crafty-4/app/classes/web/public_handler.py

import logging
import json
import nh3
from jsonschema import validate
from jsonschema.exceptions import ValidationError

from app.classes.shared.helpers import Helpers
from app.classes.models.users import HelperUsers
from app.classes.web.base_handler import BaseHandler

logger = logging.getLogger(__name__)
auth_log = logging.getLogger("auth")


class PublicHandler(BaseHandler):
    def set_current_user(self, user_id: str = None):
        expire_days = self.helper.get_setting("cookie_expire")

        # if helper comes back with false
        if not expire_days:
            expire_days = "5"

        if user_id is not None:
            self.set_cookie(
                "token",
                self.controller.authentication.generate(user_id),
                expires_days=int(expire_days),
            )
        else:
            self.clear_cookie("token")
            # self.clear_cookie("user")
            # self.clear_cookie("user_data")

    def get(self, page=None):
        # pylint: disable=no-member
        error = nh3.clean(self.get_argument("error", "Invalid Login!"))
        error_msg = nh3.clean(self.get_argument("error_msg", ""))
        # pylint: enable=no-member

        page_data = {
            "version": self.helper.get_version_string(),
            "error": error,
            "lang": self.helper.get_setting("language"),
            "lang_page": self.helper.get_lang_page(self.helper.get_setting("language")),
            "query": "",
            "background": self.controller.cached_login,
            "login_opacity": self.controller.management.get_login_opacity(),
        }

        if self.request.query:
            request_query = self.request.query_arguments.get("next")
            if not request_query:
                self.redirect("/login")
            page_data["query"] = request_query[0].decode()

        # sensible defaults
        template = "public/404.html"

        if page == "login":
            template = "public/login.html"

        elif page == "404":
            template = "public/404.html"

        elif page == "error":
            template = "public/error.html"

        elif page == "offline":
            template = "public/offline.html"

        elif page == "logout":
            exec_user = self.get_current_user()
            self.clear_cookie("token")
            # Delete anti-lockout-user on lockout...it's one time use
            if exec_user[2]["username"] == "anti-lockout-user":
                self.controller.users.stop_anti_lockout()
            # self.clear_cookie("user")
            # self.clear_cookie("user_data")
            self.redirect("/login")
            return

        # if we have no page, let's go to login
        else:
            return self.redirect("/login")

        self.render(
            template,
            data=page_data,
            translate=self.translator.translate,
            error_msg=error_msg,
        )

    def post(self, page=None):
        login_schema = {
            "type": "object",
            "properties": {
                "username": {
                    "type": "string",
                },
                "password": {"type": "string"},
            },
            "required": ["username", "password"],
            "additionalProperties": False,
        }
        try:
            data = json.loads(self.request.body)
        except json.decoder.JSONDecodeError as e:
            logger.error(
                "Invalid JSON schema for API"
                f" login attempt from {self.get_remote_ip()}"
            )
            return self.finish_json(
                400, {"status": "error", "error": "INVALID_JSON", "error_data": str(e)}
            )

        try:
            validate(data, login_schema)
        except ValidationError as e:
            logger.error(
                "Invalid JSON schema for API"
                f" login attempt from {self.get_remote_ip()}"
            )
            return self.finish_json(
                400,
                {
                    "status": "error",
                    "error": "VWggb2ghIFN0aW5reS 🪠",
                    "error_data": str(e),
                },
            )

        page_data = {
            "version": self.helper.get_version_string(),
            "lang": self.helper.get_setting("language"),
            "lang_page": self.helper.get_lang_page(self.helper.get_setting("language")),
            "query": "",
        }
        if self.request.query:
            page_data["query"] = self.request.query_arguments.get("next")[0].decode()

        if page == "login":
            data = json.loads(self.request.body)

            auth_log.info(
                f"User attempting to authenticate from {self.get_remote_ip()}"
            )
            entered_username = nh3.clean(data["username"])  # pylint: disable=no-member
            entered_password = data["password"]

