webui: webui: signin.py Source File

00001 #!/usr/bin/env python
00002 
00003 import nstart
00004 import config
00005 import os, sys, string, time
00006 
00007 from pyclearsilver.log import *
00008 
00009 from pyclearsilver.CSPage import Context
00010 import neo_cgi, neo_cs, neo_util
00011 from MBPage import MBPage
00012 
00013 from auth import browserauth
00014 from auth import cookieauth
00015 from auth import db_auth
00016 from auth import pwauth
00017 
00018 from pyclearsilver import wordwrap
00019 from email import MIMEText, Generator, Parser
00020 from cStringIO import StringIO
00021 
00022 from web_msgs.msg import WebEvent
00023 import rospy
00024 
00025 class SignInPage(MBPage):
00026     def setup(self, hdf):
00027       self.requestURI = hdf.getValue("Query.request", "")
00028       self.authdb = db_auth.initSchema()
00029 
00030     def display0(self, hdf):
00031         q_signout = hdf.getIntValue("Query.signout",0)
00032         self.requestURI = hdf.getValue("Query.request", "")
00033         if self.requestURI:
00034           hdf.setValue("CGI.cur.request", self.requestURI)
00035 
00036         if q_signout:
00037           cookieauth.clearLoginCookie(self.ncgi, self.username)
00038 
00039     def display(self, hdf):
00040       self.redirectUri(self.default_app_path())
00041 
00042     def requestChangePassword(self):
00043       hdf = self.ncgi.hdf
00044       requestURI = hdf.getValue("CGI.RequestURI", "")
00045       rurl = config.gBaseURL + "login/changePassword.py"
00046       self.redirectUri(rurl + "?q=1&request=" + neo_cgi.urlEscape(config.gBaseURL + "webui/"))
00047       
00048     def Action_Logout(self, hdf):
00049       warn("action logout called")
00050 
00051       self.ncgi.cookieClear("inactive")
00052 
00053       if self.is_active_user():
00054           warn("removing active user")
00055           self.remove_active_user()
00056       else:
00057           warn("logging out non-active user")
00058 
00059       # publish a web event that we logged out
00060       pub = rospy.Publisher("/webui/events", WebEvent)
00061       rospy.init_node("webui_login", anonymous=True)
00062       msg = WebEvent()
00063       msg.source = "user"
00064       msg.type = "logout"
00065       msg.data = self.username
00066       pub.publish(msg)
00067 
00068       if config.get_robot_type().startswith("texas"):
00069           self.redirectUri(config.gLobbyReturnPage + "?robot_name=" + hdf.getValue('CGI.Robot', ""))
00070       else:
00071           # don't clear login cookie for texai since the lobby will handle it
00072           domain = hdf.getValue("HTTP.Host", "")
00073           cookieauth.clearLoginCookie(self.ncgi, self.username, domain)
00074           self.redirectUri(self.default_app_path())
00075 
00076     def Action_Login(self, hdf):
00077 
00078         q_username =  hdf.getValue("Query.username","")
00079         q_passwordHash = hdf.getValue("Query.password","")
00080         q_persist = hdf.getValue("Query.persist","0")
00081 
00082         try: q_persist = int(q_persist)
00083         except ValueError: q_persist = 0
00084 
00085         default_requestURI = config.gBaseURL + "%s/" % config.gDefaultModule
00086 
00087         warn("requestURI", self.requestURI)
00088 
00089         if not self.requestURI:
00090           self.requestURI = default_requestURI
00091 
00092 
00093         wwwhostname = hdf.getValue("HTTP.Host", "")
00094 
00095         rurl = self.http + wwwhostname + config.gBaseURL + "login/signin0.py"
00096 
00097         warn("signin.py", rurl)
00098 
00099         # open login db to get pw
00100         userRec = self.authdb.users.lookup(q_username)
00101         
00102         if not userRec:
00103           warn("signin.py", "login failure (%s) unknown user" % q_username)
00104           self.redirectUri(rurl + "?err=Invalid+Login&request=%s" % neo_cgi.urlEscape(self.requestURI))
00105 
00106         q_password = pwauth.unmungePassword(q_passwordHash)
00107 
00108         ipaddr = hdf.getValue("CGI.RemoteAddress", "Unknown")
00109         browserid = browserauth.getBrowserCookie(self.ncgi)
00110 
00111         now = time.time()
00112 
00113         
00114 
00115         loginRow = self.authdb.login.newRow()
00116         loginRow.uid = userRec.uid
00117         loginRow.username = userRec.username
00118         loginRow.ipaddr = ipaddr
00119         loginRow.browserid = browserid
00120 
00121         if userRec.checkPassword(q_password) == 0:
00122           warn("signin.py", "login failure (%s) password mismatch" % q_username, q_password)
00123           loginRow.loginType = 0
00124           loginRow.save()
00125 
00126 
00127           url = rurl + "?err=Invalid+Login&request=%s" % neo_cgi.urlEscape(self.requestURI)
00128           warn("redirecting to", url)
00129           self.redirectUri(url)
00130           return
00131 
00132         # ----------- success!!! ------------------
00133         # generate cookie
00134 
00135         loginRow.loginType = 1
00136         loginRow.save()
00137 
00138         cookieauth.issueLoginCookie(self.ncgi, self.authdb, q_username, userRec.pw_hash, q_persist)
00139 
00140         if userRec.changePassword == 1:
00141           self.requestChangePassword()
00142           return
00143 
00144         # publish a web event that we logged in
00145         pub = rospy.Publisher("/webui/events", WebEvent)
00146         rospy.init_node("webui_login", anonymous=True)
00147         msg = WebEvent()
00148         msg.source = "user"
00149         msg.type = "login (local)"
00150         msg.data = self.username
00151         pub.publish(msg)
00152 
00153         # redirect to the main page
00154         self.redirectUri(self.requestURI)
00155 
00156 
00157 
00158     def __del__(self):
00159         if self.authdb:
00160             self.authdb.close()
00161             self.authdb = None
00162 
00163 def run(context):
00164     page = SignInPage(context, pagename="signin",nologin=1)
00165     return page
00166 
00167 def main(context):
00168   page = run(context)
00169   page.start()
00170   
00171 
00172 if __name__ == "__main__":
00173     main(Context())