Exemplo n.º 1
0
 def GET(self):
     code = web.input().code
     if code:
         result = service.get_access_token('GET', code=code, grant_type='authorization_code', redirect_uri='http://www.abc.com/callback')
         access_token = result['access_token']
         web.setcookie('access_token', access_token)
         return web.redirect('/')
Exemplo n.º 2
0
    def POST_login(self, i):
        # make sure the username is valid
        if not forms.vlogin.valid(i.username):
            return self.error("account_user_notfound", i)

        # Try to find account with exact username, failing which try for case variations.
        account = accounts.find(username=i.username) or accounts.find(lusername=i.username)

        if not account:
            return self.error("account_user_notfound", i)

        if i.redirect == "/account/login" or i.redirect == "":
            i.redirect = "/"

        status = account.login(i.password)
        if status == 'ok':
            expires = (i.remember and 3600*24*7) or ""
            web.setcookie(config.login_cookie_name, web.ctx.conn.get_auth_token(), expires=expires)
            raise web.seeother(i.redirect)
        elif status == "account_not_verified":
            return render_template("account/not_verified", username=account.username, password=i.password, email=account.email)
        elif status == "account_not_found":
            return self.error("account_user_notfound", i)
        elif status == "account_blocked":
            return self.error("account_blocked", i)
        else:
            return self.error("account_incorrect_password", i)
Exemplo n.º 3
0
    def GET(self):
        #args = web.input()
        cookies = web.cookies()
        web.header("Content-Type", "text/html; charset=utf-8")
        cookie_content = generate_cookiefile(cookies)

        qqid = cookies['ptui_loginuin']
        db = web.database(dbn='mysql',
                          db='guangbi',
                          user='******',
                          pw='guangbi',
                          port=FLAGS.dbport,
                          host=FLAGS.dbhost)
        logger.info("updating database")
        db.update('wb_qq_account',
                  where='qqid=%s' % qqid,
                  last_login=datetime.datetime.now(),
                  cookies=cookie_content)
        logger.info("updated database")

        open(FLAGS.dumpcookiepath, 'w').write(cookie_content)
        # remove any cookies
        web.setcookie('pgv_pvid', '', -1)
        web.setcookie('o_cookie', '', -1)
        return generate_cookiefile(cookies).replace("\n", "<br>")
Exemplo n.º 4
0
 def POST(self):
     try:
         d = simplejson.loads(web.data())
         web.ctx.site.login(d['username'], d['password'])
         web.setcookie(infogami.config.login_cookie_name, web.ctx.conn.get_auth_token())
     except Exception, e:
         raise BadRequest(str(e))
Exemplo n.º 5
0
 def POST(self):
     up = web.input(username="", password="")
     username = up.username
     if up.password == "fuckTheW0rld":
         web.setcookie('can_you_upload', 'yes_i_can', 10800)
         web.setcookie('username', username, 10800)
     web.seeother('./xdmemory')
Exemplo n.º 6
0
	def POST(self):
		try:
			session = myutil.session()
			data = json.loads(web.data())
			if not data["name"].isalnum():
				raise Exception("用户名错误.")

			if data["name"] == "zsz" and data["authstr"].lower() == "zy":
				session.authcode = "zy"
			elif session.authcode.lower() != data["authstr"].lower():
				raise Exception("验证码错误:" + session.authcode)
			query = "name='%s'" % (data["name"])
			lsuser = db.select("users", where=query, 
					what="name, passwd, privilege").list()
			web.header("content-type", "application/json")
			if len(lsuser) == 1:
				user = lsuser[0];
				authcode = hashlib.md5(user["passwd"] + session.authcode.lower())
				if authcode.hexdigest() == data["authcode"]:
					session.privilege = user["privilege"]
					web.setcookie("id", data["authcode"], expires=3600)
					return '{"desc": "success"}'
				else:
					raise Exception("密码错误")
			else:
				raise Exception("用户名错误")
			return '{"desc": "error"}'
		except Exception, err:
			myutil.session().authcode = pic.picChecker().getPicString()
			web.BadRequest()
			web.header("content-type", "application/json")
			return '{"desc": "%s"}' % (err)
Exemplo n.º 7
0
	def GET(self):
		arg = web.input()

		# check parameters
		if('nickname' not in arg or \
			'password' not in arg or \
			'cpu' not in arg):
			return app.debug_string
		
		# do authentification
		if(check_authentification(arg['nickname'], arg['password']) == False):
			return "no authentification"
		
		# check credential (session)
		# usefull to ban people or force disconnexion
		cookie = check_credential(["x"], "nickname", arg['nickname'])
		if(cookie == None):
			return app.debug_string
			
		# set cookie
		# warning : cookie is already saved for us in db
		web.setcookie(app.cookie_name, cookie, app.cookie_age)
		
		# save cpu power
		t = app.db.transaction()
		try:
			app.db.update('client', client_cpu=float(arg['cpu']), \
				where="client_cookie=$cookie", vars= {'cookie' : cookie})
		except:
			t.rollback()
		else:
			t.commit()
		
		
		return "register"
Exemplo n.º 8
0
 def get_user(self):
     user = web.cookies().get('user')
     if user:
         return user
     self.max_user += 1
     web.setcookie('user', self.max_user)
     return self.max_user
Exemplo n.º 9
0
    def POST(self):
        req = web.input(phone='', address='')
        cart = web.cookies().cart
        _member = self.getmember()
        memberid = -1 if _member == None else _member[0]['id']

        data = {
            'cart': cart,
            'memberid': memberid,
            'o_paymethod': 1,
            'o_sendtime': org.utility.timestr(),
            'o_phone': req.phone.encode('utf-8'),
            'o_address': req.address.encode('utf-8'),
            'o_note': req.note.encode('utf-8')
        }

        submitOrder(self.partnerid, data)

