1 #!/usr/bin/env python 2 3 "An example login screen." 4 5 import WebStack.Generic 6 from WebStack.Helpers.Auth import get_token 7 8 class LoginResource: 9 10 "A resource providing a login screen." 11 12 def __init__(self, authenticator, use_redirect=1): 13 14 """ 15 Initialise the resource with an 'authenticator'. 16 17 If the optional 'use_redirect' flag is set to 0, a confirmation screen is given 18 instead of redirecting the user back to the original application. 19 """ 20 21 self.authenticator = authenticator 22 self.use_redirect = use_redirect 23 24 def respond(self, trans): 25 26 fields_path = trans.get_fields_from_path() 27 fields_body = trans.get_fields_from_body() 28 29 # NOTE: Handle missing redirects better. 30 31 if fields_body.has_key("redirect"): 32 redirects = fields_body["redirect"] 33 redirect = redirects[0] 34 elif fields_path.has_key("redirect"): 35 redirects = fields_path["redirect"] 36 redirect = redirects[0] 37 else: 38 redirect = "" 39 40 # Check for a submitted login form. 41 42 if fields_body.has_key("login"): 43 if self.authenticator.authenticate(trans): 44 self._redirect(trans, redirect) 45 46 # Otherwise, show the login form. 47 48 self._show_login(trans, redirect) 49 50 def _redirect(self, trans, redirect): 51 52 "Redirect the client using 'trans' and the given 'redirect' URL." 53 54 if self.use_redirect: 55 trans.set_header_value("Location", redirect) 56 trans.set_response_code(307) 57 58 # Show the success page anyway. 59 60 self._show_success(trans, redirect) 61 62 def _show_login(self, trans, redirect): 63 64 # When authentication fails or is yet to take place, show the login 65 # screen. 66 67 trans.set_content_type(WebStack.Generic.ContentType("text/html")) 68 out = trans.get_response_stream() 69 out.write(""" 70 <html> 71 <head> 72 <title>Login Example</title> 73 </head> 74 <body> 75 <h1>Login</h1> 76 <form method="POST"> 77 <p>Username: <input name="username" type="text" size="12"/></p> 78 <p>Password: <input name="password" type="text" size="12"/></p> 79 <p><input name="login" type="submit" value="Login"/></p> 80 <input name="redirect" type="hidden" value="%s"/> 81 </form> 82 </body> 83 </html> 84 """ % redirect) 85 86 def _show_success(self, trans, redirect): 87 88 # When authentication fails or is yet to take place, show the login 89 # screen. 90 91 trans.set_content_type(WebStack.Generic.ContentType("text/html")) 92 out = trans.get_response_stream() 93 out.write(""" 94 <html> 95 <head> 96 <title>Login Example</title> 97 </head> 98 <body> 99 <h1>Login Successful</h1> 100 <p>Please proceed <a href="%s">to the application</a>.</p> 101 </body> 102 </html> 103 """ % redirect) 104 105 def _decode(self, url): 106 107 "Decode the given 'url' for redirection purposes." 108 109 return url.replace("%3f", "?").replace("%26", "&") 110 111 class LoginAuthenticator: 112 113 def __init__(self, secret_key, credentials, cookie_name=None): 114 115 """ 116 Initialise the authenticator with a 'secret_key', the authenticator's registry of 117 'credentials' and an optional 'cookie_name'. 118 119 The 'credentials' must be an object which supports tests of the form 120 '(username, password) in credentials'. 121 """ 122 123 self.secret_key = secret_key 124 self.credentials = credentials 125 self.cookie_name = cookie_name or "LoginAuthenticator" 126 127 def authenticate(self, trans): 128 129 # Process any supplied parameters. 130 131 fields = trans.get_fields_from_body() 132 133 if fields.has_key("username") and fields.has_key("password"): 134 usernames, passwords = fields["username"], fields["password"] 135 136 # Insist on only one username and password. 137 138 if len(usernames) == 1 and len(passwords) == 1: 139 username, password = usernames[0], passwords[0] 140 141 # Check against the class's credentials. 142 143 if (username, password) in self.credentials: 144 145 # Make a special cookie token. 146 147 self.set_token(trans, username) 148 return 1 149 150 return 0 151 152 def set_token(self, trans, username): 153 154 "Set an authentication in the 'trans' with the given 'username'." 155 156 trans.set_cookie_value( 157 self.cookie_name, 158 get_token(username, self.secret_key) 159 ) 160 161 # vim: tabstop=4 expandtab shiftwidth=4