def GET(self, get_string=''):
log.loggit('default.GET()')
# Try to detemine the username from the query
username = ''
if web.input().has_key('username'):
username = web.input()['username']
adb = accountdb.AccountDB()
if username:
account = adb.review_account(username)
if account:
return {
'status': 'success',
'account': wputil.clean_account(account)
}
else:
return {
'status': 'failure',
'message': 'No account: %s' % (username)
}
else:
accounts = adb.review_accounts()
for account in accounts:
account = wputil.clean_account(account)
return {'status': 'success', 'accounts': accounts}
def GET(self, get_string=''):
log.loggit('delete.GET()')
# Grab the username from the get string
username = get_string.lstrip('/')
if username == 'admin':
return {
'status': 'error',
'message': 'You cannot delete the administration account.'
}
# Try both account by id and by username
adb = accountdb.AccountDB()
account = adb.review_account(username)
if not account:
return {
'status': 'error',
'message': 'No such account exists: %s' % (username)
}
# Instantiate a form and populate it with the data
f = delete_confirmation_form()
f.fill(account)
return {
'status':
'success',
'message':
'Are you sure you wish to delete the account: %s' %
account['username'],
'form':
f
}
def POST(self, get_string=''):
log.loggit('delete.POST()')
# Catch the cancel button
if web.input().has_key('cancel'):
raise web.seeother('../')
# Validate the form
f = delete_confirmation_form()
if not f.validates():
return {
'status': 'error',
'message':
'Verify all information has been provided correctly.',
'form': f
}
if f.d['username'] == 'admin':
return {
'status': 'error',
'message': 'You cannot delete the administration account.'
}
# update the account in the database
adb = accountdb.AccountDB()
try:
row = adb.delete_account(f.d['username'])
except:
return {
'status': 'error',
'message': 'An error occurred deleting the account.'
}
raise web.seeother('../')
def GET(self, get_string=''):
log.loggit('update.GET()')
# Grab the account id from the get string
username = get_string.lstrip('/')
if not username:
raise web.seeother('../')
# Must be a matching user or administrator to review accounts
wputil.must_match_username_or_admin(username)
# Verify account exists
adb = accountdb.AccountDB()
account = adb.review_account(username)
if not account:
return {
'status': 'error',
'message': 'No such account exists: %s' % (username)
}
# Instantiate a form and populate it with the data
if wputil.is_admin():
f = admin_account_form()
else:
f = account_form()
f.fill(wputil.clean_account(account))
return {
'status': 'success',
'message':
'Required fields include: id, username, password, password2 - Note that password and password2 must match.',
'form': f
}
def validate_basic_auth():
"""
Authenticates against the database user accounts using HTTP Basic authentication
"""
log.loggit('validate_basic_auth()')
auth_header = web.ctx.env.get('HTTP_AUTHORIZATION')
username = ""
password = ""
if auth_header is None:
raise web.unauthorized(UNAUTHORIZED_MESSAGE, UNAUTHORIZED_HEADERS)
elif not auth_header.startswith('Basic '):
raise web.unauthorized(UNAUTHORIZED_MESSAGE, UNAUTHORIZED_HEADERS)
else:
auth = re.sub('^Basic ', '', auth_header)
username, password = base64.decodestring(auth).split(':')
adb = accountdb.AccountDB()
account = adb.login(username, password, False)
if account is None:
raise web.unauthorized(UNAUTHORIZED_MESSAGE, UNAUTHORIZED_HEADERS)
return True
def PUT(self, get_string=''):
log.loggit('default.PUT()')
adb = accountdb.AccountDB()
try:
account = adb.update_account(web.input())
except Exception, e:
return {
'status': 'failure',
'message': '%s %s' % (repr(e), str(e))
}
def POST(self):
log.loggit('rest_login.POST()')
wi = web.input()
# Get the account credentials
adb = accountdb.AccountDB()
try:
result = adb.login(wi['username'], wi['password'])
except Exception, e:
return {'status': 'error', 'message': 'An error occurred: %s' % e}
def GET(self, get_string=''):
log.loggit('default.GET()')
# Get the accounds and delete the password field
adb = accountdb.AccountDB()
accounts = adb.review_accounts()
for account in accounts:
account = wputil.clean_account(account)
return {
'status': 'success',
'message':
'Select the user account to review, update or delete. Click the Add Account link to create a new account.',
'accounts': accounts
}
def DELETE(self, get_string=''):
log.loggit('default.DELETE()')
if web.input()['username'] == 'admin':
return {
'status': 'failure',
'message': 'Cannot delete the admin account.'
