crafty-4/app/classes/web/public_handler.py

119 lines
3.5 KiB
Python
Raw Normal View History

2020-08-12 00:36:09 +00:00
import sys
2020-08-13 14:38:36 +00:00
import json
2020-08-12 00:36:09 +00:00
import logging
import tornado.web
import tornado.escape
from app.classes.shared.helpers import helper
from app.classes.web.base_handler import BaseHandler
from app.classes.shared.console import console
from app.classes.shared.models import Users, fn, db_helper
2020-08-12 00:36:09 +00:00
logger = logging.getLogger(__name__)
try:
import bleach
except ModuleNotFoundError as e:
logger.critical("Import Error: Unable to load {} module".format(e, e.name))
console.critical("Import Error: Unable to load {} module".format(e, e.name))
sys.exit(1)
class PublicHandler(BaseHandler):
def set_current_user(self, user):
expire_days = helper.get_setting('cookie_expire')
2020-08-12 00:36:09 +00:00
# if helper comes back with false
if not expire_days:
expire_days = "5"
if user:
2020-08-13 14:38:36 +00:00
self.set_secure_cookie("user", tornado.escape.json_encode(user), expires_days=int(expire_days))
2020-08-12 00:36:09 +00:00
else:
self.clear_cookie("user")
def get(self, page=None):
self.clear_cookie("user")
self.clear_cookie("user_data")
2020-08-23 22:43:28 +00:00
error = bleach.clean(self.get_argument('error', "Invalid Login!"))
page_data = {
2020-08-23 22:43:28 +00:00
'version': helper.get_version_string(),
'error': error
}
2020-08-13 14:38:36 +00:00
# sensible defaults
template = "public/404.html"
2020-08-12 00:36:09 +00:00
if page == "login":
template = "public/login.html"
2020-08-23 22:43:28 +00:00
elif page == 404:
template = "public/404.html"
elif page == "error":
template = "public/error.html"
2020-08-12 00:36:09 +00:00
# if we have no page, let's go to login
2020-08-12 00:36:09 +00:00
else:
2020-08-23 22:43:28 +00:00
self.redirect('/public/login')
2020-08-12 00:36:09 +00:00
2020-08-13 14:38:36 +00:00
self.render(template, data=page_data)
2020-08-12 00:36:09 +00:00
def post(self, page=None):
if page == 'login':
next_page = "/public/login"
2020-08-13 14:38:36 +00:00
entered_username = bleach.clean(self.get_argument('username'))
entered_password = bleach.clean(self.get_argument('password'))
2020-08-13 14:38:36 +00:00
user_data = Users.get_or_none(fn.Lower(Users.username) == entered_username.lower())
2020-08-13 14:38:36 +00:00
# if we don't have a user
if not user_data:
next_page = "/public/error?error=Login_Failed"
self.redirect(next_page)
return False
2020-08-13 14:38:36 +00:00
# if they are disabled
if not user_data.enabled:
next_page = "/public/error?error=Login_Failed"
2020-08-13 14:38:36 +00:00
self.redirect(next_page)
return False
login_result = helper.verify_pass(entered_password, user_data.password)
# Valid Login
if login_result:
2020-08-13 14:38:36 +00:00
self.set_current_user(entered_username)
logger.info("User: {} Logged in from IP: {}".format(user_data, self.get_remote_ip()))
2020-08-13 14:38:36 +00:00
# record this login
q = Users.select().where(Users.username == entered_username.lower()).get()
q.last_ip = self.get_remote_ip()
q.last_login = helper.get_time_as_string()
q.save()
# log this login
db_helper.add_to_audit_log(user_data.user_id, "Logged in", 0, self.get_remote_ip())
cookie_data = {
2020-08-13 14:38:36 +00:00
"username": user_data.username,
"user_id": user_data.user_id,
2020-12-24 22:55:15 +00:00
"account_type": user_data.superuser,
}
self.set_secure_cookie('user_data', json.dumps(cookie_data))
2020-08-13 14:38:36 +00:00
next_page = "/panel/dashboard"
self.redirect(next_page)
self.redirect("/public/login")