web_PYTHON = \
src/web/__init__.py \
+ src/web/auth.py \
src/web/blog.py \
src/web/download.py \
src/web/handlers.py \
templatesdir = $(datadir)/templates
+templates_auth_DATA = \
+ src/templates/auth/login.html
+
+templates_authdir = $(templatesdir)/auth
+
templates_blog_DATA = \
src/templates/blog/author.html \
src/templates/blog/base.html \
from handlers import *
+from . import auth
from . import blog
from . import download
from . import location
tornado.web.Application.__init__(self, **settings)
authentication_handlers = [
- (r"/login", LoginHandler),
- (r"/logout", LogoutHandler),
+ (r"/login", auth.LoginHandler),
+ (r"/logout", auth.LogoutHandler),
]
self.add_handlers(r"(dev|www)\.ipfire\.(at|org)", [
# RSS Feed
(r"/feed.xml", blog.FeedHandler),
- ])
+ ] + authentication_handlers)
# downloads.ipfire.org
self.add_handlers(r"downloads?(\.dev)?\.ipfire\.org", [
--- /dev/null
+#!/usr/bin/python
+
+import logging
+import tornado.web
+
+from . import handlers_base as base
+
+class AuthenticationMixin(object):
+ def login(self, username, password):
+ # Find account
+ account = self.backend.accounts.find_account(username)
+ if not account:
+ raise tornado.web.HTTPError(401, "Unknown user: %s" % username)
+
+ # Check credentials
+ if not account.check_password(password):
+ raise tornado.web.HTTPError(401, "Invalid password for %s" % account)
+
+ # User has logged in, create a session
+ session_id, session_expires = self.backend.accounts.create_session(
+ account, self.request.host)
+
+ # Check if a new session was created
+ if not session_id:
+ raise tornado.web.HTTPError(500, "Could not create session")
+
+ # Send session cookie to the client
+ self.set_cookie("session_id", session_id,
+ domain=self.request.host, expires=session_expires)
+
+ def logout(self):
+ session_id = self.get_cookie("session_id")
+ if not session_id:
+ return
+
+ success = self.backend.accounts.destroy_session(session_id, self.request.host)
+ if success:
+ self.clear_cookie("session_id")
+
+
+
+class LoginHandler(AuthenticationMixin, base.BaseHandler):
+ def get(self):
+ next = self.get_argument("next", None)
+
+ self.render("auth/login.html", next=next)
+
+ def post(self):
+ username = self.get_argument("username")
+ password = self.get_argument("password")
+
+ with self.db.transaction():
+ self.login(username, password)
+
+ # Determine the page we should redirect to
+ next = self.get_argument("next", None)
+
+ return self.redirect(next or "/")
+
+
+class LogoutHandler(AuthenticationMixin, base.BaseHandler):
+ def get(self):
+ with self.db.transaction():
+ self.logout()
+
+ # Get back to the start page
+ self.redirect("/")
return account
- def login(self, username, password):
- # Find account
- account = self.backend.accounts.find_account(username)
- if not account:
- logging.warning(401, "unknown account: %s" % username)
- return False
-
- # Check credentials
- if not account.check_password(password):
- logging.warning("invalid password for %s" % account)
- return False
-
- # User has logged in, create a session
- session_id, session_expires = self.backend.accounts.create_session(account,
- self.request.host)
-
- # Check if a new session was created
- if not session_id:
- logging.warning("Could not create session")
- return False
-
- # Send session cookie to the client
- self.set_cookie("session_id", session_id,
- domain=self.request.host, expires=session_expires)
-
- return True
-
- def logout(self):
- session_id = self.get_cookie("session_id")
-
- if not session_id:
- return
-
- success = self.backend.accounts.destroy_session(session_id, self.request.host)
- if success:
- self.clear_cookie("session_id")
-
@property
def backend(self):
return self.application.backend
return self.backend.talk
-class LoginHandler(BaseHandler):
- def get(self):
- self.render("auth/login.html")
-
- def post(self):
- username = self.get_argument("username")
- password = self.get_argument("password")
-
- if not self.login(username, password):
- raise tornado.web.HTTPError(401)
-
- next = self.get_argument("next", "/")
- return self.redirect(next)
-
-
-class LogoutHandler(BaseHandler):
- def get(self):
- self.logout()
-
- # Get back to the start page
- self.redirect("/")
-
-
class NotFoundHandler(BaseHandler):
def prepare(self):
# Raises 404 as soon as it is called