def _get_user(): '''Read user/pass data from request using all known auth methods (token or basic). Load user data from DB and match passwords. Returns user object or None if failed. ''' user = None for read_auth_data in [ _get_auth_token, _get_auth_basic ]: username, auth_token = read_auth_data(bottle.request.params, bottle.request.headers) if username: user = database.user(email=username) if user is None or user['authentication_token'] != auth_token: return None elif auth_token: user = database.user(authentication_token=auth_token) if user: return user return None
def authorize():
client_id = int(request.form['client_id'])
login = request.form['login']
password = request.form['password']
state = request.form.get('state', None)
if not database.user(login=login):
return redirect(database.client[client_id]['redirect_uri'] + '?error=access_denied' +
('' if state is None else '&state=' + state), code=302)
if database.user(login=login)[0]['password'] != sha256(password.encode('UTF-8')).hexdigest():
return redirect(database.client[client_id]['redirect_uri'] + '?error=access_denied' +
('' if state is None else '&state=' + state), code=302)
code = sha256(str(uuid4()).encode('UTF-8')).hexdigest()
database.auth_code.insert(user_id=database.user(login=login)[0]['__id__'], code=code,
expired=datetime.now() + timedelta(minutes=10))
database.auth_code.commit()
return redirect(database.client(client_id=client_id)[0]['redirect_uri'] + '?code=' + code +
('' if state is None else '&state=' + state), code=302)
def check_auth_publickey(self, username, key):
pub_key_filename = database.user(username).public_key_filename
try:
LOG.info("checking %s" % pub_key_filename)
assert os.path.exists(pub_key_filename)
with open(pub_key_filename, 'rb') as pubkey:
pubkey_data = pubkey.read().split(' ')[1]
except paramiko.SSHException as e:
LOG.error(e)
return paramiko.AUTH_FAILED
else:
if key.get_base64() == pubkey_data:
LOG.info("user successfully authed publickey")
return paramiko.AUTH_SUCCESSFUL
return paramiko.AUTH_FAILED
def check_auth_publickey(self, username, key):
pub_key_filename = database.user(username).public_key_filename
try:
LOG.info("checking %s" % pub_key_filename)
assert os.path.exists(pub_key_filename)
with open(pub_key_filename, 'rb') as pubkey:
pubkey_data = pubkey.read().split(' ')[1]
except paramiko.SSHException as e:
LOG.error(e)
return paramiko.AUTH_FAILED
else:
if key.get_base64() == pubkey_data:
LOG.info("user successfully authed publickey")
return paramiko.AUTH_SUCCESSFUL
return paramiko.AUTH_FAILED
def login():
error = None
if request.method == "POST":
user = database.user(request.form["username"])
if not user:
error = "Invalid username"
elif not check_password_hash(user["password_hash"], request.form["password"]):
error = "Invalid password"
else:
session["logged_in"] = True
session["username"] = user["username"]
if database.permissions_role(user["permissions"]) == ROLE_ADMINISTRATOR:
return flask.redirect(url_for("admin"))
elif database.permissions_role(user["permissions"]) == ROLE_AUTHOR:
return flask.redirect(url_for("author"))
return flask.redirect(url_for("index"))
return render_template("login.html", error=error)
def register():
login = request.form['login']
password = request.form['password']
if not login:
return render_template('register_form.html', error='Не введен логин')
if not password:
return render_template('register_form.html', error='Не введен пароль')
name = request.form['name'] or None
email = request.form['email'] or None
phone = request.form['phone'] or None
if database.user(login=login):
return render_template('register_form.html', error='Пользователь с таким логином уже существует')
database.user.insert(login=login, password=sha256(password.encode('UTF-8')).hexdigest(),
name=name, email=email, phone=phone)
database.user.commit()
return render_template('register_success.html')
def user_register():
if request.method == "POST":
DBsession = sessionmaker(bind=db.engine)
data = request.get_data()
json_data = json.loads(data.decode('utf-8'))
firstname = json_data.get('firstname')
lastname = json_data.get('lastname')
account = json_data.get('accountname')
password = json_data.get('password')
photoName = json_data.get('photoName')
#confirm_password = json_data.get('confirm_password')
email = json_data.get('email')
#birthday = json_data.get('birthday')
dbsession = DBsession()
new_user = user(account, password, email, photoName)
try:
dbsession.add(new_user)
except Exception as e:
return jsonify({"register": 'failed'})
dbsession.commit()
dbsession.close()
return jsonify({'register': "success"})
def step_impl(context):
context.result = database.user(context.username)
def step_impl(context):
context.result = database.user(context.username)
def session_permissions():
if not "username" in session:
abort(500)
return database.permissions_role(database.user(session["username"])["permissions"])