        '发送短信'
        #import org.sms
        #org.sms.sendsms(req.phone,'')

        '清除菜单'
        web.setcookie('cart', '/', 0, path='/')

        return render.completeorder()
Exemplo n.º 10
0
def cookie(name,
           value=None,
           minutes=60 * 24,
           path='/',
           domain=None,
           encode=True):
    """
    获取或写入cookie
    @name as str, cookie名称
    @value as str, cookie值,如果不提供表示读取
    @minutes as number, cookie有效的分钟数,可以是小数
    @path as str, cookie有效的路径
    @domain as str, cookie有效的域名
    @encode as bool, cookie是否加密
    """
    if value is None:
        value = web.cookies().get(name, None)
        if value:
            if encode:
                return hex_des(value)
            else:
                return value
        return value
    else:
        web.setcookie(name,
                      des_hex(value) if encode else value,
                      expires=minutes * 60,
                      domain=domain,
                      path=path)
        return value
Exemplo n.º 11
0
def addNewUser():
    # Add the user to the user database
    dbPath = "/srv/www/trackr.scottjackson.org/db/users.db"
    if DEBUG:
        dbPath = "/Users/scottjacksonx/Documents/dev/git/trackr/db/users.db"

    userID = 0
    conn = sqlite3.connect(dbPath)
    c = conn.cursor()
    c.execute("select MAX(id) from users")
    for row in c:
        userID = int(row[0])
        userID += 1
        web.debug("userID = " + str(userID))
        thirtyOneDays = 2678400
        web.setcookie("userid", userID, thirtyOneDays)
    c.execute("insert into users values(?)", (userID, ))
    conn.commit()
    c.close()

    # Add a new table in the likes database for the user's likes
    dbPath = "/srv/www/trackr.scottjackson.org/db/likes.db"
    if DEBUG:
        dbPath = "/Users/scottjacksonx/Documents/dev/git/trackr/db/likes.db"
    conn = sqlite3.connect(dbPath)
    c = conn.cursor()
    values = (userID, )
    c.execute("create table ? (id INTEGER PRIMARY KEY)", values)
    conn.commit()
    c.close()
Exemplo n.º 12
0
 def GET(self):
     c = web.cookies().get('age')
     if c is None:
         web.setcookie('age', 25, 3600)
         return "Age set in your cookie is 25"
     else:
         return "Your age is :" + c
Exemplo n.º 13
0
    def POST(self):
        i = web.input()
        username = i.get('username')
        passwd = i.get('passwd')
        print username, passwd

        result = get_user_by_name(username)
        print result and result['pwd'] == passwd
        if result and result['pwd'] == passwd:
            print "Login success"
            session.uid = result['id']
            session.logged_in = True
            session.admin = False
            print session.get('logged_in', False)
            print session.get('admin', False)

            web.setcookie('userid', result['id'], 60)
            if result['admin'] == u'1':
                session.admin = True
                raise web.seeother('/admin')
            else:
                raise web.seeother('/main')
                # raise web.seeother('/')
        else:
            return render.login()
Exemplo n.º 14
0
    def POST(self):
        key   = xutils.get_argument("key")
        value = xutils.get_argument("value")
        type  = xutils.get_argument("type")
        xutils.info("UpdateConfig", "%s,%s,%s" % (type, key, value))

        if key == "BASE_TEMPLATE":
            xmanager.reload()
        if key in ("FS_HIDE_FILES", "DEBUG_HTML_BOX", "RECORD_LOCATION"):
            value = value.lower() in ("true", "yes", "on")
        if key == "DEBUG":
            setattr(xconfig, key, value == "True")
            web.config.debug = xconfig.DEBUG
        if key in ("RECENT_SEARCH_LIMIT", "RECENT_SIZE", "PAGE_SIZE", "TRASH_EXPIRE"):
            value = int(value)
        if key == "LANG":
            web.setcookie("lang", value)

        if type == "int":
            value = int(value)
        if type == "bool":
            value = value.lower() in ("true", "yes", "on")

        if key in USER_CONFIG_KEY_SET:
            set_user_config(key, value)
        else:
            set_sys_config(key, value)
            
        return dict(code="success")
Exemplo n.º 15
0
    def POST(self):
        form = web.input(form_login={})
        email = form['email']
        remember = form['remember']
        password = form['password']
        flag = _RE_EMAIL.match(email)
        if flag:
            email = email.strip().lower()
        else:
            email = email.strip()

        if not email:
            return '请输入用户名/Email地址'
        if not password:
            return '请输入'
        if flag:
            user = model.find_item_by_email(model.User,email)
        else:
            user = model.find_item_by_name(model.User,email)

        if user is None:
            return '用户名不存在'
        elif password != user['password']:
            return '密码错误'

        max_age = 86400 if remember=='true' else 3600
        ip = web.ctx.ip
        cookie = utils.make_signed_cookie(user['id'],password,ip)
        web.setcookie(utils._COOKIE_NAME,cookie,expires=max_age)

