Mercurial > hg > bitsyauth
annotate bitsyauth/__init__.py @ 56:d09682c9cd98 default tip
skimpyGimpy aint python3
author | Jeff Hammel <k0scist@gmail.com> |
---|---|
date | Tue, 03 Nov 2020 13:31:30 -0800 |
parents | 8367a345ae41 |
children |
rev | line source |
---|---|
52 | 1 """ |
2 bitsyauth: wrapper module for paste auth | |
3 """ | |
4 | |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
5 import markup |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
6 import random |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
7 import re |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
8 import sys |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
9 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
10 from markup.form import Form |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
11 from paste.auth import basic, cookie, digest, form, multi, auth_tkt |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
12 from webob import Request, Response, exc |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
13 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
14 try: |
54
b39ab92955ef
allow StringIO not just cStringIO
Jeff Hammel <k0scist@gmail.com>
parents:
53
diff
changeset
|
15 from cStringIO import StringIO |
b39ab92955ef
allow StringIO not just cStringIO
Jeff Hammel <k0scist@gmail.com>
parents:
53
diff
changeset
|
16 except ImportError: |
55 | 17 try: |
18 from StringIO import StringIO | |
19 except ModuleNotFoundError: | |
20 # python3 | |
21 from io import StringIO | |
54
b39ab92955ef
allow StringIO not just cStringIO
Jeff Hammel <k0scist@gmail.com>
parents:
53
diff
changeset
|
22 |
b39ab92955ef
allow StringIO not just cStringIO
Jeff Hammel <k0scist@gmail.com>
parents:
53
diff
changeset
|
23 try: |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
24 from skimpyGimpy import skimpyAPI |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
25 CAPTCHA = True |
56 | 26 except: |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
27 CAPTCHA = False |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
28 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
29 dictionary_file = '/usr/share/dict/american-english' |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
30 |
54
b39ab92955ef
allow StringIO not just cStringIO
Jeff Hammel <k0scist@gmail.com>
parents:
53
diff
changeset
|
31 |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
32 def random_word(): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
33 """generate a random word for CAPTCHA auth""" |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
34 min_length = 5 # minimum word length |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
35 if not globals().has_key('dictionary'): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
36 # read the dictionary -- this may be platform dependent |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
37 # XXX could use a backup dictionary |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
38 _dictionary = file(dictionary_file).readlines() |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
39 _dictionary = [ i.strip() for i in _dictionary ] |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
40 _dictionary = [ i.lower() for i in _dictionary |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
41 if i.isalpha() and i > min_length ] |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
42 globals()['dictionary'] = _dictionary |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
43 return random.Random().choice(dictionary) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
44 |
52 | 45 |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
46 class BitsyAuthInnerWare(object): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
47 """inner auth; does login checking""" |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
48 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
49 def __init__(self, app, passwords, newuser=None, site=None, realm=None): |
44 | 50 """ |
51 a simple auth implementation: inner middleware | |
52 | |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
53 * app: the WSGI app to be wrapped |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
54 * passwords: callable that return a dictionary of {'user': 'password'} |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
55 * newuser: callable to make a new user, taking name + pw |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
56 * site: name of the site |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
57 * realm: realm for HTTP digest authentication |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
58 """ |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
59 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
60 self.app = app |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
61 self.passwords = passwords |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
62 self.site = site or '' |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
63 self.realm = realm or self.site |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
64 self.captcha = True |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
65 self.urls = { 'login': '/login', 'join': '/join', } |
45
54a53bbe5be9
bitsyauth/__init__.py example/persona.html
Jeff Hammel <jhammel@mozilla.com>
parents:
44
diff
changeset
|
66 |
54a53bbe5be9
bitsyauth/__init__.py example/persona.html
Jeff Hammel <jhammel@mozilla.com>
parents:
44
diff
changeset
|
67 # CAPTCHAs |
54a53bbe5be9
bitsyauth/__init__.py example/persona.html
Jeff Hammel <jhammel@mozilla.com>
parents:
44
diff
changeset
|
68 # using skimpygimpy (for now) |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
69 self.keys = {} # keys, words for CAPTCHA request |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
70 self.content_type = { 'image_captcha': 'image/png', |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
71 'wav_captcha': 'audio/wav' } |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
72 |
45
54a53bbe5be9
bitsyauth/__init__.py example/persona.html
Jeff Hammel <jhammel@mozilla.com>
parents:
44
diff
changeset
|
73 # new user creation |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
74 if newuser: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
75 self.newuser = newuser |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
76 else: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
77 self.urls.pop('join') # don't do joining |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
78 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
79 # WSGI app securely wrapped |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
80 self.wrapped_app = self.security_wrapper() |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
81 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
82 if not CAPTCHA: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
83 self.captcha = False |
21 | 84 |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
85 ### WSGI/HTTP layer |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
86 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
87 def __call__(self, environ, start_response): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
88 |
8 | 89 orig_environ = dict(environ) |
90 | |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
91 self.request = Request(environ) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
92 self.request.path_info = self.request.path_info.rstrip('/') |
20
9f4369b769d0
this *may* be more portable?
