summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xfbin.py204
-rw-r--r--templates/login.tmpl16
2 files changed, 80 insertions, 140 deletions
diff --git a/fbin.py b/fbin.py
index 6826bb4..a4e97e8 100755
--- a/fbin.py
+++ b/fbin.py
@@ -77,17 +77,6 @@ class Application(object):
return user
- def save_user_pass(self, user, password):
- session = db.Session()
- try:
- user.password = password
- session.add(user)
- session.commit()
- # Avoid having to fetch user again (used by changepass)
- session.refresh(user)
- finally:
- session.close()
-
def get_file(self, hash, update_accessed = False):
session = db.Session()
try:
@@ -146,29 +135,6 @@ class Application(object):
user = None
return user
- def validate_cookie_old(self, cookie):
- if not cookie or not 'identifier' in cookie:
- return None
-
- identifier = cookie['identifier'].value
-
- if 'username' in cookie:
- user = self.get_user_by_name(cookie['username'].value)
- if not user:
- return None
- digest = hashlib.sha1(user.username + user.password).hexdigest()
- else:
- user = self.get_user_by_id(cookie['uid'].value)
- if not user:
- return None
- digest = hashlib.sha1(str(user.id) + user.password).hexdigest()
-
- if digest != identifier:
- raise InvalidCookieError(user.username)
- if not user.active:
- raise InactiveLoginError(user.username)
- return user
-
def get_file_by_file_hash(self, file_hash):
session = db.Session()
try:
@@ -341,113 +307,89 @@ class Application(object):
def login(self, environ, start_response, path):
user = self.validate_cookie(environ)
form = cgi.FieldStorage(fp = environ['wsgi.input'], environ = environ)
- next = form.getvalue('next')
- if environ['REQUEST_METHOD'] != 'POST' or not 'username' in form or not 'password' in form:
- start_response('200 OK', [('Content-Type', 'text/html')])
- return str(templates.login(searchList = {
- 'settings': settings,
- 'user': user,
- 'error': None,
- 'next': next,
- }))
-
- username = form.getvalue('username')
- password = form.getvalue('password')
- # XXX: password_hash and the password field from the local db should probably be removed later.
- password_hash = hashlib.sha1(password).hexdigest()
-
- error = None
- try:
- token = self.jab.generate_user_token(username, password, settings.jab_identifier, settings.jab_name)
- # If the user exists locally, both username and password must match (for migrating existing users).
- # Otherwise, one could create a new user in jab with the same username but different password.
- user = self.get_user(username, password_hash)
- # Create the user if it exists in jab but not locally.
+ if not user and not 'request_token' in form and not 'verified' in form:
+ from urlparse import urljoin
+ request_token = self.jab.generate_request_token(settings.jab_identifier, settings.jab_name,
+ urljoin('%s://%s' % (environ['wsgi.url_scheme'], environ['HTTP_HOST']), environ['PATH_INFO']))
+ if isinstance(request_token, unicode):
+ request_token = request_token.encode('utf-8')
+ start_response('302 Found', [('Location', urljoin(settings.jab_web_url, 'verify/' + request_token))])
+ return []
+ if 'request_token' in form and 'verified' in form:
+ if form.getvalue('verified') == '0':
+ start_response('200 OK', [('Content-Type', 'text/html')])
+ return str(templates.login(searchList = {
+ 'settings': settings,
+ 'user': None,
+ 'error': 'Login was declined.',
+ 'loggedin': False,
+ 'next': form.getvalue('next'),
+ }))
+ request_token = form.getvalue('request_token')
+ try:
+ token = self.jab.request_user_token(request_token, settings.jab_identifier, settings.jab_name)
+ jab_user = self.jab.get_user_by_token(token, settings.jab_identifier, environ['REMOTE_ADDR'])
+ except jab.client.InvalidCredentialsError:
+ start_response('200 OK', [('Content-Type', 'text/html')])
+ return str(templates.login(searchList = {
+ 'settings': settings,
+ 'user': None,
+ 'error': 'Failed to request login: invalid token or user.',
+ 'loggedin': False,
+ 'next': form.getvalue('next'),
+ }))
+ # FIXME: Don't use the username as key for jab users.
+ user = self.get_user_by_name(jab_user['username'])
if not user:
- user = self.add_user(username, password_hash, True)
+ user = self.add_user(jab_user['username'], None, True)
self.jab.set_token_data(token, settings.jab_identifier, {'user_id': user.id})
- except jab.client.InvalidCredentialsError:
- # Check wether the user exists in our local db, then add it via jab.
- user = self.get_user(username, password_hash)
- if user:
- try:
- self.jab.add_user(username, password, None, True)
- token = self.jab.generate_user_token(username, password, settings.jab_identifier, settings.jab_name)
- self.jab.set_token_data(token, settings.jab_identifier, {'user_id': user.id})
- except jab.client.InvalidCredentialsError:
- error = 'Login failed'
- else:
- error = 'Login failed'
-
- if error:
- start_response('200 OK', [('Content-Type', 'text/html')])
+ c = Cookie.SimpleCookie()
+ c['token'] = token
+ start_response('200 OK', [
+ ('Content-Type', 'text/html'),
+ ('Set-Cookie', c['token'].OutputString())
+ ])
return str(templates.login(searchList = {
'settings': settings,
'user': user,
- 'error': error,
- 'next': next,
+ 'error': None,
+ 'loggedin': True,
+ 'next': form.getvalue('next'),
}))
- rememberme = 'rememberme' in form
- forever = 'forever' in form
+ if user:
+ rememberme = 'rememberme' in form
+ forever = 'forever' in form
+
+ cookie = Cookie.SimpleCookie(environ['HTTP_COOKIE'])
+ token = cookie['token'].value
+ c = Cookie.SimpleCookie()
+ c['token'] = token
+
+ dt = datetime.datetime.utcnow() + datetime.timedelta(days = 30)
+ expires = dt.strftime('%a, %d-%b-%y %H:%M:%S GMT')
+ if rememberme:
+ c['token']['expires'] = expires
+ if forever:
+ c['forever'] = 1
+ c['forever']['expires'] = expires
+
+ # FIXME: This field is lost when we redirect to jab.
