# HG changeset patch # User souliane # Date 1449519704 -3600 # Node ID 6a2fd7807770c4378b1024c555f70fe862fa9873 # Parent 249e49f56f67ad16d62ceec93394e1b7f755b3a9 server_side: if a user tries to login with a full JID but his host is the local domain, login with the user part only diff -r 249e49f56f67 -r 6a2fd7807770 src/server/server.py --- a/src/server/server.py Tue Dec 08 00:12:51 2015 +0100 +++ b/src/server/server.py Mon Dec 07 21:21:44 2015 +0100 @@ -774,12 +774,16 @@ if submit_type == 'register': return self._registerNewAccount(request) elif submit_type == 'login': - return self._loginAccount(request) + d = self.asyncBridgeCall("getNewAccountDomain") + d.addCallback(lambda domain: self._loginAccount(request, domain)) + return server.NOT_DONE_YET return Exception('Unknown submit type') - def _loginAccount(self, request): + def _loginAccount(self, request, new_account_domain): """Try to authenticate the user with the request information. + @param request: request of the register form + @param new_account_domain (unicode): host corresponding to the local domain @return: a constant indicating the state: - C.BAD_REQUEST: something is wrong in the request (bad arguments) - C.PROFILE_AUTH_ERROR: either the profile (login) or the profile password is wrong @@ -792,29 +796,43 @@ login = request.args['login'][0] password = request.args['login_password'][0] except KeyError: - return C.BAD_REQUEST + request.write(C.BAD_REQUEST) + request.finish() + return if login.startswith('@'): # this is checked by javascript but also here for security reason raise Exception('No profile_key allowed') try: + login_jid = jid.JID(login) + except (RuntimeError, jid.InvalidFormat, AttributeError): + request.write(C.PROFILE_AUTH_ERROR) + request.finish() + return + + # redirect "user@libervia.org" to the "user" profile + if login_jid.host == new_account_domain: + login = login_jid.user + + try: profile = self.sat_host.bridge.getProfileName(login) - except Exception as e: - try: # try to connect using XMPP credentials instead of SàT profile credentials - jid.JID(login) - except (RuntimeError, jid.InvalidFormat, AttributeError): - return C.PROFILE_AUTH_ERROR + except Exception: + # try to connect using XMPP credentials instead of SàT profile credentials profile = login connect_method = "asyncConnectWithXMPPCredentials" else: - if profile != login: - return C.PROFILE_AUTH_ERROR - if not password and profile not in self.sat_host.empty_password_allowed_warning_dangerous_list: - return C.PROFILE_AUTH_ERROR # profiles with empty passwords are restricted to local frontends + if profile != login or (not password and profile not in self.sat_host.empty_password_allowed_warning_dangerous_list): + # profiles with empty passwords are restricted to local frontends + request.write(C.PROFILE_AUTH_ERROR) + request.finish() + return + connect_method = "asyncConnect" if self.waiting_profiles.getRequest(profile): - return C.ALREADY_WAITING + request.write(C.ALREADY_WAITING) + request.finish() + return def auth_eb(failure): fault = failure.value.faultString @@ -837,9 +855,6 @@ d = self.asyncBridgeCall(connect_method, profile, password) d.addCallbacks(lambda connected: self._logged(profile, request) if connected else None, auth_eb) - return server.NOT_DONE_YET - - def _registerNewAccount(self, request): """Create a new account, or return error @param request: request of the register form