webui: webui: browserauth.py Source File

00001 #! /usr/bin/env python
00002 
00003 """
00004 usage: %(progname)s [args]
00005 """
00006 
00007 
00008 import os, sys, string, time, getopt
00009 from pyclearsilver.log import *
00010 
00011 from pyclearsilver import odb
00012 
00013 import config
00014 
00015 #import fcrypt as crypt
00016 import crypt
00017 
00018 def _createCheckVal(username, issued_at, pw_hash, vcode):
00019   checkval = "%s:%s" % (username, now)
00020   realcheckval = "%s:%s:%s" % (checkval, pw_hash, vcode)
00021   checkval_hash = crypt.crypt(realcheckval,config.gAuthSalt)
00022   return checkval, checkval_hash
00023 
00024 
00025 # -------------------------------
00026 # issueLoginCookie
00027 #
00028 # format: "login:issued_at_time_t:hash(pw_hash+issued_at_time_t)"
00029 # ex: "V1/jeske:2123123:AS132dd12"
00030 
00031 def generateBrowserCookie(authdb, ipaddr):
00032   now = int(time.time())
00033 
00034   row = authdb.browserid.newRow()
00035   row.creationDate = now
00036   row.ipaddr = ipaddr
00037   row.save()
00038 
00039   cookie = "V1/%09d" % row.browserid
00040 
00041   return cookie, row.browserid
00042 
00043 def issueBrowserCookie(ncgi, authdb, domain):
00044   ipaddr = ncgi.hdf.getValue("CGI.RemoteAddress", "")
00045 
00046   bcookie, browserid = generateBrowserCookie(authdb, ipaddr)
00047   ncgi.cookieSet("MB_B", bcookie, persist=1, path="/", domain=config.gDomain)
00048   return browserid
00049   
00050 
00051 def clearBrowserCookie(ncgi):
00052   ncgi.cookieClear("MB_B", "", "/")
00053 
00054 def getBrowserCookie(ncgi):
00055   bcookie = ncgi.hdf.getValue("Cookie.MB_B","")
00056 
00057   if not bcookie: return None
00058 
00059   version, restCookie = string.split(bcookie, "/", 1)
00060   browserid = int(restCookie)
00061 
00062   return browserid
00063   
00064 
00065 def _checkBrowserCookie(authdb, cookie, ipaddr):
00066   version, restCookie = string.split(cookie, "/", 1)
00067   if version != "V1":
00068     warn("browserauth.py", "invalid browser cookie, version", version, cookie)
00069     return None
00070 
00071   browserid = int(restCookie)
00072 
00073   try:
00074     row = authdb.browserid.fetchRow(("browserid", browserid))
00075   except odb.eNoMatchingRows:
00076     warn("browserauth.py", "invalid browser cookie, browserid not found")
00077     return browserid
00078 #    return None
00079 
00080   if row.ipaddr != ipaddr:
00081     warn("browserauth.py", "ipaddr mismatch", row.ipaddr, ipaddr)
00082 
00083   debug("browserauth.py", "cookie", browserid)
00084 
00085   return browserid
00086 
00087 def checkBrowserCookie(authdb, ncgi):
00088   bcookie = ncgi.hdf.getValue("Cookie.MB_B","")
00089   if not bcookie: return None
00090 
00091   ipaddr = ncgi.hdf.getValue("CGI.RemoteAddress", "")
00092   
00093   browserid = _checkBrowserCookie(authdb, bcookie, ipaddr)
00094   return browserid
00095   
00096   
00097 
00098 def test():
00099   pass
00100 
00101 def usage(progname):
00102   print __doc__ % vars()
00103 
00104 def main(argv, stdout, environ):
00105   progname = argv[0]
00106   optlist, args = getopt.getopt(argv[1:], "", ["help", "test", "debug"])
00107 
00108   testflag = 0
00109   if len(args) == 0:
00110     usage(progname)
00111     return
00112   for (field, val) in optlist:
00113     if field == "--help":
00114       usage(progname)
00115       return
00116     elif field == "--debug":
00117       debugfull()
00118     elif field == "--test":
00119       testflag = 1
00120 
00121   if testflag:
00122     test()
00123     return
00124 
00125 
00126 if __name__ == "__main__":
00127   main(sys.argv, sys.stdout, os.environ)