From 941e3021000e59020f66419cc2156aee30972121 Mon Sep 17 00:00:00 2001
From: RaNaN <Mast3rRaNaN@hotmail.de>
Date: Mon, 13 Aug 2012 17:40:10 +0200
Subject: working login

---
 module/web/api_app.py                    | 16 +++---
 module/web/pyload_app.py                 | 50 +++++++------------
 module/web/static/css/default/style.css  | 35 ++++++--------
 module/web/templates/default/base.html   | 12 +++--
 module/web/templates/default/login.html  |  5 +-
 module/web/templates/default/logout.html |  9 ++++
 module/web/utils.py                      | 83 ++++++--------------------------
 7 files changed, 75 insertions(+), 135 deletions(-)
 create mode 100644 module/web/templates/default/logout.html

(limited to 'module/web')

diff --git a/module/web/api_app.py b/module/web/api_app.py
index df62db18f..4be6e5ab8 100644
--- a/module/web/api_app.py
+++ b/module/web/api_app.py
@@ -7,7 +7,7 @@ from traceback import format_exc, print_exc
 
 from bottle import route, request, response, HTTPError
 
-from utils import set_session
+from utils import set_session, get_user_api
 from webinterface import PYLOAD
 
 from module.common.json_layer import json
@@ -41,10 +41,11 @@ def call_api(func, args=""):
         # removes "' so it works on json strings
         s = s.get_by_id(remove_chars(request.POST['session'], "'\""))
 
-    if not s or not s.get("authenticated", False):
+    api = get_user_api(s)
+    if not api:
         return HTTPError(403, json.dumps("Forbidden"))
 
-    if not PYLOAD.isAuthorized(func, {"role": s["role"], "permission": s["perms"]}):
+    if not PYLOAD.isAuthorized(func, api.user):
         return HTTPError(401, json.dumps("Unauthorized"))
 
     args = args.split("/")[1:]
@@ -81,21 +82,22 @@ def callApi(func, *args, **kwargs):
 def login():
     add_header(response)
 
-    user = request.forms.get("username")
+    username = request.forms.get("username")
     password = request.forms.get("password")
 
-    info = PYLOAD.checkAuth(user, password)
+    user = PYLOAD.checkAuth(username, password)
 
-    if not info:
+    if not user:
         return json.dumps(False)
 
-    s = set_session(request, info)
+    s = set_session(request, user)
 
     # get the session id by dirty way, documentations seems wrong
     try:
         sid = s._headers["cookie_out"].split("=")[1].split(";")[0]
         return json.dumps(sid)
     except:
+        print "Could not get session"
         return json.dumps(True)
 
 
diff --git a/module/web/pyload_app.py b/module/web/pyload_app.py
index ba74d7083..afb97b361 100644
--- a/module/web/pyload_app.py
+++ b/module/web/pyload_app.py
@@ -23,43 +23,27 @@ from bottle import route, static_file, request, response, redirect, HTTPError, e
 
 from webinterface import PYLOAD, PROJECT_DIR, SETUP, env
 
-from utils import render_to_response, parse_permissions, parse_userdata, set_session
+from utils import render_to_response, login_required, set_session, get_user_api
 
-from module.Api import Output
 
 ##########
 # Helper
 ##########
 
-
 # TODO: useful but needs a rewrite, too
 def pre_processor():
     s = request.environ.get('beaker.session')
-    user = parse_userdata(s)
-    perms = parse_permissions(s)
-    status = {}
-    captcha = False
-    update = False
-    plugins = False
-    if user["is_authenticated"]:
-        status = PYLOAD.statusServer()
-        info = PYLOAD.getInfoByPlugin("UpdateManager")
-        captcha = PYLOAD.isInteractionWaiting(Output.Captcha)
-
-        # check if update check is available
-        if info:
-            if info["pyload"] == "True": update = True
-            if info["plugins"] == "True": plugins = True
+    api = get_user_api(s)
+    user = None
+    status = None
 
+    if api is not None:
+        user = api.user
+        status = api.statusServer()
 
     return {"user": user,
-            'status': status,
-            'captcha': captcha,
-            'perms': perms,
-            'url': request.url,
-            'update': update,
-            'plugins': plugins}
-
+            'server': status,
+            'url': request.url }
 
 
 def base(messages):
@@ -68,11 +52,11 @@ def base(messages):
 
