def validate(client_id, p, ip, user_agent): if APIController.get_salted(p) == SecureSettings.get_string( "api_password"): client_key = APIController.get_salted(client_id) session_key = AuthController.generate_session_key() Database().add_client(client_key, session_key, ip, user_agent) return True, session_key return False, None
def on_init(client_id, session_key): Logger().write(LogVerbosity.Info, "Init UI: " + client_id) client = [ x for x in UIWebsocketController.clients if x.sid == request.sid ][0] client_key = APIController.get_salted(client_id) client.authenticated = Database().check_session_key( client_key, session_key) if not client.authenticated: Logger().write(LogVerbosity.Debug, "UI invalid client/session key") return client.authenticated
def login(): client_id = request.headers.get('Client-ID', None) p = request.args.get('p') ip_addr = request.headers.get('HTTP_X_FORWARDED_FOR', None) or request.remote_addr user_agent = request.user_agent.string success, key = AuthController.validate(client_id, p, ip_addr, user_agent) Logger().write(LogVerbosity.Info, str(client_id) + " log on result: " + str(success)) status = 200 if not success: Database().add_login_attempt(APIController.get_salted(client_id), ip_addr, user_agent, "Login") status = 401 return to_JSON(AuthResult(success, key)), status
def refresh(): client_id = request.headers.get('Client-ID', None) client_key = APIController.get_salted(client_id) client_known = Database().client_known(client_key) ip_addr = request.headers.get('HTTP_X_FORWARDED_FOR', None) or request.remote_addr user_agent = request.user_agent.string if not client_known: Logger().write(LogVerbosity.Info, str(client_id) + " failed to refresh") Database().add_login_attempt(client_key, ip_addr, user_agent, "Refresh") return to_JSON(AuthResult(False, None)), 401 session_key = AuthController.generate_session_key() Database().refresh_session_key(client_key, session_key, ip_addr, user_agent) Logger().write(LogVerbosity.Debug, str(client_id) + " successfully refreshed") return to_JSON(AuthResult(True, session_key)), 200