-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathAdminSecurity.py
More file actions
74 lines (64 loc) · 2.98 KB
/
Copy pathAdminSecurity.py
File metadata and controls
74 lines (64 loc) · 2.98 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
from AdminPage import AdminPage
# Set this to False if you want to allow everyone to access secure pages
# with no login required. This should instead come from a config file.
requireLogin = True
if not requireLogin:
class AdminSecurity(AdminPage):
def writeHTML(self):
session = self.session()
request = self.request()
# Are they logging out?
if request.hasField('logout'):
# They are logging out. Clear all session variables:
session.values().clear()
# write the page
AdminPage.writeHTML(self)
else:
class AdminSecurity(AdminPage):
def writeHTML(self):
session = self.session()
request = self.request()
trans = self.transaction()
app = self.application()
# Are they logging in?
if (request.hasField('login') and request.hasField('username')
and request.hasField('password')):
# They are logging in. Get login id and clear session:
loginid = session.value('loginid', None)
session.values().clear()
# Check if this is a valid user/password
username = request.field('username')
password = request.field('password')
if (self.isValidUserAndPassword(username, password)
and request.field('loginid', 'nologin') == loginid):
# Success; log them in and send the page:
session.setValue('authenticated_user_admin', username)
AdminPage.writeHTML(self)
else:
# Failed login attempt; have them try again:
request.fields()['extra'] = ('Login failed.'
' Please try again.'
' (And make sure cookies are enabled.)')
app.forward(trans, 'LoginPage')
return
# Are they logging out?
elif request.hasField('logout'):
# They are logging out. Clear all session variables:
session.values().clear()
request.fields()['extra'] = 'You have been logged out.'
app.forward(trans, 'LoginPage')
return
# Are they already logged in?
elif session.value('authenticated_user_admin', None):
# They are already logged in; write the HTML for this page:
AdminPage.writeHTML(self)
else:
# They need to log in.
app.forward(trans, 'LoginPage')
return
def isValidUserAndPassword(self, username, password):
# Replace this with a database lookup, or whatever you're using
# for authentication...
adminPassword = self.application().setting('AdminPassword')
return (username == 'admin'
and adminPassword and password == adminPassword)