 @error(500)
 def error500(error):
-    print "An error occured while processing the request."
+    print "An error occurred while processing the request."
     if error.traceback:
         print error.traceback
 
-    return base(["An error occured while processing the request.", error,
+    return base(["An error occurred while processing the request.", error,
                  error.traceback.replace("\n", "<br>") if error.traceback else "No Traceback"])
 
 # TODO: not working
@@ -125,15 +109,14 @@ def nopermission():
 
 @route("/login", method="POST")
 def login_post():
-    user = request.forms.get("username")
+    username = request.forms.get("username")
     password = request.forms.get("password")
 
-    info = PYLOAD.checkAuth(user, password)
-
-    if not info:
+    user = PYLOAD.checkAuth(username, password)
+    if not user:
         return render_to_response("login.html", {"errors": True}, [pre_processor])
 
-    set_session(request, info)
+    set_session(request, user)
     return redirect("/")
 
 
@@ -144,6 +127,7 @@ def logout():
     return render_to_response("logout.html", proc=[pre_processor])
 
 @route("/")
-def index():
+@login_required()
+def index(api):
     return base(["It works!"])
 
diff --git a/module/web/static/css/default/style.css b/module/web/static/css/default/style.css
index 326111680..63a7ad959 100644
--- a/module/web/static/css/default/style.css
+++ b/module/web/static/css/default/style.css
@@ -151,27 +151,24 @@ header .logo {
     margin-top: 12px;
     font-family: sans-serif
 }
-
+
 /*
     Login
-*/
-.login {
-    vertical-align: middle;
-    text-align: center;
-    border: 1px;
-    border-color:#000000; 
-    border-width:2px; 
-    border-style:solid;
-    padding: 15px;
-    -moz-border-radius: 15px;
-    border-radius: 15px;
-}
-
-.login div{
-    vertical-align: middle;
-    text-align: center;
-    padding: 3px;
-}
+*/
+.login {
+    vertical-align: middle;
+    text-align: center;
+    border: 2px solid #000000;
+    padding: 15px;
+    -moz-border-radius: 15px;
+    border-radius: 15px;
+}
+
+.login div{
+    vertical-align: middle;
+    text-align: center;
+    padding: 3px;
+}
 
 /*
     Footer
diff --git a/module/web/templates/default/base.html b/module/web/templates/default/base.html
index bbbefb4b6..e1fe81f1b 100644
--- a/module/web/templates/default/base.html
+++ b/module/web/templates/default/base.html
@@ -27,16 +27,17 @@
             <div class="logo"></div>
             <span class="title">pyLoad</span>
 
+            {% if user %}
             <div id="notification_div">
                 <h1>Important Stuff will be here!</h1>
             </div>
 
             <div class="header_block">
                 <div class="icon_info">
-                    <img src="static/img/default/icon_user_small_white.png" height="20px"/><span>User</span>
+                    <img src="static/img/default/icon_user_small_white.png" height="20px"/><span>{{ user.name }}</span>
                 </div>
                 <div class="icon_info" style="text-align: center">
-                    Logout
+                    <a href="logout">Logout</a>
                 </div>
             </div>
             <div id="speedgraph"></div>
@@ -48,16 +49,17 @@
                     <img src="static/img/default/icon_clock_small_white.png" height="20px"/><span>5 / 125</span>
                 </div>
             </div>
+            {% endif %}
         </div>
     </header>
     <div id="push"></div>
     <div id="content">
         {% for message in messages %}
-            <b><p>{{ message }}</p></b>
+            <div style="text-align: center">
+            <b>{{ message }}</b><br/>
+            </div>
         {% endfor %}
 
-        <h1>Test!</h1>
-
         {% block content %}
         {% endblock content %}
     </div>
diff --git a/module/web/templates/default/login.html b/module/web/templates/default/login.html
index 914ec6f16..95c62a992 100644
--- a/module/web/templates/default/login.html
+++ b/module/web/templates/default/login.html
@@ -3,7 +3,7 @@
 {% block title %}{{_("Login")}} - {{super()}} {% endblock %}
 
 {% block content %}
-
+<br>
 <div class="login">
 	<div class="login_title">
 	    {{_("Login")}}
@@ -24,11 +24,12 @@
    </form>
 </div>
 
