def AuthPage(svc, rduri, cid, name, pw, state, resptype, scope):
clients = clientdb.ClientDB()
try:
# check client_id valid
client = clients.find_client(cid)
if client is None:
raise AuthClientError()
# check redirect_uri match client_id
if not client.check_redirect_uri(rduri):
raise AuthClientError()
# check client_id may use response_type
if not client.check_response_type(resptype):
raise AuthError(rduri, 'invalid_client')
user = UserManager.LoadUser(name)
if (user == None):
raise AuthError(rduri, 'access_denied')
if not scope:
scopes = client.get_scopes()
else:
scopes = scope.split(' ')
for one_scope in scopes:
if not client.check_scope(one_scope):
raise AuthError(rduri, 'invalid_scope')
if (user.Authorize(pw)):
session = Session(user, svc.client_address[0], scopes=scopes)
session.RecordLogin(True)
if resptype == "code":
# give session, so other info may be recorded
code = Auth.RecordSession(session, cid)
target_uri = "%s?code=%s" % (rduri, code)
if state:
target_uri += "&state=%s" % state
elif resptype == "token":
token = session.GetID()
target_uri = "%s?access_token=%s&token_type=session&expires_in=%d&scope=%s" % (
rduri, token, Config.SESSION_TIMEOUT_SECONDS,
' '.join(scopes))
if state:
target_uri += "&state=%s" % state
else:
raise AuthError(rduri, 'unsupported_response_type')
svc.send_response(302)
svc.send_header('Location', target_uri)
svc.send_header('Content-Length', 0)
svc.end_headers()
svc.wfile.flush()
else:
raise AuthError(rduri, 'access_denied')
finally:
clients.close()
def POST(svc, session, params, action):
try:
if (action == 'authpage'):
# rfc6749 4.1.2: authorization response
# rfc6749 4.2.2: authorization response
cid = svc.get_str(params, 'client_id')
rduri = svc.get_str(params, 'redirect_uri')
name = svc.get_str(params, 'name')
pw = svc.get_str(params, 'pass')
resptype = svc.get_str(params, 'response_type')
state = svc.get_str(params, 'state', '')
scope = svc.get_str(params, 'scope', '')
Auth.AuthPage(svc, rduri, cid, name, pw, state, resptype,
scope)
elif (action == 'pwauth'):
raise NoPerm('pwauth is disabled')
if (not params.has_key('user') or not params.has_key('pass')):
raise NoPerm('too few args')
name = params['user']
epw = params['pass']
pw = base64.b64decode(epw)
# print "name: %s pass: %s" % (name, pw)
user = UserManager.LoadUser(name)
if (user == None):
raise NoPerm('forbidden')
if (user.Authorize(pw)):
session = Session(user, svc.client_address[0])
session.RecordLogin(True)
# give session, so other info may be recorded
code = Auth.RecordSession(session)
(sessid, uid) = Auth.SessionInfoFromCode(code)
resp = {}
resp['access_token'] = sessid
resp['token_type'] = 'session'
svc.writedata(json.dumps(resp))
return
else:
raise NoPerm('forbidden')
elif (action == 'token'):
return Auth.GET(svc, session, params, action)
else:
raise WrongArgs("unknown action")
except AuthError as e:
Auth.Error(svc, e.rduri, e.error)
except AuthClientError:
Auth.ClientError(svc)
def verify_password(self, authorize, username, passwd):
"""Verify password"""
if (authorize and username != authorize):
Log.warn("XMPPAuth: user %s does not match authorize %s" %
(username, authorize))
return False
username = username.encode("gbk")
# print "trying to auth %s pass %s" % (user, passwd)
user = UserManager.LoadUser(username)
if (user == None):
Log.warn("XMPPAuth: user not exist: %s" % username)
return False
if (user.Authorize(passwd)):
# print "OK"
return True
Log.warn("XMPPAuth: user %s auth failed!" % username)
# print "Wrong PW"
return False
def LoadFavBoards(self):
path = User.User.OwnFile(self._userid, "favboard")
self._current = -1
fd = open(path, "rb")
if fd != None:
magic = Util.ReadInt(fd)
if magic != 0x8080:
self._count = magic
index = 0
while index < self._count:
bindex = Util.ReadInt(fd)
self._favboards[index] = FavBoard(bindex)
index = index + 1
else:
self._count = Util.ReadInt(fd)
index = 0
while index < self._count:
flag = Util.ReadInt(fd)
title = ''
if flag == -1:
length = Util.ReadChar(fd)
title = Util.gbkDec(Util.CString(fd.read(length)))
father = Util.ReadInt(fd)
self._favboards[index] = FavBoard(flag, title, father)
index = index + 1
fd.close()
if self._count <= 0:
fd = open(Config.BBS_ROOT + "etc/initial_favboard", "r")
if fd == None:
self._count = 1
self._favboards[0] = FavBoard(0)
else:
self._count = 1
self._favboards[0] = FavBoard(0)
while True:
board = Util.ReadString(fd)
if board == '':
break
bobj = BoardManager.GetBoard(board)
if bobj != None:
self._favboards[self._count] = FavBoard(bobj.index - 1)
fd.close()
else:
count = self._count
index = 0
while index < self._count:
fboard = self._favboards[index]
if fboard.IsDir():
index = index + 1
continue
bindex = fboard._index
board = BoardManager.GetBoardByIndex(bindex + 1)
user = UserManager.LoadUser(self._userid)
if ((bindex >= 0) and (bindex <= BCache.GetBoardCount())
and (user != None)
and (board != None)
and (board.CheckSeePerm(user))):
index = index + 1
continue
self.DelFavBoard(index)
index = index + 1
if count != self._count:
self.SaveFavBoards()
