Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Contribute to GitLab
Sign in
Toggle navigation
D
domotikad
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
domotika
domotikad
Commits
311d2183
Commit
311d2183
authored
Oct 02, 2014
by
nextime
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix some issues in autologin
parent
6310e3db
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
32 additions
and
12 deletions
+32
-12
auth.py
domotika/web/auth.py
+1
-1
web.py
domotika/web/web.py
+31
-11
No files found.
domotika/web/auth.py
View file @
311d2183
...
@@ -89,7 +89,7 @@ class clientAuth(object):
...
@@ -89,7 +89,7 @@ class clientAuth(object):
return
False
return
False
def
requestAvatarId
(
self
,
c
):
def
requestAvatarId
(
self
,
c
):
log
.
debug
(
'AUTH: '
+
str
(
c
))
log
.
debug
(
'AUTH: '
+
str
(
c
)
+
" "
+
str
(
c
.
username
)
)
return
self
.
checkAuth
(
c
.
username
,
c
.
password
)
.
addCallback
(
return
self
.
checkAuth
(
c
.
username
,
c
.
password
)
.
addCallback
(
self
.
getPerms
,
c
.
password
)
.
addCallback
(
self
.
getPerms
,
c
.
password
)
.
addCallback
(
self
.
AvatarResults
,
c
)
self
.
AvatarResults
,
c
)
...
...
domotika/web/web.py
View file @
311d2183
...
@@ -203,8 +203,14 @@ class RootPage(rend.Page):
...
@@ -203,8 +203,14 @@ class RootPage(rend.Page):
self
.
core
.
updateSession
(
session
.
uid
,
session
,
self
)
self
.
core
.
updateSession
(
session
.
uid
,
session
,
self
)
return
rend
.
Page
.
locateChild
(
self
,
ctx
,
name
)
return
rend
.
Page
.
locateChild
(
self
,
ctx
,
name
)
except
:
except
:
log
.
info
(
"Error getting permission from DB USER: "
+
session
.
mind
.
perms
.
username
+
" SESSION: "
+
str
(
session
.
uid
)
+
" ARGS: "
+
str
(
request
.
args
)
+
" REQ "
+
str
(
request
))
try
:
log
.
info
(
"PERMISSION DB DENIED, USER: "
+
session
.
mind
.
perms
.
username
+
" SESSION: "
+
str
(
session
.
uid
)
+
" ARGS: "
+
str
(
request
.
args
)
+
" REQ "
+
str
(
request
))
log
.
info
(
"Error getting permission from DB USER: "
+
session
.
mind
.
perms
.
username
+
" SESSION: "
+
str
(
session
.
uid
)
+
" ARGS: "
+
str
(
request
.
args
)
+
" REQ "
+
str
(
request
))
except
:
log
.
info
(
"Error getting permission from DB USER: GUEST SESSION: "
+
str
(
session
.
uid
)
+
" ARGS: "
+
str
(
request
.
args
)
+
" REQ "
+
str
(
request
))
try
:
log
.
info
(
"PERMISSION DB DENIED, USER: "
+
session
.
mind
.
perms
.
username
+
" SESSION: "
+
str
(
session
.
uid
)
+
" ARGS: "
+
str
(
request
.
args
)
+
" REQ "
+
str
(
request
))
except
:
log
.
info
(
"PERMISSION DB DENIED, USER: GUEST SESSION: "
+
str
(
session
.
uid
)
+
" ARGS: "
+
str
(
request
.
args
)
+
" REQ "
+
str
(
request
))
return
permissionDenied
(),
()
return
permissionDenied
(),
()
if
not
'sse'
in
dir
(
session
):
if
not
'sse'
in
dir
(
session
):
session
.
sse
=
False
session
.
sse
=
False
...
@@ -212,9 +218,23 @@ class RootPage(rend.Page):
...
