crafty-4/app/classes/web/public_handler.py

import logging
import bleach

from app.classes.shared.helpers import Helpers
from app.classes.models.users import HelperUsers
from app.classes.web.base_handler import BaseHandler

logger = logging.getLogger(__name__)


class PublicHandler(BaseHandler):
    def set_current_user(self, user_id: str = None):

        expire_days = self.helper.get_setting("cookie_expire")

        # if helper comes back with false
        if not expire_days:
            expire_days = "5"

        if user_id is not None:
            self.set_cookie(
                "token",
                self.controller.authentication.generate(user_id),
                expires_days=int(expire_days),
            )
        else:
            self.clear_cookie("token")
            # self.clear_cookie("user")
            # self.clear_cookie("user_data")

    def get(self, page=None):

        error = bleach.clean(self.get_argument("error", "Invalid Login!"))
        error_msg = bleach.clean(self.get_argument("error_msg", ""))

        page_data = {
            "version": self.helper.get_version_string(),
            "error": error,
            "lang": self.helper.get_setting("language"),
            "lang_page": self.helper.get_lang_page(self.helper.get_setting("language")),
            "query": "",
            "background": self.controller.cached_login,
            "login_opacity": self.controller.management.get_login_opacity(),
        }

        if self.request.query:
            page_data["query"] = self.request.query

        # sensible defaults
        template = "public/404.html"

        if page == "login":
            template = "public/login.html"

        elif page == 404:
            template = "public/404.html"

        elif page == "error":
            template = "public/error.html"

        elif page == "logout":
            self.clear_cookie("token")
            # self.clear_cookie("user")
            # self.clear_cookie("user_data")
            self.redirect("/login")
            return

        # if we have no page, let's go to login
        else:
            if self.request.query:
                self.redirect("/login?" + self.request.query)
            else:
                self.redirect("/login")
            return

        self.render(
            template,
            data=page_data,
            translate=self.translator.translate,
            error_msg=error_msg,
        )

    def post(self, page=None):

        error = bleach.clean(self.get_argument("error", "Invalid Login!"))
        error_msg = bleach.clean(self.get_argument("error_msg", ""))

        page_data = {
            "version": self.helper.get_version_string(),
            "error": error,
            "lang": self.helper.get_setting("language"),
            "lang_page": self.helper.get_lang_page(self.helper.get_setting("language")),
            "query": "",
        }
        if self.request.query:
            page_data["query"] = self.request.query

        if page == "login":

            next_page = "/login"
            if self.request.query:
                next_page = "/login?" + self.request.query

            entered_username = bleach.clean(self.get_argument("username"))
            entered_password = bleach.clean(self.get_argument("password"))

            # pylint: disable=no-member
            try:
                user_id = HelperUsers.get_user_id_by_name(entered_username.lower())
                user_data = HelperUsers.get_user_model(user_id)
            except:
                error_msg = "Incorrect username or password. Please try again."
                # self.clear_cookie("user")
                # self.clear_cookie("user_data")
                self.clear_cookie("token")
                if self.request.query:
                    self.redirect(f"/login?error_msg={error_msg}&{self.request.query}")
                else:
                    self.redirect(f"/login?error_msg={error_msg}")
                return

            # if we don't have a user
            if not user_data:
                error_msg = "Incorrect username or password. Please try again."
                # self.clear_cookie("user")
                # self.clear_cookie("user_data")
                self.clear_cookie("token")
                if self.request.query:
                    self.redirect(f"/login?error_msg={error_msg}&{self.request.query}")
                else:
                    self.redirect(f"/login?error_msg={error_msg}")
                return

            # if they are disabled
            if not user_data.enabled:
                error_msg = (
                    "User account disabled. Please contact "
                    "your system administrator for more info."
                )
                # self.clear_cookie("user")
                # self.clear_cookie("user_data")
                self.clear_cookie("token")
                if self.request.query:
                    self.redirect(f"/login?error_msg={error_msg}&{self.request.query}")
                else:
                    self.redirect(f"/login?error_msg={error_msg}")
                return

            login_result = self.helper.verify_pass(entered_password, user_data.password)

