include_dirs = ['lib', 'pages']
for dirname in include_dirs:
sys.path.append(os.path.dirname(__file__) + '/' + dirname)
# Change to the directory this file is located in
os.chdir(os.path.dirname(__file__))
# Turn on/off debugging
web.config.debug = False
# Import our libraries
import sessiondb
import wputil
import wpauth
log = wputil.Log('index')
# Import our html pages
import account
import login
urls = ('', wputil.slashy, '/account', account.app_account, '/login',
login.app_login, '/logout', 'logout', '/', 'index')
# Create application
app = web.application(urls, locals())
# Start the session and stick it in a database
sdb = sessiondb.SessionDB(app)
#!/usr/bin/python
import os
import sys
import web
import json
import mimerender
import wputil
log = wputil.Log('account_rest')
import wpauth
import accountdb
mimerender = mimerender.WebPyMimeRender()
# These are the URLs we watch for. We don't see the prepended /account portion
# in this module because the index.py runs us as a subapplication.
urls = ('(.*)', 'default')
render_json = lambda **kwargs: json.dumps(kwargs, cls=wputil.CustomEncoder)
class default:
"""
The REST functions for managing accounts
"""
@wpauth.oauth_protect
@mimerender(default='json', override_input_key='format', json=render_json)
def GET(self, get_string=''):
log.loggit('default.GET()')
#!/usr/bin/python
import os
import sys
import web
from credentials import Credentials
import wputil
log = wputil.Log('sessiondb')
SESSION_DB = 'sessions'
class SessionDB(object):
"""
SessionDB() - abstracts the database access away for accounts
"""
def __init__(self, app):
"""
The database credentials are stored in the Credentials class which is generated
by the dbconfig-common package via debconf.
"""
log.loggit('SessionDB()')
self.app = app
self.db = web.database(dbn='postgres',
db=Credentials.dbdefault,
user=Credentials.dbuser,
pw=Credentials.dbpassword)
self.store = web.session.DBStore(self.db, SESSION_DB)
self.session = web.session.Session(self.app, self.store)
#!/usr/bin/python
import os
import sys
import web
from mimerender import mimerender
import wputil
log = wputil.Log('account')
import wpauth
import accountdb
import account_rest
import account_create
import account_review
import account_update
import account_delete
# These are the URLs we watch for. We don't see the prepended /account portion
# in this module because the index.py runs us as a subapplication.
urls = ('', wputil.slashy, '/rest', account_rest.app_account_rest, '/create',
account_create.app_account_create, '/review',
account_review.app_account_review, '/update',
account_update.app_account_update, '/delete',
account_delete.app_account_delete, '/', 'default')
htmlout = web.template.render('templates/', base='layout')
render_html = lambda **kwargs: htmlout.account(kwargs)
#!/usr/bin/python
import os
import sys
import web
import json
from mimerender import mimerender
import wputil
import wpauth
import accountdb
log = wputil.Log('login')
login_form = web.form.Form(
web.form.Hidden("backto", description="URL to return to"),
web.form.Textbox("username", web.form.notnull, description="Username"),
web.form.Password("password", web.form.notnull, description="Password"),
web.form.Button("submit", type="submit", html="Login"),
web.form.Button("cancel", type="cancel", html="Cancel"),
)
# Instantiate HTML templates
htmlout = web.template.render('templates/', base='layout')
render_html = lambda **kwargs: htmlout.login(kwargs)
render_json = lambda **kwargs: json.dumps(kwargs, cls=wputil.CustomEncoder)
