crafty-4/app/classes/web/public_handler.py

import logging

from app.classes.models.users import helper_users
from app.classes.shared.authentication import authentication
from app.classes.shared.helpers import helper
from app.classes.web.base_handler import BaseHandler

try:
    import bleach

except ModuleNotFoundError as e:
    helper.auto_installer_fix(e)

logger = logging.getLogger(__name__)


class PublicHandler(BaseHandler):
    def set_current_user(self, user_id: str = None):

        expire_days = helper.get_setting("cookie_expire")

        # if helper comes back with false
        if not expire_days:
            expire_days = "5"

        if user_id is not None:
            self.set_cookie(
                "token", authentication.generate(user_id), expires_days=int(expire_days)
            )
        else:
            self.clear_cookie("token")
            # self.clear_cookie("user")
            # self.clear_cookie("user_data")

    def get(self, page=None):

        error = bleach.clean(self.get_argument("error", "Invalid Login!"))
        error_msg = bleach.clean(self.get_argument("error_msg", ""))

        page_data = {
            "version": helper.get_version_string(),
            "error": error,
            "lang": helper.get_setting("language"),
            "lang_page": helper.getLangPage(helper.get_setting("language")),
            "query": "",
        }
        if self.request.query:
            page_data["query"] = self.request.query

        # sensible defaults
        template = "public/404.html"

        if page == "login":
            template = "public/login.html"

        elif page == 404:
            template = "public/404.html"

        elif page == "error":
            template = "public/error.html"

        elif page == "logout":
            self.clear_cookie("token")
            # self.clear_cookie("user")
            # self.clear_cookie("user_data")
            self.redirect("/public/login")
            return

        # if we have no page, let's go to login
        else:
            if self.request.query:
                self.redirect("/public/login?" + self.request.query)
            else:
                self.redirect("/public/login")
            return

        self.render(
            template,
            data=page_data,
            translate=self.translator.translate,
            error_msg=error_msg,
        )

    def post(self, page=None):

        error = bleach.clean(self.get_argument("error", "Invalid Login!"))
        error_msg = bleach.clean(self.get_argument("error_msg", ""))

        page_data = {
            "version": helper.get_version_string(),
            "error": error,
            "lang": helper.get_setting("language"),
            "lang_page": helper.getLangPage(helper.get_setting("language")),
            "query": "",
        }
        if self.request.query:
            page_data["query"] = self.request.query

        if page == "login":

            next_page = "/public/login"
            if self.request.query:
                next_page = "/public/login?" + self.request.query

            entered_username = bleach.clean(self.get_argument("username"))
            entered_password = bleach.clean(self.get_argument("password"))

            # pylint: disable=no-member
            user_id = helper_users.get_user_id_by_name(entered_username.lower())
            user_data = helper_users.get_user_model(user_id)

            # if we don't have a user
            if not user_data:
                error_msg = "Incorrect username or password. Please try again."
                # self.clear_cookie("user")
                # self.clear_cookie("user_data")
                self.clear_cookie("token")
                if self.request.query:
                    self.redirect(
                        f"/public/login?error_msg={error_msg}&{self.request.query}"
                    )
                else:
                    self.redirect(f"/public/login?error_msg={error_msg}")
                return

            # if they are disabled
            if not user_data.enabled:
                error_msg = (
                    "User account disabled. Please contact "
                    "your system administrator for more info."
                )
                # self.clear_cookie("user")
                # self.clear_cookie("user_data")
                self.clear_cookie("token")
                if self.request.query:
                    self.redirect(
                        f"/public/login?error_msg={error_msg}&{self.request.query}"
                    )
                else:
                    self.redirect(f"/public/login?error_msg={error_msg}")
                return

            login_result = helper.verify_pass(entered_password, user_data.password)

            # Valid Login
            if login_result:
                self.set_current_user(user_data.user_id)
                logger.info(
                    f"User: {user_data} Logged in from IP: {self.get_remote_ip()}"
                )

