def check_permission(self, cookie_env, name): if usermanager.get_permission(cookie_env, name): return None return self.get_error(201, "Action not allowed! You need permission '%s'!" % name)
def handle_request(self, qs, environ=None): ## Get cookie_env: if environ is None: cookie_env = os.getenv("HTTP_COOKIE") else: if "HTTP_COOKIE" in environ: cookie_env = environ["HTTP_COOKIE"] else: cookie_env = "" if not "page" in qs: if not usermanager.get_permission(cookie_env, "access"): return { "status": 302, "headers": { "Location": "index.py?page=login" }, "content": "" } tpl = self.env.get_template("index_default.html") return { "status": 200, "headers": { "Content-Type": "text/html" }, "content": tpl.render( loggedin=usermanager.is_loggedin(cookie_env), username=usermanager.get_username(cookie_env) ) } elif qs["page"][0] == "login": if usermanager.is_loggedin(cookie_env): return { "status": 302, "headers": { "Location": "index.py" }, "content": "" } else: tpl = self.env.get_template("login.html") if "error" in qs: err = True else: err = False return { "status": 200, "headers": { "Content-Type": "text/html" }, "content": tpl.render( error=err ) } elif qs["page"][0] == "loginaction": ## Read POST data: if environ is None: data = sys.stdin.read() else: data = environ['wsgi.input'].read() data = dict(urllib.parse.parse_qs(data)) if (not "password" in data and not b"password" in data) or (not "username" in data and not b"username" in data): ## No username or no password given: return { "status": 302, "headers": { "Location": "index.py?page=login&error" }, "content": "" } else: ## Everything seems okay, prepare login data: if "username" in data: username = data["username"][0].strip() password = data["password"][0].strip() else: username = data[b"username"][0].strip().decode("utf-8") password = data[b"password"][0].strip().decode("utf-8") ## ... and login: status = usermanager.login(username, password) if isinstance(status, dict): ret = { "status": 302, "headers": { "Location": "index.py" }, "content": "" } for key, val in status.items(): ret["headers"][key] = val return ret else: return { "status": 302, "headers": { "Location": "index.py?page=login&error" }, "content": "" } elif qs["page"][0] == "logout": status = usermanager.logout(cookie_env) ret = { "status": 302, "headers": { "Location": "index.py" }, "content": "" } if isinstance(status, dict): for key, val in status.items(): ret["headers"][key] = val return ret