def post(self, request):
result = {'ok': False}
pub_key = request.POST.get('key')
password = request.POST.get('password')
if pub_key and password:
sec_data = cache.get(pub_key)
if isinstance(sec_data, dict):
logger = logging.getLogger('system')
try_count = sec_data.get('try_count', 0) + 1
sec_data.update(try_count=try_count)
cache.set(pub_key, sec_data, 300)
if try_count < settings.AUTH_COUNT_LIMIT:
sec_data = '{}{}{}'.format(
pub_key, settings.IN_PASSWORD, sec_data.get('key'))
sha = hashlib.sha256(sec_data.encode())
result.update(ok=password == sha.hexdigest())
else:
cache.delete(pub_key)
logger.warn(
'Auth count limit! From: {}'.format(
get_client_ip(request)))
if result.get('ok'):
rand = SysRand()
key_part1, key_part2, value = rand.create_keys(count=3)
result.update(msg=msg.AUTH_OK)
result = JsonResponse(result)
key = '{}{}'.format(key_part1, key_part2)
time_limit = 3600 * settings.AUTH_TIME
cache.set(
key,
{'value': value, 'open': datetime_now().isoformat()},
time_limit)
result.set_cookie(
settings.AUTH_COOKIE_NAME,
value='{}:{}'.format(key, value),
max_age=time_limit)
logger.info(
'Manager login from {} new key: {}'.format(
get_client_ip(request), key))
else:
result.update(msg=msg.INCORECT_PASSWORD)
result = JsonResponse(result)
return result
