Mercurial > libervia-web
diff src/server/server.py @ 794:6a2fd7807770
server_side: if a user tries to login with a full JID but his host is the local domain, login with the user part only
| author | souliane <souliane@mailoo.org> |
|---|---|
| date | Mon, 07 Dec 2015 21:21:44 +0100 |
| parents | 249e49f56f67 |
| children | fad9c9f82ae3 |
line wrap: on
line diff
--- a/src/server/server.py Tue Dec 08 00:12:51 2015 +0100 +++ b/src/server/server.py Mon Dec 07 21:21:44 2015 +0100 @@ -774,12 +774,16 @@ if submit_type == 'register': return self._registerNewAccount(request) elif submit_type == 'login': - return self._loginAccount(request) + d = self.asyncBridgeCall("getNewAccountDomain") + d.addCallback(lambda domain: self._loginAccount(request, domain)) + return server.NOT_DONE_YET return Exception('Unknown submit type') - def _loginAccount(self, request): + def _loginAccount(self, request, new_account_domain): """Try to authenticate the user with the request information. + @param request: request of the register form + @param new_account_domain (unicode): host corresponding to the local domain @return: a constant indicating the state: - C.BAD_REQUEST: something is wrong in the request (bad arguments) - C.PROFILE_AUTH_ERROR: either the profile (login) or the profile password is wrong @@ -792,29 +796,43 @@ login = request.args['login'][0] password = request.args['login_password'][0] except KeyError: - return C.BAD_REQUEST + request.write(C.BAD_REQUEST) + request.finish() + return if login.startswith('@'): # this is checked by javascript but also here for security reason raise Exception('No profile_key allowed') try: + login_jid = jid.JID(login) + except (RuntimeError, jid.InvalidFormat, AttributeError): + request.write(C.PROFILE_AUTH_ERROR) + request.finish() + return + + # redirect "user@libervia.org" to the "user" profile + if login_jid.host == new_account_domain: + login = login_jid.user + + try: profile = self.sat_host.bridge.getProfileName(login) - except Exception as e: - try: # try to connect using XMPP credentials instead of SàT profile credentials - jid.JID(login) - except (RuntimeError, jid.InvalidFormat, AttributeError): - return C.PROFILE_AUTH_ERROR + except Exception: + # try to connect using XMPP credentials instead of SàT profile credentials profile = login connect_method = "asyncConnectWithXMPPCredentials" else: - if profile != login: - return C.PROFILE_AUTH_ERROR - if not password and profile not in self.sat_host.empty_password_allowed_warning_dangerous_list: - return C.PROFILE_AUTH_ERROR # profiles with empty passwords are restricted to local frontends + if profile != login or (not password and profile not in self.sat_host.empty_password_allowed_warning_dangerous_list): + # profiles with empty passwords are restricted to local frontends + request.write(C.PROFILE_AUTH_ERROR) + request.finish() + return + connect_method = "asyncConnect" if self.waiting_profiles.getRequest(profile): - return C.ALREADY_WAITING + request.write(C.ALREADY_WAITING) + request.finish() + return def auth_eb(failure): fault = failure.value.faultString @@ -837,9 +855,6 @@ d = self.asyncBridgeCall(connect_method, profile, password) d.addCallbacks(lambda connected: self._logged(profile, request) if connected else None, auth_eb) - return server.NOT_DONE_YET - - def _registerNewAccount(self, request): """Create a new account, or return error @param request: request of the register form