}
adb = accountdb.AccountDB()
try:
result = adb.delete_account(web.input()['username'])
except Exception, e:
return {
'status': 'failure',
'message': '%s %s' % (repr(e), str(e))
}
def POST(self):
log.loggit('create.POST()')
# Check to see if we are canceling out
if web.input().has_key('cancel'):
raise web.seeother('../')
# Validate the form and redirect user if needed
f = account_form()
if not f.validates():
return {
'status': 'error',
'message':
'Verify all information has been provided correctly.',
'form': f
}
# We can't add to or modify the f.d Storage, so create a new dict to pass
# to create the account
acct = {}
acct['username'] = f.d['username']
acct['password'] = f.d['password']
acct['role'] = f.d['role']
# Adding blank default fields
acct['last_ip'] = '',
acct['last_login'] = '',
# Adding the consumer_key/consumer_secret to support oauth
acct['consumer_key'] = ''.join(
random.choice(string.letters) for i in xrange(32))
acct['consumer_secret'] = ''.join(
random.choice(string.letters) for i in xrange(32))
# Try to write the data to the database
adb = accountdb.AccountDB()
try:
account = adb.create_account(acct)
except Exception, e:
return {
'status': 'error',
'message': 'An error occurred: %s' % e,
'form': f
}
def validate_two_leg_oauth():
"""
Verify 2-legged oauth request using values in "Authorization" header.
"""
log.loggit('validate_two_leg_oauth()')
parameters = web.input()
if web.ctx.env.has_key('HTTP_AUTHORIZATION') and web.ctx.env[
'HTTP_AUTHORIZATION'].startswith('OAuth '):
parameters = split_header(web.ctx.env['HTTP_AUTHORIZATION'])
# We have to reconstruct the original full URL used when signing
# so if there are ever 401 errors verifying a request, look here first.
req = oauth2.Request(web.ctx.env['REQUEST_METHOD'],
web.ctx['homedomain'] + web.ctx.env['REQUEST_URI'],
parameters=parameters)
if not req.has_key('oauth_consumer_key'):
raise web.unauthorized()
# Verify the account referenced in the request is valid
adb = accountdb.AccountDB()
account = adb.review_account_using_info('consumer_key',
req['oauth_consumer_key'])
if not account:
raise web.unauthorized(UNAUTHORIZED_MESSAGE)
# Create an oauth2 Consumer with an account's consumer_key and consumer_secret
# to be used to verify the request
consumer = oauth2.Consumer(account['consumer_key'],
account['consumer_secret'])
# Create our oauth2 Server and add hmac-sha1 signature method
server = oauth2.Server()
server.add_signature_method(oauth2.SignatureMethod_HMAC_SHA1())
# Attempt to verify the authorization request via oauth2
try:
server.verify_request(req, consumer, None)
except oauth2.Error, e:
log.loggit('validate_two_leg_oauth() - %s %s' % (repr(e), str(e)))
raise web.unauthorized(e)
def POST(self, get_string=''):
log.loggit('update.POST()')
# Must be a matching user or administrator to update
wputil.must_match_username_or_admin(web.input()['username'])
# Catch the cancel button
if web.input().has_key('cancel'):
if wputil.is_admin():
raise web.seeother('../')
else:
raise web.seeother('../../')
# Validate the form
if wputil.is_admin():
f = admin_account_form()
else:
f = account_form()
if not f.validates():
return {
'status': 'error',
'message':
'Verify all information has been provided correctly.',
'form': f
}
# update the account in the database
adb = accountdb.AccountDB()
try:
account = adb.update_account(f.d)
except:
return {
'status': 'error',
'message': 'An error occurred updating the account.',
'form': f
}
raise web.seeother('../review/%s' % (account['username']))
def POST(self):
log.loggit('login.POST()')
# Check to see if we are canceling out
if web.input().has_key('cancel'):
raise web.seeother('/', absolute=True)
# Validate the form
f = login_form()
if not f.validates():
return {
'status': 'error',
'message':
'Verify all information has been provided correctly.',
'form': f
}
# Get the account credentials
adb = accountdb.AccountDB()
try:
result = adb.login(f.d.username, f.d.password)
except Exception, e:
return {'status': 'error', 'message': 'An error occurred: %s' % e}
#!/usr/bin/python
import os
import sys
import web
import json
import mimerender
import wputil
log = wputil.Log('account_review')
import accountdb
adb = accountdb.AccountDB()
mimerender = mimerender.WebPyMimeRender()
# These are the URLs we watch for. We don't see the prepended /account portion
# in this module because the index.py runs us as a subapplication.
urls = ('', wputil.slashy, '/(.*)', 'review')
htmlout = web.template.render('templates/', base='layout')
render_html = lambda **kwargs: htmlout.account_review(kwargs)
class review:
"""
This class handles the GET method for the /account/review URL.
This class displays the individual record based upon the URL.
For example:
http://xx.xx.xx.xx/account/review/tom <-- look at record with username of tom