-
+<div style="text-align: center">
 {% if errors %}
 <p>{{_("Your username and password didn't match. Please try again.")}}</p>
   {{ _("To reset your login data or add an user run:") }} <b> python pyLoadCore.py -u</b>
 {% endif %}
+</div>
 
     
 {% endblock %}
\ No newline at end of file
diff --git a/module/web/templates/default/logout.html b/module/web/templates/default/logout.html
new file mode 100644
index 000000000..a100c7004
--- /dev/null
+++ b/module/web/templates/default/logout.html
@@ -0,0 +1,9 @@
+{% extends 'default/base.html' %}
+
+{% block head %}
+    <meta http-equiv="refresh" content="3; url=/">
+{% endblock %}
+
+{% block content %}
+    <p><b>{{_("fYou were successfully logged out.")}}</b></p>
+{% endblock %}
diff --git a/module/web/utils.py b/module/web/utils.py
index 364f12bf4..43847b6c8 100644
--- a/module/web/utils.py
+++ b/module/web/utils.py
@@ -12,15 +12,13 @@
     See the GNU General Public License for more details.
 
     You should have received a copy of the GNU General Public License
-    along with this plrogram; if not, see <http://www.gnu.org/licenses/>.
+    along with this program; if not, see <http://www.gnu.org/licenses/>.
 
     @author: RaNaN
 """
 from bottle import request, HTTPError, redirect, ServerAdapter
 
-from webinterface import env, TEMPLATE
-
-from module.Api import has_permission, Permission, Role
+from webinterface import env, TEMPLATE, PYLOAD
 
 def render_to_response(name, args={}, proc=[]):
     for p in proc:
@@ -29,87 +27,34 @@ def render_to_response(name, args={}, proc=[]):
     return t.render(**args)
 
 
-def parse_permissions(session):
-    perms = dict([(x, False) for x in dir(Permission) if not x.startswith("_")])
-    perms["ADMIN"] = False
-    perms["is_admin"] = False
-
-    if not session.get("authenticated", False):
-        return perms
-
-    if session.get("role") == Role.Admin:
-        for k in perms.iterkeys():
-            perms[k] = True
-
-    elif session.get("perms"):
-        p = session.get("perms")
-        get_permission(perms, p)
-
-    return perms
-
-
-def permlist():
-    return [x for x in dir(Permission) if not x.startswith("_") and x != "All"]
-
-
-def get_permission(perms, p):
-    """Returns a dict with permission key
-
-    :param perms: dictionary
-    :param p:  bits
-    """
-    for name in permlist():
-        perms[name] = has_permission(p, getattr(Permission, name))
-
-
-def set_permission(perms):
-    """generates permission bits from dictionary
-
-    :param perms: dict
-    """
-    permission = 0
-    for name in dir(Permission):
-        if name.startswith("_"): continue
-
-        if name in perms and perms[name]:
-            permission |= getattr(Permission, name)
-
-    return permission
-
-
-def set_session(request, info):
+def set_session(request, user):
     s = request.environ.get('beaker.session')
-    s["authenticated"] = True
-    s["user_id"] = info["id"]
-    s["name"] = info["name"]
-    s["role"] = info["role"]
-    s["perms"] = info["permission"]
-    s["template"] = info["template"]
+    s["uid"] = user.uid
     s.save()
-
     return s
 
+def get_user_api(s):
+    uid = s.get("uid", None)
+    if uid is not None:
+        api = PYLOAD.withUserContext(uid)
+        return api
 
-def parse_userdata(session):
-    return {"name": session.get("name", "Anonymous"),
-            "is_admin": True if session.get("role", 1) == 0 else False,
-            "is_authenticated": session.get("authenticated", False)}
-
+    return None
 
 def login_required(perm=None):
     def _dec(func):
         def _view(*args, **kwargs):
             s = request.environ.get('beaker.session')
-            if s.get("name", None) and s.get("authenticated", False):
+            api = get_user_api(s)
+            if api is not None:
                 if perm:
-                    perms = parse_permissions(s)
-
-                    if perm not in perms or not perms[perm]:
+                    if api.user.hasPermission(perm):
                         if request.headers.get('X-Requested-With') == 'XMLHttpRequest':
                             return HTTPError(403, "Forbidden")
                         else:
                             return redirect("/nopermission")
 
+                kwargs["api"] = api
                 return func(*args, **kwargs)
             else:
                 if request.headers.get('X-Requested-With') == 'XMLHttpRequest':
-- 
cgit v1.2.3