+ next = form.getvalue('next')
+ headers = [
+ ('Location', next if next else (settings.virtual_root + 'u')),
+ ('Set-Cookie', c['token'].OutputString())]
+ if 'forever' in c:
+ headers.append(('Set-Cookie', c['forever'].OutputString()))
+ start_response('302 Found', headers)
+ return []
- c = Cookie.SimpleCookie()
- c['token'] = token
-
- dt = datetime.datetime.utcnow() + datetime.timedelta(days = 30)
- expires = dt.strftime('%a, %d-%b-%y %H:%M:%S GMT')
- if rememberme:
- c['token']['expires'] = expires
- if forever:
- c['forever'] = 1
- c['forever']['expires'] = expires
-
- headers = [
- ('Location', next if next else (settings.virtual_root + 'u')),
- ('Set-Cookie', c['token'].OutputString())]
- if 'forever' in c:
- headers.append(('Set-Cookie', c['forever'].OutputString()))
- start_response('302 Found', headers)
+ start_response('404 Not Found', [])
return []
def register(self, environ, start_response, path):
start_response('302 Found', [('Location', settings.jab_web_url + 'register')])
return []
- if not settings.allow_registration:
- start_response('403 Forbidden', [('Content-Type', 'text/plain')])
- return ['Registrations are disabled by the administrator.']
-
- user = self.validate_cookie(environ)
- form = cgi.FieldStorage(fp = environ['wsgi.input'], environ = environ)
- if environ['REQUEST_METHOD'] != 'POST' or not 'username' in form or not 'password' in form or not 'password2' in form:
- start_response('200 OK', [('Content-Type', 'text/html')])
- return str(templates.register(searchList = {
- 'settings': settings,
- 'user': user,
- 'error': None,
- }))
-
- username = form.getvalue('username')
- password = form.getvalue('password')
- password2 = form.getvalue('password2')
- if password != password2:
- start_response('200 OK', [('Content-Type', 'text/html')])
- return str(templates.register(searchList = {
- 'settings': settings,
- 'user': user,
- 'error': 'Passwords doesn\'t match',
- }))
-
- user = self.add_user(username, hashlib.sha1(password).hexdigest(), settings.create_active_users)
- if not user:
- start_response('200 OK', [('Content-Type', 'text/html')])
- return str(templates.register(searchList = {
- 'settings': settings,
- 'user': None,
- 'error': 'Username already taken.',
- }))
-
- return self.redirect(environ, start_response, 'l')
def logout(self, environ, start_response, path):
c = Cookie.SimpleCookie(environ['HTTP_COOKIE'] if 'HTTP_COOKIE' in environ else None)
@@ -459,17 +401,11 @@ class Application(object):
c = Cookie.SimpleCookie()
expires = datetime.datetime.utcfromtimestamp(0).strftime('%a, %d-%b-%y %H:%M:%S GMT')
- c['uid'] = 0
- c['uid']['expires'] = expires
- c['identifier'] = ''
- c['identifier']['expires'] = expires
c['forever'] = 0
c['forever']['expires'] = expires
c['token'] = 0
c['token']['expires'] = expires
start_response('302 Found', [
- ('Set-Cookie', c['uid'].OutputString()),
- ('Set-Cookie', c['identifier'].OutputString()),
('Set-Cookie', c['forever'].OutputString()),
('Set-Cookie', c['token'].OutputString()),
('Location', settings.virtual_root)])
diff --git a/templates/login.tmpl b/templates/login.tmpl
index af2f955..505a885 100644
--- a/templates/login.tmpl
+++ b/templates/login.tmpl
@@ -4,17 +4,21 @@
#def content
#set error = $error or ''
<div class="error">$error</div>
+#if $loggedin
+ <p>You are now logged in as $user.username.
+ To change your session settings, please use the form below.
+ Or <a href="${settings.virtual_root}u">return to the upload page</a>.
+ </p>
+#end if
+#if $user
<form method="post" action="${settings.virtual_root}l">
#if next
<input type="hidden" name="next" value="$next" />
#end if
- <p>username</p>
- <p><input type="text" id="username" name="username" /></p>
- <p>password</p>
- <p><input type="password" id="password" name="password" /></p>
- <p><input type="checkbox" id="rememberme" name="rememberme" checked="checked" />
+ <p><input type="checkbox" id="rememberme" name="rememberme" />
<label for="rememberme"> remember me</label></p>
<p><input type="checkbox" id="forever" name="forever" /><label for="forever"> .. forever</label></p>
- <p><input type="submit" value="Login" /></p>
+ <p><input type="submit" value="Update" /></p>
</form>
+#end if
#end def