                # record this login
                user_data.last_ip = self.get_remote_ip()
                user_data.last_login = helper.get_time_as_string()
                user_data.save()

                # log this login
                self.controller.management.add_to_audit_log(
                    user_data.user_id, "Logged in", 0, self.get_remote_ip()
                )

                if self.request.query_arguments.get("next"):
                    next_page = self.request.query_arguments.get("next")[0].decode()
                else:
                    next_page = "/panel/dashboard"

                self.redirect(next_page)
            else:
                # self.clear_cookie("user")
                # self.clear_cookie("user_data")
                self.clear_cookie("token")
                error_msg = "Inncorrect username or password. Please try again."
                # log this failed login attempt
                self.controller.management.add_to_audit_log(
                    user_data.user_id, "Tried to log in", 0, self.get_remote_ip()
                )
                if self.request.query:
                    self.redirect(
                        f"/public/login?error_msg={error_msg}&{self.request.query}"
                    )
                else:
                    self.redirect(f"/public/login?error_msg={error_msg}")
        else:
            if self.request.query:
                self.redirect("/public/login?" + self.request.query)
            else:
                self.redirect("/public/login")
first huge commit 2020-08-12 00:36:09 +00:00			`import logging`

Removed fn, reduced queries in login flow 2022-04-10 22:46:07 +00:00			`from app.classes.models.users import helper_users`
JWT login and multi API keys! 2022-01-15 00:23:50 +00:00			`from app.classes.shared.authentication import authentication`
Create pylintrc, code review pipeline & correct codebase errors Fix uploads, Only send server stats to user page when they have access to servers 2022-01-26 01:45:30 +00:00			`from app.classes.shared.helpers import helper`
			`from app.classes.web.base_handler import BaseHandler`
first huge commit 2020-08-12 00:36:09 +00:00
			`try:`
			`import bleach`

			`except ModuleNotFoundError as e:`
Tidy imports & dep auto-installer 2022-03-08 04:40:44 +00:00			`helper.auto_installer_fix(e)`

			`logger = logging.getLogger(__name__)`
first huge commit 2020-08-12 00:36:09 +00:00

⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`class PublicHandler(BaseHandler):`
JWT login and multi API keys! 2022-01-15 00:23:50 +00:00			`def set_current_user(self, user_id: str = None):`
first huge commit 2020-08-12 00:36:09 +00:00
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`expire_days = helper.get_setting("cookie_expire")`
first huge commit 2020-08-12 00:36:09 +00:00
			`# if helper comes back with false`
			`if not expire_days:`
			`expire_days = "5"`

JWT login and multi API keys! 2022-01-15 00:23:50 +00:00			`if user_id is not None:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.set_cookie(`
			`"token", authentication.generate(user_id), expires_days=int(expire_days)`
			`)`
first huge commit 2020-08-12 00:36:09 +00:00			`else:`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`self.clear_cookie("token")`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`# self.clear_cookie("user")`
			`# self.clear_cookie("user_data")`
first huge commit 2020-08-12 00:36:09 +00:00
			`def get(self, page=None):`

⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`error = bleach.clean(self.get_argument("error", "Invalid Login!"))`
			`error_msg = bleach.clean(self.get_argument("error_msg", ""))`
part 1 of the server builder complete 2020-08-23 22:43:28 +00:00
Update Translation - Adding Translation for Credits Page - Adding detection support for webpage 2022-03-05 11:01:36 +00:00			`page_data = {`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`"version": helper.get_version_string(),`
			`"error": error,`
			`"lang": helper.get_setting("language"),`
			`"lang_page": helper.getLangPage(helper.get_setting("language")),`
			`"query": "",`
Update Translation - Adding Translation for Credits Page - Adding detection support for webpage 2022-03-05 11:01:36 +00:00			`}`
Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`page_data["query"] = self.request.query`
building out databases and config files 2020-08-13 01:33:36 +00:00
got login working 2020-08-13 14:38:36 +00:00			`# sensible defaults`
			`template = "public/404.html"`

first huge commit 2020-08-12 00:36:09 +00:00			`if page == "login":`
			`template = "public/login.html"`
part 1 of the server builder complete 2020-08-23 22:43:28 +00:00
			`elif page == 404:`
			`template = "public/404.html"`