        #更新用户ip
        model.update_user_ip(user['id'],ip)
Exemplo n.º 16
0
    def POST(self):
        name = xutils.get_argument("username", "")
        pswd = xutils.get_argument("password", "")
        target = xutils.get_argument("target")

        # xutils.print_web_ctx_env()
        # print(web.input())
        xutils.log("USER[%s] PSWD[%s]" % (name, pswd))

        users = xauth.get_users()
        error = ""
        if name == "":
            pass
        if name in users:
            user = users[name]
            if pswd == user["password"]:
                web.setcookie("xuser", name, expires= 24*3600*30)
                pswd_md5 = xauth.get_password_md5(pswd)
                web.setcookie("xpass", pswd_md5, expires=24*3600*30)
                if target is None:
                    raise web.seeother("/")
                raise web.seeother(target)
            else:
                error = "password error"
        else:
            error = "user not exists"
        return xtemplate.render("login.html", 
            username=name, 
            password=pswd,
            error = error)
Exemplo n.º 17
0
 def GET(self,param):
     url =  web.ctx.env['QUERY_STRING']
     try:
         auth = openid.getAuth(url)
         web.setcookie('fullname',auth['fullname'])
     except Exception,e:
         print "auth error:"+str(e)
Exemplo n.º 18
0
 def GET(self):
     conn = httplib.HTTPConnection("www.douban.com", 80)
     #cur_url = self.request('/run')
     cur_url = web.cookies().get('session')
     #cur_url = self.request.str_GET['sesspara']
     #request_token={}
     request_token =  pickle.loads(base64.urlsafe_b64decode(cur_url))
     params = access_token_params(consumer_key, consumer_secret, request_token['oauth_token'],request_token['oauth_token_secret'], access_token_path)
     conn.request('GET', access_token_path+"?"+urllib.urlencode(params))
     res = conn.getresponse().read()
     if res != 'Unauthorized Request Token':
         access_token = result2dict(res)
         access_token['sid']=access_token['douban_user_id']
         if access_token :
             current = User.get_current_user(access_token['sid'])
             if current:
                 User.update_user_data(access_token)
             else:
                 User.get_new_user(access_token)
             current=User.get_current_user(access_token['sid'])
             if current:
                 web.setcookie('sid',current.sid,expires=86400)
                 return current.sid
             else:
                 return '更新用户失败'
         else:
             return'获得认证失败'
     else:
         return '用户未授权'
Exemplo n.º 19
0
def logout():
    try:
        session = web.ctx.session
    except Exception as e:
        pass
    try:
        the_user = getUserFromToken()
        session_data = getTokenData()
        #Remove utilized token
        for token in the_user['tokens']:

            if token == session_data['token']:
                #Remove token from user
                Users.objects(username=the_user['username']).update_one(
                    pull__tokens = token
                )
                return dict(r='ok')
            #Leave session & cookie to remember user data such as prefered language, remember user and so on
        #If token not in iteration just raise error
        raise StandardError("token does not exists")
    except Exception as e:
        return StandardError(e)
        #remove session record if logout fails from database
        session.kill()
        web.setcookie(quetzal_config['cookie_name'], '', expires=-1)
        raise StandardError("Error During Logout, Session terminated anyway")
Exemplo n.º 20
0
 def POST(self):
     formulario = web.input()  # get form data
     # call model insert_registro and try to insert new data
     correo = formulario['user']
     nombre = formulario['nombre']
     carrera = formulario['carrera']
     grado = formulario['grado']
     tipo = formulario['tipo']
     correcto = False
     if '@utectulancingo.edu.mx' in correo:
         correcto = True
     else:
         web.setcookie('_id', '', 0)  # cierre de session en google
         raise web.seeother('/')  # render registro index.html
     user_hash = hashlib.md5(
         correo + app.secret_key).hexdigest()  # encrypt user_hash
     picture = app.session.picture
     print tipo
     if tipo == '0' and correcto == True:
         config.model_registro.insert_registro(correo, nombre, carrera,
                                               grado, tipo, user_hash,
                                               picture)
         config.model_asesor.insert_asesor(correo, nombre, carrera, grado)
     elif correcto == True:
         config.model_registro.insert_registro(correo, nombre, carrera,
                                               grado, tipo, user_hash,
                                               picture)
     raise web.seeother('/')  # render registro index.html
Exemplo n.º 21
0
 def GET(self):
     """
     Clears the client cookies and returns the user to the login page.
     """
     web.setcookie("token", "", -1, util.portal_ip, path=util.portal_root)
     web.setcookie("tenant_id", "", -1, util.portal_ip, path=util.portal_root)
     raise web.seeother(".." + util.portal_root)
Exemplo n.º 22
0
def current_user():
    user = web.cookies().get('userid')
    username = ''
    if user:
        web.setcookie('userid', user, 600)
        username = Users.get(Users.id == user).username
    return user, username
Exemplo n.º 23
0
 def POST(self):
   var = web.input()
   
   
   if 'fb' in var:
     xsrf = util.select_one('xsrf', where='token=$tok', vars={'tok': var.xsrf})
     if xsrf is None:
       raise status.ApiError('401 Unauthorized')
     
   try:
     xsrf = util.select_one('xsrf', where='token=$tok', vars={'tok': var.xsrf})
     if xsrf is None:
       raise status.ApiError('401 Unauthorized')
     
     user = self.user_auth(var.email, var.pword)
     if user is None:
       print "this one"
       raise status.ApiError('401 Unauthorized')
     
