mj-saunders
/
epicyon
forked from indymedia/epicyon
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Login screen redirects

master
Bob Mottram 2019-07-25 11:56:24 +01:00
parent 6feebd6aa2
commit ca547e7d62
2 changed files with 27 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
daemon.py
View File

@ -88,7 +88,7 @@ class PubServer(BaseHTTPRequestHandler):
self.send_response(200) self.send_response(200)
self.send_header('Content-type', fileFormat) self.send_header('Content-type', fileFormat)
self.send_header('Host', self.server.domainFull) self.send_header('Host', self.server.domainFull)
self.send_header('WWW-Authenticate', 'Basic realm="simple", charset="UTF-8"') self.send_header('WWW-Authenticate', 'title="Login to Epicyon", Basic realm="epicyon"')
self.end_headers() self.end_headers()
def _set_headers(self,fileFormat: str) -> None: def _set_headers(self,fileFormat: str) -> None:
@ -998,24 +998,38 @@ class PubServer(BaseHTTPRequestHandler):
self.postToNickname=None self.postToNickname=None
if self.path.startswith('/login'): if self.path.startswith('/login'):
print("headers: "+str(self.headers)) # get the contents of POST containing login credentials
print("path: "+self.path) length = int(self.headers['Content-length'])
loginNickname,loginPassword=htmlGetLoginCredentials(self.path,self.server.lastLoginTime) if length>512:
print('Login failed - credentials too long')
self.send_response(401)
self.end_headers()
self.server.POSTbusy=False
return
loginParams=self.rfile.read(length).decode('utf-8')
loginNickname,loginPassword=htmlGetLoginCredentials(loginParams,self.server.lastLoginTime)
if loginNickname: if loginNickname:
self.server.lastLoginTime=int(time.time()) self.server.lastLoginTime=int(time.time())
print('Nickname: '+loginNickname)
print('Password: '+loginPassword)
authHeader=createBasicAuthHeader(loginNickname,loginPassword) authHeader=createBasicAuthHeader(loginNickname,loginPassword)
if not authorizeBasic(self.server.baseDir,'/users/'+loginNickname+'/outbox',authHeader,False): if not authorizeBasic(self.server.baseDir,'/users/'+loginNickname+'/outbox',authHeader,False):
print('Login failed: '+loginNickname)
self.send_response(401) self.send_response(401)
self.end_headers() self.end_headers()
self.server.POSTbusy=False self.server.POSTbusy=False
return return
else:
# login success - redirect with authorization
print('Login success: '+loginNickname)
self.send_response(303)
self.send_header('Location', self.server.httpPrefix+'://'+self.server.domainFull+'/users/'+loginNickname+'/outbox')
self.send_header('Authorization', authHeader)
self.end_headers()
self.server.POSTbusy=False
return
self.send_response(200) self.send_response(200)
self.end_headers() self.end_headers()
self.server.POSTbusy=False self.server.POSTbusy=False
return return
#self.path='/users/'+loginNickname+'/outbox'
if self.path.endswith('/outbox') or self.path.endswith('/shares'): if self.path.endswith('/outbox') or self.path.endswith('/shares'):
if '/users/' in self.path: if '/users/' in self.path:

13
webinterface.py
View File

@ -16,16 +16,15 @@ from utils import getNicknameFromActor
from utils import getDomainFromActor from utils import getDomainFromActor
from posts import getPersonBox from posts import getPersonBox
def htmlGetLoginCredentials(path: str,lastLoginTime: int) -> (str,str): def htmlGetLoginCredentials(loginParams: str,lastLoginTime: int) -> (str,str):
"""Receives login credentials via HTTPServer GET """Receives login credentials via HTTPServer POST
""" """
if not path.startswith('/login?'): if not loginParams.startswith('username='):
return None,None return None,None
# minimum time between login attempts # minimum time between login attempts
currTime=int(time.time()) currTime=int(time.time())
if currTime<lastLoginTime+5: if currTime<lastLoginTime+5:
return None,None return None,None
loginParams=path.split('?',1)[1]
if '&' not in loginParams: if '&' not in loginParams:
return None,None return None,None
loginArgs=loginParams.split('&') loginArgs=loginParams.split('&')
@ -33,7 +32,7 @@ def htmlGetLoginCredentials(path: str,lastLoginTime: int) -> (str,str):
password=None password=None
for arg in loginArgs: for arg in loginArgs:
if '=' in arg: if '=' in arg:
if arg.split('=',1)[0]=='nickname': if arg.split('=',1)[0]=='username':
nickname=arg.split('=',1)[1] nickname=arg.split('=',1)[1]
elif arg.split('=',1)[0]=='password': elif arg.split('=',1)[0]=='password':
password=arg.split('=',1)[1] password=arg.split('=',1)[1]
@ -118,12 +117,12 @@ def htmlLogin(baseDir: str) -> str:
'' \ '' \
' <div class="container">' \ ' <div class="container">' \
' <label for="nickname"><b>Nickname</b></label>' \ ' <label for="nickname"><b>Nickname</b></label>' \
' <input type="text" placeholder="Enter Nickname" name="nickname" required>' \ ' <input type="text" placeholder="Enter Nickname" name="username" required>' \
'' \ '' \
' <label for="password"><b>Password</b></label>' \ ' <label for="password"><b>Password</b></label>' \
' <input type="password" placeholder="Enter Password" name="password" required>' \ ' <input type="password" placeholder="Enter Password" name="password" required>' \
'' \ '' \
' <button type="submit">Login</button>' \ ' <button type="submit" name="submit">Login</button>' \
' </div>' \ ' </div>' \
'</form>' '</form>'
loginForm+=htmlFooter() loginForm+=htmlFooter()