            try:
                user_id = HelperUsers.get_user_id_by_name(entered_username.lower())
                user_data = HelperUsers.get_user_model(user_id)
            except:
                self.controller.log_attempt(self.get_remote_ip(), entered_username)
                auth_log.error(
                    f"User attempted to log into {entered_username}."
                    f" Authentication failed from remote IP {self.get_remote_ip()}"
                    " Users does not exist."
                )
                self.finish_json(
                    403,
                    {
                        "status": "error",
                        "error": self.helper.translation.translate(
                            "login", "incorrect", self.helper.get_setting("language")
                        ),
                    },
                )
                # self.clear_cookie("user")
                # self.clear_cookie("user_data")
                return self.clear_cookie("token")
            # if we don't have a user
            if not user_data:
                auth_log.error(
                    f"User attempted to log into {entered_username}. Authentication"
                    f" failed from remote IP {self.get_remote_ip()}"
                    " User does not exist."
                )
                self.controller.log_attempt(self.get_remote_ip(), entered_username)
                self.finish_json(
                    403,
                    {
                        "status": "error",
                        "error": self.helper.translation.translate(
                            "login", "incorrect", self.helper.get_setting("language")
                        ),
                    },
                )
                # self.clear_cookie("user")
                # self.clear_cookie("user_data")
                return self.clear_cookie("token")

            # if they are disabled
            if not user_data.enabled:
                auth_log.error(
                    f"User attempted to log into {entered_username}. "
                    f"Authentication failed from remote IP {self.get_remote_ip()}."
                    " User account disabled"
                )
                self.controller.log_attempt(self.get_remote_ip(), entered_username)
                self.finish_json(
                    403,
                    {
                        "status": "error",
                        "error": self.helper.translation.translate(
                            "login", "disabled", self.helper.get_setting("language")
                        ),
                    },
                )
                # self.clear_cookie("user")
                # self.clear_cookie("user_data")
                return self.clear_cookie("token")
            login_result = self.helper.verify_pass(entered_password, user_data.password)

            # Valid Login
            if login_result:
                self.set_current_user(user_data.user_id)
                logger.info(
                    f"User: {user_data} Logged in from IP: {self.get_remote_ip()}"
                )
                if not user_data.last_ip and user_data.username == "admin":
                    self.controller.first_login = True
                # record this login
                user_data.last_ip = self.get_remote_ip()
                user_data.last_login = Helpers.get_time_as_string()
                user_data.save()
                auth_log.info(
                    f"{entered_username} successfully"
                    " authenticated and logged"
                    f" into panel from remote IP {self.get_remote_ip()}"
                )
                # log this login
                self.controller.management.add_to_audit_log(
                    user_data.user_id, "Logged in", None, self.get_remote_ip()
                )

                return self.finish_json(
                    200, {"status": "ok", "data": {"message": "login successful!"}}
                )

            # We'll continue on and handle unsuccessful logins
            auth_log.error(
                f"User attempted to log into {entered_username}."
                f" Authentication failed from remote IP {self.get_remote_ip()}"
            )
            self.controller.log_attempt(self.get_remote_ip(), entered_username)
            # self.clear_cookie("user")
            # self.clear_cookie("user_data")
            self.clear_cookie("token")
            error_msg = self.helper.translation.translate(
                "login", "incorrect", self.helper.get_setting("language")
            )
            if entered_password == "app/config/default-creds.txt":
                error_msg += ". "
                error_msg += self.helper.translation.translate(
                    "login", "defaultPath", self.helper.get_setting("language")
                )
            # log this failed login attempt
            self.controller.management.add_to_audit_log(
                user_data.user_id, "Tried to log in", None, self.get_remote_ip()
            )
            return self.finish_json(
                403,
                {"status": "error", "error": error_msg},
            )
        else:
            self.redirect("/login?")
first huge commit 2020-08-12 00:36:09 +00:00			`import logging`
Change login payload 2024-02-20 01:18:47 +00:00			`import json`
Black codebase 2024-02-19 17:03:02 +00:00			`import nh3`
Change login payload 2024-02-20 01:18:47 +00:00			`from jsonschema import validate`
			`from jsonschema.exceptions import ValidationError`
first huge commit 2020-08-12 00:36:09 +00:00
Refactored the yes to not pass objects in import Merge Conflicts ᴙ Us 2022-04-11 05:23:55 +00:00			`from app.classes.shared.helpers import Helpers`
Refactor to standardize class/variable naming ✨ 2022-04-14 02:10:25 +00:00			`from app.classes.models.users import HelperUsers`
Create pylintrc, code review pipeline & correct codebase errors Fix uploads, Only send server stats to user page when they have access to servers 2022-01-26 01:45:30 +00:00			`from app.classes.web.base_handler import BaseHandler`
first huge commit 2020-08-12 00:36:09 +00:00
Tidy imports & dep auto-installer 2022-03-08 04:40:44 +00:00			`logger = logging.getLogger(__name__)`
Log authentication attempts 2023-11-05 18:26:27 +00:00			`auth_log = logging.getLogger("auth")`
first huge commit 2020-08-12 00:36:09 +00:00

⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`class PublicHandler(BaseHandler):`
JWT login and multi API keys! 2022-01-15 00:23:50 +00:00			`def set_current_user(self, user_id: str = None):`
Refactored the yes to not pass objects in import Merge Conflicts ᴙ Us 2022-04-11 05:23:55 +00:00			`expire_days = self.helper.get_setting("cookie_expire")`
first huge commit 2020-08-12 00:36:09 +00:00
			`# if helper comes back with false`
			`if not expire_days:`
			`expire_days = "5"`

JWT login and multi API keys! 2022-01-15 00:23:50 +00:00			`if user_id is not None:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.set_cookie(`
Fix formatting to comply with ⬛Black 2022-04-11 10:08:36 +00:00			`"token",`
			`self.controller.authentication.generate(user_id),`
			`expires_days=int(expire_days),`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`)`
first huge commit 2020-08-12 00:36:09 +00:00			`else:`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`self.clear_cookie("token")`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`# self.clear_cookie("user")`
			`# self.clear_cookie("user_data")`
first huge commit 2020-08-12 00:36:09 +00:00
			`def get(self, page=None):`
Correct nh3 no-member exemptions affected by black formatting 2024-02-02 20:36:04 +00:00			`# pylint: disable=no-member`
			`error = nh3.clean(self.get_argument("error", "Invalid Login!"))`
			`error_msg = nh3.clean(self.get_argument("error_msg", ""))`
			`# pylint: enable=no-member`
Fixing Stack when redirected from Unauthorized page 2022-06-08 19:42:25 +00:00
			`page_data = {`
			`"version": self.helper.get_version_string(),`
			`"error": error,`
			`"lang": self.helper.get_setting("language"),`
			`"lang_page": self.helper.get_lang_page(self.helper.get_setting("language")),`
			`"query": "",`
Make background available to all public pages Move background to top of html for better loading 2022-12-01 00:53:10 +00:00			`"background": self.controller.cached_login,`
Add Personalized Transparency for Login Page's Form 2023-01-17 19:40:16 +00:00			`"login_opacity": self.controller.management.get_login_opacity(),`
Fixing Stack when redirected from Unauthorized page 2022-06-08 19:42:25 +00:00			`}`

Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
Redirect to /login if garbage is in query args 2024-04-16 14:26:32 +00:00			`request_query = self.request.query_arguments.get("next")`
			`if not request_query:`
			`self.redirect("/login")`
			`page_data["query"] = request_query[0].decode()`
building out databases and config files 2020-08-13 01:33:36 +00:00
got login working 2020-08-13 14:38:36 +00:00			`# sensible defaults`
			`template = "public/404.html"`

first huge commit 2020-08-12 00:36:09 +00:00			`if page == "login":`
			`template = "public/login.html"`
part 1 of the server builder complete 2020-08-23 22:43:28 +00:00
add offline page,change sw location 2023-03-06 23:38:04 +00:00			`elif page == "404":`
part 1 of the server builder complete 2020-08-23 22:43:28 +00:00			`template = "public/404.html"`

			`elif page == "error":`
			`template = "public/error.html"`
first huge commit 2020-08-12 00:36:09 +00:00
add offline page,change sw location 2023-03-06 23:38:04 +00:00			`elif page == "offline":`
			`template = "public/offline.html"`

Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler 2021-07-30 16:20:01 +00:00			`elif page == "logout":`
Delete user on logout 2024-01-28 18:44:44 +00:00			`exec_user = self.get_current_user()`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`self.clear_cookie("token")`
Delete user on logout 2024-01-28 18:44:44 +00:00			`# Delete anti-lockout-user on lockout...it's one time use`
			`if exec_user[2]["username"] == "anti-lockout-user":`
			`self.controller.users.stop_anti_lockout()`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`# self.clear_cookie("user")`
			`# self.clear_cookie("user_data")`
Remove public page to use direct login as status one Rework HTTP Handler as we redirect all trafic to HTTPS 2023-01-25 22:26:04 +00:00			`self.redirect("/login")`
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler 2021-07-30 16:20:01 +00:00			`return`

scheduler, version change, database work, controller init servers, etc etc 2020-08-17 02:47:53 +00:00			`# if we have no page, let's go to login`
first huge commit 2020-08-12 00:36:09 +00:00			`else:`
Change login payload 2024-02-20 01:18:47 +00:00			`return self.redirect("/login")`
first huge commit 2020-08-12 00:36:09 +00:00
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler 2021-03-26 13:57:50 +00:00			`self.render(`
			`template,`
			`data=page_data,`
			`translate=self.translator.translate,`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`error_msg=error_msg,`
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler 2021-03-26 13:57:50 +00:00			`)`
first huge commit 2020-08-12 00:36:09 +00:00
building out databases and config files 2020-08-13 01:33:36 +00:00			`def post(self, page=None):`
Change login payload 2024-02-20 01:18:47 +00:00			`login_schema = {`
			`"type": "object",`
			`"properties": {`
			`"username": {`
			`"type": "string",`
			`},`
			`"password": {"type": "string"},`
			`},`
			`"required": ["username", "password"],`
			`"additionalProperties": False,`
			`}`
			`try:`
			`data = json.loads(self.request.body)`
			`except json.decoder.JSONDecodeError as e:`
			`logger.error(`
			`"Invalid JSON schema for API"`
			`f" login attempt from {self.get_remote_ip()}"`
			`)`
			`return self.finish_json(`
			`400, {"status": "error", "error": "INVALID_JSON", "error_data": str(e)}`
			`)`

			`try:`
			`validate(data, login_schema)`
			`except ValidationError as e:`
			`logger.error(`
			`"Invalid JSON schema for API"`
			`f" login attempt from {self.get_remote_ip()}"`
			`)`
			`return self.finish_json(`
			`400,`
			`{`
			`"status": "error",`
Remove extraneous error messaging 2024-02-20 23:50:32 +00:00			`"error": "VWggb2ghIFN0aW5reS 🪠",`
Change login payload 2024-02-20 01:18:47 +00:00			`"error_data": str(e),`
			`},`
			`)`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00
			`page_data = {`
Refactored the yes to not pass objects in import Merge Conflicts ᴙ Us 2022-04-11 05:23:55 +00:00			`"version": self.helper.get_version_string(),`
			`"lang": self.helper.get_setting("language"),`
Rename get_lang_page 2022-04-14 23:34:21 +00:00			`"lang_page": self.helper.get_lang_page(self.helper.get_setting("language")),`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`"query": "",`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`}`
Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
Change login payload 2024-02-20 01:18:47 +00:00			`page_data["query"] = self.request.query_arguments.get("next")[0].decode()`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`if page == "login":`
Change login payload 2024-02-20 01:18:47 +00:00			`data = json.loads(self.request.body)`

