Esempio n. 1
0
    def get_current_user(self):
        """Attempts to load user information from cookie. If that
        fails, it looks for credentials as arguments.

        It then attempts auth with the found credentials by checking for that in
        the database.
        """
        user = None
        # Try loading credentials from secure cookie
        user_id = self.get_cookie('user_id',
                                  secret=self.application.cookie_secret)

        logging.debug(user_id)
        # If secure cookies yields username, load it
        if user_id:
            user = load_user(self.db_conn, username=user_id)
            return user

        # If not, check POST args and attempt load
        else:
            username = self.get_argument('username')
            password = self.get_argument('password')
            if username:
                user = load_user(self.db_conn, username=username)

        if not user or (user and user.username != username):
            logging.error('Auth fail: bad username')
            return

        if not user.check_password(password):
            logging.error('Auth fail: bad password')
            return

        logging.debug('Access granted for user: %s' % user.username)
        return user
Esempio n. 2
0
    def get_current_user(self):
        """Attempts to load user information from cookie. If that
        fails, it looks for credentials as arguments.

        It then attempts auth with the found credentials by checking for that in
        the database.
        """
        user = None
        # Try loading credentials from secure cookie
        user_id = self.get_cookie("user_id", secret=self.application.cookie_secret)

        logging.debug(user_id)
        # If secure cookies yields username, load it
        if user_id:
            user = load_user(self.db_conn, username=user_id)
            return user

        # If not, check POST args and attempt load
        else:
            username = self.get_argument("username")
            password = self.get_argument("password")
            if username:
                user = load_user(self.db_conn, username=username)

        if not user or (user and user.username != username):
            logging.error("Auth fail: bad username")
            return

        if not user.check_password(password):
            logging.error("Auth fail: bad password")
            return

        logging.debug("Access granted for user: %s" % user.username)
        return user
Esempio n. 3
0
    def __init__(self, generate=False, **kwargs):
        self._drop = {}
        for k, v in kwargs.iteritems():
            if k not in self.allowed_attrs:
                raise UnknownAttribute(attribute=k)
            self._drop[k] = v

        if 'canarytoken' not in self._drop:
            raise NoCanarytokenPresent()

        if 'timestamp' not in self._drop:
            self._drop['timestamp'] = datetime.datetime.utcnow()\
                                        .strftime("%s.%f")

        if 'imgur_token' in self._drop and not self._drop['imgur_token']:
            raise Exception('Missing imgur_token from Canarydrop')

        if 'user' not in self._drop or self._drop['user'] in ('None',
                                                              'Anonymous'):
            self._drop['user'] = AnonymousUser()
        else:
            self._drop['user'] = load_user(self._drop['user'])
            if not self._drop['user']:
                raise NoUser()

        if 'auth' not in self._drop:
            self._drop['auth'] = md5.md5(str(random.SystemRandom()\
                                  .randrange(1,2**128))).hexdigest()

        if self._drop.get('browser_scanner_enabled', '') in ('True', True):
            self._drop['browser_scanner_enabled'] = True
        else:
            self._drop['browser_scanner_enabled'] = False

        if self._drop.get('alert_email_enabled', '') in ('True', True):
            self._drop['alert_email_enabled'] = True
        else:
            self._drop['alert_email_enabled'] = False

        if self._drop.get('alert_webhook_enabled', '') in ('True', True):
            self._drop['alert_webhook_enabled'] = True
        else:
            self._drop['alert_webhook_enabled'] = False

        if self._drop.get('alert_sms_enabled', '') in ('True', True):
            self._drop['alert_sms_enabled'] = True
        else:
            self._drop['alert_sms_enabled'] = False

        if self._drop.get('web_image_enabled', '') in ('True', True):
            self._drop['web_image_enabled'] = True
        else:
            self._drop['web_image_enabled'] = False

        if generate:
            self.generate_random_url()
            self.generate_random_hostname()
Esempio n. 4
0
    def __init__(self, generate=False, **kwargs):
        self._drop = {}
        for k, v in kwargs.iteritems():
            if k not in self.allowed_attrs:
                raise UnknownAttribute(attribute=k)
            self._drop[k] = v

        if 'canarytoken' not in self._drop:
            raise NoCanarytokenPresent()

        if 'timestamp' not in self._drop:
            self._drop['timestamp'] = datetime.datetime.utcnow()\
                                        .strftime("%s.%f")

        if 'imgur_token' in self._drop and not self._drop['imgur_token']['id']:
            raise Exception('Missing imgur_token from Canarydrop')

        if 'user' not in self._drop or self._drop['user'] in ('None', 'Anonymous'):
            self._drop['user'] = AnonymousUser()
        else:
            self._drop['user'] = load_user(self._drop['user'])
            if not self._drop['user']:
                raise NoUser()

        if 'auth' not in self._drop:
            self._drop['auth'] = md5.md5(str(random.SystemRandom()\
                                  .randrange(1,2**128))).hexdigest()

        if self._drop.get('browser_scanner_enabled', '') in ('True', True):
            self._drop['browser_scanner_enabled'] = True
        else:
            self._drop['browser_scanner_enabled'] = False

        if self._drop.get('alert_email_enabled', '') in ('True', True):
            self._drop['alert_email_enabled'] = True
        else:
            self._drop['alert_email_enabled'] = False

        if self._drop.get('alert_webhook_enabled', '') in ('True', True):
            self._drop['alert_webhook_enabled'] = True
        else:
            self._drop['alert_webhook_enabled'] = False

        if self._drop.get('alert_sms_enabled', '') in ('True', True):
            self._drop['alert_sms_enabled'] = True
        else:
            self._drop['alert_sms_enabled'] = False

        if self._drop.get('web_image_enabled', '') in ('True', True):
            self._drop['web_image_enabled'] = True
        else:
            self._drop['web_image_enabled'] = False

        if generate:
            self.generate_random_url()
            self.generate_random_hostname()