Jeff Hammel <jhammel@mozilla.com>
parents:
19
diff
changeset
|
93 |
8 | 94 self.redirect_to = '/' + self.request.script_name.lstrip('/') |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
95 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
96 # URLs intrinsic to BitsyAuth |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
97 if self.request.path_info == '/logout': |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
98 response = self.redirect() |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
99 return response(self.request.environ, start_response) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
100 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
101 if self.request.path_info in self.url_lookup(): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
102 response = self.make_response() |
53 | 103 try: |
104 res = response(self.request.environ, start_response) | |
105 return res | |
106 except Exception as e: | |
107 print (e) | |
108 raise | |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
109 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
110 # digest auth |
20
9f4369b769d0
this *may* be more portable?
Jeff Hammel <jhammel@mozilla.com>
parents:
19
diff
changeset
|
111 if 'Authorization' in self.request.headers.keys(): |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
112 return self.wrapped_app(self.request.environ, start_response) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
113 |
8 | 114 response = Request(orig_environ).get_response(self.app) |
115 | |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
116 # respond to 401s |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
117 if response.status_int == 401: # Unauthorized |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
118 if self.request.environ.get('REMOTE_USER'): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
119 return exc.HTTPForbidden() |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
120 else: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
121 response = self.request.get_response(self.wrapped_app) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
122 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
123 user = self.request.environ.get('REMOTE_USER') |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
124 if user: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
125 self.request.environ['paste.auth_tkt.set_user'](user) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
126 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
127 return response(self.request.environ, start_response) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
128 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
129 ### authentication function |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
130 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
131 def digest_authfunc(self, environ, realm, user): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
132 return self.passwords()[user] # passwords stored in m5 digest |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
133 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
134 def authfunc(self, environ, user, password): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
135 return self.hash(user, password) == self.passwords()[user] |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
136 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
137 def hash(self, user, password): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
138 # use md5 digest for now |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
139 return digest.digest_password(self.realm, user, password) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
140 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
141 def security_wrapper(self): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
142 """return the app securely wrapped""" |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
143 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
144 multi_auth = multi.MultiHandler(self.app) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
145 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
146 # digest authentication |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
147 multi_auth.add_method('digest', digest.middleware, |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
148 self.realm, self.digest_authfunc) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
149 multi_auth.set_query_argument('digest', key='auth') |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
150 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
151 # form authentication |
6 | 152 template = self.login(wrap=True, action='%s') |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
153 multi_auth.add_method('form', form.middleware, self.authfunc, |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
154 template=template) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
155 multi_auth.set_default('form') |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
156 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
157 return multi_auth |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
158 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
159 # might have to wrap cookie.middleware(BitsyAuth(multi(app))) ::shrug:: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
160 return cookie.middleware(multi_auth) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
161 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
162 ### methods dealing with intrinsic URLs |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
163 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
164 def url_lookup(self): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
165 retval = dict([ (value, key) for key, value |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
166 in self.urls.items() ]) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
167 if self.captcha: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
168 retval.update(dict([(('/join/%s.png' % key), 'image_captcha') |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
169 for key in self.keys])) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
170 return retval |
21 | 171 |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
172 def get_response(self, text, content_type='text/html'): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
173 res = Response(content_type=content_type, body=text) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
174 res.content_length = len(res.body) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
175 return res |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
176 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
177 def make_response(self): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
178 url_lookup = self.url_lookup() |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