			`elif page == "error":`
			`template = "public/error.html"`
first huge commit 2020-08-12 00:36:09 +00:00
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler 2021-07-30 16:20:01 +00:00			`elif page == "logout":`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`self.clear_cookie("token")`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`# self.clear_cookie("user")`
			`# self.clear_cookie("user_data")`
			`self.redirect("/public/login")`
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler 2021-07-30 16:20:01 +00:00			`return`

scheduler, version change, database work, controller init servers, etc etc 2020-08-17 02:47:53 +00:00			`# if we have no page, let's go to login`
first huge commit 2020-08-12 00:36:09 +00:00			`else:`
Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.redirect("/public/login?" + self.request.query)`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`else:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.redirect("/public/login")`
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler 2021-07-30 16:20:01 +00:00			`return`
first huge commit 2020-08-12 00:36:09 +00:00
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler 2021-03-26 13:57:50 +00:00			`self.render(`
			`template,`
			`data=page_data,`
			`translate=self.translator.translate,`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`error_msg=error_msg,`
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler 2021-03-26 13:57:50 +00:00			`)`
first huge commit 2020-08-12 00:36:09 +00:00
building out databases and config files 2020-08-13 01:33:36 +00:00			`def post(self, page=None):`

⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`error = bleach.clean(self.get_argument("error", "Invalid Login!"))`
			`error_msg = bleach.clean(self.get_argument("error_msg", ""))`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00
			`page_data = {`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`"version": helper.get_version_string(),`
			`"error": error,`
			`"lang": helper.get_setting("language"),`
			`"lang_page": helper.getLangPage(helper.get_setting("language")),`
			`"query": "",`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`}`
Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`page_data["query"] = self.request.query`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`if page == "login":`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00
building out databases and config files 2020-08-13 01:33:36 +00:00			`next_page = "/public/login"`
Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`next_page = "/public/login?" + self.request.query`
building out databases and config files 2020-08-13 01:33:36 +00:00
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`entered_username = bleach.clean(self.get_argument("username"))`
			`entered_password = bleach.clean(self.get_argument("password"))`
building out databases and config files 2020-08-13 01:33:36 +00:00
Create pylintrc, code review pipeline & correct codebase errors Fix uploads, Only send server stats to user page when they have access to servers 2022-01-26 01:45:30 +00:00			`# pylint: disable=no-member`
Removed fn, reduced queries in login flow 2022-04-10 22:46:07 +00:00			`user_id = helper_users.get_user_id_by_name(entered_username.lower())`
			`user_data = helper_users.get_user_model(user_id)`
Create pylintrc, code review pipeline & correct codebase errors Fix uploads, Only send server stats to user page when they have access to servers 2022-01-26 01:45:30 +00:00
got login working 2020-08-13 14:38:36 +00:00			`# if we don't have a user`
building out databases and config files 2020-08-13 01:33:36 +00:00			`if not user_data:`
Create pylintrc, code review pipeline & correct codebase errors Fix uploads, Only send server stats to user page when they have access to servers 2022-01-26 01:45:30 +00:00			`error_msg = "Incorrect username or password. Please try again."`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`# self.clear_cookie("user")`
			`# self.clear_cookie("user_data")`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`self.clear_cookie("token")`
Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.redirect(`
			`f"/public/login?error_msg={error_msg}&{self.request.query}"`
			`)`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`else:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.redirect(f"/public/login?error_msg={error_msg}")`
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler 2021-07-30 16:20:01 +00:00			`return`
building out databases and config files 2020-08-13 01:33:36 +00:00
got login working 2020-08-13 14:38:36 +00:00			`# if they are disabled`
			`if not user_data.enabled:`
Fix files to conform with new ⚫Black pylintrc Mostly just breaking up strings and comments into new lines Some strings dont require 'f' but keeping in for readability with the rest of the concatinated string 2022-03-23 06:06:13 +00:00			`error_msg = (`
			`"User account disabled. Please contact "`
			`"your system administrator for more info."`
			`)`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`# self.clear_cookie("user")`
			`# self.clear_cookie("user_data")`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`self.clear_cookie("token")`
Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.redirect(`
			`f"/public/login?error_msg={error_msg}&{self.request.query}"`
			`)`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`else:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.redirect(f"/public/login?error_msg={error_msg}")`
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler 2021-07-30 16:20:01 +00:00			`return`
got login working 2020-08-13 14:38:36 +00:00
building out databases and config files 2020-08-13 01:33:36 +00:00			`login_result = helper.verify_pass(entered_password, user_data.password)`

