def Action_Login(self):
hdf = self.ncgi.hdf
q_username = xss.xssescape(
string.lower(hdf.getValue("Query.username", "")))
q_password = hdf.getValue("Query.password", "")
q_persist = hdf.getValue("Query.persist", "0")
q_password_Hash = pwauth.mungePassword(q_password)
if not self.requestURI:
self.requestURI = config.gBaseURL + "%s/" % config.gDefaultModule
hostname = hdf.getValue("HTTP.Host", "")
# open login db to get pw
newhost = hostname
cookieauth.setPersistCookie(self.ncgi, q_persist)
url = self.http + newhost + config.gBaseURL + "login/signin.py?password=%s&persist=%s&Action.Login=1&request=%s&username=%s" % (
neo_cgi.urlEscape(q_password_Hash), q_persist,
neo_cgi.urlEscape(self.requestURI), q_username)
warn("signin0.py", "redirecting to url", url)
self.redirectUri(url)
def checkLoginCookie(self):
hdf = self.ncgi.hdf
requestURI = hdf.getValue("CGI.RequestURI", "")
rurl = config.gBaseURL + "login/signin0.py"
self.authdb = db_auth.initSchema()
logincookie = cookieauth.parseLoginCookie(self.ncgi)
if not logincookie:
self.redirectUri(rurl + "?q=1&request=%s" % neo_cgi.urlEscape(requestURI))
self.username = logincookie.username
self.userRec = self.authdb.users.lookup(self.username)
if self.userRec:
hdf.setValue("CGI.Role", self.userRec.role)
if self.userRec is None or cookieauth.checkLoginCookie(self.ncgi, logincookie, self.authdb, self.username, self.userRec) == 0:
warn("invalid cookie", rurl + "?q=1&request=%s" % neo_cgi.urlEscape(requestURI))
self.redirectUri(rurl + "?q=1&request=%s" % neo_cgi.urlEscape(requestURI))
# ----- the cookie is valid!!!! -------
persist = cookieauth.getPersistCookie(hdf)
if persist == 0:
# reissue a new cookie with an updated timeout
if (time.time() - logincookie.issued_at) > config.REFRESH_COOKIE_TIMEOUT:
cookieauth.issueLoginCookie(self.ncgi, self.authdb, self.username, self.userRec.pw_hash)
self.login = self.username
hdf.setValue("CGI.Login", self.username)
hdf.setValue("CGI.Login.issued_at", str(logincookie.issued_at))
active_user = self.get_active_user()
time_since_activity = self.get_active_user_last_activity() # seconds since they did something
if active_user:
if time_since_activity > config.ACTIVE_USER_TIMEOUT:
# time out after one hour?
self.remove_active_user()
else:
# touch the active user file
os.utime(config.ACTIVE_USER_FILE, None)
hdf.setValue("CGI.active_user", self.get_active_user())
if self._pageparms.get("checkActive", True):
if hdf.getValue("Cookie.inactive", "0") != "1":
if self.get_active_user() == "":
self.make_active_user(hdf)
elif not self.is_active_user():
rurl = config.gBaseURL + "active/active.py"
if requestURI.find("/active/") == -1:
self.redirectUri(rurl + "?q=1&request=%s" % neo_cgi.urlEscape(requestURI))
def cleanup_attrs(self, tag, attrs):
new_attrs = []
tag = string.lower(tag)
if self._new_window and tag == "a":
new_attrs.append(('target', '_blank'))
for name, value in attrs:
name = string.lower(name)
if name[:2] == "on": continue ## skip any javascript events
if string.lower(value)[:11] == "javascript:": continue
if self._map_urls and name in [
"action", "href", "src", "lowsrc", "background"
] and value[:4] == 'cid:':
try:
value = self._map_urls[value[4:]]
except KeyError:
pass
else:
if self._base and name in [
"action", "href", "src", "lowsrc", "background"
]:
value = basejoin(self._base, value)
if name in ["action", "href", "src", "lowsrc", "background"]:
value = '//www.google.com/url?sa=D&q=%s' % (
