def create_user_post_view(self): length = int(self.headers['Content-Length']) data = self.rfile.read(length) post_data = parse_qs(data.decode('utf-8')) name = post_data['name'][0] password = post_data['password'][0] logger.info("attempt to create user '{}'".format(name)) if User.select().where(User.name == name).exists(): logger.warn("user '{}' already exists!".format(name)) self.render_template("message.html", message="Такой пользователь уже есть") return user = User.create(name=name, password=make_password(name, password)) user.save() logger.info("user '{}' created successfully".format(name)) self.send_response(302) self.send_header('location', '/admin') self.end_headers()
def enable_user_view(self, name): try: user = User.select().where(User.name == name).get() except DoesNotExist: logger.warn("user '{}' not found".format(name)) return user.disabled = False user.save() self.send_response(302) self.send_header('location', '/admin') self.end_headers()
def authenticate(username, password): try: user = User.select().where(User.name == username).get() except DoesNotExist: logger.warn("user '{}' not found".format(username)) return if user.disabled and not user.superuser: logger.warn("user '{}' is disabled".format(username)) return if make_password(username, password) == user.password: logger.info("user '{}' authenticated OK".format(username)) return user logger.warn("wrong password for user '{}'".format(username))
def auth_post_view(self): length = int(self.headers['Content-Length']) data = self.rfile.read(length) post_data = parse_qs(data.decode('utf-8')) user = authenticate(post_data['user'][0], post_data['password'][0]) sid = None if user: self.user = user sid = uuid.uuid1().hex self.SESSIONS[sid] = user self.authorize(sid) else: username = post_data['user'][0] if username not in self.ATTEMPTS: self.ATTEMPTS[username] = 0 self.ATTEMPTS[username] += 1 logger.warn("{} attempt to login as '{}'".format(self.ATTEMPTS[username], username)) if self.ATTEMPTS[username] > 3: try: user = User.select().where(User.name == username).get() except DoesNotExist: logger.warn("user '{}' not found".format(username)) return user.disabled = True user.save() logger.warn("user '{}' DISABLED".format(username)) if sid: self.send_response(302) self.cookie['session'] = sid self.send_header('location', '/') self.flush_headers() self.wfile.write(self.cookie.output().encode()) self.wfile.write(b'\n') self.end_headers() return else: return self.auth_view(error="Ошибка аутентификации")
def admin_view(self): self.render_template("admin.html", users=User.select())