예제 #1
0
파일: access.py 프로젝트: pontiflex/trustme 
	def __init__(self, request, expected_caps=None):
		self.request = request
		self.user = User.authenticated(request)
		self.__check = lambda(caps): check_creds(request, caps)
		self.address = request.client_addr
		self.time = time() // 1
		self.__performed = False
예제 #2
0
파일: policy.py 프로젝트: pontiflex/trustme 
def check_creds(request, caps=[None]):
	user = User.authenticated(request)
	digest = AccessCapability.present(request.session.get_csrf_token())
	offered = set(request.POST.getall(AUTH_POST_KEY))
	if caps is None:
		caps = [None] if user is None else AccessCapability.usable(user=user)
	return [c for c in caps if digest(c) in offered and (c is None or c.user == user)]
예제 #3
0
파일: login.py 프로젝트: pontiflex/trustme 
def login(request):
    """Provide a form for logging into the TrustMe system"""
    # Compute the URL of the login page
    login_url = request.route_url("login")
    # Make sure the referrer is set and isn't this page
    referrer = request.referrer
    if not referrer or referrer == login_url:
        referrer = request.route_url("home")
        # Set the redirect target to the original referrer, or the current one if this
        # is the first page view
    came_from = request.params.get("came_from", referrer)
    # If there is already an authenticated user, redirect immediately
    if User.authenticated(request):
        return HTTPFound(location=came_from)

        # Set the input values and error message to empty strings
    login, password, message = "", "", ""

    # If the form is submitted, process the input
    if "form.submitted" in request.params:
        # Retrieve and parse the input
        login = request.POST["login"]
        password = request.POST["password"].encode("utf-8")
        solution = request.POST["solution"].encode("utf-8")
        # If the puzzle solution is correct, check the actual input
        if verify_puzzle(request.url, login, password, solution):
            # Get the User with the given credentials, if any
            user = User.verify(login, password)
            if user:
                # Reset the CSRF token
                request.session.new_csrf_token()
                # Remember the User
                headers = remember(request, login)
                # Redirect to the target page
                return HTTPFound(location=came_from, headers=headers)
            else:
                message = "Failed login"
        else:
            message = "Failed DOS check"

            # Return the render dictionary
    return dict(
        message=message,
        puzzle_diff=PUZZLE_DIFFICULTY,
        puzzle_alg=PUZZLE_ALG_JS,
        puzzle_alg_loc=PUZZLE_ALG_LOC,
        url=login_url,
        came_from=came_from,
        login=login,
        password=password,
    )
예제 #4
0
파일: views.py 프로젝트: pontiflex/trustme 
def home(request):
    user = User.authenticated(request)
    user_msg = "You are not currently logged in." if not user else "You are currently logged in as %s." % user.login
    return dict(user=user_msg, project="CA")