2020-08-12 00:36:09 +00:00
|
|
|
import logging
|
2023-09-04 23:13:13 +00:00
|
|
|
import bleach
|
2020-08-12 00:36:09 +00:00
|
|
|
|
2022-04-11 05:23:55 +00:00
|
|
|
from app.classes.shared.helpers import Helpers
|
2022-04-14 02:10:25 +00:00
|
|
|
from app.classes.models.users import HelperUsers
|
2022-01-26 01:45:30 +00:00
|
|
|
from app.classes.web.base_handler import BaseHandler
|
2020-08-12 00:36:09 +00:00
|
|
|
|
2022-03-08 04:40:44 +00:00
|
|
|
logger = logging.getLogger(__name__)
|
2020-08-12 00:36:09 +00:00
|
|
|
|
|
|
|
|
2022-03-23 02:50:12 +00:00
|
|
|
class PublicHandler(BaseHandler):
|
2022-01-15 00:23:50 +00:00
|
|
|
def set_current_user(self, user_id: str = None):
|
2022-04-11 05:23:55 +00:00
|
|
|
expire_days = self.helper.get_setting("cookie_expire")
|
2020-08-12 00:36:09 +00:00
|
|
|
|
|
|
|
# if helper comes back with false
|
|
|
|
if not expire_days:
|
|
|
|
expire_days = "5"
|
|
|
|
|
2022-01-15 00:23:50 +00:00
|
|
|
if user_id is not None:
|
2022-03-23 02:50:12 +00:00
|
|
|
self.set_cookie(
|
2022-04-11 10:08:36 +00:00
|
|
|
"token",
|
|
|
|
self.controller.authentication.generate(user_id),
|
|
|
|
expires_days=int(expire_days),
|
2022-03-23 02:50:12 +00:00
|
|
|
)
|
2020-08-12 00:36:09 +00:00
|
|
|
else:
|
2022-03-14 21:26:09 +00:00
|
|
|
self.clear_cookie("token")
|
2022-03-23 02:50:12 +00:00
|
|
|
# self.clear_cookie("user")
|
|
|
|
# self.clear_cookie("user_data")
|
2020-08-12 00:36:09 +00:00
|
|
|
|
|
|
|
def get(self, page=None):
|
2023-09-04 23:13:13 +00:00
|
|
|
error = bleach.clean(self.get_argument("error", "Invalid Login!"))
|
|
|
|
error_msg = bleach.clean(self.get_argument("error_msg", ""))
|
2022-06-08 19:42:25 +00:00
|
|
|
|
|
|
|
page_data = {
|
|
|
|
"version": self.helper.get_version_string(),
|
|
|
|
"error": error,
|
|
|
|
"lang": self.helper.get_setting("language"),
|
|
|
|
"lang_page": self.helper.get_lang_page(self.helper.get_setting("language")),
|
|
|
|
"query": "",
|
2022-12-01 00:53:10 +00:00
|
|
|
"background": self.controller.cached_login,
|
2023-01-17 19:40:16 +00:00
|
|
|
"login_opacity": self.controller.management.get_login_opacity(),
|
2022-06-08 19:42:25 +00:00
|
|
|
}
|
|
|
|
|
2022-03-19 01:48:24 +00:00
|
|
|
if self.request.query:
|
2022-03-23 02:50:12 +00:00
|
|
|
page_data["query"] = self.request.query
|
2020-08-13 01:33:36 +00:00
|
|
|
|
2020-08-13 14:38:36 +00:00
|
|
|
# sensible defaults
|
|
|
|
template = "public/404.html"
|
|
|
|
|
2020-08-12 00:36:09 +00:00
|
|
|
if page == "login":
|
|
|
|
template = "public/login.html"
|
2020-08-23 22:43:28 +00:00
|
|
|
|
2023-03-06 23:38:04 +00:00
|
|
|
elif page == "404":
|
2020-08-23 22:43:28 +00:00
|
|
|
template = "public/404.html"
|
|
|
|
|
|
|
|
elif page == "error":
|
|
|
|
template = "public/error.html"
|
2020-08-12 00:36:09 +00:00
|
|
|
|
2023-03-06 23:38:04 +00:00
|
|
|
elif page == "offline":
|
|
|
|
template = "public/offline.html"
|
|
|
|
|
2021-07-30 16:20:01 +00:00
|
|
|
elif page == "logout":
|
2022-03-14 21:26:09 +00:00
|
|
|
self.clear_cookie("token")
|
2022-03-23 02:50:12 +00:00
|
|
|
# self.clear_cookie("user")
|
|
|
|
# self.clear_cookie("user_data")
|
2023-01-25 22:26:04 +00:00
|
|
|
self.redirect("/login")
|
2021-07-30 16:20:01 +00:00
|
|
|
return
|
|
|
|
|
2020-08-17 02:47:53 +00:00
|
|
|
# if we have no page, let's go to login
|
2020-08-12 00:36:09 +00:00
|
|
|
else:
|
2022-03-19 01:48:24 +00:00
|
|
|
if self.request.query:
|
2023-01-25 22:26:04 +00:00
|
|
|
self.redirect("/login?" + self.request.query)
|
2022-03-14 21:26:09 +00:00
|
|
|
else:
|
2023-01-25 22:26:04 +00:00
|
|
|
self.redirect("/login")
|
2021-07-30 16:20:01 +00:00
|
|
|
return
|
2020-08-12 00:36:09 +00:00
|
|
|
|
2021-03-26 13:57:50 +00:00
|
|
|
self.render(
|
|
|
|
template,
|
|
|
|
data=page_data,
|
|
|
|
translate=self.translator.translate,
|
2022-03-23 02:50:12 +00:00
|
|
|
error_msg=error_msg,
|
2021-03-26 13:57:50 +00:00
|
|
|
)
|
2020-08-12 00:36:09 +00:00
|
|
|
|
2020-08-13 01:33:36 +00:00
|
|
|
def post(self, page=None):
|
2023-09-04 23:13:13 +00:00
|
|
|
error = bleach.clean(self.get_argument("error", "Invalid Login!"))
