crafty-4/app/classes/web/public_handler.py

import logging
import bleach

from app.classes.shared.helpers import Helpers
from app.classes.models.users import HelperUsers
from app.classes.web.base_handler import BaseHandler

logger = logging.getLogger(__name__)


class PublicHandler(BaseHandler):
    def set_current_user(self, user_id: str = None):

        expire_days = self.helper.get_setting("cookie_expire")

        # if helper comes back with false
        if not expire_days:
            expire_days = "5"

        if user_id is not None:
            self.set_cookie(
                "token",
                self.controller.authentication.generate(user_id),
                expires_days=int(expire_days),
            )
        else:
            self.clear_cookie("token")
            # self.clear_cookie("user")
            # self.clear_cookie("user_data")

    def get(self, page=None):

        error = bleach.clean(self.get_argument("error", "Invalid Login!"))
        error_msg = bleach.clean(self.get_argument("error_msg", ""))

        page_data = {
            "version": self.helper.get_version_string(),
            "error": error,
            "lang": self.helper.get_setting("language"),
            "lang_page": self.helper.getLangPage(self.helper.get_setting("language")),
            "query": "",
        }
        if self.request.query:
            page_data["query"] = self.request.query

        # sensible defaults
        template = "public/404.html"

        if page == "login":
            template = "public/login.html"

        elif page == 404:
            template = "public/404.html"

        elif page == "error":
            template = "public/error.html"

        elif page == "logout":
            self.clear_cookie("token")
            # self.clear_cookie("user")
            # self.clear_cookie("user_data")
            self.redirect("/public/login")
            return

        # if we have no page, let's go to login
        else:
            if self.request.query:
                self.redirect("/public/login?" + self.request.query)
            else:
                self.redirect("/public/login")
            return

        self.render(
            template,
            data=page_data,
            translate=self.translator.translate,
            error_msg=error_msg,
        )

    def post(self, page=None):

        error = bleach.clean(self.get_argument("error", "Invalid Login!"))
        error_msg = bleach.clean(self.get_argument("error_msg", ""))

        page_data = {
            "version": self.helper.get_version_string(),
            "error": error,
            "lang": self.helper.get_setting("language"),
            "lang_page": self.helper.getLangPage(self.helper.get_setting("language")),
            "query": "",
        }
        if self.request.query:
            page_data["query"] = self.request.query

        if page == "login":

            next_page = "/public/login"
            if self.request.query:
                next_page = "/public/login?" + self.request.query

            entered_username = bleach.clean(self.get_argument("username"))
            entered_password = bleach.clean(self.get_argument("password"))

            # pylint: disable=no-member
            try:
                user_id = HelperUsers.get_user_id_by_name(entered_username.lower())
                user_data = HelperUsers.get_user_model(user_id)
            except:
                error_msg = "Incorrect username or password. Please try again."
                # self.clear_cookie("user")
                # self.clear_cookie("user_data")
                self.clear_cookie("token")
                if self.request.query:
                    self.redirect(
                        f"/public/login?error_msg={error_msg}&{self.request.query}"
                    )
                else:
                    self.redirect(f"/public/login?error_msg={error_msg}")
                return

            # if we don't have a user
            if not user_data:
                error_msg = "Incorrect username or password. Please try again."
                # self.clear_cookie("user")
                # self.clear_cookie("user_data")
                self.clear_cookie("token")
                if self.request.query:
                    self.redirect(
                        f"/public/login?error_msg={error_msg}&{self.request.query}"
                    )
                else:
                    self.redirect(f"/public/login?error_msg={error_msg}")
                return

            # if they are disabled
            if not user_data.enabled:
                error_msg = (
                    "User account disabled. Please contact "
                    "your system administrator for more info."
                )
                # self.clear_cookie("user")
                # self.clear_cookie("user_data")
                self.clear_cookie("token")
                if self.request.query:
                    self.redirect(
                        f"/public/login?error_msg={error_msg}&{self.request.query}"
                    )
                else:
                    self.redirect(f"/public/login?error_msg={error_msg}")
                return

            login_result = self.helper.verify_pass(entered_password, user_data.password)

            # Valid Login
            if login_result:
                self.set_current_user(user_data.user_id)
                logger.info(
                    f"User: {user_data} Logged in from IP: {self.get_remote_ip()}"
                )

                # record this login
                user_data.last_ip = self.get_remote_ip()
                user_data.last_login = Helpers.get_time_as_string()
                user_data.save()

                # log this login
                self.controller.management.add_to_audit_log(
                    user_data.user_id, "Logged in", 0, self.get_remote_ip()
                )

                if self.request.query_arguments.get("next"):
                    next_page = self.request.query_arguments.get("next")[0].decode()
                else:
                    next_page = "/panel/dashboard"

                self.redirect(next_page)
            else:
                # self.clear_cookie("user")
                # self.clear_cookie("user_data")
                self.clear_cookie("token")
                error_msg = "Inncorrect username or password. Please try again."
                # log this failed login attempt
                self.controller.management.add_to_audit_log(
                    user_data.user_id, "Tried to log in", 0, self.get_remote_ip()
                )
                if self.request.query:
                    self.redirect(
                        f"/public/login?error_msg={error_msg}&{self.request.query}"
                    )
                else:
                    self.redirect(f"/public/login?error_msg={error_msg}")
        else:
            if self.request.query:
                self.redirect("/public/login?" + self.request.query)
            else:
                self.redirect("/public/login")
first huge commit 2020-08-12 00:36:09 +00:00			`import logging`
Refactored the yes to not pass objects in import Merge Conflicts ᴙ Us 2022-04-11 05:23:55 +00:00			`import bleach`
first huge commit 2020-08-12 00:36:09 +00:00
Refactored the yes to not pass objects in import Merge Conflicts ᴙ Us 2022-04-11 05:23:55 +00:00			`from app.classes.shared.helpers import Helpers`
Refactor to standardize class/variable naming ✨ 2022-04-14 02:10:25 +00:00			`from app.classes.models.users import HelperUsers`
Create pylintrc, code review pipeline & correct codebase errors Fix uploads, Only send server stats to user page when they have access to servers 2022-01-26 01:45:30 +00:00			`from app.classes.web.base_handler import BaseHandler`
first huge commit 2020-08-12 00:36:09 +00:00
Tidy imports & dep auto-installer 2022-03-08 04:40:44 +00:00			`logger = logging.getLogger(__name__)`
first huge commit 2020-08-12 00:36:09 +00:00

⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`class PublicHandler(BaseHandler):`
JWT login and multi API keys! 2022-01-15 00:23:50 +00:00			`def set_current_user(self, user_id: str = None):`
first huge commit 2020-08-12 00:36:09 +00:00
Refactored the yes to not pass objects in import Merge Conflicts ᴙ Us 2022-04-11 05:23:55 +00:00			`expire_days = self.helper.get_setting("cookie_expire")`
first huge commit 2020-08-12 00:36:09 +00:00
			`# if helper comes back with false`
			`if not expire_days:`
			`expire_days = "5"`

JWT login and multi API keys! 2022-01-15 00:23:50 +00:00			`if user_id is not None:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.set_cookie(`
Fix formatting to comply with ⬛Black 2022-04-11 10:08:36 +00:00			`"token",`
			`self.controller.authentication.generate(user_id),`
			`expires_days=int(expire_days),`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`)`
first huge commit 2020-08-12 00:36:09 +00:00			`else:`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`self.clear_cookie("token")`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`# self.clear_cookie("user")`
			`# self.clear_cookie("user_data")`
first huge commit 2020-08-12 00:36:09 +00:00
			`def get(self, page=None):`

⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`error = bleach.clean(self.get_argument("error", "Invalid Login!"))`
			`error_msg = bleach.clean(self.get_argument("error_msg", ""))`
part 1 of the server builder complete 2020-08-23 22:43:28 +00:00
Update Translation - Adding Translation for Credits Page - Adding detection support for webpage 2022-03-05 11:01:36 +00:00			`page_data = {`
Refactored the yes to not pass objects in import Merge Conflicts ᴙ Us 2022-04-11 05:23:55 +00:00			`"version": self.helper.get_version_string(),`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`"error": error,`
Refactored the yes to not pass objects in import Merge Conflicts ᴙ Us 2022-04-11 05:23:55 +00:00			`"lang": self.helper.get_setting("language"),`
			`"lang_page": self.helper.getLangPage(self.helper.get_setting("language")),`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`"query": "",`
Update Translation - Adding Translation for Credits Page - Adding detection support for webpage 2022-03-05 11:01:36 +00:00			`}`
Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`page_data["query"] = self.request.query`
building out databases and config files 2020-08-13 01:33:36 +00:00
got login working 2020-08-13 14:38:36 +00:00			`# sensible defaults`
			`template = "public/404.html"`

first huge commit 2020-08-12 00:36:09 +00:00			`if page == "login":`
			`template = "public/login.html"`
part 1 of the server builder complete 2020-08-23 22:43:28 +00:00
			`elif page == 404:`
			`template = "public/404.html"`

			`elif page == "error":`
			`template = "public/error.html"`
first huge commit 2020-08-12 00:36:09 +00:00
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler 2021-07-30 16:20:01 +00:00			`elif page == "logout":`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`self.clear_cookie("token")`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`# self.clear_cookie("user")`
			`# self.clear_cookie("user_data")`
			`self.redirect("/public/login")`
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler 2021-07-30 16:20:01 +00:00			`return`

scheduler, version change, database work, controller init servers, etc etc 2020-08-17 02:47:53 +00:00			`# if we have no page, let's go to login`
first huge commit 2020-08-12 00:36:09 +00:00			`else:`
Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.redirect("/public/login?" + self.request.query)`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`else:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.redirect("/public/login")`
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler 2021-07-30 16:20:01 +00:00			`return`
first huge commit 2020-08-12 00:36:09 +00:00
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler 2021-03-26 13:57:50 +00:00			`self.render(`
			`template,`
			`data=page_data,`
			`translate=self.translator.translate,`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`error_msg=error_msg,`
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler 2021-03-26 13:57:50 +00:00			`)`
first huge commit 2020-08-12 00:36:09 +00:00
building out databases and config files 2020-08-13 01:33:36 +00:00			`def post(self, page=None):`

⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`error = bleach.clean(self.get_argument("error", "Invalid Login!"))`
			`error_msg = bleach.clean(self.get_argument("error_msg", ""))`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00
			`page_data = {`
Refactored the yes to not pass objects in import Merge Conflicts ᴙ Us 2022-04-11 05:23:55 +00:00			`"version": self.helper.get_version_string(),`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`"error": error,`
Refactored the yes to not pass objects in import Merge Conflicts ᴙ Us 2022-04-11 05:23:55 +00:00			`"lang": self.helper.get_setting("language"),`
			`"lang_page": self.helper.getLangPage(self.helper.get_setting("language")),`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`"query": "",`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`}`
Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`page_data["query"] = self.request.query`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`if page == "login":`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00
building out databases and config files 2020-08-13 01:33:36 +00:00			`next_page = "/public/login"`
Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`next_page = "/public/login?" + self.request.query`
building out databases and config files 2020-08-13 01:33:36 +00:00
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`entered_username = bleach.clean(self.get_argument("username"))`
			`entered_password = bleach.clean(self.get_argument("password"))`
building out databases and config files 2020-08-13 01:33:36 +00:00
Create pylintrc, code review pipeline & correct codebase errors Fix uploads, Only send server stats to user page when they have access to servers 2022-01-26 01:45:30 +00:00			`# pylint: disable=no-member`
Fix stack when username is wrong. 2022-04-12 22:33:00 +00:00			`try:`
Refactor to standardize class/variable naming ✨ 2022-04-14 02:10:25 +00:00			`user_id = HelperUsers.get_user_id_by_name(entered_username.lower())`
			`user_data = HelperUsers.get_user_model(user_id)`
Fix stack when username is wrong. 2022-04-12 22:33:00 +00:00			`except:`
			`error_msg = "Incorrect username or password. Please try again."`
			`# self.clear_cookie("user")`
			`# self.clear_cookie("user_data")`
			`self.clear_cookie("token")`
			`if self.request.query:`
			`self.redirect(`
			`f"/public/login?error_msg={error_msg}&{self.request.query}"`
			`)`
			`else:`
			`self.redirect(f"/public/login?error_msg={error_msg}")`
			`return`
Create pylintrc, code review pipeline & correct codebase errors Fix uploads, Only send server stats to user page when they have access to servers 2022-01-26 01:45:30 +00:00
got login working 2020-08-13 14:38:36 +00:00			`# if we don't have a user`
building out databases and config files 2020-08-13 01:33:36 +00:00			`if not user_data:`
Create pylintrc, code review pipeline & correct codebase errors Fix uploads, Only send server stats to user page when they have access to servers 2022-01-26 01:45:30 +00:00			`error_msg = "Incorrect username or password. Please try again."`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`# self.clear_cookie("user")`
			`# self.clear_cookie("user_data")`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`self.clear_cookie("token")`
Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.redirect(`
			`f"/public/login?error_msg={error_msg}&{self.request.query}"`
			`)`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`else:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.redirect(f"/public/login?error_msg={error_msg}")`
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler 2021-07-30 16:20:01 +00:00			`return`
building out databases and config files 2020-08-13 01:33:36 +00:00
got login working 2020-08-13 14:38:36 +00:00			`# if they are disabled`
			`if not user_data.enabled:`
Fix files to conform with new ⚫Black pylintrc Mostly just breaking up strings and comments into new lines Some strings dont require 'f' but keeping in for readability with the rest of the concatinated string 2022-03-23 06:06:13 +00:00			`error_msg = (`
			`"User account disabled. Please contact "`
			`"your system administrator for more info."`
			`)`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`# self.clear_cookie("user")`
			`# self.clear_cookie("user_data")`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`self.clear_cookie("token")`
Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.redirect(`
			`f"/public/login?error_msg={error_msg}&{self.request.query}"`
			`)`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`else:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.redirect(f"/public/login?error_msg={error_msg}")`
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler 2021-07-30 16:20:01 +00:00			`return`
got login working 2020-08-13 14:38:36 +00:00
Refactored the yes to not pass objects in import Merge Conflicts ᴙ Us 2022-04-11 05:23:55 +00:00			`login_result = self.helper.verify_pass(entered_password, user_data.password)`
building out databases and config files 2020-08-13 01:33:36 +00:00
			`# Valid Login`
			`if login_result:`
JWT login and multi API keys! 2022-01-15 00:23:50 +00:00			`self.set_current_user(user_data.user_id)`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`logger.info(`
			`f"User: {user_data} Logged in from IP: {self.get_remote_ip()}"`
			`)`
building out databases and config files 2020-08-13 01:33:36 +00:00
got login working 2020-08-13 14:38:36 +00:00			`# record this login`
Removed fn, reduced queries in login flow 2022-04-10 22:46:07 +00:00			`user_data.last_ip = self.get_remote_ip()`
Refactored the yes to not pass objects in import Merge Conflicts ᴙ Us 2022-04-11 05:23:55 +00:00			`user_data.last_login = Helpers.get_time_as_string()`
Removed fn, reduced queries in login flow 2022-04-10 22:46:07 +00:00			`user_data.save()`
fixed IP not updating, fixed usernames being case sensitive in update query 2020-09-23 03:26:23 +00:00
added audit logging, and commands logging, command handler and other stuff 2020-08-31 20:16:45 +00:00			`# log this login`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.controller.management.add_to_audit_log(`
			`user_data.user_id, "Logged in", 0, self.get_remote_ip()`
			`)`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`if self.request.query_arguments.get("next"):`
			`next_page = self.request.query_arguments.get("next")[0].decode()`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`else:`
			`next_page = "/panel/dashboard"`

building out databases and config files 2020-08-13 01:33:36 +00:00			`self.redirect(next_page)`
Fix blank page on wrong password and add spaces to previous login failed redirects 2021-05-02 15:05:14 +00:00			`else:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`# self.clear_cookie("user")`
			`# self.clear_cookie("user_data")`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`self.clear_cookie("token")`
Add error message on login that does not direct to new page. Remove failed to create dir error on startup when crafty cannot create dir since it exists after first startup. Error logging is still enabled for every error except FileExists for this case. 2021-11-23 18:22:15 +00:00			`error_msg = "Inncorrect username or password. Please try again."`
Fix blank page on wrong password and add spaces to previous login failed redirects 2021-05-02 15:05:14 +00:00			`# log this failed login attempt`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.controller.management.add_to_audit_log(`
			`user_data.user_id, "Tried to log in", 0, self.get_remote_ip()`
			`)`
Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.redirect(`
			`f"/public/login?error_msg={error_msg}&{self.request.query}"`
			`)`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`else:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.redirect(f"/public/login?error_msg={error_msg}")`
Moved server DB code to models, fix autobleach logging, fix redirect bug 2021-04-04 17:48:02 +00:00			`else:`
Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.redirect("/public/login?" + self.request.query)`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`else:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.redirect("/public/login")`