179 path = self.request.path_info |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
180 assert path in url_lookup |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
181 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
182 # login and join shouldn't be accessible when logged in |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
183 if self.request.environ.get('REMOTE_USER'): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
184 return self.redirect("You are already logged in") |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
185 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
186 handler = url_lookup[path] |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
187 function = getattr(self, handler) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
188 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
189 if self.request.method == 'GET': |
21 | 190 # XXX could/should do this with decorators |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
191 return self.get_response(function(wrap=True), |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
192 content_type=self.content_type.get(handler,'text/html')) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
193 if self.request.method == 'POST': |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
194 post_func = getattr(self, handler + "_post") |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
195 errors = post_func() |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
196 if errors: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
197 return self.get_response(function(errors=errors, wrap=True)) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
198 else: |
5
2693b81f5960
fix redirection behaviour (though ultimately the whole class should be refactored not to store request on it)
k0s <k0scist@gmail.com>
parents:
4
diff
changeset
|
199 location = self.request.POST.get('referer') |
2693b81f5960
fix redirection behaviour (though ultimately the whole class should be refactored not to store request on it)
k0s <k0scist@gmail.com>
parents:
4
diff
changeset
|
200 return self.redirect("Welcome!", location=location) |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
201 |
5
2693b81f5960
fix redirection behaviour (though ultimately the whole class should be refactored not to store request on it)
k0s <k0scist@gmail.com>
parents:
4
diff
changeset
|
202 def redirect(self, message='', location=None): |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
203 """redirect from instrinsic urls""" |
5
2693b81f5960
fix redirection behaviour (though ultimately the whole class should be refactored not to store request on it)
k0s <k0scist@gmail.com>
parents:
4
diff
changeset
|
204 return exc.HTTPSeeOther(message, location=location or self.redirect_to) |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
205 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
206 def image_captcha(self, wrap=True): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
207 """return data for the image""" |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
208 key = self.request.path_info.split('/join/')[-1] |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
209 key = int(key.split('.png')[0]) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
210 return skimpyAPI.Png(self.keys[key], scale=3.0).data() |
21 | 211 |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
212 ### forms and their display methods |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
213 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
214 ### login |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
215 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
216 def login_form(self, referer=None, action=None): |
6 | 217 form = Form(action=action or '', submit='Login') |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
218 form.add_element('textfield', 'Name', input_name='username') |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
219 form.add_element('password', 'Password', input_name='password') |
5
2693b81f5960
fix redirection behaviour (though ultimately the whole class should be refactored not to store request on it)
k0s <k0scist@gmail.com>
parents:
4
diff
changeset
|
220 if referer: |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
221 form.add_element('hidden', 'referer', value=referer) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
222 return form |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
223 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
224 def login(self, errors=None, wrap=False, action=None): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
225 """login div""" |
5
2693b81f5960
fix redirection behaviour (though ultimately the whole class should be refactored not to store request on it)
k0s <k0scist@gmail.com>
parents:
4
diff
changeset
|
226 referer = None |
2693b81f5960
fix redirection behaviour (though ultimately the whole class should be refactored not to store request on it)
k0s <k0scist@gmail.com>
parents:
4
diff
changeset
|
227 if hasattr(self, 'request'): |
2693b81f5960
fix redirection behaviour (though ultimately the whole class should be refactored not to store request on it)
k0s <k0scist@gmail.com>
parents:
4
diff
changeset
|
228 referer = self.request.referer |
2693b81f5960
fix redirection behaviour (though ultimately the whole class should be refactored not to store request on it)
k0s <k0scist@gmail.com>
parents:
4
diff
changeset
|
229 form = self.login_form(action=action, referer=referer) |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
230 join = self.urls.get('join') |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
231 retval = form(errors) |
21 | 232 if join: |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
233 retval += '<br/>\n' + markup.a('join', href="%s" % join) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
234 retval = markup.div(retval) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
235 if wrap: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
236 title = 'login' |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
237 if self.site: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
238 pagetitle = '%s - %s' % (title, self.site) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
239 retval = markup.wrap(markup.h1(title.title()) + retval, |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
240 pagetitle=pagetitle) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
241 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
242 return retval |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
243 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
244 def login_post(self): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
245 """handle a login POST request""" |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
246 user = self.request.POST.get('username') |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
