def get(self):
     if not self.get_arguments('jatkt'):
         uaBaseURL = "http://jaccount.sjtu.edu.cn/jaccount/"
         returl = 'http://' + domain + ':' + str(port) + '/admin/jalogin'
         iv = string.join(random.sample('1234567890abcdef', 8), '')
         # print "iv:" , iv
         self.set_secure_cookie('iv', iv, None)
         redirectURL = uaBaseURL + "jalogin?sid=" + siteID + "&returl=" + encrypt(
             returl, iv) + "&se=" + encrypt(iv, iv)
         self.redirect(redirectURL)
     else:
         try:
             if len(self.get_argument('jatkt')) == 0:
                 raise tornado.web.HTTPError(404)
         except TypeError:
             raise tornado.web.HTTPError(404)
         iv = self.get_secure_cookie('iv')
         jatkt = self.get_argument('jatkt')
         data = decrypt(jatkt, iv)
         data = find(data, ur'ja[\s\S]*')
         # utf-8编码
         data.decode('utf-8')
         ProfileData = parse_data(data)
         if self.checkUser(ProfileData):
             self.set_secure_cookie('uid', ProfileData['id'], None)
             self.set_secure_cookie('chiname', ProfileData['chinesename'],
                                    None)
             self.set_cookie('login', '0')
             if ProfileData['ja3rdpartySessionID'] != iv:
                 self.write('Hacking Attempt~!')
                 return
         else:
             self.set_cookie('login', '1')
         self.redirect('/admin')
Example #2
0
	def get(self):
		if not self.get_arguments('jatkt'):
			uaBaseURL="http://jaccount.sjtu.edu.cn/jaccount/"
			returl = 'http://'+domain+':'+str(port)+'/jalogin'
			iv = string.join(random.sample('1234567890abcdef',8),'')
			self.set_secure_cookie('iv' , iv , None)
			redirectURL =  uaBaseURL + "jalogin?sid="+siteID+"&returl="+encrypt(returl,iv)+"&se="+encrypt(iv,iv)
			self.redirect(redirectURL)
		else:
			try:
				if len(self.get_argument('jatkt')) == 0:
					raise tornado.web.HTTPError(404)
			except TypeError:
				raise tornado.web.HTTPError(404)
			iv = self.get_secure_cookie('iv')
			jatkt = self.get_argument('jatkt')
			data = decrypt(jatkt,iv)
			data = find(data,ur'ja[\s\S]*')

			ProfileData = splitdata(data)

			if ProfileData['ja3rdpartySessionID'] != iv:
				self.add_header('error',1)
				return

			self.update_user(ProfileData)
			self.set_secure_cookie('uid' , ProfileData['id'] , None)
			
			chiname = urllib.quote(ProfileData['chinesename'])
			# logging.info(chiname.__class__)
			self.set_cookie('chiname' , chiname , None)
			# logging.info(self.cookies)
			self.add_header('error',0)
	def get(self):
		if not self.get_arguments('jatkt'):
			uaBaseURL="http://jaccount.sjtu.edu.cn/jaccount/"
			returl = 'http://'+domain+':'+str(port)+'/admin/jalogin'
			iv = string.join(random.sample('1234567890abcdef',8),'')
			# print "iv:" , iv
			self.set_secure_cookie('iv' , iv , None)
			redirectURL =  uaBaseURL + "jalogin?sid="+siteID+"&returl="+encrypt(returl,iv)+"&se="+encrypt(iv,iv)
			self.redirect(redirectURL)
		else:
			try:
				if len(self.get_argument('jatkt')) == 0:
					raise tornado.web.HTTPError(404)
			except TypeError:
				raise tornado.web.HTTPError(404)
			iv = self.get_secure_cookie('iv')
			jatkt = self.get_argument('jatkt')
			data = decrypt(jatkt,iv)
			data = find(data,ur'ja[\s\S]*')
			# utf-8编码
			data.decode('utf-8')
			ProfileData = parse_data(data)
			if self.checkUser(ProfileData):
				self.set_secure_cookie('uid' , ProfileData['id'] , None)
				self.set_secure_cookie('chiname', ProfileData['chinesename'],None)
				self.set_cookie('login','0')
				if ProfileData['ja3rdpartySessionID'] != iv:
					self.write('Hacking Attempt~!')
					return
			else:
				self.set_cookie('login','1')
			self.redirect('/admin')
Example #4
0
	def get(self):
		if self.current_user:
			uaBaseURL="http://jaccount.sjtu.edu.cn/jaccount/"
			returl = 'http://'+domain+':'+str(port)
			iv = self.get_secure_cookie('iv')
			redirectURL =  uaBaseURL + "ulogout?sid="+siteID+"&returl="+encrypt(returl,iv)
			self.clear_all_cookies()
			self.redirect(redirectURL)
			return
		else:
			self.write({"error":1})
			return
	def get(self):
		if self.get_secure_cookie('iv'):
			uaBaseURL="http://jaccount.sjtu.edu.cn/jaccount/"
			returl = 'http://'+domain+':'+str(port)+'/admin'
			iv = self.get_secure_cookie('iv')
			redirectURL =  uaBaseURL + "ulogout?sid="+siteID+"&returl="+encrypt(returl,iv)
			self.clear_all_cookies()
			self.redirect(redirectURL)
			return
		self.clear_all_cookies()
		self.redirect('/admin')
		return
 def get(self):
     if self.get_secure_cookie('iv'):
         uaBaseURL = "http://jaccount.sjtu.edu.cn/jaccount/"
         returl = 'http://' + domain + ':' + str(port) + '/admin'
         iv = self.get_secure_cookie('iv')
         redirectURL = uaBaseURL + "ulogout?sid=" + siteID + "&returl=" + encrypt(
             returl, iv)
         self.clear_all_cookies()
         self.redirect(redirectURL)
         return
     self.clear_all_cookies()
     self.redirect('/admin')
     return
Example #7
0
    def get(self):
        if not self.get_arguments('jatkt'):
            """redirect to jaccount login page"""
            uaBaseURL = "http://jaccount.sjtu.edu.cn/jaccount/"
            returl = 'http://' + settings.HOST + ':' + str(
                settings.PORT) + '/jalogin'
            iv = string.join(random.sample('1234567890abcdef', 8), '')
            self.set_secure_cookie('iv', iv, None)
            redirectURL = uaBaseURL + "jalogin?sid=" + settings.SITE_ID + "&returl=" + jaccount.encrypt(
                returl, iv) + "&se=" + jaccount.encrypt(iv, iv)
            self.redirect(redirectURL)
        else:
            """read the return info from jaccount login page"""
            try:
                if len(self.get_argument('jatkt')) == 0:
                    raise tornado.web.HTTPError(404)
            except TypeError:
                raise tornado.web.HTTPError(404)
            iv = self.get_secure_cookie('iv')
            jatkt = self.get_argument('jatkt')
            data = jaccount.decrypt(jatkt, iv)
            self.write(data)
            data = jaccount.find(data, ur'ja[\s\S]*')

            ProfileData = jaccount.parse_data(data)

            if ProfileData['ja3rdpartySessionID'] != iv:
                self.add_header('error', 1)
                return

            self._update_user(ProfileData)
            self.set_secure_cookie('uid', ProfileData['id'], None)

            chiname = urllib.quote(ProfileData['chinesename'])
            # logging.info(chiname.__class__)
            self.set_cookie('chiname', chiname, None)
            # logging.info(self.cookies)
            self.add_header('error', 0)