Esempio n. 1
0
def login():
    try:
        email = request.json['email']
        password = request.json['password']
    except KeyError as e:
        return jsonify({'error': 'Missing field(s).', 'details': str(e)}), 401

    try:
        if email != 'admin':
            user = User.find_one(email=email)
            if not user or not user.check_password(password):
                raise ValueError()
            role = user.role
        else:
            role = 'admin'
            if password != config.ADMIN_PASSWORD:
                raise ValueError()

        s = Session(email=email, role=role)
        s.save()

        session['token'] = s.token
        session['email'] = email

        return Response(status=200)
    except ValueError:
        return Response(status=401)
Esempio n. 2
0
def client_login(params):
    code = params.get("code")
    if not code or len(code) != 36:
        return {"error_code":1, "msg":"params invalid"}
    key = "jump-%s" % code
    obj = misc.misc_get(key)
    if not obj:
        return {"error_code":1, "msg":"code not exists"}
    dic = utils.loads(obj.value)

    obj.delete_instance()
    if dic['expire_at'] < utils.stamp():
        return {"error_code":1, "msg":"code expire"}

    user = User.select().where(User.id==dic['user_id']).first()
    res = {"error_code":0, "msg":"ok"}
    res['session_token'] = generate_token()
    sess = Session()
    sess.user = user
    sess.session_key = res['session_token']
    sess.expire_at = utils.timedelta(utils.now(), days=1)
    res['expire_at'] = 0
    sess.save()
    res['identify'] = user.identify
    return res
Esempio n. 3
0
def client_login(params):
    code = params.get("code")
    if not code or len(code) != 36:
        return {"error_code": 1, "msg": "params invalid"}
    key = "jump-%s" % code
    obj = misc.misc_get(key)
    if not obj:
        return {"error_code": 1, "msg": "code not exists"}
    dic = utils.loads(obj.value)

    obj.delete_instance()
    if dic['expire_at'] < utils.stamp():
        return {"error_code": 1, "msg": "code expire"}

    user = User.select().where(User.id == dic['user_id']).first()
    res = {"error_code": 0, "msg": "ok"}
    res['session_token'] = generate_token()
    sess = Session()
    sess.user = user
    sess.session_key = res['session_token']
    sess.expire_at = utils.timedelta(utils.now(), days=1)
    res['expire_at'] = 0
    sess.save()
    res['identify'] = user.identify
    return res
Esempio n. 4
0
def login(uname, password):
    if not uname or not password:
        return {"error_code":20001, "msg":"parameters required"}

    user = User.select().where(User.username == uname or User.email == uname or User.phone == uname).first()
    if not user:
        return {"error_code":20002, "msg":"user not exists"}
    if not check_password(password, user.password, user.salt):
        return {"error_code":20003, "msg":"username or password invalid"}

    res = {"error_code":0, "msg":"ok"}
    res['session_token'] = generate_token()
    sess = Session()
    sess.user = user
    sess.session_key = res['session_token']

    sess.expire_at = utils.timedelta(utils.now(), days=1)
    res['expire_at'] = 0
    sess.save()

    return res
Esempio n. 5
0
def login(uname, password):
    if not uname or not password:
        return {"error_code":20001, "msg":"parameters required"}

    user = SystemUser.select().where(SystemUser.username == uname).first()
    if not user:
        return {"error_code":20002, "msg":"user not exists"}
    if not check_password(password, user.password, user.salt):
        return {"error_code":20003, "msg":"username or password invalid"}

    res = {"error_code":0, "msg":"ok"}
    res['session_token'] = generate_token()
    sess = Session()
    sess.user = user
    sess.session_key = res['session_token']

    sess.expire_at = utils.timedelta(utils.now(), days=1)
    res['expire_at'] = 0
    sess.save()

    return res
Esempio n. 6
0
def register(request) -> bytes:
    if request.method == 'POST':
        form = request.form()
        user, result = User.register(form)
        if user.is_guest():
            return redirect('/todo/register?result={}'.format(result))
        else:
            session_id = Session.save(user.id)
            header = {
                'Set-Cookie': 'session_id={}; HttpOnly; path=/'.format(session_id)
            }
            return redirect('/', header)
    else:
        return redirect('/todo/register')
Esempio n. 7
0
def create():
    auth_header = request.headers.get('Authorization')
    if auth_header:
        auth_token = auth_header.split(" ")[1]
    else:
        response = {
            'status': 'failed',
            'message': 'No authorization header found.'
        }
        return make_response(jsonify(response), 401)

    user_id = User.decode_auth_token(auth_token)
    user = User.get(User.id == user_id)

    if user:
        post_data = request.get_json()
        session = Session(
            title=post_data['title'],
            session_type=post_data['session_type'],
            description=post_data['description'],
            user=user.id
        )
        if session.save():
            response = {
                'status': 'success',
                'message': 'Session successfully saved.',
                'session': {
                    'id': session.id,
                    'title': session.title,
                    'session_type': session.session_type
                }
            }
            return make_response(jsonify(response), 201)
        else:
            response = {
                'status': 'failed',
                'message': 'Session did not save. Try again later.'
            }
            return make_response(jsonify(response), 400)
    else:
        response = {
            'status': 'failed',
            'message': 'Authentication failed'
        }
        return make_response(jsonify(response), 400)
if os.environ["REQUEST_METHOD"] == "GET":

    print("Content-type: text/html")
    print(login_view())
    print()

elif os.environ["REQUEST_METHOD"] == "POST":
    form = cgi.FieldStorage()
    legajo = int(form.getvalue('legajo'))
    password = str(
        base64.b64encode(
            hashlib.md5(form.getvalue('password').encode(
                'utf8')).digest()).decode("utf8"))

    alumno = Alumno.get_by_legajo(legajo)
    if alumno.check_pass(password):

        session = Session(alumno.legajo)
        session.save()

        print("Status: 200 OK")
        print("Content-type: text/html")
        print(session.cookie.output())
        print()
        print("<h3>Te has logueado exitosamente</h3>")
    else:
        print("Status: 400 Bab Request")
        print("Content-type: text/html")
        print()
        print("<h3>Usuario o contrase&ntilde;a intorrectos</h3>")