def get_users(self, username=None, userid=None, usertype=None): # Check if the user is an admin if cherrypy.session.get("usertype", "user") == "admin": users = API.get_users(username, userid, usertype) if users: return [user.json for user in users] else: return json.dumps({"error": "No user matches the request"}) else: return json.dumps({"error": "User not authorized for this request"})
def admin(self): # Check if the user is an admin if cherrypy.session.get("usertype", "user") == "admin": tmpl = lookup.get_template("admin.html.mako") if settings['web_use_auth'] == "true": return tmpl.render( username = cherrypy.session['username'], userimageurl = cherrypy.session['userimageurl'], usertype = cherrypy.session['usertype'], settings = settings, users = API.get_users(), hooks = API.get_hooks() ) else: return tmpl.render( username = cherrypy.session.get("username", "dev"), userimageurl = cherrypy.session.get("userimageurl", "dev"), usertype = cherrypy.session.get("usertype", "admin"), settings = settings, users = API.get_users(), hooks = API.get_hooks() ) else: return json.dumps({"error": "User not authorized for this request"})
def login(self, code=None): # if the session is already authorized send the user to the main page if cherrypy.session.get("authorized", None): raise cherrypy.HTTPRedirect("/") # if the `code` parameter was POSTed, try to authenticate the user if code: # First check that the code is valid # Query GitHub for an access token for the code git_auth = "https://github.com/login/oauth/access_token?" + \ "client_id=" + settings['web_github_oauth_id'] + \ "&client_secret=" + settings['web_github_oauth_secret'] + \ "&code=" + code req = Request(git_auth) res = urlopen(req) # split the response into a dict response = {} for param in res.read().decode('utf-8').split("&"): response[param.split("=")[0]] = param.split("=")[1] # Second, get the GitHub acccount information # if the code resulted in a valid access token if "access_token" in response.keys(): # Get the user information get_info = "https://api.github.com/user?access_token=" + response['access_token'] req = Request(get_info) res = urlopen(req) # Parse the resulting JSON data = json.loads(res.read().decode('utf-8')) # if the user is in the authorized user list userdata = API.get_users(userid=str(data['id'])) if userdata: user_data = userdata[0] if user_data.username == data['login']: # Modify the user session to indicated authorization # store a SHA of the inital request information # if this doesn't match force a new session agent = cherrypy.request.headers['User-Agent'] # remote_ip = cherrypy.request.remote.ip print(agent) cherrypy.session["_ident"] = sha256(agent.encode('utf-8')).hexdigest() # Set the expiration time cherrypy.session['expires'] = int(time()) + 1800 # 30 minutes from now # Regenerate the session ID on successful login cherrypy.session.regenerate() # Store user information in the session cherrypy.session["authorized"] = "true" cherrypy.session["userid"] = user_data.userid cherrypy.session["username"] = user_data.username cherrypy.session["usertype"] = user_data.usertype cherrypy.session["userimageurl"] = data['avatar_url'] # Send the authorized user to the main page or previous request cherrypy.session["login_msg"] = None redirect = cherrypy.session.get("redirect", "/") raise cherrypy.HTTPRedirect(redirect) else: cherrypy.session["login_msg"] = "Login failed." return "Login failed. User '" + data['login'] + "' is not authorized" # The user is not authorized else: cherrypy.session["login_msg"] = "Login failed." return "Login failed. User '" + data['login'] + "' is not authorized" # The code was not valid or not sent by GitHub else: cherrypy.session["login_msg"] = "Login failed." return "Login failed" cherrypy.session["login_msg"] = "Login failed." return "There was an error: " + str(response) # Regenerate the session ID before logging in cherrypy.session.regenerate() tmpl = lookup.get_template("login.html.mako") return tmpl.render( client_id = settings['web_github_oauth_id'], msg = cherrypy.session.get("login_msg", None) )