def get_users(self, username=None, userid=None, usertype=None):
# Check if the user is an admin
if cherrypy.session.get("usertype", "user") == "admin":
users = API.get_users(username, userid, usertype)
if users:
return [user.json for user in users]
else:
return json.dumps({"error": "No user matches the request"})
else:
return json.dumps({"error": "User not authorized for this request"})
def admin(self):
# Check if the user is an admin
if cherrypy.session.get("usertype", "user") == "admin":
tmpl = lookup.get_template("admin.html.mako")
if settings['web_use_auth'] == "true":
return tmpl.render(
username = cherrypy.session['username'],
userimageurl = cherrypy.session['userimageurl'],
usertype = cherrypy.session['usertype'],
settings = settings,
users = API.get_users(),
hooks = API.get_hooks()
)
else:
return tmpl.render(
username = cherrypy.session.get("username", "dev"),
userimageurl = cherrypy.session.get("userimageurl", "dev"),
usertype = cherrypy.session.get("usertype", "admin"),
settings = settings,
users = API.get_users(),
hooks = API.get_hooks()
)
else:
return json.dumps({"error": "User not authorized for this request"})
def login(self, code=None):
# if the session is already authorized send the user to the main page
if cherrypy.session.get("authorized", None):
raise cherrypy.HTTPRedirect("/")
# if the `code` parameter was POSTed, try to authenticate the user
if code:
# First check that the code is valid
# Query GitHub for an access token for the code
git_auth = "https://github.com/login/oauth/access_token?" + \
"client_id=" + settings['web_github_oauth_id'] + \
"&client_secret=" + settings['web_github_oauth_secret'] + \
"&code=" + code
req = Request(git_auth)
res = urlopen(req)
# split the response into a dict
response = {}
for param in res.read().decode('utf-8').split("&"):
response[param.split("=")[0]] = param.split("=")[1]
# Second, get the GitHub acccount information
# if the code resulted in a valid access token
if "access_token" in response.keys():
# Get the user information
get_info = "https://api.github.com/user?access_token=" + response['access_token']
req = Request(get_info)
res = urlopen(req)
# Parse the resulting JSON
data = json.loads(res.read().decode('utf-8'))
# if the user is in the authorized user list
userdata = API.get_users(userid=str(data['id']))
if userdata:
user_data = userdata[0]
if user_data.username == data['login']:
# Modify the user session to indicated authorization
# store a SHA of the inital request information
# if this doesn't match force a new session
agent = cherrypy.request.headers['User-Agent']
# remote_ip = cherrypy.request.remote.ip
print(agent)
cherrypy.session["_ident"] = sha256(agent.encode('utf-8')).hexdigest()
# Set the expiration time
cherrypy.session['expires'] = int(time()) + 1800 # 30 minutes from now
# Regenerate the session ID on successful login
cherrypy.session.regenerate()
# Store user information in the session
cherrypy.session["authorized"] = "true"
cherrypy.session["userid"] = user_data.userid
cherrypy.session["username"] = user_data.username
cherrypy.session["usertype"] = user_data.usertype
cherrypy.session["userimageurl"] = data['avatar_url']
# Send the authorized user to the main page or previous request
cherrypy.session["login_msg"] = None
redirect = cherrypy.session.get("redirect", "/")
raise cherrypy.HTTPRedirect(redirect)
else:
cherrypy.session["login_msg"] = "Login failed."
return "Login failed. User '" + data['login'] + "' is not authorized"
# The user is not authorized
else:
cherrypy.session["login_msg"] = "Login failed."
return "Login failed. User '" + data['login'] + "' is not authorized"
# The code was not valid or not sent by GitHub
else:
cherrypy.session["login_msg"] = "Login failed."
return "Login failed"
cherrypy.session["login_msg"] = "Login failed."
return "There was an error: " + str(response)
# Regenerate the session ID before logging in
cherrypy.session.regenerate()
tmpl = lookup.get_template("login.html.mako")
return tmpl.render(
client_id = settings['web_github_oauth_id'],
msg = cherrypy.session.get("login_msg", None)
)
