def login(http_context, app, sessions):
post = http_context['post']
# Add an unconditional sleeping time to reduce brute-force risks
time.sleep(1)
logger.info("Authenticating user: %s" % (post['username']))
try:
validate_parameters(post,
[('username', T_USERNAME, False),
('password', T_PASSWORD, False)])
auth_user(app.config.temboard['users'],
post['username'], post['password'])
except HTTPError as e:
logger.info("Authentication failed.")
raise e
try:
session = sessions.get_by_username(post['username'])
if not session:
sessionid = gen_sessionid(post['username'])
session = Session(sessionid.encode('utf-8'),
time.time(),
post['username'].encode('utf-8'))
sessions.add(session)
else:
sessionid = session.sessionid
session.time = time.time()
sessions.update(session)
try:
NotificationMgmt.push(app.config,
Notification(username=post['username'],
message="Login"))
except NotificationError as e:
logger.exception(e)
return {'session': sessionid}
except (SharedItem_exists, SharedItem_no_free_slot_left) as e:
logger.exception(e)
raise HTTPError(500, "Internal error.")
def login(http_context,
queue_in=None,
config=None,
sessions=None,
commands=None):
"""
@api {get} /login User login
@apiVersion 0.0.1
@apiName UserLogin
@apiGroup User
@apiParam {String} username Username.
@apiParam {String} password Password.
@apiSuccess {String} sessions Session ID.
@apiExample {curl} Example usage:
curl -k -X POST -H "Content-Type: application/json" -d '{"username": "******", "password": "******"}' \
https://localhost:2345/login
@apiSuccessExample Success-Reponse:
HTTP/1.0 200 OK
Server: temboard-agent/0.0.1 Python/2.7.8
Date: Wed, 22 Apr 2015 12:19:48 GMT
Content-type: application/json
{"session": "fa452548403ac53f2158a65f5eb6db9723d2b07238dd83f5b6d9ca52ce817b63"}
@apiError (500 error) error Internal error.
@apiError (404 error) error Invalid username or password.
@apiError (406 error) error Username or password malformed or missing.
@apiErrorExample 404 error example
HTTP/1.0 404 Not Found
Server: temboard-agent/0.0.1 Python/2.7.8
Date: Wed, 22 Apr 2015 12:20:33 GMT
Content-type: application/json
{"error": "Invalid username/password."}
@apiErrorExample 406 error example
HTTP/1.0 406 Not Acceptable
Server: temboard-agent/0.0.1 Python/2.7.8
Date: Wed, 22 Apr 2015 12:21:01 GMT
Content-type: application/json
{"error": "Parameter 'password' is malformed."}
"""
post = http_context['post']
set_logger_name("api")
logger = get_logger(config)
# Add an unconditional sleeping time to reduce brute-force risks
time.sleep(1)
logger.info("Authenticating user: %s" % (post['username']))
try:
validate_parameters(post, [('username', T_USERNAME, False),
('password', T_PASSWORD, False)])
auth_user(config.temboard['users'], post['username'], post['password'])
except HTTPError as e:
logger.traceback(get_tb())
logger.error(e.message)
logger.info("Authentication failed.")
raise e
try:
session = sessions.get_by_username(post['username'])
if not session:
sessionid = gen_sessionid(post['username'])
session = Session(sessionid.encode('utf-8'), time.time(),
post['username'].encode('utf-8'))
sessions.add(session)
else:
sessionid = session.sessionid
session.time = time.time()
sessions.update(session)
try:
NotificationMgmt.push(
config, Notification(username=post['username'],
message="Login"))
except NotificationError as e:
logger.traceback(get_tb())
logger.error(e.message)
except (SharedItem_exists, SharedItem_no_free_slot_left) as e:
logger.traceback(get_tb())
logger.error(e.message)
raise HTTPError(500, "Internal error.")
return {'session': sessionid}