Log authentication attempts 2023-11-05 18:26:27 +00:00			`auth_log.info(`
			`f"User attempting to authenticate from {self.get_remote_ip()}"`
			`)`
Change login payload 2024-02-20 01:18:47 +00:00			`entered_username = nh3.clean(data["username"]) # pylint: disable=no-member`
Remove extraneous error messaging 2024-02-20 23:50:32 +00:00			`entered_password = data["password"]`
building out databases and config files 2020-08-13 01:33:36 +00:00
Fix stack when username is wrong. 2022-04-12 22:33:00 +00:00			`try:`
Refactor to standardize class/variable naming ✨ 2022-04-14 02:10:25 +00:00			`user_id = HelperUsers.get_user_id_by_name(entered_username.lower())`
			`user_data = HelperUsers.get_user_model(user_id)`
Fix stack when username is wrong. 2022-04-12 22:33:00 +00:00			`except:`
Log authentication attempts 2023-11-05 18:26:27 +00:00			`self.controller.log_attempt(self.get_remote_ip(), entered_username)`
			`auth_log.error(`
			`f"User attempted to log into {entered_username}."`
			`f" Authentication failed from remote IP {self.get_remote_ip()}"`
			`" Users does not exist."`
			`)`
Change login payload 2024-02-20 01:18:47 +00:00			`self.finish_json(`
			`403,`
			`{`
			`"status": "error",`
			`"error": self.helper.translation.translate(`
			`"login", "incorrect", self.helper.get_setting("language")`
			`),`
			`},`
			`)`
Fix stack when username is wrong. 2022-04-12 22:33:00 +00:00			`# self.clear_cookie("user")`
			`# self.clear_cookie("user_data")`
Change login payload 2024-02-20 01:18:47 +00:00			`return self.clear_cookie("token")`
got login working 2020-08-13 14:38:36 +00:00			`# if we don't have a user`
building out databases and config files 2020-08-13 01:33:36 +00:00			`if not user_data:`
Log authentication attempts 2023-11-05 18:26:27 +00:00			`auth_log.error(`
			`f"User attempted to log into {entered_username}. Authentication"`
			`f" failed from remote IP {self.get_remote_ip()}"`
			`" User does not exist."`
			`)`
			`self.controller.log_attempt(self.get_remote_ip(), entered_username)`
Change login payload 2024-02-20 01:18:47 +00:00			`self.finish_json(`
			`403,`
			`{`
			`"status": "error",`
			`"error": self.helper.translation.translate(`
			`"login", "incorrect", self.helper.get_setting("language")`
			`),`
			`},`
			`)`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`# self.clear_cookie("user")`
			`# self.clear_cookie("user_data")`
Change login payload 2024-02-20 01:18:47 +00:00			`return self.clear_cookie("token")`
building out databases and config files 2020-08-13 01:33:36 +00:00
got login working 2020-08-13 14:38:36 +00:00			`# if they are disabled`
			`if not user_data.enabled:`
Log authentication attempts 2023-11-05 18:26:27 +00:00			`auth_log.error(`
			`f"User attempted to log into {entered_username}. "`
			`f"Authentication failed from remote IP {self.get_remote_ip()}."`
			`" User account disabled"`
			`)`
			`self.controller.log_attempt(self.get_remote_ip(), entered_username)`
Change login payload 2024-02-20 01:18:47 +00:00			`self.finish_json(`
			`403,`
			`{`
			`"status": "error",`
			`"error": self.helper.translation.translate(`
			`"login", "disabled", self.helper.get_setting("language")`
			`),`
			`},`
Fix files to conform with new ⚫Black pylintrc Mostly just breaking up strings and comments into new lines Some strings dont require 'f' but keeping in for readability with the rest of the concatinated string 2022-03-23 06:06:13 +00:00			`)`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`# self.clear_cookie("user")`