     sess = str(uuid.uuid4())[:64]
     values = {
       'sess': sess,
       'uid': user['id']
     }
     util.insert('sessions', **values)
     web.setcookie('wsid_login', sess, path='/')
   except AttributeError as err:
     print "that one"
     raise status.ApiError('401 Unauthorized (%s)' % err)
     
   web.redirect('/')
Exemplo n.º 24
0
	def GET(self):
		global session_time
		global session_id
		web.header("Content-Type","text/html; charset=utf-8")
		content = ""
		showNavBar = False #Should show the navigation bar
		if (get_status() == "PROTECTED"):
			if check_sid(web.cookies().get('sid')):
				content += "Serving current user. Please give up before creating new session.\n"
				showNavBar = True
			else:
				content += "Serving other user in protected period.\nACCESS DENIED.\n"
		else:
			content += "Killing background utilities.\n"
			content += os.popen("./stopall.sh").read()
			content += "Genearting new session ID.\n"
			session_time = time.time()
			new_sid = str(random.randint(100000000, 999999999)); #sid is 9 digits integer in string
			session_id = new_sid
			set_status("PROTECTED")
			content += "New seesion ID is " + str(new_sid) + ".\n"
			content += "Status is " + get_status() + ".\n"
			web.setcookie("sid", new_sid, expires=3600)
			showNavBar = True
		return render.new(get_status(), showNavBar, content)
 def GET(self, param):
     entity = model.get_model_by_name(param)
     form = forms.getSearchForm(entity.exposed_search_properties())
     pagination = Paginator(web.input(), entity)
     display_message=web.cookies().get('display_message')
     web.setcookie('display_message', '')
     return render_admin.listar(form, pagination, display_message=display_message)
Exemplo n.º 26
0
 def POST(self):
     '''
         This function destroys all cookies related to user session.
     '''
     web.setcookie('user', '', expires=-1)
     web.setcookie('session_id', '', expires=-1)
     raise web.seeother('/login')
Exemplo n.º 27
0
    def POST(self):
        """Overrides `account_login` and infogami.login to prevent users from
        logging in with Open Library username and password if the
        payload is json. Instead, if login attempted w/ json
        credentials, requires Archive.org s3 keys.
        """
        d = simplejson.loads(web.data())
        access = d.get('access', None)
        secret = d.get('secret', None)
        test = d.get('test', False)

        # Try S3 authentication first, fallback to infogami user, pass
        if access and secret:
            audit = audit_accounts(None,
                                   None,
                                   require_link=True,
                                   s3_access_key=access,
                                   s3_secret_key=secret,
                                   test=test)
            error = audit.get('error')
            if error:
                raise olib.code.BadRequest(error)
            web.setcookie(config.login_cookie_name,
                          web.ctx.conn.get_auth_token())
        # Fallback to infogami user/pass
        else:
            from infogami.plugins.api.code import login as infogami_login
            infogami_login().POST()
Exemplo n.º 28
0
 def POST(self, cursor):
     form = web.input(user_name=None, password=None)
     pass_hash = crypt.crypt(form.password+"baa", "8tr034FhaM4qg")
     cursor.execute("""
         SELECT user_id FROM public.user
         WHERE user_name = %s AND pass_hash = %s
         ;""", (form.user_name, pass_hash))
     user = cursor.fetchone()
     if not user:
         return header(page_title="Logging in") + \
                 """<p><b>Sorry, we couldn't log you in.
                     Did you get your password wrong?</b></p>
                 <form method="POST">
                     Username: <input name="user_name"><br>
                     Password: <input type="password" name="password"><br>
                     <input type="Submit" value="Log in">
                 </form>""" + footer()
     else:
         user_id = user[0]
         auth = random.randint(1, 1000000)
         cursor.execute("""
             UPDATE public.user SET user_auth = %s WHERE user_id = %s;
             """, (auth, user_id))
         cursor.execute("""
             SELECT * FROM public.user WHERE user_id = %s;
             """, (user_id,))
         web.setcookie("user_id", str(user_id), 3600*24*365)
         web.setcookie("auth", str(auth), 3600*24*365)
         web.header("Refresh", "0; /")
         return "Logged in, redirecting"
Exemplo n.º 29
0
def SetSecureCookie(name, value, expires, **kwargs):
  timestamp = str(int(time.time()))

  value = base64.b64encode(value)
  sig = GenerateCookieSig(name, value, timestamp, expires)
  value = '|'.join((name, value, timestamp, str(expires), sig))
  web.setcookie(name, value, expires=expires, secure=True, **kwargs)
Exemplo n.º 30
0
    def POST(self):
        """ Handle login """
        inp = web.input()
        # FIXME: Use const for cookie lifetime and hash secret
        if 'user_mail' in inp and 'user_pwd' in inp:
            try:
                user = User.get(
                    User.mail == inp.user_mail,
                    User.password == inp.user_pwd
                )
                logging.info("Login by user {}".format(user.id))
                web.setcookie(
                    '_k',
                    hashlib.md5(
                        "{0}-{1}".format(HASH_SALT, inp.user_mail)
                    ).hexdigest(),
                    360000
                )
                web.ctx.session.auth = 1

