def GET(self, get_string=''): log.loggit('default.GET()') # Try to detemine the username from the query username = '' if web.input().has_key('username'): username = web.input()['username'] adb = accountdb.AccountDB() if username: account = adb.review_account(username) if account: return { 'status': 'success', 'account': wputil.clean_account(account) } else: return { 'status': 'failure', 'message': 'No account: %s' % (username) } else: accounts = adb.review_accounts() for account in accounts: account = wputil.clean_account(account) return {'status': 'success', 'accounts': accounts}
def GET(self, get_string=''): log.loggit('delete.GET()') # Grab the username from the get string username = get_string.lstrip('/') if username == 'admin': return { 'status': 'error', 'message': 'You cannot delete the administration account.' } # Try both account by id and by username adb = accountdb.AccountDB() account = adb.review_account(username) if not account: return { 'status': 'error', 'message': 'No such account exists: %s' % (username) } # Instantiate a form and populate it with the data f = delete_confirmation_form() f.fill(account) return { 'status': 'success', 'message': 'Are you sure you wish to delete the account: %s' % account['username'], 'form': f }
def POST(self, get_string=''): log.loggit('delete.POST()') # Catch the cancel button if web.input().has_key('cancel'): raise web.seeother('../') # Validate the form f = delete_confirmation_form() if not f.validates(): return { 'status': 'error', 'message': 'Verify all information has been provided correctly.', 'form': f } if f.d['username'] == 'admin': return { 'status': 'error', 'message': 'You cannot delete the administration account.' } # update the account in the database adb = accountdb.AccountDB() try: row = adb.delete_account(f.d['username']) except: return { 'status': 'error', 'message': 'An error occurred deleting the account.' } raise web.seeother('../')
def GET(self, get_string=''): log.loggit('update.GET()') # Grab the account id from the get string username = get_string.lstrip('/') if not username: raise web.seeother('../') # Must be a matching user or administrator to review accounts wputil.must_match_username_or_admin(username) # Verify account exists adb = accountdb.AccountDB() account = adb.review_account(username) if not account: return { 'status': 'error', 'message': 'No such account exists: %s' % (username) } # Instantiate a form and populate it with the data if wputil.is_admin(): f = admin_account_form() else: f = account_form() f.fill(wputil.clean_account(account)) return { 'status': 'success', 'message': 'Required fields include: id, username, password, password2 - Note that password and password2 must match.', 'form': f }
def validate_basic_auth(): """ Authenticates against the database user accounts using HTTP Basic authentication """ log.loggit('validate_basic_auth()') auth_header = web.ctx.env.get('HTTP_AUTHORIZATION') username = "" password = "" if auth_header is None: raise web.unauthorized(UNAUTHORIZED_MESSAGE, UNAUTHORIZED_HEADERS) elif not auth_header.startswith('Basic '): raise web.unauthorized(UNAUTHORIZED_MESSAGE, UNAUTHORIZED_HEADERS) else: auth = re.sub('^Basic ', '', auth_header) username, password = base64.decodestring(auth).split(':') adb = accountdb.AccountDB() account = adb.login(username, password, False) if account is None: raise web.unauthorized(UNAUTHORIZED_MESSAGE, UNAUTHORIZED_HEADERS) return True
def PUT(self, get_string=''): log.loggit('default.PUT()') adb = accountdb.AccountDB() try: account = adb.update_account(web.input()) except Exception, e: return { 'status': 'failure', 'message': '%s %s' % (repr(e), str(e)) }
def POST(self): log.loggit('rest_login.POST()') wi = web.input() # Get the account credentials adb = accountdb.AccountDB() try: result = adb.login(wi['username'], wi['password']) except Exception, e: return {'status': 'error', 'message': 'An error occurred: %s' % e}
def GET(self, get_string=''): log.loggit('default.GET()') # Get the accounds and delete the password field adb = accountdb.AccountDB() accounts = adb.review_accounts() for account in accounts: account = wputil.clean_account(account) return { 'status': 'success', 'message': 'Select the user account to review, update or delete. Click the Add Account link to create a new account.', 'accounts': accounts }
def DELETE(self, get_string=''): log.loggit('default.DELETE()') if web.input()['username'] == 'admin': return { 'status': 'failure', 'message': 'Cannot delete the admin account.' } adb = accountdb.AccountDB() try: result = adb.delete_account(web.input()['username']) except Exception, e: return { 'status': 'failure', 'message': '%s %s' % (repr(e), str(e)) }