			`# self.clear_cookie("user_data")`
Change login payload 2024-02-20 01:18:47 +00:00			`return self.clear_cookie("token")`
Refactored the yes to not pass objects in import Merge Conflicts ᴙ Us 2022-04-11 05:23:55 +00:00			`login_result = self.helper.verify_pass(entered_password, user_data.password)`
building out databases and config files 2020-08-13 01:33:36 +00:00
			`# Valid Login`
			`if login_result:`
JWT login and multi API keys! 2022-01-15 00:23:50 +00:00			`self.set_current_user(user_data.user_id)`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`logger.info(`
			`f"User: {user_data} Logged in from IP: {self.get_remote_ip()}"`
			`)`
Fix black formatting 2022-06-12 21:17:58 +00:00			`if not user_data.last_ip and user_data.username == "admin":`
Add survery to admin first log 2022-06-12 21:03:42 +00:00			`self.controller.first_login = True`
got login working 2020-08-13 14:38:36 +00:00			`# record this login`
Removed fn, reduced queries in login flow 2022-04-10 22:46:07 +00:00			`user_data.last_ip = self.get_remote_ip()`
Refactored the yes to not pass objects in import Merge Conflicts ᴙ Us 2022-04-11 05:23:55 +00:00			`user_data.last_login = Helpers.get_time_as_string()`
Removed fn, reduced queries in login flow 2022-04-10 22:46:07 +00:00			`user_data.save()`
Log authentication attempts 2023-11-05 18:26:27 +00:00			`auth_log.info(`
			`f"{entered_username} successfully"`
			`" authenticated and logged"`
			`f" into panel from remote IP {self.get_remote_ip()}"`
			`)`
added audit logging, and commands logging, command handler and other stuff 2020-08-31 20:16:45 +00:00			`# log this login`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.controller.management.add_to_audit_log(`
Replacing server_id=0 to server_id=None for AuditLog 2024-03-24 19:39:10 +00:00			`user_data.user_id, "Logged in", None, self.get_remote_ip()`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`)`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00
Change login payload 2024-02-20 01:18:47 +00:00			`return self.finish_json(`
			`200, {"status": "ok", "data": {"message": "login successful!"}}`
			`)`
Fix code quality issues 2024-02-21 05:04:07 +00:00
			`# We'll continue on and handle unsuccessful logins`
			`auth_log.error(`
			`f"User attempted to log into {entered_username}."`
			`f" Authentication failed from remote IP {self.get_remote_ip()}"`
			`)`
			`self.controller.log_attempt(self.get_remote_ip(), entered_username)`
			`# self.clear_cookie("user")`
			`# self.clear_cookie("user_data")`
			`self.clear_cookie("token")`
			`error_msg = self.helper.translation.translate(`
			`"login", "incorrect", self.helper.get_setting("language")`
			`)`
			`if entered_password == "app/config/default-creds.txt":`
			`error_msg += ". "`
			`error_msg += self.helper.translation.translate(`
			`"login", "defaultPath", self.helper.get_setting("language")`
Change login payload 2024-02-20 01:18:47 +00:00			`)`
Fix code quality issues 2024-02-21 05:04:07 +00:00			`# log this failed login attempt`
			`self.controller.management.add_to_audit_log(`
Replacing server_id=0 to server_id=None for AuditLog 2024-03-24 19:39:10 +00:00			`user_data.user_id, "Tried to log in", None, self.get_remote_ip()`
Fix code quality issues 2024-02-21 05:04:07 +00:00			`)`
			`return self.finish_json(`
			`403,`
			`{"status": "error", "error": error_msg},`
			`)`
Moved server DB code to models, fix autobleach logging, fix redirect bug 2021-04-04 17:48:02 +00:00			`else:`
Change login payload 2024-02-20 01:18:47 +00:00			`self.redirect("/login?")`