            # Valid Login
            if login_result:
                self.set_current_user(user_data.user_id)
                logger.info(
                    f"User: {user_data} Logged in from IP: {self.get_remote_ip()}"
                )
                if not user_data.last_ip and user_data.username == "admin":
                    self.controller.first_login = True
                # record this login
                user_data.last_ip = self.get_remote_ip()
                user_data.last_login = Helpers.get_time_as_string()
                user_data.save()

                # log this login
                self.controller.management.add_to_audit_log(
                    user_data.user_id, "Logged in", 0, self.get_remote_ip()
                )

                if self.request.query_arguments.get("next"):
                    next_page = self.request.query_arguments.get("next")[0].decode()
                else:
                    next_page = "/panel/dashboard"

                self.redirect(next_page)
            else:
                # self.clear_cookie("user")
                # self.clear_cookie("user_data")
                self.clear_cookie("token")
                error_msg = "Incorrect username or password. Please try again."
                # log this failed login attempt
                self.controller.management.add_to_audit_log(
                    user_data.user_id, "Tried to log in", 0, self.get_remote_ip()
                )
                if self.request.query:
                    self.redirect(f"/login?error_msg={error_msg}&{self.request.query}")
                else:
                    self.redirect(f"/login?error_msg={error_msg}")
        else:
            if self.request.query:
                self.redirect("/login?" + self.request.query)
            else:
                self.redirect("/login")
first huge commit 2020-08-12 00:36:09 +00:00			`import logging`
Refactored the yes to not pass objects in import Merge Conflicts ᴙ Us 2022-04-11 05:23:55 +00:00			`import bleach`
first huge commit 2020-08-12 00:36:09 +00:00
Refactored the yes to not pass objects in import Merge Conflicts ᴙ Us 2022-04-11 05:23:55 +00:00			`from app.classes.shared.helpers import Helpers`
Refactor to standardize class/variable naming ✨ 2022-04-14 02:10:25 +00:00			`from app.classes.models.users import HelperUsers`
Create pylintrc, code review pipeline & correct codebase errors Fix uploads, Only send server stats to user page when they have access to servers 2022-01-26 01:45:30 +00:00			`from app.classes.web.base_handler import BaseHandler`
first huge commit 2020-08-12 00:36:09 +00:00
Tidy imports & dep auto-installer 2022-03-08 04:40:44 +00:00			`logger = logging.getLogger(__name__)`
first huge commit 2020-08-12 00:36:09 +00:00

⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`class PublicHandler(BaseHandler):`
JWT login and multi API keys! 2022-01-15 00:23:50 +00:00			`def set_current_user(self, user_id: str = None):`
first huge commit 2020-08-12 00:36:09 +00:00
Refactored the yes to not pass objects in import Merge Conflicts ᴙ Us 2022-04-11 05:23:55 +00:00			`expire_days = self.helper.get_setting("cookie_expire")`
first huge commit 2020-08-12 00:36:09 +00:00
			`# if helper comes back with false`
			`if not expire_days:`
			`expire_days = "5"`

JWT login and multi API keys! 2022-01-15 00:23:50 +00:00			`if user_id is not None:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.set_cookie(`
Fix formatting to comply with ⬛Black 2022-04-11 10:08:36 +00:00			`"token",`
			`self.controller.authentication.generate(user_id),`
			`expires_days=int(expire_days),`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`)`
first huge commit 2020-08-12 00:36:09 +00:00			`else:`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`self.clear_cookie("token")`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`# self.clear_cookie("user")`
			`# self.clear_cookie("user_data")`
first huge commit 2020-08-12 00:36:09 +00:00
			`def get(self, page=None):`

⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`error = bleach.clean(self.get_argument("error", "Invalid Login!"))`
			`error_msg = bleach.clean(self.get_argument("error_msg", ""))`
Fixing Stack when redirected from Unauthorized page 2022-06-08 19:42:25 +00:00
			`page_data = {`
			`"version": self.helper.get_version_string(),`
			`"error": error,`
			`"lang": self.helper.get_setting("language"),`
			`"lang_page": self.helper.get_lang_page(self.helper.get_setting("language")),`
			`"query": "",`
Make background available to all public pages Move background to top of html for better loading 2022-12-01 00:53:10 +00:00			`"background": self.controller.cached_login,`
Add Personalized Transparency for Login Page's Form 2023-01-17 19:40:16 +00:00			`"login_opacity": self.controller.management.get_login_opacity(),`
Fixing Stack when redirected from Unauthorized page 2022-06-08 19:42:25 +00:00			`}`

Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`page_data["query"] = self.request.query`
building out databases and config files 2020-08-13 01:33:36 +00:00
got login working 2020-08-13 14:38:36 +00:00			`# sensible defaults`
			`template = "public/404.html"`

first huge commit 2020-08-12 00:36:09 +00:00			`if page == "login":`
			`template = "public/login.html"`
part 1 of the server builder complete 2020-08-23 22:43:28 +00:00
			`elif page == 404:`
			`template = "public/404.html"`

			`elif page == "error":`
			`template = "public/error.html"`
first huge commit 2020-08-12 00:36:09 +00:00
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler 2021-07-30 16:20:01 +00:00			`elif page == "logout":`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`self.clear_cookie("token")`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`# self.clear_cookie("user")`
			`# self.clear_cookie("user_data")`
Remove public page to use direct login as status one Rework HTTP Handler as we redirect all trafic to HTTPS 2023-01-25 22:26:04 +00:00			`self.redirect("/login")`
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler 2021-07-30 16:20:01 +00:00			`return`

scheduler, version change, database work, controller init servers, etc etc 2020-08-17 02:47:53 +00:00			`# if we have no page, let's go to login`
first huge commit 2020-08-12 00:36:09 +00:00			`else:`
Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
Remove public page to use direct login as status one Rework HTTP Handler as we redirect all trafic to HTTPS 2023-01-25 22:26:04 +00:00			`self.redirect("/login?" + self.request.query)`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`else:`
Remove public page to use direct login as status one Rework HTTP Handler as we redirect all trafic to HTTPS 2023-01-25 22:26:04 +00:00			`self.redirect("/login")`
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler 2021-07-30 16:20:01 +00:00			`return`
first huge commit 2020-08-12 00:36:09 +00:00
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler 2021-03-26 13:57:50 +00:00			`self.render(`
			`template,`
			`data=page_data,`
			`translate=self.translator.translate,`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`error_msg=error_msg,`
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler 2021-03-26 13:57:50 +00:00			`)`
first huge commit 2020-08-12 00:36:09 +00:00
building out databases and config files 2020-08-13 01:33:36 +00:00			`def post(self, page=None):`

⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`error = bleach.clean(self.get_argument("error", "Invalid Login!"))`
			`error_msg = bleach.clean(self.get_argument("error_msg", ""))`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00
			`page_data = {`
Refactored the yes to not pass objects in import Merge Conflicts ᴙ Us 2022-04-11 05:23:55 +00:00			`"version": self.helper.get_version_string(),`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`"error": error,`
Refactored the yes to not pass objects in import Merge Conflicts ᴙ Us 2022-04-11 05:23:55 +00:00			`"lang": self.helper.get_setting("language"),`
Rename get_lang_page 2022-04-14 23:34:21 +00:00			`"lang_page": self.helper.get_lang_page(self.helper.get_setting("language")),`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`"query": "",`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`}`
Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`page_data["query"] = self.request.query`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`if page == "login":`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00
Remove public page to use direct login as status one Rework HTTP Handler as we redirect all trafic to HTTPS 2023-01-25 22:26:04 +00:00			`next_page = "/login"`
Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
Remove public page to use direct login as status one Rework HTTP Handler as we redirect all trafic to HTTPS 2023-01-25 22:26:04 +00:00			`next_page = "/login?" + self.request.query`
building out databases and config files 2020-08-13 01:33:36 +00:00
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`entered_username = bleach.clean(self.get_argument("username"))`
			`entered_password = bleach.clean(self.get_argument("password"))`
building out databases and config files 2020-08-13 01:33:36 +00:00
Create pylintrc, code review pipeline & correct codebase errors Fix uploads, Only send server stats to user page when they have access to servers 2022-01-26 01:45:30 +00:00			`# pylint: disable=no-member`
Fix stack when username is wrong. 2022-04-12 22:33:00 +00:00			`try:`
Refactor to standardize class/variable naming ✨ 2022-04-14 02:10:25 +00:00			`user_id = HelperUsers.get_user_id_by_name(entered_username.lower())`
			`user_data = HelperUsers.get_user_model(user_id)`
Fix stack when username is wrong. 2022-04-12 22:33:00 +00:00			`except:`
			`error_msg = "Incorrect username or password. Please try again."`
			`# self.clear_cookie("user")`
			`# self.clear_cookie("user_data")`
			`self.clear_cookie("token")`
			`if self.request.query:`
Remove public page to use direct login as status one Rework HTTP Handler as we redirect all trafic to HTTPS 2023-01-25 22:26:04 +00:00			`self.redirect(f"/login?error_msg={error_msg}&{self.request.query}")`
Fix stack when username is wrong. 2022-04-12 22:33:00 +00:00			`else:`
Remove public page to use direct login as status one Rework HTTP Handler as we redirect all trafic to HTTPS 2023-01-25 22:26:04 +00:00			`self.redirect(f"/login?error_msg={error_msg}")`
Fix stack when username is wrong. 2022-04-12 22:33:00 +00:00			`return`
Create pylintrc, code review pipeline & correct codebase errors Fix uploads, Only send server stats to user page when they have access to servers 2022-01-26 01:45:30 +00:00
got login working 2020-08-13 14:38:36 +00:00			`# if we don't have a user`
building out databases and config files 2020-08-13 01:33:36 +00:00			`if not user_data:`
Create pylintrc, code review pipeline & correct codebase errors Fix uploads, Only send server stats to user page when they have access to servers 2022-01-26 01:45:30 +00:00			`error_msg = "Incorrect username or password. Please try again."`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`# self.clear_cookie("user")`
			`# self.clear_cookie("user_data")`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`self.clear_cookie("token")`
Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
Remove public page to use direct login as status one Rework HTTP Handler as we redirect all trafic to HTTPS 2023-01-25 22:26:04 +00:00			`self.redirect(f"/login?error_msg={error_msg}&{self.request.query}")`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`else:`
Remove public page to use direct login as status one Rework HTTP Handler as we redirect all trafic to HTTPS 2023-01-25 22:26:04 +00:00			`self.redirect(f"/login?error_msg={error_msg}")`
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler 2021-07-30 16:20:01 +00:00			`return`
building out databases and config files 2020-08-13 01:33:36 +00:00
got login working 2020-08-13 14:38:36 +00:00			`# if they are disabled`
			`if not user_data.enabled:`
Fix files to conform with new ⚫Black pylintrc Mostly just breaking up strings and comments into new lines Some strings dont require 'f' but keeping in for readability with the rest of the concatinated string 2022-03-23 06:06:13 +00:00			`error_msg = (`
			`"User account disabled. Please contact "`
			`"your system administrator for more info."`
			`)`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`# self.clear_cookie("user")`
			`# self.clear_cookie("user_data")`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`self.clear_cookie("token")`
Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
Remove public page to use direct login as status one Rework HTTP Handler as we redirect all trafic to HTTPS 2023-01-25 22:26:04 +00:00			`self.redirect(f"/login?error_msg={error_msg}&{self.request.query}")`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`else:`
Remove public page to use direct login as status one Rework HTTP Handler as we redirect all trafic to HTTPS 2023-01-25 22:26:04 +00:00			`self.redirect(f"/login?error_msg={error_msg}")`
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler 2021-07-30 16:20:01 +00:00			`return`
got login working 2020-08-13 14:38:36 +00:00
Refactored the yes to not pass objects in import Merge Conflicts ᴙ Us 2022-04-11 05:23:55 +00:00			`login_result = self.helper.verify_pass(entered_password, user_data.password)`
building out databases and config files 2020-08-13 01:33:36 +00:00
			`# Valid Login`
			`if login_result:`
JWT login and multi API keys! 2022-01-15 00:23:50 +00:00			`self.set_current_user(user_data.user_id)`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`logger.info(`
			`f"User: {user_data} Logged in from IP: {self.get_remote_ip()}"`
			`)`
Fix black formatting 2022-06-12 21:17:58 +00:00			`if not user_data.last_ip and user_data.username == "admin":`
Add survery to admin first log 2022-06-12 21:03:42 +00:00			`self.controller.first_login = True`
got login working 2020-08-13 14:38:36 +00:00			`# record this login`
Removed fn, reduced queries in login flow 2022-04-10 22:46:07 +00:00			`user_data.last_ip = self.get_remote_ip()`
Refactored the yes to not pass objects in import Merge Conflicts ᴙ Us 2022-04-11 05:23:55 +00:00			`user_data.last_login = Helpers.get_time_as_string()`
Removed fn, reduced queries in login flow 2022-04-10 22:46:07 +00:00			`user_data.save()`
fixed IP not updating, fixed usernames being case sensitive in update query 2020-09-23 03:26:23 +00:00
added audit logging, and commands logging, command handler and other stuff 2020-08-31 20:16:45 +00:00			`# log this login`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.controller.management.add_to_audit_log(`
			`user_data.user_id, "Logged in", 0, self.get_remote_ip()`
			`)`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`if self.request.query_arguments.get("next"):`
			`next_page = self.request.query_arguments.get("next")[0].decode()`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`else:`
			`next_page = "/panel/dashboard"`

