mirror of
https://github.com/spl0k/supysonic.git
synced 2024-12-22 08:56:17 +00:00
Manager class to centralize user management
This commit is contained in:
parent
848cfb2814
commit
c8f0a22980
@ -5,8 +5,7 @@ import simplejson
|
||||
import cgi
|
||||
|
||||
from web import app
|
||||
from db import User
|
||||
import hashlib
|
||||
from user_manager import UserManager
|
||||
|
||||
@app.before_request
|
||||
def set_formatter():
|
||||
@ -43,15 +42,10 @@ def authorize():
|
||||
if not username or not decoded_pass:
|
||||
return error
|
||||
|
||||
user = User.query.filter(User.name == username).first()
|
||||
if not user:
|
||||
return error
|
||||
|
||||
if decoded_pass.startswith('enc:'):
|
||||
decoded_pass = hexdecode(decoded_pass[4:])
|
||||
|
||||
crypt = hashlib.sha1(user.salt + decoded_pass).hexdigest()
|
||||
if crypt != user.password:
|
||||
if UserManager.try_auth(username, decoded_pass)[0] != UserManager.LOGIN_SUCCESS:
|
||||
return error
|
||||
|
||||
@app.after_request
|
||||
|
@ -14,7 +14,7 @@
|
||||
<div class="page">
|
||||
<h1>Supysonic</h1>
|
||||
|
||||
<p>{% if session.get('userid') %}<a href="{{ url_for('logout') }}">Log out</a>{% else %}<a href="{{ url_for('login') }}">Log in</a>{% endif %}</p>
|
||||
<p><a href="{{ url_for('index') }}">Home</a> | {% if session.get('userid') %}<a href="{{ url_for('logout') }}">Log out</a>{% else %}<a href="{{ url_for('login') }}">Log in</a>{% endif %}</p>
|
||||
|
||||
{% if get_flashed_messages() %}
|
||||
<div class="flash">
|
||||
|
@ -1,12 +1,12 @@
|
||||
{% extends "layout.html" %}
|
||||
{% block body %}
|
||||
<h2>Users</h2>
|
||||
<table>
|
||||
<tr><th>Name</th><th>EMail</th><th>Admin</th><th></th></tr>
|
||||
{% for user in users %}
|
||||
<tr><td>{{ user.name }}</td><td>{{ user.mail }}</td><td>{{ user.admin }}</td><td><a href="{{ url_for('del_user', id = user.id) }}">X</a></td></tr>
|
||||
{% endfor %}
|
||||
</table>
|
||||
<a href="{{ url_for('add_user') }}">Add</a>
|
||||
|
||||
{% endblock %}
|
||||
{% extends "layout.html" %}
|
||||
{% block body %}
|
||||
<h2>Users</h2>
|
||||
<table>
|
||||
<tr><th>Name</th><th>EMail</th><th>Admin</th><th></th></tr>
|
||||
{% for user in users %}
|
||||
<tr><td>{{ user.name }}</td><td>{{ user.mail }}</td><td>{{ user.admin }}</td><td><a href="{{ url_for('del_user', uid = user.id) }}">X</a></td></tr>
|
||||
{% endfor %}
|
||||
</table>
|
||||
<a href="{{ url_for('add_user') }}">Add</a>
|
||||
|
||||
{% endblock %}
|
||||
|
70
user.py
70
user.py
@ -1,10 +1,9 @@
|
||||
# coding: utf-8
|
||||
|
||||
from flask import Flask, request, session, flash, render_template, redirect, url_for
|
||||
import string, random, hashlib
|
||||
import uuid
|
||||
|
||||
from web import app
|
||||
from user_manager import UserManager
|
||||
import db
|
||||
|
||||
@app.route('/user')
|
||||
@ -21,47 +20,40 @@ def add_user():
|
||||
if name in (None, ''):
|
||||
flash('The name is required.')
|
||||
error = True
|
||||
elif db.User.query.filter(db.User.name == name).first():
|
||||
flash('There is already a user with that name. Please pick another one.')
|
||||
error = True
|
||||
if passwd in (None, ''):
|
||||
flash('Please provide a password.')
|
||||
error = True
|
||||
elif passwd != passwd_confirm:
|
||||
flash("The passwords don't match.")
|
||||
error = True
|
||||
|
||||
if admin is None:
|
||||
admin = True if db.User.query.filter(db.User.admin == True).count() == 0 else False
|
||||
else:
|
||||
admin = True
|
||||
if error:
|
||||
return render_template('adduser.html')
|
||||
|
||||
salt = ''.join(random.choice(string.printable.strip()) for i in xrange(6))
|
||||
crypt = hashlib.sha1(salt + passwd).hexdigest()
|
||||
user = db.User(name = name, mail = mail, password = crypt, salt = salt, admin = admin)
|
||||
db.session.add(user)
|
||||
db.session.commit()
|
||||
flash("User '%s' successfully added" % name)
|
||||
if not error:
|
||||
status = UserManager.add(name, passwd, mail, admin)
|
||||
if status == UserManager.ADD_SUCCESS:
|
||||
flash("User '%s' successfully added" % name)
|
||||
return redirect(url_for('user_index'))
|
||||
elif status == UserManager.ADD_NAME_EXISTS:
|
||||
flash('There is already a user with that name. Please pick another one.')
