def assertFailure(self, username, password, ip_address): authenticated_participation, cookie = validate_login( self.session, self.contest, self.timestamp, username, password, ipaddress.ip_address(ip_address)) self.assertIsNone(authenticated_participation) self.assertIsNone(cookie)
def try_user_login(self, user): try: # In py2 Tornado gives us the IP address as a native binary # string, whereas ipaddress wants text (unicode) strings. ip_address = ipaddress.ip_address(str(self.request.remote_ip)) except ValueError: logger.info("Invalid IP address provided by Tornado: %s", self.request.remote_ip) ip_address = None _, password = parse_authentication(user.password) participation, cookie = validate_login( self.sql_session, self.contest, self.timestamp, user.username, password, ip_address) cookie_name = self.contest.name + "_login" if cookie is None: self.clear_cookie(cookie_name) else: self.set_secure_cookie(cookie_name, cookie, expires_days=None) if participation is None: self.redirect_login_error() else: self.redirect_next()
def assertFailure(self, username, password, ip_address): authenticated_participation, cookie = validate_login( self.session, self.contest, self.timestamp, username, password, ipaddress.ip_address(ip_address)) self.assertIsNone(authenticated_participation) self.assertIsNone(cookie)
def setUp(self): super(TestAuthenticateRequest, self).setUp() self.timestamp = make_datetime() self.contest = self.add_contest() self.user = self.add_user( username="******", password=build_password("mypass")) self.participation = self.add_participation( contest=self.contest, user=self.user) _, self.cookie = validate_login( self.session, self.contest, self.timestamp, self.user.username, "mypass", ipaddress.ip_address("10.0.0.1"))
def assertSuccess(self, username, password, ip_address): # We had an issue where due to a misuse of contains_eager we ended up # with the wrong user attached to the participation. This only happens # if the correct user isn't already in the identity map, which is what # these lines trigger. self.session.flush() self.session.expire(self.user) self.session.expire(self.contest) authenticated_participation, cookie = validate_login( self.session, self.contest, self.timestamp, username, password, ipaddress.ip_address(ip_address)) self.assertIsNotNone(authenticated_participation) self.assertIsNotNone(cookie) self.assertIs(authenticated_participation, self.participation) self.assertIs(authenticated_participation.user, self.user) self.assertIs(authenticated_participation.contest, self.contest)
def assertSuccess(self, username, password, ip_address): # We had an issue where due to a misuse of contains_eager we ended up # with the wrong user attached to the participation. This only happens # if the correct user isn't already in the identity map, which is what # these lines trigger. self.session.flush() self.session.expire(self.user) self.session.expire(self.contest) authenticated_participation, cookie = validate_login( self.session, self.contest, self.timestamp, username, password, ipaddress.ip_address(ip_address)) self.assertIsNotNone(authenticated_participation) self.assertIsNotNone(cookie) self.assertIs(authenticated_participation, self.participation) self.assertIs(authenticated_participation.user, self.user) self.assertIs(authenticated_participation.contest, self.contest)
def post(self): error_args = {"login_error": "true"} next_page = self.get_argument("next", None) if next_page is not None: error_args["next"] = next_page if next_page != "/": next_page = self.url(*next_page.strip("/").split("/")) else: next_page = self.url() else: next_page = self.contest_url() error_page = self.contest_url(**error_args) username = self.get_argument("username", "") password = self.get_argument("password", "") try: # In py2 Tornado gives us the IP address as a native binary # string, whereas ipaddress wants text (unicode) strings. ip_address = ipaddress.ip_address(str(self.request.remote_ip)) except ValueError: logger.warning("Invalid IP address provided by Tornado: %s", self.request.remote_ip) return None start = time.time() participation, cookie = validate_login(self.sql_session, self.contest, self.timestamp, username, password, ip_address) end = time.time() logger.info("@@@@@@@@@@@@@@@@@@@") logger.info("@@@@@@@@@ %f @@@@@@@", end - start) logger.info("@@@@@@@@@@@@@@@@@@@") cookie_name = self.contest.name + "_login" if cookie is None: self.clear_cookie(cookie_name) else: self.set_secure_cookie(cookie_name, cookie, expires_days=None) if participation is None: self.redirect(error_page) else: self.redirect(next_page)
def post(self): error_args = {"login_error": "true"} next_page = self.get_argument("next", None) if next_page is not None: error_args["next"] = next_page if next_page != "/": next_page = self.url(*next_page.strip("/").split("/")) else: next_page = self.url() else: next_page = self.contest_url() error_page = self.contest_url(**error_args) username = self.get_argument("username", "") password = self.get_argument("password", "") try: # In py2 Tornado gives us the IP address as a native binary # string, whereas ipaddress wants text (unicode) strings. ip_address = ipaddress.ip_address(str(self.request.remote_ip)) except ValueError: logger.warning("Invalid IP address provided by Tornado: %s", self.request.remote_ip) return None participation, cookie = validate_login( self.sql_session, self.contest, self.timestamp, username, password, ip_address) cookie_name = self.contest.name + "_login" if cookie is None: self.clear_cookie(cookie_name) else: self.set_secure_cookie(cookie_name, cookie, expires_days=None) if participation is None: self.redirect(error_page) else: self.redirect(next_page)
def post(self): error_args = {"login_error": "true"} next_page = self.get_argument("next", None) if next_page is not None: error_args["next"] = next_page if next_page != "/": next_page = self.url(*next_page.strip("/").split("/")) else: next_page = self.url() else: next_page = self.contest_url() error_page = self.contest_url(**error_args) username = self.get_argument("username", "") password = self.get_argument("password", "") try: ip_address = ipaddress.ip_address(self.request.remote_ip) except ValueError: logger.warning("Invalid IP address provided by Tornado: %s", self.request.remote_ip) return None participation, cookie = validate_login(self.sql_session, self.contest, self.timestamp, username, password, ip_address) cookie_name = self.contest.name + "_login" if cookie is None: self.clear_cookie(cookie_name) else: self.set_secure_cookie(cookie_name, cookie, expires_days=None) if participation is None: self.redirect(error_page) else: self.redirect(next_page)