# These are the URLs we watch for. We don't see the prepended /login portion
# in this module because the index.py runs us as a subapplication.
#!/usr/bin/python
import os
import sys
import web
import json
import string
import random
from mimerender import mimerender
import wputil
log = wputil.Log('account_create')
import wpauth
import accountdb
#
# HTML Form definitions start here
#
vpass = web.form.regexp(r".{4,64}$", 'must be between 4 and 64 characters')
account_form = web.form.Form(
web.form.Textbox('username', web.form.notnull, description='Username'),
web.form.Password('password',
web.form.notnull,
vpass,
description='Password'),
web.form.Password('password2',
web.form.notnull,
description='Repeat password'),
web.form.Dropdown('role',
#!/usr/bin/python
import os
import sys
import web
import json
import mimerender
import wputil
log = wputil.Log('account_delete')
import wpauth
import accountdb
mimerender = mimerender.WebPyMimeRender()
#
# HTML Form definitions start here
#
delete_confirmation_form = web.form.Form(
web.form.Hidden("username", description="Username"),
web.form.Button("submit", type="submit", html="Confirm Deletion"),
web.form.Button("cancel", type="cancel", html="Cancel"),
)
# These are the URLs we watch for. We don't see the prepended /account portion
# in this module because the index.py runs us as a subapplication.
urls = ('', wputil.slashy, '/(.*)', 'delete')
htmlout = web.template.render('templates/', base='layout')
#!/usr/bin/python
import os
import sys
import web
import time
from credentials import Credentials
from passlib.apps import custom_app_context as pwd_context
import wputil
log = wputil.Log('accountdb')
INFO_BLACKLIST = [ 'username', 'password', 'password2', 'submit', 'cancel',
'oauth_body_hash', 'oauth_nonce', 'oauth_timestamp',
'oauth_consumer_key', 'oauth_signature_method', 'oauth_version',
'oauth_signature' ]
class AccountDB(object):
"""
AccountDB() - abstracts the database access away for accounts
"""
def __init__( self ):
"""
The database credentials are stored in the Credentials class which is generated
by the dbconfig-common package via debconf.
"""
log.loggit( 'AccountDB()' )
#!/usr/bin/python
import os
import sys
import web
import json
import mimerender
import wputil
log = wputil.Log('account_update')
import wpauth
import accountdb
mimerender = mimerender.WebPyMimeRender()
#
# HTML Form definitions start here
#
vpass = web.form.regexp(r".{4,64}$", 'must be between 4 and 64 characters')
account_form = web.form.Form(web.form.Hidden('id', description='Id'),
web.form.Textbox('username',
web.form.notnull,
description='Username'),
web.form.Password('password',
web.form.notnull,
vpass,
description='Password'),
web.form.Password('password2',
web.form.notnull,
#!/usr/bin/python
import re
import web
import base64
import oauth2
import urllib
import passlib
import accountdb
import wputil
log = wputil.Log('wpauth')
UNAUTHORIZED_MESSAGE = 'You are not authorized to access this content'
UNAUTHORIZED_HEADERS = {'WWW-Authenticate': 'Basic realm="Webpy Example"'}
"""
This module provides four different function dectorators to control access.
o User must be logged in via application using web.py sessions
o User must be logged and an administrator role in via application using
web.py sessions
o HTTP Basic authentication, which pops up a user login box in the browser
o OAuth authentication (two leg option) using key/secret pairs
The Session logins are mostly for the web-based interface. The OAuth is mostly
for the REST API. HTTP Basic was implemented to restrict access during
development.
The decorators are applied to each GET/POST/PUT/DELETE function requiring
protection. Here is an example:
#!/usr/bin/python
import os
import sys
import web
import json
import mimerender
import wputil
log = wputil.Log('account_review')
import accountdb
adb = accountdb.AccountDB()
mimerender = mimerender.WebPyMimeRender()
# These are the URLs we watch for. We don't see the prepended /account portion
# in this module because the index.py runs us as a subapplication.
urls = ('', wputil.slashy, '/(.*)', 'review')
htmlout = web.template.render('templates/', base='layout')
render_html = lambda **kwargs: htmlout.account_review(kwargs)
class review:
"""
This class handles the GET method for the /account/review URL.
This class displays the individual record based upon the URL.
For example:
http://xx.xx.xx.xx/account/review/tom <-- look at record with username of tom