|
|
|
|
error_msg = bleach.clean(self.get_argument("error_msg", ""))
|
2022-03-14 21:26:09 +00:00
|
|
|
|
|
|
|
page_data = {
|
2022-04-11 05:23:55 +00:00
|
|
|
"version": self.helper.get_version_string(),
|
2022-03-23 02:50:12 +00:00
|
|
|
"error": error,
|
2022-04-11 05:23:55 +00:00
|
|
|
"lang": self.helper.get_setting("language"),
|
2022-04-14 23:34:21 +00:00
|
|
|
"lang_page": self.helper.get_lang_page(self.helper.get_setting("language")),
|
2022-03-23 02:50:12 +00:00
|
|
|
"query": "",
|
2022-03-14 21:26:09 +00:00
|
|
|
}
|
2022-03-19 01:48:24 +00:00
|
|
|
if self.request.query:
|
2022-03-23 02:50:12 +00:00
|
|
|
page_data["query"] = self.request.query
|
2022-03-14 21:26:09 +00:00
|
|
|
|
2022-03-23 02:50:12 +00:00
|
|
|
if page == "login":
|
2023-01-25 22:26:04 +00:00
|
|
|
next_page = "/login"
|
2022-03-19 01:48:24 +00:00
|
|
|
if self.request.query:
|
2023-01-25 22:26:04 +00:00
|
|
|
next_page = "/login?" + self.request.query
|
2020-08-13 01:33:36 +00:00
|
|
|
|
2023-09-04 23:13:13 +00:00
|
|
|
entered_username = bleach.clean(self.get_argument("username"))
|
|
|
|
entered_password = bleach.clean(self.get_argument("password"))
|
2020-08-13 01:33:36 +00:00
|
|
|
|
2022-01-26 01:45:30 +00:00
|
|
|
# pylint: disable=no-member
|
2022-04-12 22:33:00 +00:00
|
|
|
try:
|
2022-04-14 02:10:25 +00:00
|
|
|
user_id = HelperUsers.get_user_id_by_name(entered_username.lower())
|
|
|
|
user_data = HelperUsers.get_user_model(user_id)
|
2022-04-12 22:33:00 +00:00
|
|
|
except:
|
|
|
|
error_msg = "Incorrect username or password. Please try again."
|
|
|
|
# self.clear_cookie("user")
|
|
|
|
# self.clear_cookie("user_data")
|
|
|
|
self.clear_cookie("token")
|
|
|
|
if self.request.query:
|
2023-01-25 22:26:04 +00:00
|
|
|
self.redirect(f"/login?error_msg={error_msg}&{self.request.query}")
|
2022-04-12 22:33:00 +00:00
|
|
|
else:
|
2023-01-25 22:26:04 +00:00
|
|
|
self.redirect(f"/login?error_msg={error_msg}")
|
2022-04-12 22:33:00 +00:00
|
|
|
return
|
2022-01-26 01:45:30 +00:00
|
|
|
|
2020-08-13 14:38:36 +00:00
|
|
|
# if we don't have a user
|
2020-08-13 01:33:36 +00:00
|
|
|
if not user_data:
|
2022-01-26 01:45:30 +00:00
|
|
|
error_msg = "Incorrect username or password. Please try again."
|
2022-03-23 02:50:12 +00:00
|
|
|
# self.clear_cookie("user")
|
|
|
|
# self.clear_cookie("user_data")
|
2022-03-14 21:26:09 +00:00
|
|
|
self.clear_cookie("token")
|
2022-03-19 01:48:24 +00:00
|
|
|
if self.request.query:
|
2023-01-25 22:26:04 +00:00
|
|
|
self.redirect(f"/login?error_msg={error_msg}&{self.request.query}")
|
2022-03-14 21:26:09 +00:00
|
|
|
else:
|
2023-01-25 22:26:04 +00:00
|
|
|
self.redirect(f"/login?error_msg={error_msg}")
|
2021-07-30 16:20:01 +00:00
|
|
|
return
|
2020-08-13 01:33:36 +00:00
|
|
|
|
2020-08-13 14:38:36 +00:00
|
|
|
# if they are disabled
|
|
|
|
if not user_data.enabled:
|
2022-03-23 06:06:13 +00:00
|
|
|
error_msg = (
|
|
|
|
"User account disabled. Please contact "
|
|
|
|
"your system administrator for more info."