neo_cgi.urlEscape(value))
if self._new_window and tag == "a" and name == "target": continue
new_attrs.append((name, value))
return new_attrs
def Action_MakeActive(self, hdf):
# if one of the following are true, make the user active
if (not self.get_active_user()
) or self.is_active_user() or hdf.getValue("Query.override",
"") == "1":
self.make_active_user(hdf)
self.ncgi.cookieClear("inactive")
# if the dismiss checkbox was checked, store it in the database
if hdf.getValue("Query.dismiss_active_warning", "") == "1":
user_record = self.authdb.users.lookup(self.username)
user_record.dismiss_notice("active_warning")
self.redirectUri(self.requestURI)
else:
# if this user has already dismissed the active warning page, make them active
user_record = self.authdb.users.lookup(self.username)
if user_record.notice_dismissed("active_warning"):
self.make_active_user(hdf)
self.ncgi.cookieClear("inactive")
self.redirectUri(self.requestURI)
else:
# redirect to page warning about active user
url = self.http + hdf.getValue(
"HTTP.Host", ""
) + config.gBaseURL + "active/active_warning.py?request=%s" % (
neo_cgi.urlEscape(hdf.getValue("Query.request", "")))
self.redirectUri(url)
def display_search(self):
RESULTS_PER_PAGE = 10
self.pagename = "search"
query = self.ncgi.hdf.getValue("Query.query", "")
self.ncgi.hdf.setValue("CGI.query_url", neo_cgi.urlEscape(query))
q_page = self.ncgi.hdf.getIntValue("Query.page", 1)
start = (q_page - 1) * RESULTS_PER_PAGE
if start < 0: start = 0
if query:
search_t = time.time()
total, msgs = self.mdb.search(query, start, RESULTS_PER_PAGE)
if total == 0:
self.ncgi.hdf.setValue("CGI.SearchNoResults", "1")
search_t = time.time() - search_t
self.ncgi.hdf.setValue("CGI.SearchTime", "%5.2f" % search_t)
self.ncgi.hdf.setValue("CGI.SearchStart", str(start+1))
end = start+RESULTS_PER_PAGE
if end > total:
end = total
self.ncgi.hdf.setValue("CGI.SearchEnd", str(end))
self.ncgi.hdf.setValue("CGI.SearchTotal", str(total))
pages = math.ceil(total*1.0/RESULTS_PER_PAGE)
page = (start+1)/RESULTS_PER_PAGE + 1
if pages > 20:
# If we have more than 20 pages, only show the 20 around
# the page we're looking at
if page < 20:
self.ncgi.hdf.setValue("CGI.SearchPageStart", "1")
self.ncgi.hdf.setValue("CGI.SearchPageEnd", "20")
elif page+10 > pages:
self.ncgi.hdf.setValue("CGI.SearchPageStart", str(pages-20))
self.ncgi.hdf.setValue("CGI.SearchPageEnd", str(pages))
else:
self.ncgi.hdf.setValue("CGI.SearchPageStart", str(page-10))
self.ncgi.hdf.setValue("CGI.SearchPageEnd", str(page+10))
else:
self.ncgi.hdf.setValue("CGI.SearchPageStart", "1")
self.ncgi.hdf.setValue("CGI.SearchPageEnd", str(pages))
self.ncgi.hdf.setValue("CGI.SearchPages", str(pages))
self.ncgi.hdf.setValue("CGI.SearchPage", str(page))
n = 0
for meta in msgs:
meta.hdfExport("CGI.Matches.%d" % n, self.ncgi.hdf, tz=self.tz)
count = self.mdb.thread_count(meta.thread_id)
self.ncgi.hdf.setValue("CGI.Matches.%d.thread_count" % n, str(count))
rm = RenderMessage(rawmsg = meta.msg_data, tz=self.tz)
text = rm.as_text()
snipper = search_help.Snippet()
snippet = snipper.snippet(query, text)
self.ncgi.hdf.setValue("CGI.Matches.%d.Snippet" % n, snippet)
n = n + 1
def checkLoginCookie(self):
hdf = self.ncgi.hdf
requestURI = hdf.getValue("CGI.RequestURI", "")
rurl = config.gBaseURL + "login/signin0.py"
self.authdb = db_auth.initSchema()
logincookie = cookieauth.parseLoginCookie(self.ncgi)
if not logincookie:
