount(self, request):
844 """Create a new account, or return error 859 """Create a new account, or return error
845 @param request: request of the register form 860 @param request: request of the register form
846 @return: a constant indicating the state: 861 @return: a constant indicating the state: