def _check_cookie(self):
session_id = request.get_cookie('session_id')
if session_id:
self.user = self.db_engine.validate_session(session_id)
if self.user:
response.set_cookie(
'session_id',
session_id,
expires=datetime.now() + timedelta(
days=int(self.web_settings['session_expire_days'])))
def user_login():
body = request.json
email = body["email"]
password = body["password"]
user = get_user_by_email(email)
if user is not None:
response.set_cookie("auth", user.id, secret=COOKIE_SECRET, path="/", max_age=7776000)
else:
response.status = 400
return "Invalid login"
def do_login(self):
username = request.forms.get('username')
password = request.forms.get('password')
session_id = self.db_engine.validate_user(username, password)
if session_id:
self.user = username
response.set_cookie(
'session_id',
session_id,
expires=datetime.now() +
timedelta(days=int(self.web_settings['session_expire_days'])))
else:
self.user = None
return template('login_result', user=self.user)
def do_login():
# This post function will check if the user log-in credentials are correct.
# Get the user details from the login form.
username = request.forms.get('username')
password = request.forms.get('password')
try:
# Connect to the database.
conn = sqlite3.connect(config["paths"]["file_auth_database"])
c = conn.cursor()
c.execute("SELECT Password FROM secure_login WHERE Username = ?", (str(username),))
rows = c.fetchall()
c.close()
except OperationalError:
# If the user is not found in the database and we don't know the password, exit authentication.
abort(403, "Authentication failed.")
if len(rows) == 0:
abort(403, "Authentication failed.")
# Check if the password from the user matches the passwored stored in the database.
for row in rows:
for col in row:
check = sha512_crypt.verify(password, col)
if check == True:
# Password and username checks passed. Now proceeding for setting authenticated session cookie.
# Generate unique session ID.
session_start_time = str(datetime.datetime.now())
secret = sha512_crypt.encrypt(session_start_time)
# Save cookie secret and session start time to the db.
conn = sqlite3.connect(config["paths"]["file_auth_database"])
c = conn.cursor()
c.execute("UPDATE secure_login SET SessionID = (?) WHERE Username = (?)", (secret, username))
c.execute("UPDATE secure_login SET SessionStartTime = (?) WHERE Username = (?)", (session_start_time, username))
conn.commit()
c.close()
response.set_cookie("username", username, secret=secret)
response.status = 303
response.set_header('Location', '/dashboard')
else:
abort(403, "Authentication failed.")
def login_auth():
bad = "Failed login from %s" % request.remote_addr
good = "Successful login from %s" % request.remote_addr
if request.json:
post_data = request.json
else:
post_data = request.forms
if not post_data:
output.error(bad, "WEBSERVER")
return {'success': False}
isauthed = verify(post_data['passwd'], raw=True)
if isauthed:
response.set_cookie("auth", isauthed, max_age=2419200, path="/")
output.success(good, "WEBSERVER")
return {'success': True}
else:
output.error(bad, "WEBSERVER")
return {'success': False}
def login_auth():
bad = "Failed login from %s" % request.remote_addr
good = "Successful login from %s" % request.remote_addr
if request.json:
post_data = request.json
else:
post_data = request.forms
if not post_data:
output.error(bad, "WEBSERVER")
return {'success': False}
isauthed = verify(post_data['passwd'], raw=True)
if isauthed:
response.set_cookie("auth", isauthed, max_age=2419200, path="/")
output.success(good, "WEBSERVER")
return {'success': True}
else:
output.error(bad, "WEBSERVER")
return {'success': False}
def set_cookie(name,value):
response.set_cookie(name,value,secret=SECRET_KEY,path='/',max_age=30*24*60*60)
def addValInCookie(name,val):
response.set_cookie(name,val,secret=SECRET_KEY,path='/',max_age=30*24*60*60)
def addUidInCookie(uid):
response.set_cookie(UID,uid,secret=SECRET_KEY,path='/',max_age=30*24*60*60)
def addValInCookie(name,val):
response.set_cookie(name,val,secret=SECRET_KEY,path='/')