@@ -212,9 +218,23 @@ class RootPage(rend.Page):
session
.
dmpermissions
=
{}
session
.
dmpermissions
=
{}
if
not
request
.
path
in
session
.
dmpermissions
.
keys
():
if
not
request
.
path
in
session
.
dmpermissions
.
keys
():
session
.
dmpermissions
[
request
.
path
]
=
'none'
session
.
dmpermissions
[
request
.
path
]
=
'none'
return
self
.
core
.
getPermissionForPath
(
session
.
mind
.
perms
.
username
,
request
.
path
)
.
addCallback
(
try
:
addPerms
,
ctx
,
name
,
session
,
request
log
.
info
(
"SESS: "
+
str
(
session
.
uid
)
+
" MIND: "
+
str
(
session
.
mind
.
perms
)
+
" DMPERMS "
+
str
(
session
.
dmpermissions
))
)
return
self
.
core
.
getPermissionForPath
(
session
.
mind
.
perms
.
username
,
request
.
path
)
.
addCallback
(
addPerms
,
ctx
,
name
,
session
,
request
)
except
:
log
.
info
(
"USERS HAS NO MIND??? "
+
str
(
request
.
path
)
+
" "
+
str
(
session
.
uid
)
+
" "
+
str
(
request
.
args
)
+
" REQ "
+
str
(
request
)
+
" "
+
str
(
session
.
dmpermissions
))
if
'username'
in
session
.
dmpermissions
.
keys
():
log
.
debug
(
"BUT IT HAS DMPERMISSION... "
+
str
(
session
.
dmpermissions
))
return
self
.
core
.
getPermissionForPath
(
session
.
dmpermissions
[
'username'
],
request
.
path
)
.
addCallback
(
addPerms
,
ctx
,
name
,
session
,
request
)
else
:
log
.
debug
(
"ALSO NO USERNAME IN DMPERMISSION "
+
str
(
session
.
uid
))
return
self
.
core
.
getPermissionForPath
(
'guest'
,
request
.
path
)
.
addCallback
(
addPerms
,
ctx
,
name
,
session
,
request
)
def
locateChild
(
self
,
ctx
,
name
):
def
locateChild
(
self
,
ctx
,
name
):
session
=
inevow
.
ISession
(
ctx
)
session
=
inevow
.
ISession
(
ctx
)
...
@@ -496,20 +516,20 @@ class LoginPage(rend.Page):
...
@@ -496,20 +516,20 @@ class LoginPage(rend.Page):
request
=
inevow
.
IRequest
(
ctx
)
request
=
inevow
.
IRequest
(
ctx
)
host
=
request
.
getHeader
(
'host'
)
host
=
request
.
getHeader
(
'host'
)
log
.
debug
(
"LOGIN HOST CALLED: "
+
str
(
host
))
log
.
info
(
"LOGIN HOST CALLED: "
+
str
(
host
))
cookies
=
request
.
getHeader
(
'cookie'
)
cookies
=
request
.
getHeader
(
'cookie'
)
if
cookies
:
if
cookies
:
cookies
=
cookies
.
replace
(
" "
,
""
)
.
split
(
';'
)
cookies
=
cookies
.
replace
(
" "
,
""
)
.
split
(
';'
)
for
cookie
in
cookies
:
for
cookie
in
cookies
:
cookiename
=
cookie
.
split
(
"="
)[
0
]
cookiename
=
cookie
.
split
(
"="
)[
0
]
if
cookiename
.
startswith
(
'Domotikad_session'
):
if
cookiename
.
startswith
(
'Domotikad_session'
):
log
.
debug
(
"REMOVE COOKIE: "
+
str
(
request
.
getCookie
(
cookie
.
split
(
"="
)[
0
])))
log
.
info
(
"REMOVE COOKIE: "
+
str
(
request
.
getCookie
(
cookie
.
split
(
"="
)[
0
])))
# XXX This won't work as expected if user is logging in with path != from "/"
# XXX This won't work as expected if user is logging in with path != from "/"
# Also, is cookie secure even for http requests?
# Also, is cookie secure even for http requests?
request
.
