def post(self): username = self.get_argument("username", "") password = self.get_argument("password", "") if RUNTIME.check_permission(username, password): self.set_secure_cookie("user", username) self.redirect(self.get_argument("next", "/")) else: error_msg = "Login incorrect." self.redirect("/auth/login/" + "?error=" + tornado.escape.url_escape(error_msg))
def post(self, *args, **kwargs): """Process login credentials.""" username = self.get_argument("username", "") password = self.get_argument("password", "") if RUNTIME.check_permission(username, password): self.set_secure_cookie("username", username) self.redirect("/index.html") else: self.clear_cookie("username") self.redirect("/auth/login?error=Wrong Password")
def put(self, *args, **kwargs): """Update an account. Args: [0]: the username Request: version: protocol version (1.0) username: username role: tole name: name surname: surname email: email password: password new_password: new_password new_password_confirm: new_password_confirm Example URLs: PUT /api/v1/accounts/test { "version" : 1.0, "username" : "foo", "role" : "user", "name" : "foo", "surname" : "foo", "email" : "*****@*****.**" } """ if 'new_password' in kwargs: if kwargs['new_password'] != kwargs['new_password_confirm']: raise ValueError("Passwords do not match") if not RUNTIME.check_permission(args[0], kwargs['password']): raise ValueError("Invalid old passwor") kwargs['password'] = kwargs['new_password'] del kwargs['new_password'] del kwargs['new_password_confirm'] del kwargs['version'] account = RUNTIME.accounts[args[0]] for param in kwargs: setattr(account, param, kwargs[param])
def prepare(self): """Prepare to handler reply.""" self.set_header('Content-Type', 'application/json') if not self.RIGHTS[self.request.method]: return auth_header = self.request.headers.get('Authorization') if auth_header is None or not auth_header.startswith('Basic '): self.set_header('WWW-Authenticate', 'Basic realm=Restricted') self.send_error(401) return auth_bytes = bytes(auth_header[6:], 'utf-8') auth_decoded = base64.b64decode(auth_bytes).decode() username, password = auth_decoded.split(':', 2) # account does not exists if not RUNTIME.check_permission(username, password): self.send_error(401) return self.account = RUNTIME.get_account(username) if self.account.role in self.RIGHTS[self.request.method]: if self.account.role == ROLE_ADMIN: return if self.request.uri.startswith("/api/v1/accounts"): pattern = re.compile("/api/v1/accounts/([a-zA-Z0-9:-]*)/?") match = pattern.match(self.request.uri) if match and match.group(1): if match.group(1) in RUNTIME.accounts: account = RUNTIME.accounts[match.group(1)] if self.account.username == account.username: return else: self.send_error(401) return return if self.request.uri.startswith("/api/v1/pending"): pattern = re.compile("/api/v1/pending/([a-zA-Z0-9-]*)/?") match = pattern.match(self.request.uri) if match and match.group(1): try: tenant_id = UUID(match.group(1)) except ValueError: self.send_error(400) return pending = RUNTIME.load_pending_tenant(tenant_id) if pending: if self.account.username == pending.owner: return self.send_error(401) return return if self.request.uri.startswith("/api/v1/tenants"): pattern = re.compile("/api/v1/tenants/([a-zA-Z0-9-]*)/?") match = pattern.match(self.request.uri) if match and match.group(1): tenant_id = UUID(match.group(1)) if tenant_id in RUNTIME.tenants: tenant = RUNTIME.tenants[tenant_id] if self.account.username == tenant.owner: return self.send_error(401) return return self.send_error(401) return
def prepare(self): """Prepare to handler reply.""" self.set_header('Content-Type', 'application/json') if not self.RIGHTS[self.request.method]: return auth_header = self.request.headers.get('Authorization') if auth_header is None or not auth_header.startswith('Basic '): self.set_header('WWW-Authenticate', 'Basic realm=Restricted') self.send_error(401) return auth_bytes = bytes(auth_header[6:], 'utf-8') auth_decoded = base64.b64decode(auth_bytes).decode() username, password = auth_decoded.split(':', 2) # account does not exists if not RUNTIME.check_permission(username, password): self.send_error(401) return self.account = RUNTIME.get_account(username) if self.account.role in self.RIGHTS[self.request.method]: if self.account.role == ROLE_ADMIN: return if self.request.uri.startswith("/api/v1/accounts"): pattern = re.compile("/api/v1/accounts/([a-zA-Z0-9:-]*)/?") match = pattern.match(self.request.uri) if match and match.group(1): if match.group(1) in RUNTIME.accounts: account = RUNTIME.accounts[match.group(1)] if self.account.username == account.username: return self.send_error(401) return return if self.request.uri.startswith("/api/v1/tenants"): pattern = re.compile("/api/v1/tenants/([a-zA-Z0-9-]*)/?") match = pattern.match(self.request.uri) if match and match.group(1): tenant_id = UUID(match.group(1)) if tenant_id in RUNTIME.tenants: tenant = RUNTIME.tenants[tenant_id] if self.account.username == tenant.owner: return self.send_error(401) return return self.send_error(401) return