From 4cb867a0ff234c1158949ba0e1dcc3409f0d08e7 Mon Sep 17 00:00:00 2001 From: Eli Ribble Date: Thu, 9 Jun 2016 00:53:01 -0600 Subject: [PATCH] Get form-based sessions working This removes some of the logic associated with using JSON based authentication in favor of the simpler and more built-in form based authentication that I had originally gotten working. This requires no JavaScript from the browser, which is its own reward --- vanth/platform/user.py | 47 +++++++++++++++++++++++++++++++++++++++--- vanth/server.py | 12 +++++++---- vanth/user.py | 21 ------------------- 3 files changed, 52 insertions(+), 28 deletions(-) diff --git a/vanth/platform/user.py b/vanth/platform/user.py index 7e5981e..f884039 100644 --- a/vanth/platform/user.py +++ b/vanth/platform/user.py @@ -1,3 +1,4 @@ +import logging import uuid import chryso.connection @@ -7,13 +8,49 @@ import sepiida.routing import vanth.tables +LOGGER = logging.getLogger(__name__) + +class User(): + def __init__(self, _uuid, name, username): + self.uuid = _uuid + self.name = name + self.username = username + + @staticmethod + def is_authenticated(): + return True + + @staticmethod + def is_active(): + return True + + @staticmethod + def is_anonymous(): + return False + + def get_id(self): + return str(self.uuid) + +def load(user_id): + engine = chryso.connection.get() + + query = vanth.tables.User.select().where(vanth.tables.User.c.uuid == str(user_id)) + results = engine.execute(query).fetchall() + assert len(results) <= 1 + if not results: + return None + user = results[0] + return User( + _uuid = user[vanth.tables.User.c.uuid], + name = user[vanth.tables.User.c.name], + username = user[vanth.tables.User.c.username], + ) def _to_dict(result): return { - 'password' : result[vanth.tables.User.c.password], 'name' : result[vanth.tables.User.c.name], - 'uri' : sepiida.routing.uri('user', result[vanth.tables.User.c.uuid]), 'username' : result[vanth.tables.User.c.username], + 'uuid' : result[vanth.tables.User.c.uuid], } def by_filter(filters): @@ -33,7 +70,11 @@ def by_credentials(username, password): if not (result and passlib.apps.custom_app_context.verify(password, result[vanth.tables.User.c.password])): return None - return _to_dict(result) + return User( + _uuid = result['uuid'], + name = result['name'], + username = result['username'], + ) def create(name, username, password): engine = chryso.connection.get() diff --git a/vanth/server.py b/vanth/server.py index 60318b5..0d4d87a 100644 --- a/vanth/server.py +++ b/vanth/server.py @@ -1,5 +1,4 @@ import logging -import uuid import flask import flask_login @@ -12,7 +11,7 @@ import vanth.api.ofxsource import vanth.api.session import vanth.api.user import vanth.auth -import vanth.user +import vanth.platform.user LOGGER = logging.getLogger(__name__) @@ -25,13 +24,18 @@ def index(): def load_user(user_id): LOGGER.debug("Loading user %s", user_id) - return vanth.user.load(user_id) + return vanth.platform.user.load(user_id) def login(): if flask.request.method == 'GET': return flask.render_template('login.html') elif flask.request.method == 'POST': - user = vanth.user.load(uuid.uuid4()) + username = flask.request.form.get('username') + password = flask.request.form.get('password') + LOGGER.debug("Checking credentials for %s %s", username, password) + user = vanth.platform.user.by_credentials(username, password) + if not user: + return flask.make_response('error', 403) flask_login.login_user(user) elif flask.request.method == 'DELETE': flask_login.logout_user() diff --git a/vanth/user.py b/vanth/user.py index a9ef7f8..d69b3ba 100644 --- a/vanth/user.py +++ b/vanth/user.py @@ -1,24 +1,3 @@ import logging LOGGER = logging.getLogger(__name__) - -class User(): - def __init__(self, user_id): - self.user_id = user_id - self.name = 'a person' - - def is_authenticated(self): - return True - - def is_active(self): - return True - - def is_anonymous(self): - return False - - def get_id(self): - LOGGER.debug("Getting user id") - return str(self.user_id) - -def load(user_id): - return User(user_id)