def post(self):
username = self.get_argument("username", "")
password = self.get_argument("password", "")
if RUNTIME.check_permission(username, password):
self.set_secure_cookie("user", username)
self.redirect(self.get_argument("next", "/"))
else:
error_msg = "Login incorrect."
self.redirect("/auth/login/" + "?error=" +
tornado.escape.url_escape(error_msg))
def post(self):
username = self.get_argument("username", "")
password = self.get_argument("password", "")
if RUNTIME.check_permission(username, password):
self.set_secure_cookie("user", username)
self.redirect(self.get_argument("next", "/"))
else:
error_msg = "Login incorrect."
self.redirect("/auth/login/" +
"?error=" +
tornado.escape.url_escape(error_msg))
def post(self, *args, **kwargs):
"""Process login credentials."""
username = self.get_argument("username", "")
password = self.get_argument("password", "")
if RUNTIME.check_permission(username, password):
self.set_secure_cookie("username", username)
self.redirect("/index.html")
else:
self.clear_cookie("username")
self.redirect("/auth/login?error=Wrong Password")
def put(self, *args, **kwargs):
"""Update an account.
Args:
[0]: the username
Request:
version: protocol version (1.0)
username: username
role: tole
name: name
surname: surname
email: email
password: password
new_password: new_password
new_password_confirm: new_password_confirm
Example URLs:
PUT /api/v1/accounts/test
{
"version" : 1.0,
"username" : "foo",
"role" : "user",
"name" : "foo",
"surname" : "foo",
"email" : "*****@*****.**"
}
"""
if 'new_password' in kwargs:
if kwargs['new_password'] != kwargs['new_password_confirm']:
raise ValueError("Passwords do not match")
if not RUNTIME.check_permission(args[0], kwargs['password']):
raise ValueError("Invalid old passwor")
kwargs['password'] = kwargs['new_password']
del kwargs['new_password']
del kwargs['new_password_confirm']
del kwargs['version']
account = RUNTIME.accounts[args[0]]
for param in kwargs:
setattr(account, param, kwargs[param])
def prepare(self):
"""Prepare to handler reply."""
self.set_header('Content-Type', 'application/json')
if not self.RIGHTS[self.request.method]:
return
auth_header = self.request.headers.get('Authorization')
if auth_header is None or not auth_header.startswith('Basic '):
self.set_header('WWW-Authenticate', 'Basic realm=Restricted')
self.send_error(401)
return
auth_bytes = bytes(auth_header[6:], 'utf-8')
auth_decoded = base64.b64decode(auth_bytes).decode()
username, password = auth_decoded.split(':', 2)
# account does not exists
if not RUNTIME.check_permission(username, password):
self.send_error(401)
return
self.account = RUNTIME.get_account(username)
if self.account.role in self.RIGHTS[self.request.method]:
if self.account.role == ROLE_ADMIN:
return
if self.request.uri.startswith("/api/v1/accounts"):
pattern = re.compile("/api/v1/accounts/([a-zA-Z0-9:-]*)/?")
match = pattern.match(self.request.uri)
if match and match.group(1):
if match.group(1) in RUNTIME.accounts:
account = RUNTIME.accounts[match.group(1)]
if self.account.username == account.username:
return
else:
self.send_error(401)
return
return
if self.request.uri.startswith("/api/v1/pending"):
pattern = re.compile("/api/v1/pending/([a-zA-Z0-9-]*)/?")
match = pattern.match(self.request.uri)
if match and match.group(1):
try:
tenant_id = UUID(match.group(1))
except ValueError:
self.send_error(400)
return
pending = RUNTIME.load_pending_tenant(tenant_id)
if pending:
if self.account.username == pending.owner:
return
self.send_error(401)
return
return
if self.request.uri.startswith("/api/v1/tenants"):
pattern = re.compile("/api/v1/tenants/([a-zA-Z0-9-]*)/?")
match = pattern.match(self.request.uri)
if match and match.group(1):
tenant_id = UUID(match.group(1))
if tenant_id in RUNTIME.tenants:
tenant = RUNTIME.tenants[tenant_id]
if self.account.username == tenant.owner:
return
self.send_error(401)
return
return
self.send_error(401)
return
def prepare(self):
"""Prepare to handler reply."""
self.set_header('Content-Type', 'application/json')
if not self.RIGHTS[self.request.method]:
return
auth_header = self.request.headers.get('Authorization')
if auth_header is None or not auth_header.startswith('Basic '):
self.set_header('WWW-Authenticate', 'Basic realm=Restricted')
self.send_error(401)
return
auth_bytes = bytes(auth_header[6:], 'utf-8')
auth_decoded = base64.b64decode(auth_bytes).decode()
username, password = auth_decoded.split(':', 2)
# account does not exists
if not RUNTIME.check_permission(username, password):
self.send_error(401)
return
self.account = RUNTIME.get_account(username)
if self.account.role in self.RIGHTS[self.request.method]:
if self.account.role == ROLE_ADMIN:
return
if self.request.uri.startswith("/api/v1/accounts"):
pattern = re.compile("/api/v1/accounts/([a-zA-Z0-9:-]*)/?")
match = pattern.match(self.request.uri)
if match and match.group(1):
if match.group(1) in RUNTIME.accounts:
account = RUNTIME.accounts[match.group(1)]
if self.account.username == account.username:
return
self.send_error(401)
return
return
if self.request.uri.startswith("/api/v1/tenants"):
pattern = re.compile("/api/v1/tenants/([a-zA-Z0-9-]*)/?")
match = pattern.match(self.request.uri)
if match and match.group(1):
tenant_id = UUID(match.group(1))
if tenant_id in RUNTIME.tenants:
tenant = RUNTIME.tenants[tenant_id]
if self.account.username == tenant.owner:
return
self.send_error(401)
return
return
self.send_error(401)
return