Exemplo n.º 1
0
    def prepare(self):
        super(AdminHandler, self).prepare()
        self.set_cache(is_public=False)

        if CONFIG.ENABLE_HTTPS and not self.is_https:
            request = self.request
            if request.version == 'HTTP/1.0':
                if request.method in ('GET', 'HEAD'):
                    self.redirect('https://%s%s' % (request.host, request.uri))
                else:
                    raise HTTPError(403)
            else:
                self.redirect('https://%s%s' % (request.host, request.uri), status=307)
            return

        if not self.is_admin:
            if not self.current_user_id:
                request = self.request
                if request.method in ('GET', 'HEAD'):
                    state = Auth.generate(request.uri)
                    self.set_state_cookie(state)
                    self.redirect(self.get_login_url(), status=302 if request.version == 'HTTP/1.0' else 303)
                    return
                self.set_session_time_cookie()  # force check user status
            raise HTTPError(403)
Exemplo n.º 2
0
    def prepare(self):
        super(AdminHandler, self).prepare()
        self.set_cache(is_public=False)

        if CONFIG.ENABLE_HTTPS and not self.is_https:
            request = self.request
            if request.version == 'HTTP/1.0':
                if request.method in ('GET', 'HEAD'):
                    self.redirect('https://%s%s' % (request.host, request.uri))
                else:
                    raise HTTPError(403)
            else:
                self.redirect('https://%s%s' % (request.host, request.uri), status=307)
            return

        if not self.is_admin:
            if not self.current_user_id:
                request = self.request
                if request.method in ('GET', 'HEAD'):
                    state = Auth.generate(request.uri)
                    self.set_state_cookie(state)
                    self.redirect(self.get_login_url(), status=302 if request.version == 'HTTP/1.0' else 303)
                    return
                self.set_session_time_cookie()  # force check user status
            raise HTTPError(403)
Exemplo n.º 3
0
 def authorized_handler(self, *args, **kwargs):
     self.set_cache(is_public=False)
     request = self.request
     if request.method == 'GET':
         if not self.current_user_id:
             state = Auth.generate(request.uri)
             self.set_state_cookie(state)
             self.redirect(self.get_login_url(), status=302 if request.version == 'HTTP/1.0' else 303)
         elif admin_only and not self.is_admin:
             raise HTTPError(403)
         else:
             user_handler(self, *args, **kwargs)
     elif not self.current_user_id:
         self.set_session_time_cookie()  # force check user status
         raise HTTPError(403)
     elif admin_only and not self.is_admin:
         raise HTTPError(403)
     else:
         user_handler(self, *args, **kwargs)
Exemplo n.º 4
0
 def authorized_handler(self, *args, **kwargs):
     self.set_cache(is_public=False)
     request = self.request
     if request.method == 'GET':
         if not self.current_user_id:
             state = Auth.generate(request.uri)
             self.set_state_cookie(state)
             self.redirect(self.get_login_url(), status=302 if request.version == 'HTTP/1.0' else 303)
         elif admin_only and not self.is_admin:
             raise HTTPError(403)
         else:
             user_handler(self, *args, **kwargs)
     elif not self.current_user_id:
         self.set_session_time_cookie()  # force check user status
         raise HTTPError(403)
     elif admin_only and not self.is_admin:
         raise HTTPError(403)
     else:
         user_handler(self, *args, **kwargs)
Exemplo n.º 5
0
    def get(self):
        self.set_cache(0, is_public=False)

        if CONFIG.ENABLE_HTTPS and not self.is_https:
            request = self.request
            self.redirect('https://%s%s' % (request.host, request.uri), status=302 if request.version == 'HTTP/1.0' else 303)
            return

        if self.current_user_id:
            self.set_session_time_cookie()  # 强制修改 session_time,使用户可以重新访问 PageAppendHandler,以更新配置信息
            self.redirect(self.get_next_url() or '/')
            return

        code = self.get_argument('code', None)
        if code:
            state = self.get_argument('state')
            if len(state) != CONFIG.AUTH_STATE_LENGTH:
                raise HTTPError(400)
            if self.get_cookie('state') != state:
                raise HTTPError(403)
            next_url = Auth.get(state)
            if next_url is None:
                raise HTTPError(403)
            self.clear_cookie('state')

            try:
                token_info = yield self.get_authenticated_user(
                    redirect_uri=CONFIG.GOOGLE_OAUTH2_REDIRECT_URI,
                    code=code)
                if token_info:
                    access_token = token_info.get('access_token')
                    if access_token:
                        try:
                            response = yield self.get_auth_http_client().fetch('https://www.googleapis.com/oauth2/v1/userinfo?access_token=' + access_token)
                        except HTTPClientError:
                            logging.exception('failed to get user info')
                            raise HTTPError(500)

