def login(request):
"""Provide a form for logging into the TrustMe system"""
# Compute the URL of the login page
login_url = request.route_url("login")
# Make sure the referrer is set and isn't this page
referrer = request.referrer
if not referrer or referrer == login_url:
referrer = request.route_url("home")
# Set the redirect target to the original referrer, or the current one if this
# is the first page view
came_from = request.params.get("came_from", referrer)
# If there is already an authenticated user, redirect immediately
if User.authenticated(request):
return HTTPFound(location=came_from)
# Set the input values and error message to empty strings
login, password, message = "", "", ""
# If the form is submitted, process the input
if "form.submitted" in request.params:
# Retrieve and parse the input
login = request.POST["login"]
password = request.POST["password"].encode("utf-8")
solution = request.POST["solution"].encode("utf-8")
# If the puzzle solution is correct, check the actual input
if verify_puzzle(request.url, login, password, solution):
# Get the User with the given credentials, if any
user = User.verify(login, password)
if user:
# Reset the CSRF token
request.session.new_csrf_token()
# Remember the User
headers = remember(request, login)
# Redirect to the target page
return HTTPFound(location=came_from, headers=headers)
else:
message = "Failed login"
else:
message = "Failed DOS check"
# Return the render dictionary
return dict(
message=message,
puzzle_diff=PUZZLE_DIFFICULTY,
puzzle_alg=PUZZLE_ALG_JS,
puzzle_alg_loc=PUZZLE_ALG_LOC,
url=login_url,
came_from=came_from,
login=login,
password=password,
)
def __init__(self, request, expected_caps=None): self.request = request self.user = User.authenticated(request) self.__check = lambda(caps): check_creds(request, caps) self.address = request.client_addr self.time = time() // 1 self.__performed = False
def check_creds(request, caps=[None]): user = User.authenticated(request) digest = AccessCapability.present(request.session.get_csrf_token()) offered = set(request.POST.getall(AUTH_POST_KEY)) if caps is None: caps = [None] if user is None else AccessCapability.usable(user=user) return [c for c in caps if digest(c) in offered and (c is None or c.user == user)]
def capability_finder(userid, request):
# Always include the Everyone principal
principals = [Everyone]
# Make sure a user with the provided id actually exists
user = User.get(userid)
if user is not None:
# Include the given user's principal and the Authenticated principal
principals.append('user:%s' % userid)
principals.append(Authenticated)
# Grab the hash tokens present in the request and the hash lookup
# function for all of the user's valid and applicable capabilities
tokens = request.POST.getall(AUTH_POST_KEY)
presented = AccessCapability.presented(user, request.session.get_csrf_token())
# Add "capability:<action_type>:<access_type>" to the principals for
# each capability which was correctly presented as a token in the request
principals.extend((('capability:%s:%s' % (c.action_class.__name__, c.access_type))
for c in imap(presented, tokens)
if c is not None))
return principals
def home(request):
user = User.authenticated(request)
user_msg = "You are not currently logged in." if not user else "You are currently logged in as %s." % user.login
return dict(user=user_msg, project="CA")
