Ejemplo n.º 1
0
def login():
    response = {"type": None, "text": None, "data": {}}
    try:
        username = str(request.form["username"])
        password = request.form["password"]
        user_table = db["users"].find_one(username=username)
        db_hash = user_table["password"]
        if bcrypt.checkpw(str(password), db_hash):
            log.info(":{0}:Logged in user".format(username))
            #Generate user token
            session["logged-in"] = True
            session["username"] = username
            user_token = tools.get_user_token(username)
            db['users'].upsert({
                "username": username,
                "user_token": user_token
            }, ['username'])
            response["type"] = "success"
            response["text"] = "Authentication successful"
            response["data"].update({"user_token": user_token})
        else:
            response["type"] = "error"
            response["text"] = "Invalid username/password"
    except KeyError:
        response["type"] = "error"
        response[
            "text"] = "Couldn't find username and password in request data"
    resp = make_response(redirect("/"))
    if response["type"] == "success":
        log.info(":{0}:Setting cookies for username and user token".format(
            username))
        session["username"] = username
        session["user_token"] = response["data"]["user_token"]
    return resp
Ejemplo n.º 2
0
def main():
    """
    Render the webapp index.html template
    :return index template:
    """
    log.info(":WEB:/")
    if "username" in session.keys():
        username = session["username"]
    else:
        username = None
    if username:
        log.info(":{0}:Found username cookies".format(username))
    log.debug("Setting session data")
    if "logged-in" not in session.keys():
        session["logged-in"] = False
    session["welcome-message"] = "Welcome to W.I.L.L"
    if username:
        user_table = db["users"].find_one(username=username)
        if "user_token" in user_table.keys() and "user_token" in session.keys(
        ):
            user_token = session["user_token"]
            if user_table["user_token"] == user_token:
                log.info(
                    ":{0}:User authenticated via user_token in cookies".format(
                        username))
                new_token = tools.get_user_token(username)
                db["users"].upsert(
                    {
                        "username": username,
                        "user_token": new_token
                    }, ['username'])
                session["logged-in"] = True
                user_first_name = user_table["first_name"]
                session["welcome-message"] = "Welcome back {0}".format(
                    user_first_name)
                session_id = gen_session(username)
                session["session_id"] = session_id
                session["user_token"] = new_token
                log.info(":{0}:Generated session id for user {1}".format(
                    session_id, username))
                resp = make_response(render_template('index.html'))
                return resp
            else:
                log.debug("User tokens don't match.\n{0}\n{1}".format(
                    request.cookies.get("user_token"),
                    db["users"].find_one(username=username)["user_token"]))
                session["logged-in"] = False
        else:
            log.debug("Couldn't find user token in cookies")
            session["logged-in"] = False
    else:
        log.debug("Couldn't find username in cookies")
        session["logged-in"] = False
    #If the cookies aren't found
    return render_template('index.html')
Ejemplo n.º 3
0
def login():
    """
    :param username:
    :param password:
    :return Login data:
    """
    response = {"type": None, "text": None, "data": {}}
    try:
        username = str(request.form["username"])
        password = request.form["password"]
        if all(tools.check_string(x) for x in [username, password]):
            user_table = db["users"].find_one(username=username)
            db_hash = user_table["password"]
            if bcrypt.checkpw(password.encode('utf8'), db_hash.encode('utf8')):
                log.info(":{0}:Logged in user".format(username))
                #Generate user token
                session["logged-in"] = True
                session["username"] = username
                user_token = tools.get_user_token(username)
                db['users'].upsert(
                    {
                        "username": username,
                        "user_token": user_token
                    }, ['username'])
                response["type"] = "success"
                response["text"] = "Authentication successful"
                response["data"].update({"user_token": user_token})
            else:
                response["type"] = "error"
                response["text"] = "Invalid username/password"
        else:
            response["type"] = "error"
            response[
                "text"] = "Invalid input, allowed characters are {0}".format(
                    tools.valid_chars)
    except KeyError:
        response["type"] = "error"
        response[
            "text"] = "Couldn't find username and password in request data"
    resp = make_response(redirect("/"))
    if response["type"] == "success":
        log.info(":{0}:Setting cookies for username and user token".format(
            username))
        session["username"] = username
        session["user_token"] = response["data"]["user_token"]
    return resp