[ipfire.org.git] / src / web / auth.py

#!/usr/bin/python

import logging
import tornado.web

from . import base

class AuthenticationMixin(object):
	def authenticate(self, username, password):
		# Find account
		account = self.backend.accounts.find_account(username)
		if not account:
			raise tornado.web.HTTPError(401, "Unknown user: %s" % username)

		# Check credentials
		if not account.check_password(password):
			raise tornado.web.HTTPError(401, "Invalid password for %s" % account)

		return self.login(account)

	def login(self, account):
		# User has logged in, create a session
		session_id, session_expires = self.backend.accounts.create_session(
			account, self.request.host)

		# Check if a new session was created
		if not session_id:
			raise tornado.web.HTTPError(500, "Could not create session")

		# Send session cookie to the client
		self.set_cookie("session_id", session_id,
			domain=self.request.host, expires=session_expires)

	def logout(self):
		session_id = self.get_cookie("session_id")
		if not session_id:
			return

		success = self.backend.accounts.destroy_session(session_id, self.request.host)
		if success:
			self.clear_cookie("session_id")


class LoginHandler(AuthenticationMixin, base.BaseHandler):
	@base.blacklisted
	def get(self):
		next = self.get_argument("next", None)

		self.render("auth/login.html", next=next)

	@base.blacklisted
	def post(self):
		username = self.get_argument("username")
		password = self.get_argument("password")

		with self.db.transaction():
			self.authenticate(username, password)

		# Determine the page we should redirect to
		next = self.get_argument("next", None)

		return self.redirect(next or "/")


class LogoutHandler(AuthenticationMixin, base.BaseHandler):
	def get(self):
		with self.db.transaction():
			self.logout()

		# Get back to the start page
		self.redirect("/")


class RegisterHandler(base.BaseHandler):
	@base.blacklisted
	def get(self):
		self.render("auth/register.html")

	@base.blacklisted
	def post(self):
		uid   = self.get_argument("uid")
		email = self.get_argument("email")

		first_name = self.get_argument("first_name")
		last_name  = self.get_argument("last_name")

		# Register account
		with self.db.transaction():
			self.backend.accounts.create(uid, email,
				first_name=first_name, last_name=last_name)

		self.render("auth/register-success.html")


class ActivateHandler(AuthenticationMixin, base.BaseHandler):
	def get(self, uid, activation_code):
		# Fetch the account
		account = self.backend.accounts.get_by_uid(uid)
		if not account:
			raise tornado.web.HTTPError(400, "Account not found: %s" % uid)

		# Validate activation code
		if not account.check_password(activation_code):
			raise tornado.web.HTTPError(400, "Activation code did not match: %s" % activation_code)

		self.render("auth/activate.html", account=account)

	def post(self, uid, activation_code):
		password = self.get_argument("password1")

		# Fetch the account
		account = self.backend.accounts.get_by_uid(uid)
		if not account:
			raise tornado.web.HTTPError(404, "Account not found: %s" % uid)

		# Validate activation code
		if not account.check_password(activation_code):
			raise tornado.web.HTTPError(403, "Activation code did not match: %s" % activation_code)

		# Set the new password
		account.passwd(password)

		# Create session
		self.login(account)

		# Redirect to main page
		self.redirect("/")


class CacheMixin(object):
	def prepare(self):
		# Mark this as private when someone is logged in
		if self.current_user:
			self.add_header("Cache-Control", "private")

