[ipfire.org.git] / src / web / auth.py

#!/usr/bin/python

import logging
import tornado.web

from . import base

class CacheMixin(object):
	def prepare(self):
		# Mark this as private when someone is logged in
		if self.current_user:
			self.add_header("Cache-Control", "private")

		self.add_header("Vary", "Cookie")


class AuthenticationMixin(CacheMixin):
	def authenticate(self, username, password):
		# Find account
		account = self.backend.accounts.find_account(username)
		if not account:
			raise tornado.web.HTTPError(401, "Unknown user: %s" % username)

		# Check credentials
		if not account.check_password(password):
			raise tornado.web.HTTPError(401, "Invalid password for %s" % account)

		return self.login(account)

	def login(self, account):
		# User has logged in, create a session
		session_id, session_expires = self.backend.accounts.create_session(
			account, self.request.host)

		# Check if a new session was created
		if not session_id:
			raise tornado.web.HTTPError(500, "Could not create session")

		# Send session cookie to the client
		self.set_cookie("session_id", session_id,
			domain=self.request.host, expires=session_expires)

	def logout(self):
		session_id = self.get_cookie("session_id")
		if not session_id:
			return

		success = self.backend.accounts.destroy_session(session_id, self.request.host)
		if success:
			self.clear_cookie("session_id")


class LoginHandler(AuthenticationMixin, base.BaseHandler):
	@base.blacklisted
	def get(self):
		next = self.get_argument("next", None)

		self.render("auth/login.html", next=next)

	@base.blacklisted
	def post(self):
		username = self.get_argument("username")
		password = self.get_argument("password")

		with self.db.transaction():
			self.authenticate(username, password)

		# Determine the page we should redirect to
		next = self.get_argument("next", None)

		return self.redirect(next or "/")


class LogoutHandler(AuthenticationMixin, base.BaseHandler):
	def get(self):
		with self.db.transaction():
			self.logout()

		# Get back to the start page
		self.redirect("/")


class RegisterHandler(base.BaseHandler):
	@base.blacklisted
	def get(self):
		# Redirect logged in users away
		if self.current_user:
			self.redirect("/")

		self.render("auth/register.html")

	@base.blacklisted
	def post(self):
		uid   = self.get_argument("uid")
		email = self.get_argument("email")

		first_name = self.get_argument("first_name")
		last_name  = self.get_argument("last_name")

		# Register account
		try:
			with self.db.transaction():
				self.backend.accounts.register(uid, email,
					first_name=first_name, last_name=last_name)
		except ValueError as e:
			raise tornado.web.HTTPError(400) from e

		self.render("auth/register-success.html")


class ActivateHandler(AuthenticationMixin, base.BaseHandler):
	def get(self, uid, activation_code):
		self.render("auth/activate.html")

	def post(self, uid, activation_code):
		password1 = self.get_argument("password1")
		password2 = self.get_argument("password2")

		if not password1 == password2:
			raise tornado.web.HTTPError(400, "Passwords do not match")

		with self.db.transaction():
			account = self.backend.accounts.activate(uid, activation_code)
			if not account:
				raise tornado.web.HTTPError(400, "Account not found: %s" % uid)