def POST(self): log.loggit('create.POST()') # Check to see if we are canceling out if web.input().has_key('cancel'): raise web.seeother('../') # Validate the form and redirect user if needed f = account_form() if not f.validates(): return { 'status': 'error', 'message': 'Verify all information has been provided correctly.', 'form': f } # We can't add to or modify the f.d Storage, so create a new dict to pass # to create the account acct = {} acct['username'] = f.d['username'] acct['password'] = f.d['password'] acct['role'] = f.d['role'] # Adding blank default fields acct['last_ip'] = '', acct['last_login'] = '', # Adding the consumer_key/consumer_secret to support oauth acct['consumer_key'] = ''.join( random.choice(string.letters) for i in xrange(32)) acct['consumer_secret'] = ''.join( random.choice(string.letters) for i in xrange(32)) # Try to write the data to the database adb = accountdb.AccountDB() try: account = adb.create_account(acct) except Exception, e: return { 'status': 'error', 'message': 'An error occurred: %s' % e, 'form': f }
def validate_two_leg_oauth(): """ Verify 2-legged oauth request using values in "Authorization" header. """ log.loggit('validate_two_leg_oauth()') parameters = web.input() if web.ctx.env.has_key('HTTP_AUTHORIZATION') and web.ctx.env[ 'HTTP_AUTHORIZATION'].startswith('OAuth '): parameters = split_header(web.ctx.env['HTTP_AUTHORIZATION']) # We have to reconstruct the original full URL used when signing # so if there are ever 401 errors verifying a request, look here first. req = oauth2.Request(web.ctx.env['REQUEST_METHOD'], web.ctx['homedomain'] + web.ctx.env['REQUEST_URI'], parameters=parameters) if not req.has_key('oauth_consumer_key'): raise web.unauthorized() # Verify the account referenced in the request is valid adb = accountdb.AccountDB() account = adb.review_account_using_info('consumer_key', req['oauth_consumer_key']) if not account: raise web.unauthorized(UNAUTHORIZED_MESSAGE) # Create an oauth2 Consumer with an account's consumer_key and consumer_secret # to be used to verify the request consumer = oauth2.Consumer(account['consumer_key'], account['consumer_secret']) # Create our oauth2 Server and add hmac-sha1 signature method server = oauth2.Server() server.add_signature_method(oauth2.SignatureMethod_HMAC_SHA1()) # Attempt to verify the authorization request via oauth2 try: server.verify_request(req, consumer, None) except oauth2.Error, e: log.loggit('validate_two_leg_oauth() - %s %s' % (repr(e), str(e))) raise web.unauthorized(e)
def POST(self, get_string=''): log.loggit('update.POST()') # Must be a matching user or administrator to update wputil.must_match_username_or_admin(web.input()['username']) # Catch the cancel button if web.input().has_key('cancel'): if wputil.is_admin(): raise web.seeother('../') else: raise web.seeother('../../') # Validate the form if wputil.is_admin(): f = admin_account_form() else: f = account_form() if not f.validates(): return { 'status': 'error', 'message': 'Verify all information has been provided correctly.', 'form': f } # update the account in the database adb = accountdb.AccountDB() try: account = adb.update_account(f.d) except: return { 'status': 'error', 'message': 'An error occurred updating the account.', 'form': f } raise web.seeother('../review/%s' % (account['username']))
def POST(self): log.loggit('login.POST()') # Check to see if we are canceling out if web.input().has_key('cancel'): raise web.seeother('/', absolute=True) # Validate the form f = login_form() if not f.validates(): return { 'status': 'error', 'message': 'Verify all information has been provided correctly.', 'form': f } # Get the account credentials adb = accountdb.AccountDB() try: result = adb.login(f.d.username, f.d.password) except Exception, e: return {'status': 'error', 'message': 'An error occurred: %s' % e}
#!/usr/bin/python import os import sys import web import json import mimerender import wputil log = wputil.Log('account_review') import accountdb adb = accountdb.AccountDB() mimerender = mimerender.WebPyMimeRender() # These are the URLs we watch for. We don't see the prepended /account portion # in this module because the index.py runs us as a subapplication. urls = ('', wputil.slashy, '/(.*)', 'review') htmlout = web.template.render('templates/', base='layout') render_html = lambda **kwargs: htmlout.account_review(kwargs) class review: """ This class handles the GET method for the /account/review URL. This class displays the individual record based upon the URL. For example: http://xx.xx.xx.xx/account/review/tom <-- look at record with username of tom