diff options
| author |  RaNaN <Mast3rRaNaN@hotmail.de>
| 2012-08-13 17:40:10 +0200 |
|---|---|---|
| committer | RaNaN <Mast3rRaNaN@hotmail.de>
| 2012-08-13 17:40:10 +0200 |
| commit | 941e3021000e59020f66419cc2156aee30972121 (patch) | |
| tree | 49332fb148dd50c0ee78e4c20336c2848921bc1a /module/web | |
| parent | merge (diff) | |
| download | pyload-941e3021000e59020f66419cc2156aee30972121.tar.xz | |
working login
Diffstat (limited to 'module/web')
| -rw-r--r-- | module/web/api_app.py | 16 | ||||
| -rw-r--r-- | module/web/pyload_app.py | 50 | ||||
| -rw-r--r-- | module/web/static/css/default/style.css | 35 | ||||
| -rw-r--r-- | module/web/templates/default/base.html | 12 | ||||
| -rw-r--r-- | module/web/templates/default/login.html | 5 | ||||
| -rw-r--r-- | module/web/templates/default/logout.html | 9 | ||||
| -rw-r--r-- | module/web/utils.py | 83 |
7 files changed, 75 insertions, 135 deletions
diff --git a/module/web/api_app.py b/module/web/api_app.py index df62db18f..4be6e5ab8 100644 --- a/module/web/api_app.py +++ b/module/web/api_app.py @@ -7,7 +7,7 @@ from traceback import format_exc, print_exc from bottle import route, request, response, HTTPError -from utils import set_session +from utils import set_session, get_user_api from webinterface import PYLOAD from module.common.json_layer import json @@ -41,10 +41,11 @@ def call_api(func, args=""): # removes "' so it works on json strings s = s.get_by_id(remove_chars(request.POST['session'], "'\"")) - if not s or not s.get("authenticated", False): + api = get_user_api(s) + if not api: return HTTPError(403, json.dumps("Forbidden")) - if not PYLOAD.isAuthorized(func, {"role": s["role"], "permission": s["perms"]}): + if not PYLOAD.isAuthorized(func, api.user): return HTTPError(401, json.dumps("Unauthorized")) args = args.split("/")[1:] @@ -81,21 +82,22 @@ def callApi(func, *args, **kwargs): def login(): add_header(response) - user = request.forms.get("username") + username = request.forms.get("username") password = request.forms.get("password") - info = PYLOAD.checkAuth(user, password) + user = PYLOAD.checkAuth(username, password) - if not info: + if not user: return json.dumps(False) - s = set_session(request, info) + s = set_session(request, user) # get the session id by dirty way, documentations seems wrong try: sid = s._headers["cookie_out"].split("=")[1].split(";")[0] return json.dumps(sid) except: + print "Could not get session" return json.dumps(True) diff --git a/module/web/pyload_app.py b/module/web/pyload_app.py index ba74d7083..afb97b361 100644 --- a/module/web/pyload_app.py +++ b/module/web/pyload_app.py @@ -23,43 +23,27 @@ from bottle import route, static_file, request, response, redirect, HTTPError, e from webinterface import PYLOAD, PROJECT_DIR, SETUP, env -from utils import render_to_response, parse_permissions, parse_userdata, set_session +from utils import render_to_response, login_required, set_session, get_user_api -from module.Api import Output ########## # Helper ########## - # TODO: useful but needs a rewrite, too def pre_processor(): s = request.environ.get('beaker.session') - user = parse_userdata(s) - perms = parse_permissions(s) - status = {} - captcha = False - update = False - plugins = False - if user["is_authenticated"]: - status = PYLOAD.statusServer() - info = PYLOAD.getInfoByPlugin("UpdateManager") - captcha = PYLOAD.isInteractionWaiting(Output.Captcha) - - # check if update check is available - if info: - if info["pyload"] == "True": update = True - if info["plugins"] == "True": plugins = True + api = get_user_api(s) + user = None + status = None + if api is not None: + user = api.user + status = api.statusServer() return {"user": user, - 'status': status, - 'captcha': captcha, - 'perms': perms, - 'url': request.url, - 'update': update, - 'plugins': plugins} - + 'server': status, + 'url': request.url } def base(messages): @@ -68,11 +52,11 @@ def base(messages): @error(500) def error500(error): - print "An error occured while processing the request." + print "An error occurred while processing the request." if error.traceback: print error.traceback - return base(["An error occured while processing the request.", error, + return base(["An error occurred while processing the request.", error, error.traceback.replace("\n", "<br>") if error.traceback else "No Traceback"]) # TODO: not working @@ -125,15 +109,14 @@ def nopermission(): @route("/login", method="POST") def login_post(): - user = request.forms.get("username") + username = request.forms.get("username") password = request.forms.get("password") - info = PYLOAD.checkAuth(user, password) - - if not info: + user = PYLOAD.checkAuth(username, password) + if not user: return render_to_response("login.html", {"errors": True}, [pre_processor]) - set_session(request, info) + set_session(request, user) return redirect("/") @@ -144,6 +127,7 @@ def logout(): return render_to_response("logout.html", proc=[pre_processor]) @route("/") -def index(): +@login_required() +def index(api): return base(["It works!"]) diff --git a/module/web/static/css/default/style.css b/module/web/static/css/default/style.css index 326111680..63a7ad959 100644 --- a/module/web/static/css/default/style.css +++ b/module/web/static/css/default/style.css @@ -151,27 +151,24 @@ header .logo { margin-top: 12px;
font-family: sans-serif
}
- +
/*
Login
-*/ -.login { - vertical-align: middle; - text-align: center; - border: 1px; - border-color:#000000; - border-width:2px; - border-style:solid; - padding: 15px; - -moz-border-radius: 15px; - border-radius: 15px; -} - -.login div{ - vertical-align: middle; - text-align: center; - padding: 3px; -} +*/
+.login {
+ vertical-align: middle;
+ text-align: center;
+ border: 2px solid #000000;
+ padding: 15px;
+ -moz-border-radius: 15px;
+ border-radius: 15px;
+}
+
+.login div{
+ vertical-align: middle;
+ text-align: center;
+ padding: 3px;
+}
/*
Footer
diff --git a/module/web/templates/default/base.html b/module/web/templates/default/base.html index bbbefb4b6..e1fe81f1b 100644 --- a/module/web/templates/default/base.html +++ b/module/web/templates/default/base.html @@ -27,16 +27,17 @@ <div class="logo"></div>
<span class="title">pyLoad</span>
+ {% if user %}
<div id="notification_div">
<h1>Important Stuff will be here!</h1>
</div>
<div class="header_block">
<div class="icon_info">
- <img src="static/img/default/icon_user_small_white.png" height="20px"/><span>User</span>
+ <img src="static/img/default/icon_user_small_white.png" height="20px"/><span>{{ user.name }}</span>
</div>
<div class="icon_info" style="text-align: center">
- Logout
+ <a href="logout">Logout</a>
</div>
</div>
<div id="speedgraph"></div>
@@ -48,16 +49,17 @@ <img src="static/img/default/icon_clock_small_white.png" height="20px"/><span>5 / 125</span>
</div>
</div>
+ {% endif %}
</div>
</header>
<div id="push"></div>
<div id="content">
{% for message in messages %}
- <b><p>{{ message }}</p></b>
+ <div style="text-align: center">
+ <b>{{ message }}</b><br/>
+ </div>
{% endfor %}
- <h1>Test!</h1>
-
{% block content %}
{% endblock content %}
</div>
diff --git a/module/web/templates/default/login.html b/module/web/templates/default/login.html index 914ec6f16..95c62a992 100644 --- a/module/web/templates/default/login.html +++ b/module/web/templates/default/login.html @@ -3,7 +3,7 @@ {% block title %}{{_("Login")}} - {{super()}} {% endblock %} {% block content %} - +<br> <div class="login"> <div class="login_title"> {{_("Login")}} @@ -24,11 +24,12 @@ </form> </div> - +<div style="text-align: center"> {% if errors %} <p>{{_("Your username and password didn't match. Please try again.")}}</p> {{ _("To reset your login data or add an user run:") }} <b> python pyLoadCore.py -u</b> {% endif %} +</div> {% endblock %}
\ No newline at end of file diff --git a/module/web/templates/default/logout.html b/module/web/templates/default/logout.html new file mode 100644 index 000000000..a100c7004 --- /dev/null +++ b/module/web/templates/default/logout.html @@ -0,0 +1,9 @@ +{% extends 'default/base.html' %} + +{% block head %} + <meta http-equiv="refresh" content="3; url=/"> +{% endblock %} + +{% block content %} + <p><b>{{_("fYou were successfully logged out.")}}</b></p> +{% endblock %} diff --git a/module/web/utils.py b/module/web/utils.py index 364f12bf4..43847b6c8 100644 --- a/module/web/utils.py +++ b/module/web/utils.py @@ -12,15 +12,13 @@ See the GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this plrogram; if not, see <http://www.gnu.org/licenses/>. + along with this program; if not, see <http://www.gnu.org/licenses/>. @author: RaNaN """ from bottle import request, HTTPError, redirect, ServerAdapter -from webinterface import env, TEMPLATE - -from module.Api import has_permission, Permission, Role +from webinterface import env, TEMPLATE, PYLOAD def render_to_response(name, args={}, proc=[]): for p in proc: @@ -29,87 +27,34 @@ def render_to_response(name, args={}, proc=[]): return t.render(**args) -def parse_permissions(session): - perms = dict([(x, False) for x in dir(Permission) if not x.startswith("_")]) - perms["ADMIN"] = False - perms["is_admin"] = False - - if not session.get("authenticated", False): - return perms - - if session.get("role") == Role.Admin: - for k in perms.iterkeys(): - perms[k] = True - - elif session.get("perms"): - p = session.get("perms") - get_permission(perms, p) - - return perms - - -def permlist(): - return [x for x in dir(Permission) if not x.startswith("_") and x != "All"] - - -def get_permission(perms, p): - """Returns a dict with permission key - - :param perms: dictionary - :param p: bits - """ - for name in permlist(): - perms[name] = has_permission(p, getattr(Permission, name)) - - -def set_permission(perms): - """generates permission bits from dictionary - - :param perms: dict - """ - permission = 0 - for name in dir(Permission): - if name.startswith("_"): continue - - if name in perms and perms[name]: - permission |= getattr(Permission, name) - - return permission - - -def set_session(request, info): +def set_session(request, user): s = request.environ.get('beaker.session') - s["authenticated"] = True - s["user_id"] = info["id"] - s["name"] = info["name"] - s["role"] = info["role"] - s["perms"] = info["permission"] - s["template"] = info["template"] + s["uid"] = user.uid s.save() - return s +def get_user_api(s): + uid = s.get("uid", None) + if uid is not None: + api = PYLOAD.withUserContext(uid) + return api -def parse_userdata(session): - return {"name": session.get("name", "Anonymous"), - "is_admin": True if session.get("role", 1) == 0 else False, - "is_authenticated": session.get("authenticated", False)} - + return None def login_required(perm=None): def _dec(func): def _view(*args, **kwargs): s = request.environ.get('beaker.session') - if s.get("name", None) and s.get("authenticated", False): + api = get_user_api(s) + if api is not None: if perm: - perms = parse_permissions(s) - - if perm not in perms or not perms[perm]: + if api.user.hasPermission(perm): if request.headers.get('X-Requested-With') == 'XMLHttpRequest': return HTTPError(403, "Forbidden") else: return redirect("/nopermission") + kwargs["api"] = api return func(*args, **kwargs) else: if request.headers.get('X-Requested-With') == 'XMLHttpRequest': |