Exemplo n.º 1
0
def login(request):
    """Provide a form for logging into the TrustMe system"""
    # Compute the URL of the login page
    login_url = request.route_url("login")
    # Make sure the referrer is set and isn't this page
    referrer = request.referrer
    if not referrer or referrer == login_url:
        referrer = request.route_url("home")
        # Set the redirect target to the original referrer, or the current one if this
        # is the first page view
    came_from = request.params.get("came_from", referrer)
    # If there is already an authenticated user, redirect immediately
    if User.authenticated(request):
        return HTTPFound(location=came_from)

        # Set the input values and error message to empty strings
    login, password, message = "", "", ""

    # If the form is submitted, process the input
    if "form.submitted" in request.params:
        # Retrieve and parse the input
        login = request.POST["login"]
        password = request.POST["password"].encode("utf-8")
        solution = request.POST["solution"].encode("utf-8")
        # If the puzzle solution is correct, check the actual input
        if verify_puzzle(request.url, login, password, solution):
            # Get the User with the given credentials, if any
            user = User.verify(login, password)
            if user:
                # Reset the CSRF token
                request.session.new_csrf_token()
                # Remember the User
                headers = remember(request, login)
                # Redirect to the target page
                return HTTPFound(location=came_from, headers=headers)
            else:
                message = "Failed login"
        else:
            message = "Failed DOS check"

            # Return the render dictionary
    return dict(
        message=message,
        puzzle_diff=PUZZLE_DIFFICULTY,
        puzzle_alg=PUZZLE_ALG_JS,
        puzzle_alg_loc=PUZZLE_ALG_LOC,
        url=login_url,
        came_from=came_from,
        login=login,
        password=password,
    )
Exemplo n.º 2
0
	def __init__(self, request, expected_caps=None):
		self.request = request
		self.user = User.authenticated(request)
		self.__check = lambda(caps): check_creds(request, caps)
		self.address = request.client_addr
		self.time = time() // 1
		self.__performed = False
Exemplo n.º 3
0
def check_creds(request, caps=[None]):
	user = User.authenticated(request)
	digest = AccessCapability.present(request.session.get_csrf_token())
	offered = set(request.POST.getall(AUTH_POST_KEY))
	if caps is None:
		caps = [None] if user is None else AccessCapability.usable(user=user)
	return [c for c in caps if digest(c) in offered and (c is None or c.user == user)]
Exemplo n.º 4
0
def capability_finder(userid, request):
	# Always include the Everyone principal
	principals = [Everyone]

	# Make sure a user with the provided id actually exists
	user = User.get(userid)
	if user is not None:
		# Include the given user's principal and the Authenticated principal
		principals.append('user:%s' % userid)
		principals.append(Authenticated)

		# Grab the hash tokens present in the request and the hash lookup
		# function for all of the user's valid and applicable capabilities
		tokens = request.POST.getall(AUTH_POST_KEY)
		presented = AccessCapability.presented(user, request.session.get_csrf_token())

		# Add "capability:<action_type>:<access_type>" to the principals for
		# each capability which was correctly presented as a token in the request
		principals.extend((('capability:%s:%s' % (c.action_class.__name__, c.access_type))
							for c in imap(presented, tokens)
							if c is not None))
	return principals
Exemplo n.º 5
0
def home(request):
    user = User.authenticated(request)
    user_msg = "You are not currently logged in." if not user else "You are currently logged in as %s." % user.login
    return dict(user=user_msg, project="CA")