			`# Valid Login`
			`if login_result:`
JWT login and multi API keys! 2022-01-15 00:23:50 +00:00			`self.set_current_user(user_data.user_id)`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`logger.info(`
			`f"User: {user_data} Logged in from IP: {self.get_remote_ip()}"`
			`)`
building out databases and config files 2020-08-13 01:33:36 +00:00
got login working 2020-08-13 14:38:36 +00:00			`# record this login`
Removed fn, reduced queries in login flow 2022-04-10 22:46:07 +00:00			`user_data.last_ip = self.get_remote_ip()`
			`user_data.last_login = helper.get_time_as_string()`
			`user_data.save()`
fixed IP not updating, fixed usernames being case sensitive in update query 2020-09-23 03:26:23 +00:00
added audit logging, and commands logging, command handler and other stuff 2020-08-31 20:16:45 +00:00			`# log this login`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.controller.management.add_to_audit_log(`
			`user_data.user_id, "Logged in", 0, self.get_remote_ip()`
			`)`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`if self.request.query_arguments.get("next"):`
			`next_page = self.request.query_arguments.get("next")[0].decode()`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`else:`
			`next_page = "/panel/dashboard"`

building out databases and config files 2020-08-13 01:33:36 +00:00			`self.redirect(next_page)`
Fix blank page on wrong password and add spaces to previous login failed redirects 2021-05-02 15:05:14 +00:00			`else:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`# self.clear_cookie("user")`
			`# self.clear_cookie("user_data")`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`self.clear_cookie("token")`
Add error message on login that does not direct to new page. Remove failed to create dir error on startup when crafty cannot create dir since it exists after first startup. Error logging is still enabled for every error except FileExists for this case. 2021-11-23 18:22:15 +00:00			`error_msg = "Inncorrect username or password. Please try again."`
Fix blank page on wrong password and add spaces to previous login failed redirects 2021-05-02 15:05:14 +00:00			`# log this failed login attempt`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.controller.management.add_to_audit_log(`
			`user_data.user_id, "Tried to log in", 0, self.get_remote_ip()`
			`)`
Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.redirect(`
			`f"/public/login?error_msg={error_msg}&{self.request.query}"`
			`)`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`else:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.redirect(f"/public/login?error_msg={error_msg}")`
Moved server DB code to models, fix autobleach logging, fix redirect bug 2021-04-04 17:48:02 +00:00			`else:`
Better dashboard re-ordering 2022-03-19 01:48:24 +00:00			`if self.request.query:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.redirect("/public/login?" + self.request.query)`
Fixing Cookies deletion Adding redirection at Login 2022-03-14 21:26:09 +00:00			`else:`
⬛Black codebase Apply black formatting to codebase 2022-03-23 02:50:12 +00:00			`self.redirect("/public/login")`