def POST(self):
result = {
'SDCERR': WEBLCM_ERRORS.get('SDCERR_FAIL'),
'InfoMsg': '',
}
post_data = cherrypy.request.json
username = post_data.get('username')
password = post_data.get('password')
permission = post_data.get('permission')
if UserManageHelper.user_exists(username):
result['InfoMsg'] = f'user {username} already exists'
return result
if not username or not password or not permission:
result['InfoMsg'] = 'Missing user name, password, or permission'
return result
if UserManageHelper.getNumberOfUsers(
) < SystemSettingsManage.get_max_web_clients():
if UserManageHelper.addUser(username, password, permission):
result['SDCERR'] = WEBLCM_ERRORS.get('SDCERR_SUCCESS')
result['InfoMsg'] = 'User added'
else:
result['InfoMsg'] = 'failed to add user'
else:
result['InfoMsg'] = 'Max number of users reached'
return result
def POST(self):
result = {
'SDCERR': WEBLCM_ERRORS.get('SDCERR_FAIL', 1),
'REDIRECT': 0,
'PERMISSION': "",
'InfoMsg': '',
}
post_data = cherrypy.request.json
username = post_data.get('username', "")
password = post_data.get('password', "")
syslog(f"Attempt to login user {username}")
#Return if username is blocked
if not cherrypy.session.get('USERNAME', None):
if LoginManageHelper.is_user_blocked(username):
result['SDCERR'] = WEBLCM_ERRORS.get('SDCERR_USER_BLOCKED')
result['InfoMsg'] = 'User blocked'
return result
default_username = cherrypy.request.app.config['weblcm'].get(
'default_username', "root")
default_password = cherrypy.request.app.config['weblcm'].get(
'default_password', "summit")
#If default password is not changed, redirect to passwd update page.
if ((username == default_username) and (password == default_password)):
cnt = UserManageHelper.getNumberOfUsers()
if not cnt:
UserManageHelper.addUser(
username, password,
" ".join(USER_PERMISSION_TYPES['UserPermissionTypes']))
if not cnt or UserManageHelper.verify(default_username,
default_password):
LoginManageHelper.login_reset(username)
if LoginManageHelper.is_user_logged_in(username):
result['SDCERR'] = WEBLCM_ERRORS.get('SDCERR_USER_LOGGED')
result['InfoMsg'] = 'User already logged in'
return result
cherrypy.session['USERNAME'] = username
result['SDCERR'] = WEBLCM_ERRORS.get('SDCERR_SUCCESS')
result['REDIRECT'] = 1
result['InfoMsg'] = 'Password change required'
syslog(f"User {username} logged in")
return result
#Session is created, but default password was not changed.
if cherrypy.session.get('USERNAME', None) == default_username:
if UserManageHelper.verify(default_username, default_password):
result['SDCERR'] = WEBLCM_ERRORS.get('SDCERR_SUCCESS')
result['REDIRECT'] = 1
result['InfoMsg'] = 'Password change required'
syslog(f"User {username} logged in")
return result
#If session already exists, return success; otherwise verify login username and password.
if not cherrypy.session.get('USERNAME', None):
if not UserManageHelper.verify(username, password):
LoginManageHelper.login_failed(username)
result['InfoMsg'] = 'unable to verify user/password'
return result
LoginManageHelper.login_reset(username)
if LoginManageHelper.is_user_logged_in(username):
result['SDCERR'] = WEBLCM_ERRORS.get('SDCERR_USER_LOGGED')
result['InfoMsg'] = 'User already logged in'
return result
cherrypy.session['USERNAME'] = username
result['PERMISSION'] = UserManageHelper.getPermission(
cherrypy.session.get('USERNAME', None))
#Don't display "system_user" page for single user mode
if SystemSettingsManage.get_max_web_clients() == 1:
result['PERMISSION'] = result['PERMISSION'].replace(
"system_user", "")
result['SDCERR'] = WEBLCM_ERRORS.get('SDCERR_SUCCESS')
result['InfoMsg'] = 'User logged in'
syslog(f"user {username} logged in")
return result