def create_user_post_view(self):
length = int(self.headers['Content-Length'])
data = self.rfile.read(length)
post_data = parse_qs(data.decode('utf-8'))
name = post_data['name'][0]
password = post_data['password'][0]
logger.info("attempt to create user '{}'".format(name))
if User.select().where(User.name == name).exists():
logger.warn("user '{}' already exists!".format(name))
self.render_template("message.html", message="Такой пользователь уже есть")
return
user = User.create(name=name, password=make_password(name, password))
user.save()
logger.info("user '{}' created successfully".format(name))
self.send_response(302)
self.send_header('location', '/admin')
self.end_headers()
def enable_user_view(self, name):
try:
user = User.select().where(User.name == name).get()
except DoesNotExist:
logger.warn("user '{}' not found".format(name))
return
user.disabled = False
user.save()
self.send_response(302)
self.send_header('location', '/admin')
self.end_headers()
def authenticate(username, password):
try:
user = User.select().where(User.name == username).get()
except DoesNotExist:
logger.warn("user '{}' not found".format(username))
return
if user.disabled and not user.superuser:
logger.warn("user '{}' is disabled".format(username))
return
if make_password(username, password) == user.password:
logger.info("user '{}' authenticated OK".format(username))
return user
logger.warn("wrong password for user '{}'".format(username))
def auth_post_view(self):
length = int(self.headers['Content-Length'])
data = self.rfile.read(length)
post_data = parse_qs(data.decode('utf-8'))
user = authenticate(post_data['user'][0],
post_data['password'][0])
sid = None
if user:
self.user = user
sid = uuid.uuid1().hex
self.SESSIONS[sid] = user
self.authorize(sid)
else:
username = post_data['user'][0]
if username not in self.ATTEMPTS:
self.ATTEMPTS[username] = 0
self.ATTEMPTS[username] += 1
logger.warn("{} attempt to login as '{}'".format(self.ATTEMPTS[username], username))
if self.ATTEMPTS[username] > 3:
try:
user = User.select().where(User.name == username).get()
except DoesNotExist:
logger.warn("user '{}' not found".format(username))
return
user.disabled = True
user.save()
logger.warn("user '{}' DISABLED".format(username))
if sid:
self.send_response(302)
self.cookie['session'] = sid
self.send_header('location', '/')
self.flush_headers()
self.wfile.write(self.cookie.output().encode())
self.wfile.write(b'\n')
self.end_headers()
return
else:
return self.auth_view(error="Ошибка аутентификации")
def admin_view(self):
self.render_template("admin.html", users=User.select())