			# Set the new password
			account.passwd(password1)

			# Create session
			self.login(account)

		# Redirect to success page
		self.render("auth/activated.html", account=account)
Commit	Line	Data
08df6527 MT	1	#!/usr/bin/python
	2
	3	import logging
	4	import tornado.web
	5
124a8404	6	from . import base
08df6527	7
170b63ba MT	8	class CacheMixin(object):
	9	def prepare(self):
	10	# Mark this as private when someone is logged in
	11	if self.current_user:
	12	self.add_header("Cache-Control", "private")
	13
	14	self.add_header("Vary", "Cookie")
	15
	16
	17	class AuthenticationMixin(CacheMixin):
d8a15b2e	18	def authenticate(self, username, password):
08df6527 MT	19	# Find account
	20	account = self.backend.accounts.find_account(username)
	21	if not account:
	22	raise tornado.web.HTTPError(401, "Unknown user: %s" % username)
	23
	24	# Check credentials
	25	if not account.check_password(password):
	26	raise tornado.web.HTTPError(401, "Invalid password for %s" % account)
	27
d8a15b2e MT	28	return self.login(account)
	29
	30	def login(self, account):
08df6527	31	# User has logged in, create a session
906e1e6a MT	32	session_id, session_expires = self.backend.accounts.create_session(
906e1e6a MT	33	account, self.request.host)
08df6527 MT	34
	35	# Check if a new session was created
	36	if not session_id:
	37	raise tornado.web.HTTPError(500, "Could not create session")
	38
	39	# Send session cookie to the client
	40	self.set_cookie("session_id", session_id,
	41	domain=self.request.host, expires=session_expires)
	42
	43	def logout(self):
	44	session_id = self.get_cookie("session_id")
	45	if not session_id:
	46	return
	47
906e1e6a	48	success = self.backend.accounts.destroy_session(session_id, self.request.host)
08df6527 MT	49	if success:
	50	self.clear_cookie("session_id")
	51
	52
08df6527	53	class LoginHandler(AuthenticationMixin, base.BaseHandler):
cfe7d74c	54	@base.blacklisted
08df6527 MT	55	def get(self):
	56	next = self.get_argument("next", None)
	57
	58	self.render("auth/login.html", next=next)
	59
cfe7d74c	60	@base.blacklisted
08df6527 MT	61	def post(self):
	62	username = self.get_argument("username")
	63	password = self.get_argument("password")
	64
	65	with self.db.transaction():
d8a15b2e	66	self.authenticate(username, password)
08df6527 MT	67
	68	# Determine the page we should redirect to
	69	next = self.get_argument("next", None)
	70
	71	return self.redirect(next or "/")
	72
	73
	74	class LogoutHandler(AuthenticationMixin, base.BaseHandler):
	75	def get(self):
	76	with self.db.transaction():
	77	self.logout()
	78
	79	# Get back to the start page
	80	self.redirect("/")
9b8ff27d MT	81
9b8ff27d MT	82
f32dd17f MT	83	class RegisterHandler(base.BaseHandler):
	84	@base.blacklisted
	85	def get(self):
d521c9df MT	86	# Redirect logged in users away
	87	if self.current_user:
	88	self.redirect("/")
	89
f32dd17f MT	90	self.render("auth/register.html")
	91
	92	@base.blacklisted
	93	def post(self):
	94	uid = self.get_argument("uid")
	95	email = self.get_argument("email")
	96
	97	first_name = self.get_argument("first_name")
	98	last_name = self.get_argument("last_name")
	99
	100	# Register account
f2ba8a1f MT	101	try:
	102	with self.db.transaction():
	103	self.backend.accounts.register(uid, email,
	104	first_name=first_name, last_name=last_name)
	105	except ValueError as e:
	106	raise tornado.web.HTTPError(400) from e
f32dd17f MT	107
	108	self.render("auth/register-success.html")
	109
	110
d8a15b2e MT	111	class ActivateHandler(AuthenticationMixin, base.BaseHandler):
d8a15b2e MT	112	def get(self, uid, activation_code):
b4d72c76	113	self.render("auth/activate.html")
d8a15b2e MT	114
d8a15b2e MT	115	def post(self, uid, activation_code):
b4d72c76 MT	116	password1 = self.get_argument("password1")
b4d72c76 MT	117	password2 = self.get_argument("password2")
d8a15b2e	118
b4d72c76 MT	119	if not password1 == password2:
b4d72c76 MT	120	raise tornado.web.HTTPError(400, "Passwords do not match")
d8a15b2e	121
b4d72c76 MT	122	with self.db.transaction():
	123	account = self.backend.accounts.activate(uid, activation_code)
	124	if not account:
	125	raise tornado.web.HTTPError(400, "Account not found: %s" % uid)
d8a15b2e	126
b4d72c76 MT	127	# Set the new password
b4d72c76 MT	128	account.passwd(password1)
d8a15b2e	129
b4d72c76 MT	130	# Create session
b4d72c76 MT	131	self.login(account)
d8a15b2e	132
b00cc400 MT	133	# Redirect to success page
b00cc400 MT	134	self.render("auth/activated.html", account=account)