diff options
author | Marian Sigler <m@qjym.de> | 2012-09-19 23:40:17 +0200 |
---|---|---|
committer | Marian Sigler <m@qjym.de> | 2012-09-19 23:40:17 +0200 |
commit | 519384f4f2b51ef1db31b9d7b13123da1fd7e779 (patch) | |
tree | 562710c6c9feeea2c18587b96a591f8f305bd0e7 | |
parent | 388c94deb866fdc9e25de31728ecdadecf4e5785 (diff) | |
download | web-519384f4f2b51ef1db31b9d7b13123da1fd7e779.tar.gz web-519384f4f2b51ef1db31b9d7b13123da1fd7e779.tar.bz2 web-519384f4f2b51ef1db31b9d7b13123da1fd7e779.zip |
login works now.
-rw-r--r-- | app.py | 18 | ||||
-rw-r--r-- | default_settings.py | 3 | ||||
-rw-r--r-- | requirements.txt | 1 | ||||
-rw-r--r-- | templates/base.html | 20 | ||||
-rw-r--r-- | templates/index.html | 4 | ||||
-rw-r--r-- | templates/login.html | 0 | ||||
-rw-r--r-- | utils.py | 58 |
7 files changed, 86 insertions, 18 deletions
@@ -1,8 +1,7 @@ # -*- coding: utf-8 -*- import os -from flask import Flask, request -from flask_login import login_required, login_user, logout_user -from utils import templated, login_manager +from flask import Flask, request, redirect, url_for, flash, session +from utils import templated, login_required, encrypt_password, decrypt_password, login_user, logout_user from forms import RegisterForm, LoginForm @@ -10,7 +9,6 @@ app = Flask(__name__) app.config.from_object('default_settings') if 'SPLINE_ACCOUNT_WEB_SETTINGS' in os.environ: app.config.from_envvar('SPLINE_ACCOUNT_WEB_SETTINGS') -login_manager.setup_app(app) @app.route('/', methods=['GET', 'POST']) @@ -18,8 +16,11 @@ login_manager.setup_app(app) def index(): form = LoginForm(request.form) if request.method == 'POST' and form.validate(): - login_user(form.username.data) - return redirect(url_for('index')) + if login_user(form.username.data, form.password.data): + flash(u'Erfolgreich eingeloggt (%s)' % session['username']) + return redirect(url_for('index')) + else: + flash(u'Ungültiger Benutzername und/oder Passwort', 'error') return {'form': form} @@ -45,13 +46,14 @@ def settings(): @app.route('/logout') -@login_required def logout(): logout_user() return redirect(url_for('index')) - +@app.route('/debug') +def debug(): + raise Exception() if __name__ == '__main__': diff --git a/default_settings.py b/default_settings.py index bcd641a..61b0dee 100644 --- a/default_settings.py +++ b/default_settings.py @@ -1 +1,4 @@ SECRET_KEY = 'remember to change this to something more random and private' + +# CHANGE THIS! (e.g. os.urandom(32) ) +PASSWORD_ENCRYPTION_KEY = '.\x14\xa7\x1b\xa2:\x1b\xb7\xbck\x1bD w\xab\x87a\xb4\xb7\xca\xf1\x06\xb0\x9f?q\x13\x05\x8dY\xe5<' diff --git a/requirements.txt b/requirements.txt index 1e537a1..327efd6 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,2 @@ Flask==0.6 python-ldap -Flask-Login diff --git a/templates/base.html b/templates/base.html index 6e4e403..decff78 100644 --- a/templates/base.html +++ b/templates/base.html @@ -12,7 +12,27 @@ {%- endfor %} </head> <body> + <h1>{% if title %}{{ title }}{% else %}spline accounts{% endif %}</h1> + + {%- if session.username %} + <p>Logged in as {{ session.username }}. <a href="{{ url_for('logout') }}">Log out</a></p> + {%- else %} + <p>Not logged in. <a href="{{ url_for('index') }}">Log in</a></p> + {%- endif %} + + {% with messages = get_flashed_messages() %} + {% if messages %} + <ul class=flashes> + {% for message in messages %} + <li>{{ message }}</li> + {% endfor %} + </ul> + {% endif %} + {% endwith %} + {% block content %}{% endblock %} + + <pre>{{ session.__repr__() }}</pre> </body> </html> diff --git a/templates/index.html b/templates/index.html index 74ffb6b..cb9c238 100644 --- a/templates/index.html +++ b/templates/index.html @@ -2,10 +2,14 @@ {%- from '_macros.html' import render_field %} {%- block content %} <p>Willkommen bei <strong>spline accounts</strong>!</p> +{%- if session.username %} +<p>Hallo {{ session.username }}. <a href="{{ url_for('settings') }}">Einstellungen</a></p> +{%- else %} <p><a href="/register">Account erstellen</a></p> <form action="" method="post"> {{ render_field(form.username) }} {{ render_field(form.password) }} <input type="submit" value="Login" /> </form> +{%- endif %} {%- endblock %} diff --git a/templates/login.html b/templates/login.html deleted file mode 100644 index e69de29..0000000 --- a/templates/login.html +++ /dev/null @@ -1,7 +1,9 @@ # -*- coding: utf-8 -*- from functools import wraps -from flask import request, render_template -from flask_login import LoginManager, UserMixin +from flask import request, render_template, session +from random import randint +from Crypto.Cipher import AES + # from http://flask.pocoo.org/docs/patterns/viewdecorators/#templating-decorator def templated(template=None): @@ -21,13 +23,51 @@ def templated(template=None): return decorated_function return decorator -login_manager = LoginManager() -@login_manager.user_loader -def load_user(username): - raise NotImplemented() +def login_user(username, password): +# if not ldap_bind(): +# return False + + session['username'] = username + session['password'] = encrypt_password(password) + + #ldap_unbind() + + return True + + +def logout_user(): + session.pop('username', None) + session.pop('password', None) + + +def pad(s, numbytes=32, padding='\0'): + return s + (numbytes - len(s) % numbytes) * padding + +def encrypt_password(password): + """ + Encrypt the given password with `config.PASSWORD_ENCRYPTION_KEY`. + The key must be 32 bytes long. + """ + assert len(app.config['PASSWORD_ENCRYPTION_KEY']) == 32 + + iv = ''.join(chr(randint(0, 0xff)) for i in range(16)) + encryptor = AES.new(app.config['PASSWORD_ENCRYPTION_KEY'], AES.MODE_CBC, iv) + return iv + encryptor.encrypt(pad(password)) + +def decrypt_password(ciphertext): + """ + Decrypt the given password with `config.PASSWORD_ENCRYPTION_KEY`. + """ + iv = ciphertext[:16] + encryptor = AES.new(app.config['PASSWORD_ENCRYPTION_KEY'], AES.MODE_CBC, iv) + return encryptor.decrypt(ciphertext[16:]).rstrip('\0') + + +def login_required(func): + #TODO + return func -class User(UserMixin): - def __init__(self, username): - self.username = username +# circular import +from app import app |