def post_login(self):
try:
self.logger.info("Login.")
p_role_name = self.get_argument('username')
p_role_password = self.get_argument('password')
role_hash_password = hash_password(p_role_name, p_role_password)
self.start_db_session()
role = get_role_by_auth(self.db_session, p_role_name, role_hash_password)
self.logger.info("Role '%s' authentificated." % (role.role_name))
self.db_session.expunge_all()
self.db_session.commit()
self.db_session.close()
sleep(1)
self.logger.info("Done.")
return HTMLAsyncResult(
http_code = 302,
redirection = self.get_secure_cookie('referer_uri') if self.get_secure_cookie('referer_uri') is not None else '/home',
secure_cookie = { 'name': 'temboard', 'content': gen_cookie(role.role_name, role_hash_password)})
except (TemboardUIError, Exception) as e:
try:
self.db_session.rollback()
self.db_session.close()
except Exception:
pass
self.logger.exception(str(e))
self.logger.info("Failed.")
sleep(1)
return HTMLAsyncResult(
http_code = 401,
template_file = 'login.html',
data = { 'nav': False , 'error': 'Wrong username/password.'})
def post_login(self):
try:
self.logger.info("Login (API).")
post = tornado.escape.json_decode(self.request.body)
p_role_name = post['username']
p_role_password = post['password']
role_hash_password = hash_password(p_role_name, p_role_password)
self.start_db_session()
role = get_role_by_auth(self.db_session, p_role_name, role_hash_password)
self.logger.info("Role '%s' authentificated." % (role.role_name))
self.db_session.expunge_all()
self.db_session.commit()
self.db_session.close()
sleep(1)
self.logger.info("Done.")
return JSONAsyncResult(
http_code = 200,
data = { "message": "OK" },
secure_cookie = { 'name': 'temboard', 'content': gen_cookie(role.role_name, role_hash_password)})
except (TemboardUIError, Exception) as e:
try:
self.db_session.rollback()
self.db_session.close()
except Exception:
pass
self.logger.exception(str(e))
self.logger.info("Failed.")
sleep(1)
return JSONAsyncResult(
http_code = 401,
data = { "error": "Wrong username/password."})
def handle_password(data):
if data['password']:
check_role_password(data['password'])
return hash_password(
data['new_username'],
data['password']
).decode('utf-8')
return None
def post_role(self, username):
try:
self.logger.info("Posting role.")
role = None
self.load_auth_cookie()
self.start_db_session()
self.check_admin()
if username:
# Update role case.
role = get_role(self.db_session, username)
data = tornado.escape.json_decode(self.request.body)
self.logger.debug(data)
# Submited attributes checking.
if 'new_username' not in data or data['new_username'] == '':
raise TemboardUIError(400, "Username is missing.")
if 'email' not in data or data['email'] == '':
raise TemboardUIError(400, "Email is missing.")
if 'groups' not in data:
raise TemboardUIError(400, "Groups field is missing.")
if 'is_active' not in data:
raise TemboardUIError(400, "Active field is missing.")
if 'is_admin' not in data:
raise TemboardUIError(400, "Administrator field is missing.")
if role and role.role_name != data['new_username']:
if 'password' not in data or data['password'] == '':
raise TemboardUIError(
400, "Username will be changed, you need to change "
"the password too.")
if role is None:
if 'password' not in data or data['password'] == '':
raise TemboardUIError(400, "Password is missing.")
if ('password' in data and data['password'] != '') and \
('password2' not in data or data['password2'] == ''):
raise TemboardUIError(400, "Password confirmation is missing.")
if 'password' in data and 'password2' in data:
if data['password'] != data['password2']:
raise TemboardUIError(
400, "Password confirmation can not be checked.")
if data['groups'] is not None and type(data['groups']) != list:
raise TemboardUIError(400, "Invalid group list.")
check_role_name(data['new_username'])
check_role_email(data['email'])
if data['password']:
check_role_password(data['password'])
h_passwd = hash_password(data['new_username'],
data['password'])
else:
h_passwd = None
# At this point we can proceed with DB operations.
# Update role case.
if role:
# First step is to remove user from the groups he belongs to.
role_groups = get_groups_by_role(self.db_session,
role.role_name)
if role_groups:
for role_group in role_groups:
delete_role_from_group(self.db_session, role.role_name,
role_group.group_name)
role = update_role(self.db_session, role.role_name,
data['new_username'], h_passwd,
data['email'], data['is_active'],
data['is_admin'])
# New role case.
else:
role = add_role(self.db_session, data['new_username'],
h_passwd, data['email'], data['is_active'],
data['is_admin'])
# Add user into the new groups.
if data['groups']:
for group_name in data['groups']:
add_role_in_group(self.db_session, role.role_name,
group_name)
self.db_session.commit()
self.logger.info("Done.")
return JSONAsyncResult(200, {'ok': True})
except (TemboardUIError, Exception) as e:
self.logger.exception(str(e))
self.logger.info("Done.")
try:
self.db_session.rollback()
self.db_session.close()
except Exception:
pass
if isinstance(e, TemboardUIError):
return JSONAsyncResult(e.code, {'error': e.message})
else:
return JSONAsyncResult(500, {'error': "Internal error."})
def login(request, username):
password = hash_password(username, username)
cookie = gen_cookie(username, hash_password=password)
return Response(secure_cookies={'temboard': cookie})