nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-05-20 10:34:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Convert login page to Django forms

Browse Source
This commit is contained in:
Sunil Mohan Adapa 2014-05-12 12:21:55 +05:30
parent a7e0a5284d
commit ee9df9bfb7
3 changed files with 95 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
modules/installed/lib/auth.py
View File

@ -67,12 +67,14 @@ def check_credentials(username, passphrase):
cfg.log(error) cfg.log(error)
return error return error
bad_authentication = "Bad user-name or password." bad_authentication = "Bad username or password."
hashed_password = None hashed_password = None
if username in cfg.users: if username not in cfg.users or 'passphrase' not in cfg.users[username]:
if "passphrase" in cfg.users[username]: cfg.log(bad_authentication)
hashed_password = cfg.users[username]['passphrase'] return bad_authentication
hashed_password = cfg.users[username]['passphrase']
try: try:
# time-dependent comparison when non-ASCII characters are used. # time-dependent comparison when non-ASCII characters are used.

74
modules/installed/lib/auth_page.py
View File

@ -4,45 +4,70 @@ Controller to provide login and logout actions
import cherrypy import cherrypy
import cfg import cfg
from django import forms
from gettext import gettext as _
from plugin_mount import PagePlugin from plugin_mount import PagePlugin
from modules.forms import Form import auth
from auth import *
import util import util
class LoginForm(forms.Form): # pylint: disable-msg=W0232
"""Login form"""
from_page = forms.CharField(widget=forms.HiddenInput(), required=False)
username = forms.CharField(label=_('Username'))
password = forms.CharField(label=_('Passphrase'),
widget=forms.PasswordInput())
def clean(self):
"""Check for valid credentials"""
# pylint: disable-msg=E1101
if 'username' in self._errors or 'password' in self._errors:
return self.cleaned_data
error_msg = auth.check_credentials(self.cleaned_data['username'],
self.cleaned_data['password'])
if error_msg:
raise forms.ValidationError(error_msg, code='invalid_credentials')
return self.cleaned_data
class AuthController(PagePlugin): class AuthController(PagePlugin):
"""Login and logout pages"""
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
PagePlugin.__init__(self, *args, **kwargs) PagePlugin.__init__(self, *args, **kwargs)
self.register_page("auth")
self.register_page('auth')
def on_login(self, username): def on_login(self, username):
"""Called on successful login""" """Called on successful login"""
def on_logout(self, username): def on_logout(self, username):
"""Called on logout""" """Called on logout"""
def get_loginform(self, username, msg='', from_page=cfg.server_dir+"/"):
form = Form(title="Login", action=cfg.server_dir + "/auth/login", message=msg)
form.text_input(name="from_page", value=from_page, type="hidden")
form.text_input("Username", name="username", value=username)
form.text_input("Passphrase", name="passphrase", type="password")
form.submit(label="Login")
return util.render_template(main=form.render())
@cherrypy.expose @cherrypy.expose
def login(self, username=None, passphrase=None, from_page=cfg.server_dir+"/", **kwargs): def login(self, from_page=cfg.server_dir+"/", **kwargs):
if username is None or passphrase is None: """Serve the login page"""
return self.get_loginform("", from_page=from_page) form = None
error_msg = check_credentials(username, passphrase) if kwargs:
if error_msg: form = LoginForm(kwargs, prefix='auth')
return self.get_loginform(username, error_msg, from_page) # pylint: disable-msg=E1101
if form.is_valid():
username = form.cleaned_data['username']
cherrypy.session[cfg.session_key] = username
cherrypy.request.login = username
self.on_login(username)
raise cherrypy.HTTPRedirect(from_page or
(cfg.server_dir + "/"))
else: else:
cherrypy.session[cfg.session_key] = cherrypy.request.login = username form = LoginForm(prefix='auth')
self.on_login(username)
raise cherrypy.HTTPRedirect(from_page or (cfg.server_dir + "/")) return util.render_template(template='form', title=_('Login'),
form=form, submit_text=_('Login'))
@cherrypy.expose @cherrypy.expose
def logout(self, from_page=cfg.server_dir+"/"): def logout(self, from_page=cfg.server_dir+"/"):
sess = cherrypy.session sess = cherrypy.session
@ -51,4 +76,5 @@ class AuthController(PagePlugin):
if username: if username:
cherrypy.request.login = None cherrypy.request.login = None
self.on_logout(username) self.on_logout(username)
raise cherrypy.HTTPRedirect(from_page or (cfg.server_dir + "/")) raise cherrypy.HTTPRedirect(from_page or (cfg.server_dir + "/"))

39
templates/form.html Normal file
View File

@ -0,0 +1,39 @@
{% extends "login_nav.html" %}
{% comment %}
#
# This file is part of Plinth.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
{% endcomment %}
{% load bootstrap %}
{% block main_block %}
{% for severity, message in messages %}
<div class='alert alert-{{ severity }}'>{{ message }}</div>
{% endfor %}
<form class="form" method="post">
{% csrf_token %}
{{ form|bootstrap }}
<input type="submit" class="btn-primary"
value="{{ submit_text|default:"Submit" }}"/>
</form>
{% endblock %}