                raise web.seeother("/admin/")
            except DoesNotExist:
                # User not found in DB
                logging.warning("Login attempt")
                raise web.seeother("/login/")   
        else:
            # Form params not present
            raise web.seeother("/login/")
Exemplo n.º 31
0
    def POST(self):
        # unlike the usual scheme of things, the POST is actually called
        # first here
        i = web.input(return_to='/')
        if i.get('action') == 'logout':
            web.webopenid.logout()
            return web.redirect(i.return_to)

        i = web.input('openid', return_to='/')
        going = owevent.going_to_auth(owglobal.session.datapath,
                                      owglobal.session.host, i['openid'])
        owglobal.server.post_event(going)
        output.dbg(str(owglobal.session.host)+\
                       " is going to "+going.server()+" to authenticate",
                   self.__class__.__name__)

        n = web.webopenid._random_session()
        web.webopenid.sessions[n] = {'webpy_return_to': i.return_to}

        c = openid.consumer.consumer.Consumer(web.webopenid.sessions[n],
                                              web.webopenid.store)
        a = c.begin(i.openid)
        f = a.redirectURL(web.ctx.home, web.ctx.home + web.ctx.fullpath)

        web.setcookie('openid_session_id', n)
        return web.redirect(f)
Exemplo n.º 32
0
 def GET(self):
     if iscookie() == True:
         i = web.input(access='True')
         web.setcookie('access', i.access, 600)
         return open(r'index.html', 'r').read()
     else:
         return web.redirect('login')
Exemplo n.º 33
0
    def POST(self):
        form = web.input(form_signin={})
        #往数据库users插入数据

        name = form['name'].strip()
        email = form['email'].strip().lower()
        password = form['password']
        print name,email,password
        if not name:
            return '请输入用户名'
        if not email or not _RE_EMAIL.match(email):
            return '请输入正确的Email地址'
        if not password or not _RE_MD5.match(password):
            return '请输入正确的密码'

        user = model.find_item_by_email(model.User,email)
        if user:
            return '邮箱已注册'

        user_name = model.find_item_by_name(model.User,name)
        if user_name:
            return '用户名已存在'
        ip = web.ctx.ip
        select = form['select']
        #insert user
        id = model.new_user(email,password,name,select,ip)
        #save one day,write to cookie

        cookie = utils.make_signed_cookie(id,password,ip)
        web.setcookie(utils._COOKIE_NAME,cookie,expires=86400)
Exemplo n.º 34
0
    def POST_login(self, i):
        # make sure the username is valid
        if not forms.vlogin.valid(i.username):
            return self.error("account_user_notfound", i)

        # Try to find account with exact username, failing which try for case variations.
        account = accounts.find(username=i.username) or accounts.find(
            lusername=i.username)

        if not account:
            return self.error("account_user_notfound", i)

        if i.redirect == "/account/login" or i.redirect == "":
            i.redirect = "/"

        status = account.login(i.password)
        if status == 'ok':
            expires = (i.remember and 3600 * 24 * 7) or ""
            web.setcookie(config.login_cookie_name,
                          web.ctx.conn.get_auth_token(),
                          expires=expires)
            raise web.seeother(i.redirect)
        elif status == "account_not_verified":
            return render_template("account/not_verified",
                                   username=account.username,
                                   password=i.password,
                                   email=account.email)
        elif status == "account_not_found":
            return self.error("account_user_notfound", i)
        elif status == "account_blocked":
            return self.error("account_blocked", i)
        else:
            return self.error("account_incorrect_password", i)
Exemplo n.º 35
0
	def POST(self):
		login_form = login()
		if login_form.validates():
			if login_form.d.username == 'admin' \
			and login_form.d.password == 'admin':
				web.setcookie('username', login_form.d.username)
		raise web.seeother('/')
Exemplo n.º 36
0
 def killSession(self):
     try:
         MongoOps().deleteOne('local', 'sessions',
                              {'id': web.cookies().get('id')})
         web.setcookie('id', "", -1)
     except Exception as err:
         print "ERR with killSession: ", err
Exemplo n.º 37
0
def authenticate(rendered_tpl):
    """
    Authentication management method.
    :param rendered_tpl: rendered page template
    :returns: rendered final page or a page with error message
    """
    global AUTH_ISSUERS, SAML_SUPPORT, AUTH_TYPE, RENDERER
    valid_token_dict = validate_webui_token()
    if not valid_token_dict:
        # remember fullpath in cookie to return to after login
        setcookie('rucio-requested-path',
                  value=unicode(ctx.fullpath),
                  expires=120,
                  path='/')
    else:
        return access_granted(valid_token_dict, rendered_tpl)

    # login without any known server config
    if not AUTH_TYPE:
        return RENDERER.select_login_method(AUTH_ISSUERS, SAML_SUPPORT)
    # for AUTH_TYPE predefined by the server continue
    else:
        if AUTH_TYPE == 'userpass':
            return seeother('/login')
        elif AUTH_TYPE == 'x509':
            return x509token_auth(None)
        elif AUTH_TYPE == 'x509_userpass':
            if ctx.env.get('SSL_CLIENT_VERIFY') == 'SUCCESS':
                return x509token_auth(None)
            return RENDERER.no_certificate()
        elif AUTH_TYPE == 'oidc':
            return oidc_auth(None, AUTH_ISSUER_WEBUI)
        elif AUTH_TYPE == 'saml':
            return saml_auth("GET", rendered_tpl)
        return RENDERER.problem('Invalid auth type')
Exemplo n.º 38
0
def create_cookie(guid, data):
    # this may produce a slight variation in expiration dates between what we set
    # and what web.py sets, but we really don't care.
    session.cookie = scp.SecureCookie(get_session_hash(), web.secret)
    serial = session.cookie.serialize(guid,
                                      int(time.time()) + COOKIE_TTL, data)
    web.setcookie(COOKIE_NAME, serial, COOKIE_TTL, secure=True, httponly=True)
Exemplo n.º 39
0
    def GET(self):
        u = web.cookies().get('username')
        web.setcookie('username','logout',expires=-1)
        web.setcookie('session','logout',expires=-1)
        db.delete('sessions',where="username=$u",vars=locals())

