def _login(self, exp=86400): self.set_header('Content-Type', 'application/jwt') if app.NOTIFY_ON_LOGIN and not helpers.is_ip_private( self.request.remote_ip): notifiers.notify_login(self.request.remote_ip) log.info('{user} logged into the API v2', {'user': app.WEB_USERNAME}) time_now = int(time.time()) self._ok(data=jwt.encode( { 'iss': 'Medusa ' + app.APP_VERSION, 'iat': time_now, # @TODO: The jti should be saved so we can revoke tokens 'jti': ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)), 'exp': time_now + int(exp), 'scopes': [ 'show:read', 'show:write' ], # @TODO: This should be replaced with scopes or roles/groups 'username': app.WEB_USERNAME, 'apiKey': app. API_KEY # TODO: This should be replaced with the JWT itself }, app.ENCRYPTION_SECRET, algorithm='HS256'))
def post(self, *args, **kwargs): """ Submit Login """ api_key = None username = app.WEB_USERNAME password = app.WEB_PASSWORD if all([(self.get_argument('username') == username or not username), (self.get_argument('password') == password or not password)]): api_key = app.API_KEY if app.NOTIFY_ON_LOGIN and not helpers.is_ip_private( self.request.remote_ip): notifiers.notify_login(self.request.remote_ip) if api_key: remember_me = int(self.get_argument('remember_me', default=0) or 0) self.set_secure_cookie(app.SECURE_TOKEN, api_key, expires_days=30 if remember_me else None) logger.log('User logged into the Medusa web interface', logger.INFO) else: logger.log( 'User attempted a failed login to the Medusa web interface from IP: {ip}' .format(ip=self.request.remote_ip), logger.WARNING) redirect_page = self.get_argument('next', None) if redirect_page: self.redirect('{page}'.format(page=self.get_argument('next'))) else: self.redirect('/{page}/'.format(page=app.DEFAULT_PAGE))
def _login(self, exp=86400): self.set_header('Content-Type', 'application/json') if app.NOTIFY_ON_LOGIN and not helpers.is_ip_private( self.request.remote_ip): notifiers.notify_login(self.request.remote_ip) log.info('{user} logged into the API v2', {'user': app.WEB_USERNAME}) time_now = int(time.time()) return self._ok( data={ 'token': jwt.encode( { 'iss': 'Medusa ' + text_type(app.APP_VERSION), 'iat': time_now, # @TODO: The jti should be saved so we can revoke tokens 'jti': ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)), 'exp': time_now + int(exp), 'username': app.WEB_USERNAME, 'apiKey': app.API_KEY }, app.ENCRYPTION_SECRET, algorithm='HS256').decode('utf-8') })
def post(self, *args, **kwargs): """ Submit Login """ api_key = None username = app.WEB_USERNAME password = app.WEB_PASSWORD if all([(self.get_argument('username') == username or not username), (self.get_argument('password') == password or not password)]): api_key = app.API_KEY if app.NOTIFY_ON_LOGIN and not helpers.is_ip_private(self.request.remote_ip): notifiers.notify_login(self.request.remote_ip) if api_key: remember_me = int(self.get_argument('remember_me', default=0) or 0) self.set_secure_cookie(app.SECURE_TOKEN, api_key, expires_days=30 if remember_me else None) logger.log('User logged into the Medusa web interface', logger.INFO) else: logger.log('User attempted a failed login to the Medusa web interface from IP: {ip}'.format (ip=self.request.remote_ip), logger.WARNING) redirect_page = self.get_argument('next', None) if redirect_page: self.redirect('{page}'.format(page=self.get_argument('next'))) else: self.redirect('/{page}/'.format(page=app.DEFAULT_PAGE))
def _login(self, exp=86400): self.set_header('Content-Type', 'application/json') if app.NOTIFY_ON_LOGIN and not helpers.is_ip_private(self.request.remote_ip): notifiers.notify_login(self.request.remote_ip) log.info('{user} logged into the API v2', {'user': app.WEB_USERNAME}) time_now = int(time.time()) return self._ok(data={ 'token': jwt.encode({ 'iss': 'Medusa ' + text_type(app.APP_VERSION), 'iat': time_now, # @TODO: The jti should be saved so we can revoke tokens 'jti': ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(20)), 'exp': time_now + int(exp), 'username': app.WEB_USERNAME, 'apiKey': app.API_KEY }, app.ENCRYPTION_SECRET, algorithm='HS256') })