def load_user(request):
"""Request handler for an user login"""
password = request.form.get("password")
login = request.form.get("login")
phash = User.get_password_hash(password)
# invalid or no credentials
if not password: password = None
if not login: login = None
if password is None or login is None:
return None
# check for admin account
ad = config["admin"]
# i really don't understand your password hashing style :D
# well, maybe thats me: ok config should contain the hashed pass
# then here compare hashed-pass with config-pass
if login == ad["login"] and phash == ad["password"]:
user = User(ad["login"], ad["password"])
login_user(user)
return user
# try to login regular User
if login not in config["admin"].users:
return None
# admin user login
if config[login]["password"] == phash:
user = User(login, phash)
login_user(user)
return user
return None
def post(self):
from cgi import escape
user_username = self.request.get('username')
user_password = self.request.get('password')
user_verify = self.request.get('verify')
user_email = self.request.get('email')
username = escape(user_username)
email = escape(user_email)
if self.validate(username, user_password, user_verify, email):
u = User(username=username,
password_hash=User.get_password_hash(user_password), email=email)
u.put()
self.response.headers.add_header('Set-Cookie', 'user=%s; Path=/' %
self.generate_cookie(u.key().id()))
self.redirect('/')
else:
self.render_form(username, email)
def admin():
"""Show admin interface to add/remove/edit users"""
# TODO: mmh, what if I choose an login equal to the admin user-login-name
if current_user.id != config["admin"]["login"]:
return "No access!"
# check for config dir, create if necassary
cfgDir = config["admin"]["config_directory"]
if not os.path.exists(cfgDir):
os.mkdir(cfgDir)
error = []
# add user config
if "add" in request.args:
login = request.form.get("login")
password = request.form.get("password")
if login and password:
phash = User.get_password_hash(password)
fn = "{}/{}.cfg".format(cfgDir,login)
if phash is None:
error.append("Could not generate password hash")
elif os.path.exists(fn):
error.append("user already exists")
elif login.find(" ") != -1:
error.append("no whitespaces allowed in username")
elif len(config["admin"].users) > config["admin"]["paranoid.max_users"]:
error.append("server is configured to not allow any more users!")
else:
timeout = 10
chatlines = 30
f = open(fn, "w")
f.write("[config]\n")
f.write("password = {}\n".format(phash))
f.write("timeout = {}\n").format(timeout) # timeout?
f.write("chatlines = {}\n").format(chatlines) # lines in chat window...
f.write("\n")
f.close()
values = {}
values["password"] = phash
values["timeout"] = str(timeout)
values["chatlines"] = str(chatlines)
values["file"] = os.path.join(cfgDir, "{}.cfg".format(login))
values["login"] = login
cfg = UserConfig(values, True)
cfg.setLogPath(config["admin"]["log_directory"])
config[login] = cfg
config["admin"].users.append(login)
# delete user config
if "del" in request.args:
if "login" in request.args:
login = request.args["login"]
if login:
fn = "{}/{}.cfg".format(cfgDir, login)
if login and os.path.exists(fn):
os.unlink(fn)
# every file inside the config-dir is an user-config-file ? mmmh,
cfgs = [ f[:-4] for f in os.listdir(cfgDir) \
if os.path.isfile(os.path.join(cfgDir, f)) ]
return render_template("admin.html", users=cfgs, error=error)