247 password = self.request.POST.get('password') |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
248 passwords = self.passwords() |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
249 error = False |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
250 if user not in passwords: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
251 error = True |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
252 else: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
253 error = not self.authfunc(self.request.environ, user, password) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
254 if error: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
255 return { 'Name': 'Wrong username or password' } |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
256 self.request.environ['REMOTE_USER'] = user |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
257 self.request.environ['paste.auth_tkt.set_user'](user) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
258 |
52 | 259 |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
260 ### join |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
261 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
262 def captcha_pre(self, word, key): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
263 """CAPTCHA with pre-formatted text""" |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
264 return skimpyAPI.Pre(word, scale=1.2).data() |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
265 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
266 def captcha_png(self, word, key): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
267 """CAPTCHA with a PNG image""" |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
268 return markup.image('/join/%s.png' % key) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
269 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
270 def join_form(self): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
271 captcha = '' |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
272 if self.captcha: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
273 # data for CAPTCHA |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
274 key = random.Random().randint(0, sys.maxint) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
275 word = random_word() |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
276 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
277 self.keys[key] = word |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
278 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
279 captcha = StringIO() |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
280 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
281 captcha_text = "Please type the word below so I know you're not a computer:" |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
282 captcha_help = "(please %s if the page is unreadable)" % markup.link('/join?captcha=image', 'go here') |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
283 |
19 | 284 print >> captcha, markup.p('%s<br/> %s' % (captcha_text, |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
285 markup.i(captcha_help))) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
286 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
287 # determine type of CAPTCHA |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
288 captchas = ' '.join(self.request.GET.getall('captcha')) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
289 if not captchas: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
290 captchas = 'pre' |
19 | 291 |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
292 captcha_funcs=dict(pre=self.captcha_pre, |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
293 image=self.captcha_png,) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
294 captchas = [ captcha_funcs[i](word, key) for i in captchas.split() |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
295 if i in captcha_funcs ] |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
296 captchas = '\n'.join([markup.p(i) for i in captchas]) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
297 print >> captcha, captchas |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
298 print >> captcha, markup.p(markup.input(None, **dict(name='captcha', type='text'))) |
19 | 299 |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
300 captcha = captcha.getvalue() |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
301 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
302 form = Form(action=self.urls['join'], submit='Join', post_html=captcha) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
303 form.add_element('textfield', 'Name') |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
304 form.add_password_confirmation() |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
305 form.add_element('hidden', 'key', value=str(key)) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
306 return form |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
307 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
308 def join(self, errors=None, wrap=False): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
309 """join div or page if wrap""" |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
310 form = self.join_form() |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
311 retval = markup.div(form(errors)) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
312 if wrap: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
313 pagetitle = title = 'join' |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
314 if self.site: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
315 pagetitle = '%s - %s' % (title, self.site) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
316 if self.captcha: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
317 errors = errors or {} |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
318 captcha_err = errors.get('CAPTCHA', '') |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
319 if captcha_err: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
320 captcha_err = markup.p(markup.em(captcha_err), |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
321 **{'class': 'error'}) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
322 retval = markup.wrap(markup.h1(title.title()) + captcha_err + retval, |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
323 pagetitle=pagetitle) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
324 return retval |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
325 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
326 def join_post(self): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
327 """handle a join POST request""" |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
328 form = self.join_form() |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
