crafty-4/app/classes/web/public_handler.py

129 lines
4.3 KiB
Python
Raw Normal View History

2020-08-11 20:36:09 -04:00
import sys
import logging
2022-01-15 02:23:50 +02:00
from app.classes.shared.authentication import authentication
from app.classes.shared.helpers import helper
2020-08-11 20:36:09 -04:00
from app.classes.shared.console import console
2021-09-09 00:01:10 +02:00
from app.classes.shared.main_models import fn
from app.classes.models.users import Users
from app.classes.web.base_handler import BaseHandler
2020-08-11 20:36:09 -04:00
logger = logging.getLogger(__name__)
try:
import bleach
except ModuleNotFoundError as e:
logger.critical(f"Import Error: Unable to load {e.name} module", exc_info=True)
console.critical(f"Import Error: Unable to load {e.name} module")
2020-08-11 20:36:09 -04:00
sys.exit(1)
class PublicHandler(BaseHandler):
2022-01-15 02:23:50 +02:00
def set_current_user(self, user_id: str = None):
2020-08-11 20:36:09 -04:00
expire_days = helper.get_setting('cookie_expire')
2020-08-11 20:36:09 -04:00
# if helper comes back with false
if not expire_days:
expire_days = "5"
2022-01-15 02:23:50 +02:00
if user_id is not None:
self.set_cookie("token", authentication.generate(user_id), expires_days=int(expire_days))
2020-08-11 20:36:09 -04:00
else:
self.clear_cookie("user")
def get(self, page=None):
2020-08-23 18:43:28 -04:00
error = bleach.clean(self.get_argument('error', "Invalid Login!"))
error_msg = bleach.clean(self.get_argument('error_msg', ''))
2020-08-23 18:43:28 -04:00
page_data = {'version': helper.get_version_string(), 'error': error, 'lang': helper.get_setting('language')}
2020-08-13 10:38:36 -04:00
# sensible defaults
template = "public/404.html"
2020-08-11 20:36:09 -04:00
if page == "login":
template = "public/login.html"
2020-08-23 18:43:28 -04:00
elif page == 404:
template = "public/404.html"
elif page == "error":
template = "public/error.html"
2020-08-11 20:36:09 -04:00
elif page == "logout":
self.clear_cookie("user")
self.clear_cookie("user_data")
self.redirect('/public/login')
return
# if we have no page, let's go to login
2020-08-11 20:36:09 -04:00
else:
2020-08-23 18:43:28 -04:00
self.redirect('/public/login')
return
2020-08-11 20:36:09 -04:00
self.render(
template,
data=page_data,
translate=self.translator.translate,
error_msg = error_msg
)
2020-08-11 20:36:09 -04:00
def post(self, page=None):
if page == 'login':
next_page = "/public/login"
2020-08-13 10:38:36 -04:00
entered_username = bleach.clean(self.get_argument('username'))
entered_password = bleach.clean(self.get_argument('password'))
# pylint: disable=no-member
2020-08-13 10:38:36 -04:00
user_data = Users.get_or_none(fn.Lower(Users.username) == entered_username.lower())
2020-08-13 10:38:36 -04:00
# if we don't have a user
if not user_data:
error_msg = "Incorrect username or password. Please try again."
self.clear_cookie("user")
self.clear_cookie("user_data")
self.redirect(f'/public/login?error_msg={error_msg}')
return
2020-08-13 10:38:36 -04:00
# if they are disabled
if not user_data.enabled:
error_msg = "User account disabled. Please contact your system administrator for more info."
self.clear_cookie("user")
self.clear_cookie("user_data")
self.redirect(f'/public/login?error_msg={error_msg}')
return
2020-08-13 10:38:36 -04:00
login_result = helper.verify_pass(entered_password, user_data.password)
# Valid Login
if login_result:
2022-01-15 02:23:50 +02:00
self.set_current_user(user_data.user_id)
logger.info(f"User: {user_data} Logged in from IP: {self.get_remote_ip()}")
2020-08-13 10:38:36 -04:00
# record this login
q = Users.select().where(Users.username == entered_username.lower()).get()
q.last_ip = self.get_remote_ip()
q.last_login = helper.get_time_as_string()
q.save()
# log this login
2021-09-09 00:01:10 +02:00
self.controller.management.add_to_audit_log(user_data.user_id, "Logged in", 0, self.get_remote_ip())
2020-08-13 10:38:36 -04:00
next_page = "/panel/dashboard"
self.redirect(next_page)
else:
self.clear_cookie("user")
self.clear_cookie("user_data")
error_msg = "Inncorrect username or password. Please try again."
# log this failed login attempt
2021-09-09 00:01:10 +02:00
self.controller.management.add_to_audit_log(user_data.user_id, "Tried to log in", 0, self.get_remote_ip())
self.redirect(f'/public/login?error_msg={error_msg}')
else:
self.redirect("/public/login")