def login(): add_json_header(response) username = request.params.get("username") password = request.params.get("password") user = PYLOAD.checkAuth(username, password, request.environ.get('REMOTE_ADDR', None)) if not user: return json_response(False) s = set_session(request, user) # get the session id by dirty way, documentations seems wrong try: sid = s._headers["cookie_out"].split("=")[1].split(";")[0] # reuse old session id except: sid = request.get_header(session.options['key']) result = BaseEncoder().default(user) result["session"] = sid # Return full user information if needed if request.params.get('user', None): return dumps(result) return json_response(sid)
def login(): add_header(response) username = request.params.get("username") password = request.params.get("password") user = PYLOAD.checkAuth(username, password, request.environ.get('REMOTE_ADDR', None)) if not user: return dumps(False) s = set_session(request, user) # get the session id by dirty way, documentations seems wrong try: sid = s._headers["cookie_out"].split("=")[1].split(";")[0] # reuse old session id except: sid = request.get_header(session.options['key']) result = BaseEncoder().default(user) result["session"] = sid # Return full user information if needed if request.params.get('user', None): return dumps(result) return dumps(sid)
def call_api(func, args=""): add_header(response) s = request.environ.get('beaker.session') auth = parse_auth(request.get_header('Authorization', '')) # TODO: session as GET if 'session' in request.POST: # removes "' so it works on json strings s = s.get_by_id(remove_chars(request.POST['session'], "'\"")) elif auth: user = PYLOAD.checkAuth(auth[0], auth[1], request.environ.get('REMOTE_ADDR', None)) # if auth is correct create a pseudo session if user: s = {'uid': user.uid} api = get_user_api(s) if not api: return HTTPError(403, dumps("Forbidden")) if not PYLOAD.isAuthorized(func, api.user): return HTTPError(401, dumps("Unauthorized")) args = args.split("/")[1:] kwargs = {} for x, y in chain(request.GET.iteritems(), request.POST.iteritems()): if x == "session": continue kwargs[x] = unquote(y) try: return callApi(api, func, *args, **kwargs) except ExceptionObject, e: return HTTPError(400, dumps(e))
def login_post(): username = request.forms.get("username") password = request.forms.get("password") user = PYLOAD.checkAuth(username, password) if not user: return render_to_response("login.html", {"errors": True}, [pre_processor]) set_session(request, user) return redirect("/")
def call_api(func, args=""): add_json_header(response) s = request.environ.get('beaker.session') # Accepts standard http auth auth = parse_auth(request.get_header('Authorization', '')) if 'session' in request.POST or 'session' in request.GET: # removes "' so it works on json strings s = s.get_by_id(remove_chars(request.params.get('session'), "'\"")) elif auth: user = PYLOAD.checkAuth(auth[0], auth[1], request.environ.get('REMOTE_ADDR', None)) # if auth is correct create a pseudo session if user: s = {'uid': user.uid} api = get_user_api(s) if not api: return error(401, "Unauthorized") if not PYLOAD.isAuthorized(func, api.user): return error(403, "Forbidden") if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"): print "Invalid API call", func return error(404, "Not Found") # TODO: possible encoding # TODO Better error codes on invalid input args = [loads(unquote(arg)) for arg in args.split("/")[1:]] kwargs = {} # accepts body as json dict if request.json: kwargs = request.json # file upload, reads whole file into memory for name, f in request.files.iteritems(): kwargs["filename"] = f.filename content = StringIO() f.save(content) kwargs[name] = content.getvalue() content.close() # convert arguments from json to obj separately for x, y in request.params.iteritems(): try: if not x or not y or x == "session": continue kwargs[x] = loads(unquote(y)) except Exception, e: # Unsupported input msg = "Invalid Input %s, %s : %s" % (x, y, e.message) print_exc() print msg return error(415, msg)
def login_post(): user = request.forms.get("username") password = request.forms.get("password") info = PYLOAD.checkAuth(user, password) if not info: return render_to_response("login.html", {"errors": True}, [pre_processor]) set_session(request, info) return relative_redirect("home")
def call_api(func, args=""): add_header(response) s = request.environ.get("beaker.session") # Accepts standard http auth auth = parse_auth(request.get_header("Authorization", "")) if "session" in request.POST or "session" in request.GET: # removes "' so it works on json strings s = s.get_by_id(remove_chars(request.params.get("session"), "'\"")) elif auth: user = PYLOAD.checkAuth(auth[0], auth[1], request.environ.get("REMOTE_ADDR", None)) # if auth is correct create a pseudo session if user: s = {"uid": user.uid} api = get_user_api(s) if not api: return HTTPError(401, dumps("Unauthorized"), **response.headers) if not PYLOAD.isAuthorized(func, api.user): return HTTPError(403, dumps("Forbidden"), **response.headers) if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"): print "Invalid API call", func return HTTPError(404, dumps("Not Found"), **response.headers) # TODO: possible encoding # TODO Better error codes on invalid input args = [loads(unquote(arg)) for arg in args.split("/")[1:]] kwargs = {} # accepts body as json dict if request.json: kwargs = request.json # convert arguments from json to obj separately for x, y in chain(request.GET.iteritems(), request.POST.iteritems()): if not x or not y or x == "session": continue kwargs[x] = loads(unquote(y)) try: result = getattr(api, func)(*args, **kwargs) # null is invalid json response if result is None: result = True return dumps(result) except ExceptionObject, e: return HTTPError(400, dumps(e), **response.headers)
def call_api(func, args=""): add_header(response) s = request.environ.get('beaker.session') # Accepts standard http auth auth = parse_auth(request.get_header('Authorization', '')) if 'session' in request.POST or 'session' in request.GET: # removes "' so it works on json strings s = s.get_by_id(remove_chars(request.params.get('session'), "'\"")) elif auth: user = PYLOAD.checkAuth(auth[0], auth[1], request.environ.get('REMOTE_ADDR', None)) # if auth is correct create a pseudo session if user: s = {'uid': user.uid} api = get_user_api(s) if not api: return HTTPError(401, dumps("Unauthorized"), **response.headers) if not PYLOAD.isAuthorized(func, api.user): return HTTPError(403, dumps("Forbidden"), **response.headers) if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"): print "Invalid API call", func return HTTPError(404, dumps("Not Found"), **response.headers) # TODO: possible encoding # TODO Better error codes on invalid input args = [loads(unquote(arg)) for arg in args.split("/")[1:]] kwargs = {} # accepts body as json dict if request.json: kwargs = request.json # convert arguments from json to obj separately for x, y in chain(request.GET.iteritems(), request.POST.iteritems()): if not x or not y or x == "session": continue kwargs[x] = loads(unquote(y)) try: result = getattr(api, func)(*args, **kwargs) # null is invalid json response if result is None: result = True return dumps(result) except ExceptionObject, e: return HTTPError(400, dumps(e), **response.headers)
def login(): add_header(response) username = request.forms.get("username") password = request.forms.get("password") user = PYLOAD.checkAuth(username, password, request.environ.get('REMOTE_ADDR', None)) if not user: return dumps(False) s = set_session(request, user) # get the session id by dirty way, documentations seems wrong try: sid = s._headers["cookie_out"].split("=")[1].split(";")[0] return dumps(sid) except: print "Could not get session" return dumps(True)
def login(): response.headers.replace("Content-type", "application/json") response.headers.append("Cache-Control", "no-cache, must-revalidate") user = request.forms.get("username") password = request.forms.get("password") info = PYLOAD.checkAuth(user, password) if not info: return json.dumps(False) s = set_session(request, info) # get the session id by dirty way, documentations seems wrong try: sid = s._headers["cookie_out"].split("=")[1].split(";")[0] return json.dumps(sid) except: return json.dumps(True)