]>
git.ipfire.org Git - ipfire.org.git/blob - src/web/auth.py
8 class CacheMixin(object):
10 # Mark this as private when someone is logged in
12 self
.add_header("Cache-Control", "private")
14 self
.add_header("Vary", "Cookie")
17 class AuthenticationMixin(CacheMixin
):
18 def authenticate(self
, username
, password
):
20 account
= self
.backend
.accounts
.find_account(username
)
22 raise tornado
.web
.HTTPError(401, "Unknown user: %s" % username
)
25 if not account
.check_password(password
):
26 raise tornado
.web
.HTTPError(401, "Invalid password for %s" % account
)
28 return self
.login(account
)
30 def login(self
, account
):
31 # User has logged in, create a session
32 session_id
, session_expires
= self
.backend
.accounts
.create_session(
33 account
, self
.request
.host
)
35 # Check if a new session was created
37 raise tornado
.web
.HTTPError(500, "Could not create session")
39 # Send session cookie to the client
40 self
.set_cookie("session_id", session_id
,
41 domain
=self
.request
.host
, expires
=session_expires
)
44 session_id
= self
.get_cookie("session_id")
48 success
= self
.backend
.accounts
.destroy_session(session_id
, self
.request
.host
)
50 self
.clear_cookie("session_id")
53 class LoginHandler(AuthenticationMixin
, base
.BaseHandler
):
56 next
= self
.get_argument("next", None)
58 self
.render("auth/login.html", next
=next
)
61 @base.ratelimit(minutes
=60, requests
=5)
63 username
= self
.get_argument("username")
64 password
= self
.get_argument("password")
66 with self
.db
.transaction():
67 self
.authenticate(username
, password
)
69 # Determine the page we should redirect to
70 next
= self
.get_argument("next", None)
72 return self
.redirect(next
or "/")
75 class LogoutHandler(AuthenticationMixin
, base
.BaseHandler
):
77 with self
.db
.transaction():
80 # Get back to the start page
84 class RegisterHandler(base
.BaseHandler
):
87 # Redirect logged in users away
91 self
.render("auth/register.html")
94 @base.ratelimit(minutes
=24*60, requests
=5)
96 uid
= self
.get_argument("uid")
97 email
= self
.get_argument("email")
99 first_name
= self
.get_argument("first_name")
100 last_name
= self
.get_argument("last_name")
104 with self
.db
.transaction():
105 self
.backend
.accounts
.register(uid
, email
,
106 first_name
=first_name
, last_name
=last_name
)
107 except ValueError as e
:
108 raise tornado
.web
.HTTPError(400, "%s" % e
) from e
110 self
.render("auth/register-success.html")
113 class ActivateHandler(AuthenticationMixin
, base
.BaseHandler
):
114 def get(self
, uid
, activation_code
):
115 self
.render("auth/activate.html")
117 def post(self
, uid
, activation_code
):
118 password1
= self
.get_argument("password1")
119 password2
= self
.get_argument("password2")
121 if not password1
== password2
:
122 raise tornado
.web
.HTTPError(400, "Passwords do not match")
124 with self
.db
.transaction():
125 account
= self
.backend
.accounts
.activate(uid
, activation_code
)
127 raise tornado
.web
.HTTPError(400, "Account not found: %s" % uid
)
129 # Set the new password
130 account
.passwd(password1
)
135 # Redirect to success page
136 self
.render("auth/activated.html", account
=account
)