def load_user(request): """Request handler for an user login""" password = request.form.get("password") login = request.form.get("login") phash = User.get_password_hash(password) # invalid or no credentials if not password: password = None if not login: login = None if password is None or login is None: return None # check for admin account ad = config["admin"] # i really don't understand your password hashing style :D # well, maybe thats me: ok config should contain the hashed pass # then here compare hashed-pass with config-pass if login == ad["login"] and phash == ad["password"]: user = User(ad["login"], ad["password"]) login_user(user) return user # try to login regular User if login not in config["admin"].users: return None # admin user login if config[login]["password"] == phash: user = User(login, phash) login_user(user) return user return None
def post(self): from cgi import escape user_username = self.request.get('username') user_password = self.request.get('password') user_verify = self.request.get('verify') user_email = self.request.get('email') username = escape(user_username) email = escape(user_email) if self.validate(username, user_password, user_verify, email): u = User(username=username, password_hash=User.get_password_hash(user_password), email=email) u.put() self.response.headers.add_header('Set-Cookie', 'user=%s; Path=/' % self.generate_cookie(u.key().id())) self.redirect('/') else: self.render_form(username, email)
def admin(): """Show admin interface to add/remove/edit users""" # TODO: mmh, what if I choose an login equal to the admin user-login-name if current_user.id != config["admin"]["login"]: return "No access!" # check for config dir, create if necassary cfgDir = config["admin"]["config_directory"] if not os.path.exists(cfgDir): os.mkdir(cfgDir) error = [] # add user config if "add" in request.args: login = request.form.get("login") password = request.form.get("password") if login and password: phash = User.get_password_hash(password) fn = "{}/{}.cfg".format(cfgDir,login) if phash is None: error.append("Could not generate password hash") elif os.path.exists(fn): error.append("user already exists") elif login.find(" ") != -1: error.append("no whitespaces allowed in username") elif len(config["admin"].users) > config["admin"]["paranoid.max_users"]: error.append("server is configured to not allow any more users!") else: timeout = 10 chatlines = 30 f = open(fn, "w") f.write("[config]\n") f.write("password = {}\n".format(phash)) f.write("timeout = {}\n").format(timeout) # timeout? f.write("chatlines = {}\n").format(chatlines) # lines in chat window... f.write("\n") f.close() values = {} values["password"] = phash values["timeout"] = str(timeout) values["chatlines"] = str(chatlines) values["file"] = os.path.join(cfgDir, "{}.cfg".format(login)) values["login"] = login cfg = UserConfig(values, True) cfg.setLogPath(config["admin"]["log_directory"]) config[login] = cfg config["admin"].users.append(login) # delete user config if "del" in request.args: if "login" in request.args: login = request.args["login"] if login: fn = "{}/{}.cfg".format(cfgDir, login) if login and os.path.exists(fn): os.unlink(fn) # every file inside the config-dir is an user-config-file ? mmmh, cfgs = [ f[:-4] for f in os.listdir(cfgDir) \ if os.path.isfile(os.path.join(cfgDir, f)) ] return render_template("admin.html", users=cfgs, error=error)