|
||||
|
||||
return redirect(url_for('user_index'))
|
||||
return render_template('adduser.html')
|
||||
|
||||
@app.route('/user/del/<id>')
|
||||
def del_user(id):
|
||||
try:
|
||||
idid = uuid.UUID(id)
|
||||
except ValueError:
|
||||
|
||||
@app.route('/user/del/<uid>')
|
||||
def del_user(uid):
|
||||
status = UserManager.delete(uid)
|
||||
if status == UserManager.DEL_SUCCESS:
|
||||
flash('Deleted user')
|
||||
elif status == UserManager.DEL_INVALID_ID:
|
||||
flash('Invalid user id')
|
||||
return redirect(url_for('index'))
|
||||
|
||||
user = db.User.query.get(idid)
|
||||
if user is None:
|
||||
elif status == UserManager.DEL_NO_SUCH_USER:
|
||||
flash('No such user')
|
||||
return redirect(url_for('index'))
|
||||
|
||||
db.session.delete(user)
|
||||
db.session.commit()
|
||||
flash("Deleted user '%s'" % user.name)
|
||||
else:
|
||||
flash('Unknown error')
|
||||
|
||||
return redirect(url_for('user_index'))
|
||||
|
||||
@ -75,25 +67,27 @@ def login():
|
||||
if request.method == 'GET':
|
||||
return render_template('login.html')
|
||||
|
||||
user, password = map(request.form.get, [ 'user', 'password' ])
|
||||
name, password = map(request.form.get, [ 'user', 'password' ])
|
||||
error = False
|
||||
if user in ('', None):
|
||||
if name in ('', None):
|
||||
flash('Missing user name')
|
||||
error = True
|
||||
if password in ('', None):
|
||||
flash('Missing password')
|
||||
error = True
|
||||
|
||||
if not error:
|
||||
dbuser = db.User.query.filter(db.User.name == user).first()
|
||||
if not dbuser:
|
||||
flash('Unknown user')
|
||||
elif hashlib.sha1(dbuser.salt + password).hexdigest() != dbuser.password:
|
||||
flash('Wrong password')
|
||||
else:
|
||||
session['userid'] = str(dbuser.id)
|
||||
session['admin'] = dbuser.admin
|
||||
status, user = UserManager.try_auth(name, password)
|
||||
if status == UserManager.LOGIN_SUCCESS:
|
||||
session['userid'] = str(user.id)
|
||||
flash('Logged in!')
|
||||
return redirect(return_url)
|
||||
elif status == UserManager.LOGIN_NO_SUCH_USER:
|
||||
flash('Unknown user')
|
||||
elif status == UserManager.LOGIN_WRONG_PASS:
|
||||
flash('Wrong password')
|
||||
else:
|
||||
flash('Unknown error')
|
||||
|
||||
return render_template('login.html')
|
||||
|
||||
|
68
user_manager.py
Executable file
68
user_manager.py
Executable file
@ -0,0 +1,68 @@
|
||||
# coding: utf-8
|
||||
|
||||
import string, random, hashlib
|
||||
import uuid
|
||||
|
||||
from db import User, session
|
||||
|
||||
class UserManager:
|
||||
ADD_SUCCESS = 0
|
||||
ADD_NAME_EXISTS = 1
|
||||
|
||||
DEL_SUCCESS = 0
|
||||
DEL_INVALID_ID = 1
|
||||
DEL_NO_SUCH_USER = 2
|
||||
|
||||
LOGIN_SUCCESS = 0
|
||||
LOGIN_NO_SUCH_USER = 1
|
||||
LOGIN_WRONG_PASS = 2
|
||||
|
||||
@staticmethod
|
||||
def add(name, password, mail, admin):
|
||||
if User.query.filter(User.name == name).first():
|
||||
return UserManager.ADD_NAME_EXISTS
|
||||
|
||||
crypt, salt = UserManager.__encrypt_password(password)
|
||||
user = User(name = name, mail = mail, password = crypt, salt = salt, admin = admin)
|
||||
session.add(user)
|
||||
session.commit()
|
||||
|
||||
return UserManager.ADD_SUCCESS
|
||||
|
||||
@staticmethod
|
||||
def delete(uid):
|
||||
if type(uid) in (str, unicode):
|
||||
try:
|
||||
uid = uuid.UUID(uid)
|
||||
except:
|
||||
return UserManager.DEL_INVALID_ID
|
||||
elif type(uid) is uuid.UUID:
|
||||
pass
|
||||
else:
|
||||
return UserManager.DEL_INVALID_ID
|
||||
|
||||
user = User.query.get(uid)
|
||||
if user is None:
|
||||
return UserManager.DEL_NO_SUCH_USER
|
||||
|
||||
session.delete(user)
|
||||
session.commit()
|
||||
|
||||
return UserManager.DEL_SUCCESS
|
||||
|
||||
@staticmethod
|
||||
def try_auth(name, password):
|
||||
user = User.query.filter(User.name == name).first()
|
||||
if not user:
|
||||
return UserManager.LOGIN_NO_SUCH_USER, None
|
||||
elif UserManager.__encrypt_password(password, user.salt)[0] != user.password:
|
||||
return UserManager.LOGIN_WRONG_PASS, None
|
||||
else:
|
||||
return UserManager.LOGIN_SUCCESS, user
|
||||
|
||||
@staticmethod
|
||||
def __encrypt_password(password, salt = None):
|
||||
if salt is None:
|
||||
salt = ''.join(random.choice(string.printable.strip()) for i in xrange(6))
|
||||
return hashlib.sha1(salt + password).hexdigest(), salt
|
||||
|
Loading…
Reference in New Issue
Block a user