addCookie
(
cookiename
,
cookie
.
split
(
"="
)[
1
],
expires
=
http
.
datetimeToString
(
time
.
time
()),
path
=
"/"
,
secure
=
True
)
request
.
addCookie
(
cookiename
,
cookie
.
split
(
"="
)[
1
],
expires
=
http
.
datetimeToString
(
time
.
time
()),
path
=
"/"
,
secure
=
True
)
elif
cookiename
.
startswith
(
'Domotikad_rme'
):
elif
cookiename
.
startswith
(
'Domotikad_rme'
):
rmec
=
str
(
request
.
getCookie
(
"Domotikad_rme"
))
rmec
=
str
(
request
.
getCookie
(
"Domotikad_rme"
))
log
.
debug
(
"RememberMe COOKIE FOUND: "
+
rmec
)
log
.
info
(
"RememberMe COOKIE FOUND: "
+
rmec
)
rmecl
=
rmec
.
split
(
':'
)
rmecl
=
rmec
.
split
(
':'
)
try
:
try
:
if
len
(
rmecl
)
>
1
:
if
len
(
rmecl
)
>
1
:
...
@@ -529,7 +549,7 @@ class LoginPage(rend.Page):
...
@@ -529,7 +549,7 @@ class LoginPage(rend.Page):
log
.
info
(
"LOGIN FORM FOR PATH "
+
request
.
path
)
log
.
info
(
"LOGIN FORM FOR PATH "
+
request
.
path
)
return
self
.
getStandardHTML
(
request
.
path
)
return
self
.
getStandardHTML
(
request
.
path
)
else
:
else
:
log
.
debug
(
"LOGIN FROM COOKIE FOR PATH "
+
request
.
path
)
log
.
info
(
"LOGIN FROM COOKIE FOR PATH "
+
request
.
path
)
return
rme
.
addCallback
(
self
.
rmelogin
,
request
,
rmec
)
return
rme
.
addCallback
(
self
.
rmelogin
,
request
,
rmec
)
...
@@ -543,7 +563,7 @@ class LoginPage(rend.Page):
...
@@ -543,7 +563,7 @@ class LoginPage(rend.Page):
return
html
return
html
def
getScript
(
self
,
path
):
def
getScript
(
self
,
path
):
return
'<script> window.onload=function(){
document.loginform.submit(
); };</script>'
return
'<script> window.onload=function(){
window.setTimeout(function() {document.loginform.submit();}, 1000
); };</script>'
def
rmelogin
(
self
,
res
,
req
,
has
):
def
rmelogin
(
self
,
res
,
req
,
has
):
if
res
and
((
'__len__'
in
dir
(
res
)
and
len
(
res
)
>
0
)
or
res
!=
None
)
and
len
(
has
.
split
(
":"
,
1
))
>
1
:
if
res
and
((
'__len__'
in
dir
(
res
)
and
len
(
res
)
>
0
)
or
res
!=
None
)
and
len
(
has
.
split
(
":"
,
1
))
>
1
:
...
@@ -556,7 +576,7 @@ class LoginPage(rend.Page):
...
@@ -556,7 +576,7 @@ class LoginPage(rend.Page):
if
len
(
rme
.
split
())
==
3
:
if
len
(
rme
.
split
())
==
3
:
u
,
lp
,
p
=
rme
.
split
()
u
,
lp
,
p
=
rme
.
split
()
if
user
.
username
==
u
and
user
.
passwd
==
p
:
if
user
.
username
==
u
and
user
.
passwd
==
p
:
log
.
debug
(
"Cookie login succeed for user "
+
user
.
username
)
log
.
info
(
"Cookie login succeed for user "
+
user
.
username
)
try
:
try
:
expire
=
http
.
datetimeToString
(
time
.
time
()
+
3600
*
24
*
365
*
50
)
expire
=
http
.
datetimeToString
(
time
.
time
()
+
3600
*
24
*
365
*
50
)
except
:
except
:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment