2020-08-12 00:36:09 +00:00
|
|
|
import sys
|
2020-08-13 14:38:36 +00:00
|
|
|
import json
|
2020-08-12 00:36:09 +00:00
|
|
|
import logging
|
|
|
|
import tornado.web
|
|
|
|
import tornado.escape
|
|
|
|
|
|
|
|
from app.classes.shared.helpers import helper
|
|
|
|
from app.classes.web.base_handler import BaseHandler
|
|
|
|
from app.classes.shared.console import console
|
2021-09-08 22:01:10 +00:00
|
|
|
from app.classes.shared.main_models import fn
|
|
|
|
|
|
|
|
from app.classes.models.users import Users
|
2020-08-12 00:36:09 +00:00
|
|
|
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
|
|
try:
|
|
|
|
import bleach
|
|
|
|
|
|
|
|
except ModuleNotFoundError as e:
|
2021-04-17 20:34:13 +00:00
|
|
|
logger.critical("Import Error: Unable to load {} module".format(e.name), exc_info=True)
|
|
|
|
console.critical("Import Error: Unable to load {} module".format(e.name))
|
2020-08-12 00:36:09 +00:00
|
|
|
sys.exit(1)
|
|
|
|
|
|
|
|
|
|
|
|
class PublicHandler(BaseHandler):
|
|
|
|
|
|
|
|
def set_current_user(self, user):
|
|
|
|
|
2020-08-27 22:30:56 +00:00
|
|
|
expire_days = helper.get_setting('cookie_expire')
|
2020-08-12 00:36:09 +00:00
|
|
|
|
|
|
|
# if helper comes back with false
|
|
|
|
if not expire_days:
|
|
|
|
expire_days = "5"
|
|
|
|
|
|
|
|
if user:
|
2020-08-13 14:38:36 +00:00
|
|
|
self.set_secure_cookie("user", tornado.escape.json_encode(user), expires_days=int(expire_days))
|
2020-08-12 00:36:09 +00:00
|
|
|
else:
|
|
|
|
self.clear_cookie("user")
|
|
|
|
|
|
|
|
def get(self, page=None):
|
|
|
|
|
2020-08-23 22:43:28 +00:00
|
|
|
error = bleach.clean(self.get_argument('error', "Invalid Login!"))
|
2021-11-23 18:22:15 +00:00
|
|
|
error_msg = bleach.clean(self.get_argument('error_msg', ''))
|
2020-08-23 22:43:28 +00:00
|
|
|
|
2020-08-17 02:47:53 +00:00
|
|
|
page_data = {
|
2020-08-23 22:43:28 +00:00
|
|
|
'version': helper.get_version_string(),
|
|
|
|
'error': error
|
2020-08-17 02:47:53 +00:00
|
|
|
}
|
2021-10-18 21:27:19 +00:00
|
|
|
|
|
|
|
page_data['lang'] = tornado.locale.get("en_EN")
|
2020-08-13 01:33:36 +00:00
|
|
|
|
2020-08-13 14:38:36 +00:00
|
|
|
# sensible defaults
|
|
|
|
template = "public/404.html"
|
|
|
|
|
2020-08-12 00:36:09 +00:00
|
|
|
if page == "login":
|
|
|
|
template = "public/login.html"
|
2020-08-23 22:43:28 +00:00
|
|
|
|
|
|
|
elif page == 404:
|
|
|
|
template = "public/404.html"
|
|
|
|
|
|
|
|
elif page == "error":
|
|
|
|
template = "public/error.html"
|
2020-08-12 00:36:09 +00:00
|
|
|
|
2021-07-30 16:20:01 +00:00
|
|
|
elif page == "logout":
|
|
|
|
self.clear_cookie("user")
|
|
|
|
self.clear_cookie("user_data")
|
|
|
|
self.redirect('/public/login')
|
|
|
|
return
|
|
|
|
|
2020-08-17 02:47:53 +00:00
|
|
|
# if we have no page, let's go to login
|
2020-08-12 00:36:09 +00:00
|
|
|
else:
|
2020-08-23 22:43:28 +00:00
|
|
|
self.redirect('/public/login')
|
2021-07-30 16:20:01 +00:00
|
|
|
return
|
2020-08-12 00:36:09 +00:00
|
|
|
|
2021-03-26 13:57:50 +00:00
|
|
|
self.render(
|
|
|
|
template,
|
|
|
|
data=page_data,
|
|
|
|
translate=self.translator.translate,
|
2021-11-23 18:22:15 +00:00
|
|
|
error_msg = error_msg
|
2021-03-26 13:57:50 +00:00
|
|
|
)
|
2020-08-12 00:36:09 +00:00
|
|
|
|
2020-08-13 01:33:36 +00:00
|
|
|
def post(self, page=None):
|
|
|
|
|
|
|
|
if page == 'login':
|
|
|
|
next_page = "/public/login"
|
|
|
|
|
2020-08-13 14:38:36 +00:00
|
|
|
entered_username = bleach.clean(self.get_argument('username'))
|
2020-08-13 01:33:36 +00:00
|
|
|
entered_password = bleach.clean(self.get_argument('password'))
|
|
|
|
|
2020-08-13 14:38:36 +00:00
|
|
|
user_data = Users.get_or_none(fn.Lower(Users.username) == entered_username.lower())
|
2020-08-13 01:33:36 +00:00
|
|
|
|
2020-08-13 14:38:36 +00:00
|
|
|
# if we don't have a user
|
2020-08-13 01:33:36 +00:00
|
|
|
if not user_data:
|
2021-11-23 18:22:15 +00:00
|
|
|
error_msg = "Inncorrect username or password. Please try again."
|
2021-07-30 16:20:01 +00:00
|
|
|
self.clear_cookie("user")
|
|
|
|
self.clear_cookie("user_data")
|
2021-11-23 18:22:15 +00:00
|
|
|
self.redirect('/public/login?error_msg={}'.format(error_msg))
|
2021-07-30 16:20:01 +00:00
|
|
|
return
|
2020-08-13 01:33:36 +00:00
|
|
|
|
2020-08-13 14:38:36 +00:00
|
|
|
# if they are disabled
|
|
|
|
if not user_data.enabled:
|
2021-11-23 18:22:15 +00:00
|
|
|
error_msg = "User account disabled. Please contact your system administrator for more info."
|
2021-07-30 16:20:01 +00:00
|
|
|
self.clear_cookie("user")
|
|
|
|
self.clear_cookie("user_data")
|
2021-11-23 18:22:15 +00:00
|
|
|
self.redirect('/public/login?error_msg={}'.format(error_msg))
|
2021-07-30 16:20:01 +00:00
|
|
|
return
|
2020-08-13 14:38:36 +00:00
|
|
|
|
2020-08-13 01:33:36 +00:00
|
|
|
login_result = helper.verify_pass(entered_password, user_data.password)
|
|
|
|
|
|
|
|
# Valid Login
|
|
|
|
if login_result:
|
2020-08-13 14:38:36 +00:00
|
|
|
self.set_current_user(entered_username)
|
|
|
|
logger.info("User: {} Logged in from IP: {}".format(user_data, self.get_remote_ip()))
|
2020-08-13 01:33:36 +00:00
|
|
|
|
2020-08-13 14:38:36 +00:00
|
|
|
# record this login
|
2020-09-23 03:26:23 +00:00
|
|
|
q = Users.select().where(Users.username == entered_username.lower()).get()
|
|
|
|
q.last_ip = self.get_remote_ip()
|
|
|
|
q.last_login = helper.get_time_as_string()
|
|
|
|
q.save()
|
|
|
|
|
2020-08-31 20:16:45 +00:00
|
|
|
# log this login
|
2021-09-08 22:01:10 +00:00
|
|
|
self.controller.management.add_to_audit_log(user_data.user_id, "Logged in", 0, self.get_remote_ip())
|
2020-08-31 20:16:45 +00:00
|
|
|
|
2020-08-13 01:33:36 +00:00
|
|
|
cookie_data = {
|
2020-08-13 14:38:36 +00:00
|
|
|
"username": user_data.username,
|
2020-08-31 20:16:45 +00:00
|
|
|
"user_id": user_data.user_id,
|
2020-12-24 22:55:15 +00:00
|
|
|
"account_type": user_data.superuser,
|
2020-08-13 01:33:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
self.set_secure_cookie('user_data', json.dumps(cookie_data))
|
|
|
|
|
2020-08-13 14:38:36 +00:00
|
|
|
next_page = "/panel/dashboard"
|
2020-08-13 01:33:36 +00:00
|
|
|
self.redirect(next_page)
|
2021-05-02 15:05:14 +00:00
|
|
|
else:
|
2021-07-30 16:20:01 +00:00
|
|
|
self.clear_cookie("user")
|
|
|
|
self.clear_cookie("user_data")
|
2021-11-23 18:22:15 +00:00
|
|
|
error_msg = "Inncorrect username or password. Please try again."
|
2021-05-02 15:05:14 +00:00
|
|
|
# log this failed login attempt
|
2021-09-08 22:01:10 +00:00
|
|
|
self.controller.management.add_to_audit_log(user_data.user_id, "Tried to log in", 0, self.get_remote_ip())
|
2021-11-23 18:22:15 +00:00
|
|
|
self.redirect('/public/login?error_msg={}'.format(error_msg))
|
2021-04-04 17:48:02 +00:00
|
|
|
else:
|
2020-08-13 01:33:36 +00:00
|
|
|
self.redirect("/public/login")
|
|
|
|
|