From 25b5059016f49ec378d7d3e823ed2b105b20c7bc Mon Sep 17 00:00:00 2001 From: Ant Zucaro Date: Fri, 13 Jun 2014 14:01:01 -0400 Subject: [PATCH] Verify logins with pyramid_persona. --- xonstat/__init__.py | 3 +++ xonstat/views/__init__.py | 2 +- xonstat/views/admin.py | 26 +++++++++++++++++++++++++- 3 files changed, 29 insertions(+), 2 deletions(-) diff --git a/xonstat/__init__.py b/xonstat/__init__.py index ff783f9..3ce684c 100644 --- a/xonstat/__init__.py +++ b/xonstat/__init__.py @@ -171,6 +171,9 @@ def main(global_config, **settings): # ADMIN ROUTES config.add_forbidden_view(forbidden, renderer="forbidden.mako") + config.add_route("login", "/login") + config.add_view(login, route_name="login", check_csrf=True, renderer="json") + config.add_route("merge", "/merge") config.add_view(route_name="merge", renderer="merge.mako", permission="admin") diff --git a/xonstat/views/__init__.py b/xonstat/views/__init__.py index a084bcc..bdc53ba 100644 --- a/xonstat/views/__init__.py +++ b/xonstat/views/__init__.py @@ -29,4 +29,4 @@ from xonstat.views.exceptions import notfound from xonstat.views.main import main_index, top_players_by_time, top_servers_by_players from xonstat.views.main import top_servers_by_players, top_maps_by_times_played -from xonstat.views.admin import forbidden +from xonstat.views.admin import forbidden, login diff --git a/xonstat/views/admin.py b/xonstat/views/admin.py index f46aca2..b8f6486 100644 --- a/xonstat/views/admin.py +++ b/xonstat/views/admin.py @@ -1,8 +1,32 @@ from pyramid.response import Response -from pyramid.httpexceptions import HTTPForbidden +from pyramid.httpexceptions import HTTPForbidden, HTTPFound +from pyramid.security import remember, forget +from pyramid_persona.views import verify_login +from xonstat.models import * def forbidden(request): '''A simple forbidden view. Does nothing more than set the status and then gets the heck out of dodge. The forbidden.mako template does the work.''' request.response.status = 403 return {} + +def login(request): + # Verify the assertion and get the email of the user + persona_email = verify_login(request) + + # Check that the email exists in the players table + player_email = DBSession.query(Player).\ + filter(Player.email_addr == persona_email).one() + + #log.debug("Verified email address: %s" % persona_email) + #log.debug("Corresponding player is %s" % player_email) + + if player_email is not None: + # Add the headers required to remember the user to the response + request.response.headers.extend(remember(request, persona_email)) + else: + url = request.route_url("forbidden") + return HTTPFound(location=url) + + # Return a json message containing the address or path to redirect to. + return {'redirect': request.POST['came_from'], 'success': True} -- 2.39.2