Mercurial > libervia-web
view libervia/web/pages/login/page_meta.py @ 1597:c1c1d68d063e
pages (lists): uses std lib `json` and don't use anymore `DOMNODE`:
those tricks are not needed anymore with recent versions of Brython.
author | Goffi <goffi@goffi.org> |
---|---|
date | Sun, 11 Feb 2024 21:32:53 +0100 |
parents | 7941444c1671 |
children |
line wrap: on
line source
#!/usr/bin/env python3 from libervia.backend.core.i18n import _ from libervia.backend.core import exceptions from libervia.web.server.constants import Const as C from libervia.web.server import session_iface from twisted.internet import defer from libervia.backend.core.log import getLogger log = getLogger(__name__) """Libervia Web log-in page, with link to create an account""" name = "login" access = C.PAGES_ACCESS_PUBLIC template = "login/login.html" def prepare_render(self, request): template_data = request.template_data # we redirect to logged page if a session is active profile = self.get_profile(request) if profile is not None: self.page_redirect("/login/logged", request) # login error message session_data = self.host.get_session_data(request, session_iface.IWebSession) login_error = session_data.pop_page_data(self, "login_error") if login_error is not None: template_data["S_C"] = C # we need server constants in template template_data["login_error"] = login_error template_data["empty_password_allowed"] = bool( self.host.options["empty_password_allowed_warning_dangerous_list"] ) # register page url if self.host.options["allow_registration"]: template_data["register_url"] = self.get_page_redirect_url(request, "register") # if login is set, we put it in template to prefill field template_data["login"] = session_data.pop_page_data(self, "login") def login_error(self, request, error_const): """set login_error in page data @param error_const(unicode): one of login error constant @return C.POST_NO_CONFIRM: avoid confirm message """ session_data = self.host.get_session_data(request, session_iface.IWebSession) session_data.set_page_data(self, "login_error", error_const) return C.POST_NO_CONFIRM async def on_data_post(self, request): profile = self.get_profile(request) type_ = self.get_posted_data(request, "type") if type_ == "disconnect": if profile is None: log.warning(_("Disconnect called when no profile is logged")) self.page_error(request, C.HTTP_BAD_REQUEST) else: self.host.purge_session(request) return C.POST_NO_CONFIRM elif type_ == "login": login, password = self.get_posted_data(request, ("login", "password")) try: status = await self.host.connect(request, login, password) except exceptions.ProfileUnknownError: # the profile doesn't exist, we return the same error as for invalid password # to avoid bruteforcing valid profiles log.warning(f"login tentative with invalid profile: {login!r}") return login_error(self, request, C.PROFILE_AUTH_ERROR) except ValueError as e: message = str(e) if message in (C.XMPP_AUTH_ERROR, C.PROFILE_AUTH_ERROR): return login_error(self, request, message) else: # this error was not expected! raise e except exceptions.TimeOutError: return login_error(self, request, C.NO_REPLY) else: if status in (C.PROFILE_LOGGED, C.PROFILE_LOGGED_EXT_JID, C.SESSION_ACTIVE): # Profile has been logged correctly self.redirect_or_continue(request) else: log.error(_("Unhandled status: {status}".format(status=status))) else: self.page_error(request, C.HTTP_BAD_REQUEST)