		self.add_header("Vary", "Cookie")
Commit	Line	Data
08df6527 MT	1	#!/usr/bin/python
	2
	3	import logging
	4	import tornado.web
	5
124a8404	6	from . import base
08df6527 MT	7
08df6527 MT	8	class AuthenticationMixin(object):
d8a15b2e	9	def authenticate(self, username, password):
08df6527 MT	10	# Find account
	11	account = self.backend.accounts.find_account(username)
	12	if not account:
	13	raise tornado.web.HTTPError(401, "Unknown user: %s" % username)
	14
	15	# Check credentials
	16	if not account.check_password(password):
	17	raise tornado.web.HTTPError(401, "Invalid password for %s" % account)
	18
d8a15b2e MT	19	return self.login(account)
	20
	21	def login(self, account):
08df6527 MT	22	# User has logged in, create a session
	23	session_id, session_expires = self.backend.accounts.create_session(
	24	account, self.request.host)
	25
	26	# Check if a new session was created
	27	if not session_id:
	28	raise tornado.web.HTTPError(500, "Could not create session")
	29
	30	# Send session cookie to the client
	31	self.set_cookie("session_id", session_id,
	32	domain=self.request.host, expires=session_expires)
	33
	34	def logout(self):
	35	session_id = self.get_cookie("session_id")
	36	if not session_id:
	37	return
	38
	39	success = self.backend.accounts.destroy_session(session_id, self.request.host)
	40	if success:
	41	self.clear_cookie("session_id")
	42
	43
08df6527	44	class LoginHandler(AuthenticationMixin, base.BaseHandler):
cfe7d74c	45	@base.blacklisted
08df6527 MT	46	def get(self):
	47	next = self.get_argument("next", None)
	48
	49	self.render("auth/login.html", next=next)
	50
cfe7d74c	51	@base.blacklisted
08df6527 MT	52	def post(self):
	53	username = self.get_argument("username")
	54	password = self.get_argument("password")
	55
	56	with self.db.transaction():
d8a15b2e	57	self.authenticate(username, password)
08df6527 MT	58
	59	# Determine the page we should redirect to
	60	next = self.get_argument("next", None)
	61
	62	return self.redirect(next or "/")
	63
	64
	65	class LogoutHandler(AuthenticationMixin, base.BaseHandler):
	66	def get(self):
	67	with self.db.transaction():
	68	self.logout()
	69
	70	# Get back to the start page
	71	self.redirect("/")
9b8ff27d MT	72
9b8ff27d MT	73
f32dd17f MT	74	class RegisterHandler(base.BaseHandler):
	75	@base.blacklisted
	76	def get(self):
	77	self.render("auth/register.html")
	78
	79	@base.blacklisted
	80	def post(self):
	81	uid = self.get_argument("uid")
	82	email = self.get_argument("email")
	83
	84	first_name = self.get_argument("first_name")
	85	last_name = self.get_argument("last_name")
	86
	87	# Register account
	88	with self.db.transaction():
	89	self.backend.accounts.create(uid, email,
	90	first_name=first_name, last_name=last_name)
	91
	92	self.render("auth/register-success.html")
	93
	94
d8a15b2e MT	95	class ActivateHandler(AuthenticationMixin, base.BaseHandler):
	96	def get(self, uid, activation_code):
	97	# Fetch the account
	98	account = self.backend.accounts.get_by_uid(uid)
	99	if not account:
	100	raise tornado.web.HTTPError(400, "Account not found: %s" % uid)
	101
	102	# Validate activation code
	103	if not account.check_password(activation_code):
	104	raise tornado.web.HTTPError(400, "Activation code did not match: %s" % activation_code)
	105
	106	self.render("auth/activate.html", account=account)
	107
	108	def post(self, uid, activation_code):
	109	password = self.get_argument("password1")
	110
	111	# Fetch the account
	112	account = self.backend.accounts.get_by_uid(uid)
	113	if not account:
	114	raise tornado.web.HTTPError(404, "Account not found: %s" % uid)
	115
	116	# Validate activation code
	117	if not account.check_password(activation_code):
	118	raise tornado.web.HTTPError(403, "Activation code did not match: %s" % activation_code)
	119
	120	# Set the new password
	121	account.passwd(password)
	122
	123	# Create session
	124	self.login(account)
	125
	126	# Redirect to main page
	127	self.redirect("/")
	128
	129
9b8ff27d MT	130	class CacheMixin(object):
	131	def prepare(self):
	132	# Mark this as private when someone is logged in
	133	if self.current_user:
	134	self.add_header("Cache-Control", "private")
	135
	136	self.add_header("Vary", "Cookie")