|
|
|
|
)
|
2022-03-23 02:50:12 +00:00
|
|
|
# self.clear_cookie("user")
|
|
|
|
# self.clear_cookie("user_data")
|
2022-03-14 21:26:09 +00:00
|
|
|
self.clear_cookie("token")
|
2022-03-19 01:48:24 +00:00
|
|
|
if self.request.query:
|
2023-01-25 22:26:04 +00:00
|
|
|
self.redirect(f"/login?error_msg={error_msg}&{self.request.query}")
|
2022-03-14 21:26:09 +00:00
|
|
|
else:
|
2023-01-25 22:26:04 +00:00
|
|
|
self.redirect(f"/login?error_msg={error_msg}")
|
2021-07-30 16:20:01 +00:00
|
|
|
return
|
2020-08-13 14:38:36 +00:00
|
|
|
|
2022-04-11 05:23:55 +00:00
|
|
|
login_result = self.helper.verify_pass(entered_password, user_data.password)
|
2020-08-13 01:33:36 +00:00
|
|
|
|
|
|
|
# Valid Login
|
|
|
|
if login_result:
|
2022-01-15 00:23:50 +00:00
|
|
|
self.set_current_user(user_data.user_id)
|
2022-03-23 02:50:12 +00:00
|
|
|
logger.info(
|
|
|
|
f"User: {user_data} Logged in from IP: {self.get_remote_ip()}"
|
|
|
|
)
|
2022-06-12 21:17:58 +00:00
|
|
|
if not user_data.last_ip and user_data.username == "admin":
|
2022-06-12 21:03:42 +00:00
|
|
|
self.controller.first_login = True
|
2020-08-13 14:38:36 +00:00
|
|
|
# record this login
|
2022-04-10 22:46:07 +00:00
|
|
|
user_data.last_ip = self.get_remote_ip()
|
2022-04-11 05:23:55 +00:00
|
|
|
user_data.last_login = Helpers.get_time_as_string()
|
2022-04-10 22:46:07 +00:00
|
|
|
user_data.save()
|
2020-09-23 03:26:23 +00:00
|
|
|
|
2020-08-31 20:16:45 +00:00
|
|
|
# log this login
|
2022-03-23 02:50:12 +00:00
|
|
|
self.controller.management.add_to_audit_log(
|
|
|
|
user_data.user_id, "Logged in", 0, self.get_remote_ip()
|
|
|
|
)
|
2022-03-14 21:26:09 +00:00
|
|
|
|
2022-03-23 02:50:12 +00:00
|
|
|
if self.request.query_arguments.get("next"):
|
|
|
|
next_page = self.request.query_arguments.get("next")[0].decode()
|
2022-03-14 21:26:09 +00:00
|
|
|
else:
|
|
|
|
next_page = "/panel/dashboard"
|
|
|
|
|
2020-08-13 01:33:36 +00:00
|
|
|
self.redirect(next_page)
|
2021-05-02 15:05:14 +00:00
|
|
|
else:
|
2022-03-23 02:50:12 +00:00
|
|
|
# self.clear_cookie("user")
|
|
|
|
# self.clear_cookie("user_data")
|
2022-03-14 21:26:09 +00:00
|
|
|
self.clear_cookie("token")
|
2022-06-04 18:24:12 +00:00
|
|
|
error_msg = "Incorrect username or password. Please try again."
|
2021-05-02 15:05:14 +00:00
|
|
|
# log this failed login attempt
|
2022-03-23 02:50:12 +00:00
|
|
|
self.controller.management.add_to_audit_log(
|
|
|
|
user_data.user_id, "Tried to log in", 0, self.get_remote_ip()
|
|
|
|
)
|
2022-03-19 01:48:24 +00:00
|
|
|
if self.request.query:
|
2023-01-25 22:26:04 +00:00
|
|
|
self.redirect(f"/login?error_msg={error_msg}&{self.request.query}")
|
2022-03-14 21:26:09 +00:00
|
|
|
else:
|
2023-01-25 22:26:04 +00:00
|
|
|
self.redirect(f"/login?error_msg={error_msg}")
|
2021-04-04 17:48:02 +00:00
|
|
|
else:
|
2022-03-19 01:48:24 +00:00
|
|
|
if self.request.query:
|
2023-01-25 22:26:04 +00:00
|
|
|
self.redirect("/login?" + self.request.query)
|
2022-03-14 21:26:09 +00:00
|
|
|
else:
|
2023-01-25 22:26:04 +00:00
|
|
|
self.redirect("/login")
|