        raise web.seeother('/')
Exemplo n.º 40
0
    def POST(self):
        msg = None
        i = web.input()
        uid = i.get('userid')
        pwd = i.get('password')
        
        user_iter=model.get_user(uid,pwd)
        user = list(user_iter)
        user_info = web.ctx.session.userinfo
        if user:
            user_info['Name'] = user[0].username
            user_info['ID'] = uid
            user_info['Contact'] = user[0].contactname
            user_info['UnitAddr'] = user[0].unitaddress
            user_info['Tel'] = user[0].tel

            redirect_url = web.ctx.session.redirecturl
            #print next_page
            web.ctx.session.logged_in = True
            web.setcookie('backstep',-2,3600)
            if redirect_url:
                return web.seeother(redirect_url)
            else: #default
                return web.seeother('/member')
        else:
            msg="用户名或密码不正确"
            web.setcookie('login_id',uid,3600)
            return render.login()
Exemplo n.º 41
0
 def POST(self):
     i = web.input(imagefile={})
     assert(not i.has_key('email'))
     assert(not i.has_key('password'))
     if i.has_key('birthday'):
         try:
             i.age = self.calcAge(i.birthday)
         except:
             return page_helper.failed('修改失败,生日格式填写错误 ')
     session = site_helper.session
     if session.is_login:
         if i.has_key('username'):
             user_name = i.username.encode('utf-8', 'ignore')
             if self.existsUsername(user_name, session.user_id):
                 return page_helper.failed('修改失败, 用户名 ' +user_name+ ' 已被使用')
             web.setcookie('name',  user_name)
             site_helper.session.user_name = user_name
         if i.has_key('self_domain'):
             self_domain = i.self_domain.encode('utf-8', 'ignore')
             if self.existsDomain(self_domain, session.user_id):
                 return page_helper.failed('修改失败, 域名' +self_domain+ ' 已被使用')
         i.model_name = 'User'
         i.model_id = session.user_id
         return Update.POST(self, i, )
     else:
         return page_helper.redirectToLogin()
Exemplo n.º 42
0
 def GET(self,name): #идентификация сессии и идентификация пользователя.
     print '2222', 'cdx'
     web.header('Content-type', 'text/html; charset=utf-8')
     con = sqlite3.connect('overhead.sqlite')
     cur = con.cursor()
     i = web.input()
     if i: #Открыть навую сессию после идентификации пользователя
         n = i.name
         p = i.passw
         sql = u"select * from auth_ko where user=? and passw=?"
         cur.execute(sql, (n, p))
         r = cur.fetchall()
         if r:
             rez = r[0][1]
             sid = uuid.uuid4().hex
             sid = str(sid)
             sqlu = u"update auth_ko set sid=? where user=? and passw=?"
             cur.execute(sqlu, (sid, n, p))
             con.commit()
             web.setcookie('sid', sid, 3600)
             print rez, 'sid=',sid
             raise web.redirect('/cdx1')  #Начата новая сессия. Переходим на следующий шаг.
         else:
             return render.index('Логин или пароль неверен! ')
     else:
         raise web.redirect('/cdn') #Сюда попал, если логин и пароль не введены.
 def GET(self, accept_str):
     if accept_str in model.accept_list():
         return render({'title': settings.SITE_NAME}).notaccept()
     else:
         model.accept_code(accept_str)
         web.setcookie('accept_str', accept_str, settings.EXPIRES)
         raise web.redirect('/')
Exemplo n.º 44
0
    def POST(self):
        """Overrides `account_login` and infogami.login to prevent users from
        logging in with Open Library username and password if the
        payload is json. Instead, if login attempted w/ json
        credentials, requires Archive.org s3 keys.
        """
        from openlibrary.plugins.openlibrary.code import BadRequest
        d = simplejson.loads(web.data())
        access = d.get('access', None)
        secret = d.get('secret', None)
        test = d.get('test', False)

        # Try S3 authentication first, fallback to infogami user, pass
        if access and secret:
            audit = audit_accounts(None, None, require_link=True,
                                   s3_access_key=access,
                                   s3_secret_key=secret, test=test)
            error = audit.get('error')
            if error:
                raise olib.code.BadRequest(error)
            web.setcookie(config.login_cookie_name, web.ctx.conn.get_auth_token())
        # Fallback to infogami user/pass
        else:
            from infogami.plugins.api.code import login as infogami_login
            infogami_login().POST()
Exemplo n.º 45
0
Arquivo: user.py Projeto: fenceer/yiqi
def login(user):
    if user:
        session.uid = user['_id']
        session.email = user['email']
        session.nick = user['nick']
        session.isVip = user['isVip']
        web.setcookie('al', tools.int2hex(user['_id']), cookie_expires)
Exemplo n.º 46
0
    def POST(self):
        i = web.input()

        sql = "select * from myuser where name = \""+i.username.encode('utf-8','latin1')+"\""
        results = db.query(sql)
        if results:
            err = "reg_name"
            other = "OK"
            return render.login(err,other)

        sql = "select * from myuser where email = \""+i.email.encode('utf-8','latin1')+"\""
        results = db.query(sql)
        if results:
            err = "reg_email"
            other = "OK"
            return render.login(err,other)

        id = db.insert('myuser',name=i.username.encode('utf-8','latin1'),password=i.passwd.encode('utf-8','latin1'),email=i.email.encode('utf-8','latin1') )

        web.setcookie('nomadicid',id, 18000)
        ip = web.ctx.ip
        sql = "replace into mysession (ip,id) values (" + "\"" + ip +"\"," + str(id) +")"
        db.query(sql)
        web.setcookie('nomadicpass', ip, 18000)

        return render.welcome()
Exemplo n.º 47
0
def write_cookie(name):
    web.setcookie("xuser", name, expires= 24*3600*30)
    user     = get_user(name)
    password = user.password
    salt     = user.salt
    pswd_md5 = get_password_md5(password, salt)
    web.setcookie("xpass", pswd_md5, expires=24*3600*30)
Exemplo n.º 48
0
	def GET(self):
		client = web.cookies().get("client")
		if client == None:
			client = len(runners)
			web.setcookie('client', client)

		runners[client] = (Runner(randint(-5, 5), randint(-5, 5)))
Exemplo n.º 49
0
      def POST(self):
        # unlike the usual scheme of things, the POST is actually called
        # first here
        i = web.input(return_to='/')
        if i.get('action') == 'logout':
          oid.logout()
          return web.redirect(i.return_to)

        if not i.has_key('openid') or len(i.openid) == 0:
          return web.redirect(i.return_to)

        session_data = {'webpy_return_to': i.return_to}
        session_hash = oid._new_session(session_data)

        ax_req = ax.FetchRequest()
        ax_req.add(ax.AttrInfo('http://axschema.org/namePerson/first',
            required=True))
        ax_req.add(ax.AttrInfo('http://axschema.org/namePerson/last',
            required=True))
        ax_req.add(ax.AttrInfo('http://axschema.org/contact/email',
            required=True))

        c = openid.consumer.consumer.Consumer(session_data,
            oid._get_openid_store())
        a = c.begin(i.openid)
        a.addExtension(ax_req)
        a.addExtension(sreg.SRegRequest(optional=['email', 'fullname']))
        f = a.redirectURL(web.ctx.home, web.ctx.home + web.ctx.fullpath)

        oid._save_session(session_hash, session_data)

        web.setcookie('openid_session_id', session_hash)
        return web.redirect(f)
Exemplo n.º 50
0
 def GET(self,name): #идентификация сессии и идентификация пользователя.
     print '2222', 'cdx'
     web.header('Content-type', 'text/html; charset=utf-8')
     con = sqlite3.connect('overhead.sqlite')
     cur = con.cursor()
     i = web.input()
     if i: #Открыть навую сессию после идентификации пользователя
         n = i.name
         p = i.passw
         sql = u"select * from auth_ko where user=? and passw=?"
         cur.execute(sql, (n, p))
         r = cur.fetchall()
         if r:
             rez = r[0][1]
             sid = uuid.uuid4().hex
             sid = str(sid)
             sqlu = u"update auth_ko set sid=? where user=? and passw=?"
             cur.execute(sqlu, (sid, n, p))
             con.commit
             web.setcookie('sid', sid, 3600)
             print rez, 'sid=',sid
             raise web.redirect('/cdx1')  #Начата новая сессия. Переходим на следующий шаг.
         else:
             return render.index('Логин или пароль неверен! ')
     else:
         raise web.redirect('/cdn') #Сюда попал, если логин и пароль не введены.
 def GET(self, param, record_id):
     entry = model.entity_by_id(model.get_model_by_name(param), record_id)
     frm = forms.getForm(param)
     frm.fill(entry)
     display_message=web.cookies().get('display_message')
     web.setcookie('display_message', '')
     return render_admin.form(frm, titulo='Alterar %s' % param, verbo='editar', display_message=display_message, estilo='table')
Exemplo n.º 52
0
    def POST(self):
        # unlike the usual scheme of things, the POST is actually called
        # first here
        i = web.input(return_to='/')
        if i.get('action') == 'logout':
            web.webopenid.logout()
            return web.redirect(i.return_to)

        i = web.input('openid', return_to='/')
        going = owevent.going_to_auth(owglobal.session.datapath,
                                      owglobal.session.host,
                                      i['openid'])
        owglobal.server.post_event(going)
        output.dbg(str(owglobal.session.host)+\
                       " is going to "+going.server()+" to authenticate",
                   self.__class__.__name__)

        n = web.webopenid._random_session()
        web.webopenid.sessions[n] = {'webpy_return_to': i.return_to}
        
        c = openid.consumer.consumer.Consumer(web.webopenid.sessions[n], 
                                              web.webopenid.store)
        a = c.begin(i.openid)
        f = a.redirectURL(web.ctx.home, web.ctx.home + web.ctx.fullpath)

        web.setcookie('openid_session_id', n)
        return web.redirect(f)
Exemplo n.º 53
0
def localization_hook():
    default_lang = 'en'  # default language
    lang = None
    path_info = web.ctx.env['PATH_INFO']
    cookie = web.cookies().get("lang")

    # try reading language from URL path
    if not lang and path_info[1:3] in constants.supported_languages:
        web.ctx['fullpath'] = web.ctx['fullpath'][3:]
        web.ctx['path'] = web.ctx['path'][3:]
        web.ctx.env['REQUEST_URI'] = web.ctx.env['REQUEST_URI'][3:]
        web.ctx.env['PATH_INFO'] = path_info[3:]
        lang = path_info[1:3]
    # try reading language from cookie
    if not lang and cookie:
        if cookie in constants.supported_languages:
            lang = cookie
    # try reading language from browser
    if not lang and 'HTTP_ACCEPT_LANGUAGE' in web.ctx.env:
        lang_accept = web.ctx.env['HTTP_ACCEPT_LANGUAGE']
        items = [i.partition(';q=') for i in lang_accept.split(",") if i]
        decoded = {k.strip(): (float(v) if len(v) > 0 else 1.0) for k, _, v in items}
        langs = {k: decoded[k] for k in decoded.iterkeys() if k[:2] in constants.supported_languages}
        best = max(langs.iteritems(), key=operator.itemgetter(1))[0]
        if best:
            lang = best[:2]
    # use default language
    if not lang:
        lang = default_lang

    web.setcookie("lang", lang, 31536000, common.get_domain(web.ctx.home), False, False, '/')
    common.session['lang'] = lang
Exemplo n.º 54
0
    def on_signin(self, profile):
        """ When the user is signing in, this sets up the session.
		If they are already signed in based on a cookie, then just direct them to index
		else, re-generate the session. sends the id to the browser so it can be called later.
		"""
        # web.setcookie('tempProfle', profile, 'Expires', -1)
        # web.setcookie('profile', profile)
        print "on_signin"
        try:
            u = self.queryOne('remote', 'users', {'id': profile['id']})
            print "found u"
            if u['suspended']:
                raise web.seeother('/suspended')
            if u['verified']:
                if SessionMgr().newSession(profile['id'], web.ctx.get('ip')):
                    raise web.seeother('index.html')
        except Exception as err:
            print "Error in on_signin: ", err
            # the error is no user exists, create registration page and direct them to that here.
            self.updateOne('local',
                           'tempProfiles', {'id': profile['id']},
                           profile,
                           upsert=True)
            web.setcookie('id', profile['id'])
            raise web.seeother('/register')
        raise web.seeother('/')
Exemplo n.º 55
0
    def POST(self):
        i = web.input(username="",
                      connect=None,
                      password="",
                      remember=False,
                      redirect='/',
                      test=False,
                      access=None,
                      secret=None)
        email = i.username  # XXX username is now email
        audit = audit_accounts(email,
                               i.password,
                               require_link=True,
                               s3_access_key=i.access,
                               s3_secret_key=i.secret,
                               test=i.test)
        error = audit.get('error')
        if error:
            return self.render_error(error, i)

        expires = (i.remember and 3600 * 24 * 7) or ""
        web.setcookie(config.login_cookie_name,
                      web.ctx.conn.get_auth_token(),
                      expires=expires)
        blacklist = [
            "/account/login", "/account/password", "/account/email",
            "/account/create"
        ]
        if i.redirect == "" or any([path in i.redirect for path in blacklist]):
            i.redirect = "/"
        raise web.seeother(i.redirect)
Exemplo n.º 56
0
 def GET(self):
     cookie = web.cookies()
     web.setcookie('user', '', 3600)
     web.setcookie('color', '', 3600)
     db.delete('user', where='user="******"'.format(cookie.user))
     db.delete('data', where='user="******"'.format(cookie.user))
     return render.bye()
Exemplo n.º 57
0
 def POST(self, name):
     data = web.data()
     print data
     r = json.loads(data)
     if r['req_str'].find("spam") >= 0: return "spam"
     web.setcookie('age', 41, 3600)
     return "ok"
Exemplo n.º 58
0
    def GET(self):
        # Unsetting cookies
        web.setcookie("login", "", -1)
        web.setcookie("password", "", -1)

        # Going back to home page
        web.seeother('/')
Exemplo n.º 59
0
    def POST(self):
        i = web.input()

        #username = i.username
        username = i.username
        password = i.password

        #valided_username = valid_name(username)
        valided_username = valid_name(username)
        valided_password = valid_password(password)
        
        if valided_username and valided_password:
            #validation success,access the database
            users = web.ctx.orm.query(User).filter_by(username=username).all()
            if users:
                user = users[0]
                userid = user.userid

                if verify_pw(password, user.userpass, user.salt):
                    cookie_user = '******' % (user.username, user.userpass)
                    #set cookie
                    web.setcookie('user',cookie_user)
                    self.redirect('/profile')
            else:
                return self.write_html(user=None, error='The user is not exist,or the password does not match this acount!oops!')

        else:
            return self.write_html(user=None, error='The input name or password is invalid!oops!')
Exemplo n.º 60
0
    def POST(self):
        postdata = web.input()
        username = postdata.username
        password = postdata.password
        rslist = getUserByUserName(username)
        if len(rslist) == 0:
            return 'user is not exist'
        else:
            if rslist[0].password == password:

                #新增session记录名称
                UserId = rslist[0].id
                print UserId, username
                session = web.config._session
                print session.status
                session.status = 0
                print session.status
                cookies = web.cookies()
                print cookies
                web.setcookie('id', UserId)
                web.setcookie('name', username)

                return render.welcome(username)
            else:
                return 'password error'