329 errors = form.validate(self.request.POST) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
330 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
331 # validate captcha |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
332 if CAPTCHA: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
333 key = self.request.POST.get('key') |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
334 try: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
335 key = int(key) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
336 except ValueError: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
337 key = None |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
338 if not key: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
339 errors['CAPTCHA'] = 'Please type the funky looking word' |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
340 word = self.keys.pop(key, None) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
341 if not word: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
342 errors['CAPTCHA'] = 'Please type the funky looking word' |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
343 if word != self.request.POST.get('captcha','').lower(): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
344 errors['CAPTCHA'] = 'Sorry, you typed the wrong word' |
19 | 345 |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
346 name = self.request.POST.get('Name', '') |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
347 if not name: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
348 if not errors.has_key('Name'): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
349 errors['Name'] = [] |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
350 errors['Name'].append('Please enter a user name') |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
351 if name in self.passwords(): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
352 if not errors.has_key('Name'): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
353 errors['Name'] = [] |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
354 errors['Name'].append('The name %s is already taken' % name) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
355 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
356 if not errors: # create a new user |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
357 self.newuser(name, |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
358 self.hash(name, self.request.POST['Password'])) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
359 self.request.environ['REMOTE_USER'] = name # login the new user |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
360 self.request.environ['paste.auth_tkt.set_user'](name) |
18 | 361 |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
362 return errors |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
363 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
364 class BitsyAuth(object): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
365 """outer middleware for auth; does the cookie handling and wrapping""" |
18 | 366 |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
367 def __init__(self, app, global_conf, passwords, newuser, site='', secret='secret'): |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
368 self.app = app |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
369 self.path = '/logout' |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
370 self.cookie = '__ac' |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
371 auth = BitsyAuthInnerWare(app, passwords=passwords, newuser=newuser, site=site) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
372 self.hash = auth.hash |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
373 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
374 # paste.auth.auth_tkt |
9
73b2b5bccd52
* allow logout to pass through instead of failing
egj@socialplanning.org
parents:
8
diff
changeset
|
375 self.cookie_handler = auth_tkt.make_auth_tkt_middleware( |
73b2b5bccd52
* allow logout to pass through instead of failing
egj@socialplanning.org
parents:
8
diff
changeset
|
376 auth, global_conf, secret, |
73b2b5bccd52
* allow logout to pass through instead of failing
egj@socialplanning.org
parents:
8
diff
changeset
|
377 cookie_name=self.cookie, logout_path='/logout') |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
378 |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
379 def __call__(self, environ, start_response): |
42 | 380 |
9
73b2b5bccd52
* allow logout to pass through instead of failing
egj@socialplanning.org
parents:
8
diff
changeset
|
381 try: |
73b2b5bccd52
* allow logout to pass through instead of failing
egj@socialplanning.org
parents:
8
diff
changeset
|
382 return self.cookie_handler(environ, start_response) |
15
431bd76aabb7
slightly less stupid exception handling
Jeff Hammel <jhammel@mozilla.com>
parents:
9
diff
changeset
|
383 except auth_tkt.BadTicket: |
431bd76aabb7
slightly less stupid exception handling
Jeff Hammel <jhammel@mozilla.com>
parents:
9
diff
changeset
|
384 environ.pop('HTTP_COOKIE') # kill all cookies! bad! XXX |
431bd76aabb7
slightly less stupid exception handling
Jeff Hammel <jhammel@mozilla.com>
parents:
9
diff
changeset
|
385 return self.cookie_handler(environ, start_response) |
9
73b2b5bccd52
* allow logout to pass through instead of failing
egj@socialplanning.org
parents:
8
diff
changeset
|
386 return self.logout(environ, start_response) |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
387 |
9
73b2b5bccd52
* allow logout to pass through instead of failing
egj@socialplanning.org
parents:
8
diff
changeset
|
388 def logout(self, environ, start_response): |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
389 req = Request(environ) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
390 keys = [ 'REMOTE_USER' ] |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
391 # keys = [ 'REMOTE_USER', 'AUTH_TYPE', 'paste.auth.cookie', 'paste.cookies', 'HTTP_COOKIE' ] # XXX zealous kill |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
392 for key in keys: |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
393 req.environ.pop(key, None) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
394 |
43 | 395 # return response |
0
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
396 body = '<html><head><title>logout</title></head><body>logout</body></html>' |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
397 res = Response(content_type='text/html', body=body) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
398 req.cookies.pop(self.cookie, None) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
399 res.delete_cookie(self.cookie) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
400 res.unset_cookie(self.cookie) |
284621b3effd
initial commit of bitsyauth, initially from bitsyblog
k0s <k0scist@gmail.com>
parents:
diff
changeset
|
401 return res(environ, start_response) |