self.redirectUri(rurl +
"?q=1&request=%s" % neo_cgi.urlEscape(requestURI))
self.username = logincookie.username
userRec = self.authdb.users.lookup(self.username)
if userRec is None or cookieauth.checkLoginCookie(
self.ncgi, logincookie, self.authdb, self.username,
userRec) == 0:
warn("invalid cookie",
rurl + "?q=1&request=%s" % neo_cgi.urlEscape(requestURI))
self.redirectUri(rurl +
"?q=1&request=%s" % neo_cgi.urlEscape(requestURI))
# ----- the cookie is valid!!!! -------
persist = cookieauth.getPersistCookie(hdf)
if persist == 0:
# reissue a new cookie with an updated timeout
if (time.time() -
logincookie.issued_at) > config.REFRESH_COOKIE_TIMEOUT:
cookieauth.issueLoginCookie(self.ncgi, self.authdb,
self.username, userRec.pw_hash)
self.login = self.username
hdf.setValue("CGI.Login", self.username)
hdf.setValue("CGI.Login.issued_at", str(logincookie.issued_at))
def cleanup_attrs (self, tag, attrs):
new_attrs = []
tag = string.lower(tag)
if self._new_window and tag == "a":
new_attrs.append(('target', '_blank'))
for name, value in attrs:
name = string.lower(name)
if name[:2] == "on": continue ## skip any javascript events
if string.lower(value)[:11] == "javascript:": continue
if self._map_urls and name in ["action", "href", "src", "lowsrc", "background"] and value[:4] == 'cid:':
try:
value = self._map_urls[value[4:]]
except KeyError:
pass
else:
if self._base and name in ["action", "href", "src", "lowsrc", "background"]:
value = basejoin (self._base, value)
if name in ["action", "href", "src", "lowsrc", "background"]:
value = 'http://www.google.com/url?sa=D&q=%s' % (neo_cgi.urlEscape(value))
if self._new_window and tag == "a" and name == "target": continue
new_attrs.append ((name, value))
return new_attrs
def Action_Login(self):
hdf = self.ncgi.hdf
q_username = hdf.getValue("Query.username", "")
q_passwordHash = hdf.getValue("Query.password", "")
q_persist = hdf.getValue("Query.persist", "0")
try:
q_persist = int(q_persist)
except ValueError:
q_persist = 0
## if not self.requestURI:
## self.requestURI = config.gBaseURL + q_username + "/mail/topfrm.py?q=1"
default_requestURI = config.gBaseURL + "%s/" % config.gDefaultModule
warn("requestURI", self.requestURI)
if not self.requestURI:
self.requestURI = default_requestURI
wwwhostname = hdf.getValue("HTTP.Host", "")
rurl = self.http + wwwhostname + config.gBaseURL + "login/signin0.py"
warn("signin.py", rurl)
# open login db to get pw
userRec = self.authdb.users.lookup(q_username)
if not userRec:
warn("signin.py", "login failure (%s) unknown user" % q_username)
self.redirectUri(rurl + "?err=Invalid+Login&request=%s" %
neo_cgi.urlEscape(self.requestURI))
q_password = pwauth.unmungePassword(q_passwordHash)
ipaddr = hdf.getValue("CGI.RemoteAddress", "Unknown")
browserid = browserauth.getBrowserCookie(self.ncgi)
now = time.time()
loginRow = self.authdb.login.newRow()
loginRow.uid = userRec.uid
loginRow.username = userRec.username
loginRow.ipaddr = ipaddr
loginRow.browserid = browserid
if userRec.checkPassword(q_password) == 0:
warn("signin.py",
"login failure (%s) password mismatch" % q_username,
q_password)
loginRow.loginType = 0
loginRow.save()
url = rurl + "?err=Invalid+Login&request=%s" % neo_cgi.urlEscape(
self.requestURI)
warn("redirecting to", url)
self.redirectUri(url)
return
# ----------- success!!! ------------------
# generate cookie
loginRow.loginType = 1
loginRow.save()
cookieauth.issueLoginCookie(self.ncgi, self.authdb, q_username,
userRec.pw_hash, q_persist)
# redirect to the main page
self.redirectUri(self.requestURI)
def requestChangePassword(self):
hdf = self.ncgi.hdf
requestURI = hdf.getValue("CGI.RequestURI", "")
rurl = config.gBaseURL + "login/changePassword.py"
self.redirectUri(rurl + "?q=1&request=" + neo_cgi.urlEscape(config.gBaseURL + "webui/"))
def Action_Login(self, hdf):
q_username = hdf.getValue("Query.username", "")
q_passwordHash = hdf.getValue("Query.password", "")
q_persist = hdf.getValue("Query.persist", "0")
try:
q_persist = int(q_persist)
except ValueError:
q_persist = 0
default_requestURI = config.gBaseURL + "%s/" % config.gDefaultModule
warn("requestURI", self.requestURI)
if not self.requestURI:
self.requestURI = default_requestURI
wwwhostname = hdf.getValue("HTTP.Host", "")
rurl = self.http + wwwhostname + config.gBaseURL + "login/signin0.py"
warn("signin.py", rurl)
# open login db to get pw
userRec = self.authdb.users.lookup(q_username)
if not userRec:
warn("signin.py", "login failure (%s) unknown user" % q_username)
self.redirectUri(rurl + "?err=Invalid+Login&request=%s" %
neo_cgi.urlEscape(self.requestURI))
q_password = pwauth.unmungePassword(q_passwordHash)
ipaddr = hdf.getValue("CGI.RemoteAddress", "Unknown")
browserid = browserauth.getBrowserCookie(self.ncgi)
now = time.time()
loginRow = self.authdb.login.newRow()
loginRow.uid = userRec.uid
loginRow.username = userRec.username
loginRow.ipaddr = ipaddr
loginRow.browserid = browserid
if userRec.checkPassword(q_password) == 0:
warn("signin.py",
"login failure (%s) password mismatch" % q_username,
q_password)
loginRow.loginType = 0
loginRow.save()
url = rurl + "?err=Invalid+Login&request=%s" % neo_cgi.urlEscape(
self.requestURI)
warn("redirecting to", url)
self.redirectUri(url)
return
# ----------- success!!! ------------------
# generate cookie
loginRow.loginType = 1
loginRow.save()
cookieauth.issueLoginCookie(self.ncgi, self.authdb, q_username,
userRec.pw_hash, q_persist)
if userRec.changePassword == 1:
self.requestChangePassword()
return
# publish a web event that we logged in
pub = rospy.Publisher("/webui/events", WebEvent)
rospy.init_node("webui_login", anonymous=True)
msg = WebEvent()
msg.source = "user"
msg.type = "login (local)"
msg.data = self.username
pub.publish(msg)
# redirect to the main page
self.redirectUri(self.requestURI)
def requestChangePassword(self):
hdf = self.ncgi.hdf
requestURI = hdf.getValue("CGI.RequestURI", "")
rurl = config.gBaseURL + "login/changePassword.py"
self.redirectUri(rurl + "?q=1&request=" +
neo_cgi.urlEscape(config.gBaseURL + "webui/"))
def error(self, msg):
self.redirectUri("changePassword.py?err=%s&request=%s" % (neo_cgi.urlEscape(msg), neo_cgi.urlEscape(self.requestURI)))
def Action_Login(self):
hdf = self.ncgi.hdf
q_username = xss.xssescape(string.lower(hdf.getValue("Query.username","")))
q_password = hdf.getValue("Query.password","")
q_persist = hdf.getValue("Query.persist","0")
q_password_Hash = pwauth.mungePassword(q_password)
if not self.requestURI:
self.requestURI = config.gBaseURL + "%s/" % config.gDefaultModule
hostname = hdf.getValue("HTTP.Host", "")
# open login db to get pw
newhost = hostname
cookieauth.setPersistCookie(self.ncgi, q_persist)
url = self.http + newhost + config.gBaseURL + "login/signin.py?password=%s&persist=%s&Action.Login=1&request=%s&username=%s" % (neo_cgi.urlEscape(q_password_Hash), q_persist, neo_cgi.urlEscape(self.requestURI), q_username)
warn("signin0.py", "redirecting to url", url)
self.redirectUri(url)
def news_urlsub(match):
return '[<a class=newlink target=_blank href="http://groups.google.com/groups?as_umsgid=%s">msg</a>]' % neo_cgi.urlEscape(match.group(1))
def Action_MakeActive(self, hdf):
# if one of the following are true, make the user active
if (not self.get_active_user()) or self.is_active_user() or hdf.getValue("Query.override", "") == "1":
self.make_active_user(hdf)
self.ncgi.cookieClear("inactive")
# if the dismiss checkbox was checked, store it in the database
if hdf.getValue("Query.dismiss_active_warning", "") == "1":
user_record = self.authdb.users.lookup(self.username)
user_record.dismiss_notice("active_warning")
self.redirectUri(self.requestURI)
else:
# if this user has already dismissed the active warning page, make them active
user_record = self.authdb.users.lookup(self.username)
if user_record.notice_dismissed("active_warning"):
self.make_active_user(hdf)
self.ncgi.cookieClear("inactive")
self.redirectUri(self.requestURI)
else:
# redirect to page warning about active user
url = self.http + hdf.getValue("HTTP.Host", "") + config.gBaseURL + "active/active_warning.py?request=%s" % (neo_cgi.urlEscape(hdf.getValue("Query.request", "")))
self.redirectUri(url)
def error(self, msg):
self.redirectUri("changePassword.py?err=%s&request=%s" % (neo_cgi.urlEscape(msg), neo_cgi.urlEscape(self.requestURI)))
def Action_Login(self, hdf):
q_username = hdf.getValue("Query.username","")
q_passwordHash = hdf.getValue("Query.password","")
q_persist = hdf.getValue("Query.persist","0")
try: q_persist = int(q_persist)
except ValueError: q_persist = 0
default_requestURI = config.gBaseURL + "%s/" % config.gDefaultModule
warn("requestURI", self.requestURI)
if not self.requestURI:
self.requestURI = default_requestURI
wwwhostname = hdf.getValue("HTTP.Host", "")
rurl = self.http + wwwhostname + config.gBaseURL + "login/signin0.py"
warn("signin.py", rurl)
# open login db to get pw
userRec = self.authdb.users.lookup(q_username)
if not userRec:
warn("signin.py", "login failure (%s) unknown user" % q_username)
self.redirectUri(rurl + "?err=Invalid+Login&request=%s" % neo_cgi.urlEscape(self.requestURI))
q_password = pwauth.unmungePassword(q_passwordHash)
ipaddr = hdf.getValue("CGI.RemoteAddress", "Unknown")
browserid = browserauth.getBrowserCookie(self.ncgi)
now = time.time()
loginRow = self.authdb.login.newRow()
loginRow.uid = userRec.uid
loginRow.username = userRec.username
loginRow.ipaddr = ipaddr
loginRow.browserid = browserid
if userRec.checkPassword(q_password) == 0:
warn("signin.py", "login failure (%s) password mismatch" % q_username, q_password)
loginRow.loginType = 0
loginRow.save()
url = rurl + "?err=Invalid+Login&request=%s" % neo_cgi.urlEscape(self.requestURI)
warn("redirecting to", url)
self.redirectUri(url)
return
# ----------- success!!! ------------------
# generate cookie
loginRow.loginType = 1
loginRow.save()
cookieauth.issueLoginCookie(self.ncgi, self.authdb, q_username, userRec.pw_hash, q_persist)
if userRec.changePassword == 1:
self.requestChangePassword()
return
# publish a web event that we logged in
pub = rospy.Publisher("/webui/events", WebEvent)
rospy.init_node("webui_login", anonymous=True)
msg = WebEvent()
msg.source = "user"
msg.type = "login (local)"
msg.data = self.username
pub.publish(msg)
# redirect to the main page
self.redirectUri(self.requestURI)