building out databases and config files 2020-08-13 01:33:36 +00:00			`self.redirect(next_page)`
Fix blank page on wrong password and add spaces to previous login failed redirects 2021-05-02 15:05:14 +00:00			`else:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`# self.clear_cookie("user")`
			`# self.clear_cookie("user_data")`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`self.clear_cookie("token")`
Fix typo in error message 2022-06-04 18:24:12 +00:00			`error_msg = "Incorrect username or password. Please try again."`
Fix blank page on wrong password and add spaces to previous login failed redirects 2021-05-02 15:05:14 +00:00			`# log this failed login attempt`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.controller.management.add_to_audit_log(`
			`user_data.user_id, "Tried to log in", 0, self.get_remote_ip()`
			`)`
Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
Remove public page to use direct login as status one Rework HTTP Handler as we redirect all trafic to HTTPS 2023-01-25 22:26:04 +00:00			`self.redirect(f"/login?error_msg={error_msg}&{self.request.query}")`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`else:`
Remove public page to use direct login as status one Rework HTTP Handler as we redirect all trafic to HTTPS 2023-01-25 22:26:04 +00:00			`self.redirect(f"/login?error_msg={error_msg}")`
Moved server DB code to models, fix autobleach logging, fix redirect bug 2021-04-04 17:48:02 +00:00			`else:`
Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
Remove public page to use direct login as status one Rework HTTP Handler as we redirect all trafic to HTTPS 2023-01-25 22:26:04 +00:00			`self.redirect("/login?" + self.request.query)`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`else:`
Remove public page to use direct login as status one Rework HTTP Handler as we redirect all trafic to HTTPS 2023-01-25 22:26:04 +00:00			`self.redirect("/login")`