                        user_info = ujson.loads(response.body)
                        user = User.get_by_email(user_info['email'])
                        if not user:
                            user = User(
                                email=user_info['email'],
                                name=user_info['name']
                            )
                            url = user_info.get('url')
                            if url:
                                user.site = url
                            user.save(inserting=True)

                        self.set_secure_cookie('user_id', str(user.id), httponly=True, secure=self.is_https)
                        self.set_session_time_cookie()  # 使用户重新访问 PageAppendHandler,以更新配置信息
                        self.redirect(next_url or '/')
                        return
            except AuthError:
                logging.warning('failed to login', exc_info=True)
            raise HTTPError(403)
        else:
            state = self.get_cookie('state')
            if not (state and Auth.is_existing(state)):  # invalid state
                state = Auth.generate(self.get_next_url() or '')
                self.set_state_cookie(state)
            yield self.authorize_redirect(
                redirect_uri=CONFIG.GOOGLE_OAUTH2_REDIRECT_URI,
                client_id=CONFIG.GOOGLE_OAUTH2_CLIENT_ID,
                scope=['profile', 'email'],
                response_type='code',
                extra_params={'approval_prompt': 'auto', 'state': state})
Exemplo n.º 6
0
    def get(self):
        self.set_cache(0, is_public=False)

        if CONFIG.ENABLE_HTTPS and not self.is_https:
            request = self.request
            self.redirect('https://%s%s' % (request.host, request.uri),
                          status=302 if request.version == 'HTTP/1.0' else 303)
            return

        if self.current_user_id:
            self.set_session_time_cookie(
            )  # 强制修改 session_time,使用户可以重新访问 PageAppendHandler,以更新配置信息
            self.redirect(self.get_next_url() or '/')
            return

        code = self.get_argument('code', None)
        if code:
            state = self.get_argument('state')
            if len(state) != CONFIG.AUTH_STATE_LENGTH:
                raise HTTPError(400)
            if self.get_cookie('state') != state:
                raise HTTPError(403)
            next_url = Auth.get(state)
            if next_url is None:
                raise HTTPError(403)
            self.clear_cookie('state')

            try:
                token_info = yield self.get_authenticated_user(
                    redirect_uri=CONFIG.GOOGLE_OAUTH2_REDIRECT_URI, code=code)
                if token_info:
                    access_token = token_info.get('access_token')
                    if access_token:
                        try:
                            response = yield self.get_auth_http_client().fetch(
                                'https://www.googleapis.com/oauth2/v1/userinfo?access_token='
                                + access_token)
                        except HTTPClientError:
                            logging.exception('failed to get user info')
                            raise HTTPError(500)

                        user_info = json.loads(response.body)
                        user = User.get_by_email(user_info['email'])
                        if not user:
                            user = User(email=user_info['email'],
                                        name=user_info['name'])
                            url = user_info.get('url')
                            if url:
                                user.site = url
                            user.save(inserting=True)

                        self.set_secure_cookie('user_id',
                                               str(user.id),
                                               httponly=True,
                                               secure=self.is_https)
                        self.set_session_time_cookie(
                        )  # 使用户重新访问 PageAppendHandler,以更新配置信息
                        self.redirect(next_url or '/')
                        return
            except AuthError:
                logging.warning('failed to login', exc_info=True)
            raise HTTPError(403)
        else:
            state = self.get_cookie('state')
            if not (state and Auth.is_existing(state)):  # invalid state
                state = Auth.generate(self.get_next_url() or '')
                self.set_state_cookie(state)
            yield self.authorize_redirect(
                redirect_uri=CONFIG.GOOGLE_OAUTH2_REDIRECT_URI,
                client_id=CONFIG.GOOGLE_OAUTH2_CLIENT_ID,
                scope=['profile', 'email'],
                response_type='code',
                extra_params={
                    'approval_prompt': 'auto',
                    'state': state
                })