CAT-SOOP is a flexible, programmable learning management system based on the Python programming language. https://catsoop.mit.edu
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 

94 lines
3.9 KiB

  1. # This file is part of CAT-SOOP
  2. # Copyright (c) 2011-2017 Adam Hartz <hartz@mit.edu>
  3. #
  4. # This program is free software: you can redistribute it and/or modify it under
  5. # the terms of the GNU Affero General Public License as published by the Free
  6. # Software Foundation, either version 3 of the License, or (at your option) any
  7. # later version.
  8. #
  9. # This program is distributed in the hope that it will be useful, but WITHOUT
  10. # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  11. # FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
  12. # details.
  13. #
  14. # You should have received a copy of the GNU Affero General Public License
  15. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  16. import urllib.parse
  17. def get_logged_in_user(context):
  18. session = context['cs_session_data']
  19. logintype = context['csm_auth'].get_auth_type_by_name(context, 'login')
  20. def generate_token():
  21. return logintype['generate_confirmation_token'](50)
  22. _get_base_url = logintype['_get_base_url']
  23. # if the session tells us someone is logged in, return their
  24. # information
  25. action = context['cs_form'].get('loginaction', None)
  26. if action == 'logout':
  27. context['cs_session_data'] = {}
  28. return {'cs_reload': True}
  29. elif 'username' in session and session.get('course', None) == context['cs_course']:
  30. uname = session['username']
  31. return {'username': uname,
  32. 'name': session.get('name', uname),
  33. 'email': session.get('email', uname)}
  34. elif action is None:
  35. if context.get('cs_view_without_auth', True):
  36. old_postload = context.get('cs_post_load', None)
  37. def new_postload(context):
  38. if old_postload is not None:
  39. old_postload(context)
  40. context['cs_content'] = ((LOGIN_BOX % (_get_base_url(context), context['cs_openid_server'])) +
  41. context['cs_content'])
  42. context['cs_post_load'] = new_postload
  43. return {}
  44. else:
  45. context['cs_handler'] = 'passthrough'
  46. context['cs_content_header'] = 'Please Log In'
  47. context['cs_content'] = LOGIN_PAGE % (_get_base_url(context), context['cs_openid_server'])
  48. return {'cs_render_now': True}
  49. elif action == 'redirect':
  50. redir_url = '%s/__AUTH__/openid_connect/callback' % context['cs_url_root']
  51. scope = context.get('cs_openid_scope', 'openid profile email')
  52. state = generate_token()
  53. nonce = generate_token()
  54. get_data = {'redirect_uri': redir_url,
  55. 'state': state,
  56. 'nonce': nonce,
  57. 'scope': scope,
  58. 'client_id': context.get('cs_openid_client_id', None),
  59. 'response_type': 'code'}
  60. openid_url = context.get('cs_openid_server', None)
  61. session['_openid_course'] = context['cs_course']
  62. session['_openid_path'] = context['cs_path_info']
  63. session['_openid_nonce'] = nonce
  64. session['_openid_state'] = state
  65. qstring = urllib.parse.urlencode(get_data)
  66. return {'cs_redirect': '%s/authorize?%s' % (openid_url, qstring)}
  67. else:
  68. raise Exception("Unknown action: %r" % action)
  69. LOGIN_PAGE = """
  70. Access to this page requires logging in via OpenID Connect. Please <a
  71. href="%s?loginaction=redirect">Log In</a> to continue.<br/>Note that this link
  72. will take you to an external site (<tt>%s</tt>) to authenticate, and then you
  73. will be redirected back to this page.
  74. """
  75. LOGIN_BOX = """
  76. <div class="response">
  77. <b><center>You are not logged in.</center></b><br/>
  78. If you are a current student, please <a href="%s?loginaction=redirect">Log
  79. In</a> for full access to the web site.<br/>Note that this link will take you to
  80. an external site (<tt>%s</tt>) to authenticate, and then you will be redirected
  81. back to this page.
  82. </div>
  83. """