From 5ec2df4183c11f947c056df6db3383e6557e5d20 Mon Sep 17 00:00:00 2001 From: Jon Bergli Heier Date: Sat, 8 Feb 2014 23:18:15 +0100 Subject: Login using single signon via jab web, cleanup old stuff. --- fbin.py | 204 ++++++++++++++++++--------------------------------- templates/login.tmpl | 16 ++-- 2 files changed, 80 insertions(+), 140 deletions(-) diff --git a/fbin.py b/fbin.py index 6826bb4..a4e97e8 100755 --- a/fbin.py +++ b/fbin.py @@ -77,17 +77,6 @@ class Application(object): return user - def save_user_pass(self, user, password): - session = db.Session() - try: - user.password = password - session.add(user) - session.commit() - # Avoid having to fetch user again (used by changepass) - session.refresh(user) - finally: - session.close() - def get_file(self, hash, update_accessed = False): session = db.Session() try: @@ -146,29 +135,6 @@ class Application(object): user = None return user - def validate_cookie_old(self, cookie): - if not cookie or not 'identifier' in cookie: - return None - - identifier = cookie['identifier'].value - - if 'username' in cookie: - user = self.get_user_by_name(cookie['username'].value) - if not user: - return None - digest = hashlib.sha1(user.username + user.password).hexdigest() - else: - user = self.get_user_by_id(cookie['uid'].value) - if not user: - return None - digest = hashlib.sha1(str(user.id) + user.password).hexdigest() - - if digest != identifier: - raise InvalidCookieError(user.username) - if not user.active: - raise InactiveLoginError(user.username) - return user - def get_file_by_file_hash(self, file_hash): session = db.Session() try: @@ -341,113 +307,89 @@ class Application(object): def login(self, environ, start_response, path): user = self.validate_cookie(environ) form = cgi.FieldStorage(fp = environ['wsgi.input'], environ = environ) - next = form.getvalue('next') - if environ['REQUEST_METHOD'] != 'POST' or not 'username' in form or not 'password' in form: - start_response('200 OK', [('Content-Type', 'text/html')]) - return str(templates.login(searchList = { - 'settings': settings, - 'user': user, - 'error': None, - 'next': next, - })) - - username = form.getvalue('username') - password = form.getvalue('password') - # XXX: password_hash and the password field from the local db should probably be removed later. - password_hash = hashlib.sha1(password).hexdigest() - - error = None - try: - token = self.jab.generate_user_token(username, password, settings.jab_identifier, settings.jab_name) - # If the user exists locally, both username and password must match (for migrating existing users). - # Otherwise, one could create a new user in jab with the same username but different password. - user = self.get_user(username, password_hash) - # Create the user if it exists in jab but not locally. + if not user and not 'request_token' in form and not 'verified' in form: + from urlparse import urljoin + request_token = self.jab.generate_request_token(settings.jab_identifier, settings.jab_name, + urljoin('%s://%s' % (environ['wsgi.url_scheme'], environ['HTTP_HOST']), environ['PATH_INFO'])) + if isinstance(request_token, unicode): + request_token = request_token.encode('utf-8') + start_response('302 Found', [('Location', urljoin(settings.jab_web_url, 'verify/' + request_token))]) + return [] + if 'request_token' in form and 'verified' in form: + if form.getvalue('verified') == '0': + start_response('200 OK', [('Content-Type', 'text/html')]) + return str(templates.login(searchList = { + 'settings': settings, + 'user': None, + 'error': 'Login was declined.', + 'loggedin': False, + 'next': form.getvalue('next'), + })) + request_token = form.getvalue('request_token') + try: + token = self.jab.request_user_token(request_token, settings.jab_identifier, settings.jab_name) + jab_user = self.jab.get_user_by_token(token, settings.jab_identifier, environ['REMOTE_ADDR']) + except jab.client.InvalidCredentialsError: + start_response('200 OK', [('Content-Type', 'text/html')]) + return str(templates.login(searchList = { + 'settings': settings, + 'user': None, + 'error': 'Failed to request login: invalid token or user.', + 'loggedin': False, + 'next': form.getvalue('next'), + })) + # FIXME: Don't use the username as key for jab users. + user = self.get_user_by_name(jab_user['username']) if not user: - user = self.add_user(username, password_hash, True) + user = self.add_user(jab_user['username'], None, True) self.jab.set_token_data(token, settings.jab_identifier, {'user_id': user.id}) - except jab.client.InvalidCredentialsError: - # Check wether the user exists in our local db, then add it via jab. - user = self.get_user(username, password_hash) - if user: - try: - self.jab.add_user(username, password, None, True) - token = self.jab.generate_user_token(username, password, settings.jab_identifier, settings.jab_name) - self.jab.set_token_data(token, settings.jab_identifier, {'user_id': user.id}) - except jab.client.InvalidCredentialsError: - error = 'Login failed' - else: - error = 'Login failed' - - if error: - start_response('200 OK', [('Content-Type', 'text/html')]) + c = Cookie.SimpleCookie() + c['token'] = token + start_response('200 OK', [ + ('Content-Type', 'text/html'), + ('Set-Cookie', c['token'].OutputString()) + ]) return str(templates.login(searchList = { 'settings': settings, 'user': user, - 'error': error, - 'next': next, + 'error': None, + 'loggedin': True, + 'next': form.getvalue('next'), })) - rememberme = 'rememberme' in form - forever = 'forever' in form + if user: + rememberme = 'rememberme' in form + forever = 'forever' in form + + cookie = Cookie.SimpleCookie(environ['HTTP_COOKIE']) + token = cookie['token'].value + c = Cookie.SimpleCookie() + c['token'] = token + + dt = datetime.datetime.utcnow() + datetime.timedelta(days = 30) + expires = dt.strftime('%a, %d-%b-%y %H:%M:%S GMT') + if rememberme: + c['token']['expires'] = expires + if forever: + c['forever'] = 1 + c['forever']['expires'] = expires + + # FIXME: This field is lost when we redirect to jab. + next = form.getvalue('next') + headers = [ + ('Location', next if next else (settings.virtual_root + 'u')), + ('Set-Cookie', c['token'].OutputString())] + if 'forever' in c: + headers.append(('Set-Cookie', c['forever'].OutputString())) + start_response('302 Found', headers) + return [] - c = Cookie.SimpleCookie() - c['token'] = token - - dt = datetime.datetime.utcnow() + datetime.timedelta(days = 30) - expires = dt.strftime('%a, %d-%b-%y %H:%M:%S GMT') - if rememberme: - c['token']['expires'] = expires - if forever: - c['forever'] = 1 - c['forever']['expires'] = expires - - headers = [ - ('Location', next if next else (settings.virtual_root + 'u')), - ('Set-Cookie', c['token'].OutputString())] - if 'forever' in c: - headers.append(('Set-Cookie', c['forever'].OutputString())) - start_response('302 Found', headers) + start_response('404 Not Found', []) return [] def register(self, environ, start_response, path): start_response('302 Found', [('Location', settings.jab_web_url + 'register')]) return [] - if not settings.allow_registration: - start_response('403 Forbidden', [('Content-Type', 'text/plain')]) - return ['Registrations are disabled by the administrator.'] - - user = self.validate_cookie(environ) - form = cgi.FieldStorage(fp = environ['wsgi.input'], environ = environ) - if environ['REQUEST_METHOD'] != 'POST' or not 'username' in form or not 'password' in form or not 'password2' in form: - start_response('200 OK', [('Content-Type', 'text/html')]) - return str(templates.register(searchList = { - 'settings': settings, - 'user': user, - 'error': None, - })) - - username = form.getvalue('username') - password = form.getvalue('password') - password2 = form.getvalue('password2') - if password != password2: - start_response('200 OK', [('Content-Type', 'text/html')]) - return str(templates.register(searchList = { - 'settings': settings, - 'user': user, - 'error': 'Passwords doesn\'t match', - })) - - user = self.add_user(username, hashlib.sha1(password).hexdigest(), settings.create_active_users) - if not user: - start_response('200 OK', [('Content-Type', 'text/html')]) - return str(templates.register(searchList = { - 'settings': settings, - 'user': None, - 'error': 'Username already taken.', - })) - - return self.redirect(environ, start_response, 'l') def logout(self, environ, start_response, path): c = Cookie.SimpleCookie(environ['HTTP_COOKIE'] if 'HTTP_COOKIE' in environ else None) @@ -459,17 +401,11 @@ class Application(object): c = Cookie.SimpleCookie() expires = datetime.datetime.utcfromtimestamp(0).strftime('%a, %d-%b-%y %H:%M:%S GMT') - c['uid'] = 0 - c['uid']['expires'] = expires - c['identifier'] = '' - c['identifier']['expires'] = expires c['forever'] = 0 c['forever']['expires'] = expires c['token'] = 0 c['token']['expires'] = expires start_response('302 Found', [ - ('Set-Cookie', c['uid'].OutputString()), - ('Set-Cookie', c['identifier'].OutputString()), ('Set-Cookie', c['forever'].OutputString()), ('Set-Cookie', c['token'].OutputString()), ('Location', settings.virtual_root)]) diff --git a/templates/login.tmpl b/templates/login.tmpl index af2f955..505a885 100644 --- a/templates/login.tmpl +++ b/templates/login.tmpl @@ -4,17 +4,21 @@ #def content #set error = $error or ''
$error
+#if $loggedin +

You are now logged in as $user.username. + To change your session settings, please use the form below. + Or return to the upload page. +

+#end if +#if $user
#if next #end if -

username

-

-

password

-

-

+

-

+

+#end if #end def -- cgit v1.2.3