mirror of
https://gitlab.com/crafty-controller/crafty-4.git
synced 2024-08-30 18:23:09 +00:00
0e942311fb
Remove failed to create dir error on startup when crafty cannot create dir since it exists after first startup. Error logging is still enabled for every error except FileExists for this case.
144 lines
4.7 KiB
Python
144 lines
4.7 KiB
Python
import sys
|
|
import json
|
|
import logging
|
|
import tornado.web
|
|
import tornado.escape
|
|
|
|
from app.classes.shared.helpers import helper
|
|
from app.classes.web.base_handler import BaseHandler
|
|
from app.classes.shared.console import console
|
|
from app.classes.shared.main_models import fn
|
|
|
|
from app.classes.models.users import Users
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
try:
|
|
import bleach
|
|
|
|
except ModuleNotFoundError as e:
|
|
logger.critical("Import Error: Unable to load {} module".format(e.name), exc_info=True)
|
|
console.critical("Import Error: Unable to load {} module".format(e.name))
|
|
sys.exit(1)
|
|
|
|
|
|
class PublicHandler(BaseHandler):
|
|
|
|
def set_current_user(self, user):
|
|
|
|
expire_days = helper.get_setting('cookie_expire')
|
|
|
|
# if helper comes back with false
|
|
if not expire_days:
|
|
expire_days = "5"
|
|
|
|
if user:
|
|
self.set_secure_cookie("user", tornado.escape.json_encode(user), expires_days=int(expire_days))
|
|
else:
|
|
self.clear_cookie("user")
|
|
|
|
def get(self, page=None):
|
|
|
|
error = bleach.clean(self.get_argument('error', "Invalid Login!"))
|
|
error_msg = bleach.clean(self.get_argument('error_msg', ''))
|
|
|
|
page_data = {
|
|
'version': helper.get_version_string(),
|
|
'error': error
|
|
}
|
|
|
|
page_data['lang'] = tornado.locale.get("en_EN")
|
|
|
|
# sensible defaults
|
|
template = "public/404.html"
|
|
|
|
if page == "login":
|
|
template = "public/login.html"
|
|
|
|
elif page == 404:
|
|
template = "public/404.html"
|
|
|
|
elif page == "error":
|
|
template = "public/error.html"
|
|
|
|
elif page == "logout":
|
|
self.clear_cookie("user")
|
|
self.clear_cookie("user_data")
|
|
self.redirect('/public/login')
|
|
return
|
|
|
|
# if we have no page, let's go to login
|
|
else:
|
|
self.redirect('/public/login')
|
|
return
|
|
|
|
self.render(
|
|
template,
|
|
data=page_data,
|
|
translate=self.translator.translate,
|
|
error_msg = error_msg
|
|
)
|
|
|
|
def post(self, page=None):
|
|
|
|
if page == 'login':
|
|
next_page = "/public/login"
|
|
|
|
entered_username = bleach.clean(self.get_argument('username'))
|
|
entered_password = bleach.clean(self.get_argument('password'))
|
|
|
|
user_data = Users.get_or_none(fn.Lower(Users.username) == entered_username.lower())
|
|
|
|
# if we don't have a user
|
|
if not user_data:
|
|
error_msg = "Inncorrect username or password. Please try again."
|
|
self.clear_cookie("user")
|
|
self.clear_cookie("user_data")
|
|
self.redirect('/public/login?error_msg={}'.format(error_msg))
|
|
return
|
|
|
|
# if they are disabled
|
|
if not user_data.enabled:
|
|
error_msg = "User account disabled. Please contact your system administrator for more info."
|
|
self.clear_cookie("user")
|
|
self.clear_cookie("user_data")
|
|
self.redirect('/public/login?error_msg={}'.format(error_msg))
|
|
return
|
|
|
|
login_result = helper.verify_pass(entered_password, user_data.password)
|
|
|
|
# Valid Login
|
|
if login_result:
|
|
self.set_current_user(entered_username)
|
|
logger.info("User: {} Logged in from IP: {}".format(user_data, self.get_remote_ip()))
|
|
|
|
# record this login
|
|
q = Users.select().where(Users.username == entered_username.lower()).get()
|
|
q.last_ip = self.get_remote_ip()
|
|
q.last_login = helper.get_time_as_string()
|
|
q.save()
|
|
|
|
# log this login
|
|
self.controller.management.add_to_audit_log(user_data.user_id, "Logged in", 0, self.get_remote_ip())
|
|
|
|
cookie_data = {
|
|
"username": user_data.username,
|
|
"user_id": user_data.user_id,
|
|
"account_type": user_data.superuser,
|
|
}
|
|
|
|
self.set_secure_cookie('user_data', json.dumps(cookie_data))
|
|
|
|
next_page = "/panel/dashboard"
|
|
self.redirect(next_page)
|
|
else:
|
|
self.clear_cookie("user")
|
|
self.clear_cookie("user_data")
|
|
error_msg = "Inncorrect username or password. Please try again."
|
|
# log this failed login attempt
|
|
self.controller.management.add_to_audit_log(user_data.user_id, "Tried to log in", 0, self.get_remote_ip())
|
|
self.redirect('/public/login?error_msg={}'.format(error_msg))
|
|
else:
|
|
self.redirect("/public/login")
|
|
|