Commit d326eb6a authored by Alain Takoudjou's avatar Alain Takoudjou

Use Flask-Auth for slaprunner account management

parent 0d5fa8e6
...@@ -46,6 +46,7 @@ setup(name=name, ...@@ -46,6 +46,7 @@ setup(name=name,
'lampconfigure': ["mysql-python"], #needed for MySQL Database access 'lampconfigure': ["mysql-python"], #needed for MySQL Database access
'zodbpack': ['ZODB3'], # needed to play with ZODB 'zodbpack': ['ZODB3'], # needed to play with ZODB
'agent': ['erp5.util'], 'agent': ['erp5.util'],
'flask_auth' : ["Flask-Auth"],
}, },
zip_safe=False, # proxy depends on Flask, which has issues with zip_safe=False, # proxy depends on Flask, which has issues with
# accessing templates # accessing templates
......
...@@ -618,6 +618,8 @@ a.lshare img{ ...@@ -618,6 +618,8 @@ a.lshare img{
border-radius: 0 0 4px 4px; border-radius: 0 0 4px 4px;
box-shadow: 0 2px 4px rgba(0, 0, 0, 0.2); box-shadow: 0 2px 4px rgba(0, 0, 0, 0.2);
text-align: center; text-align: center;
position: relative;
z-index: 170;
} }
#error table{ #error table{
......
...@@ -2,6 +2,7 @@ $(document).ready( function() { ...@@ -2,6 +2,7 @@ $(document).ready( function() {
var send = false; var send = false;
$("#update").click(function(){ $("#update").click(function(){
var haspwd = false; var haspwd = false;
var hasAccount = !($("input#hasAccount").val() === "");
if($("input#username").val() === "" || !$("input#username").val().match(/^[\w\d\._-]+$/)){ if($("input#username").val() === "" || !$("input#username").val().match(/^[\w\d\._-]+$/)){
$("#error").Popup("Invalid user name. Please check it!", {type:'alert', duration:3000}); $("#error").Popup("Invalid user name. Please check it!", {type:'alert', duration:3000});
return false; return false;
...@@ -18,7 +19,7 @@ $(document).ready( function() { ...@@ -18,7 +19,7 @@ $(document).ready( function() {
$("#error").Popup("Please enter a valid email adress!", {type:'alert', duration:3000}); $("#error").Popup("Please enter a valid email adress!", {type:'alert', duration:3000});
return false; return false;
} }
if($("input#hasAccount").val() === "" && !$("input#password").val().match(/^[\w\d\._-]+$/)){ if(!hasAccount && !$("input#password").val().match(/^[\w\d\._-]+$/)){
$("#error").Popup("Please enter your new password!", {type:'alert', duration:3000}); $("#error").Popup("Please enter your new password!", {type:'alert', duration:3000});
return false; return false;
} }
...@@ -45,7 +46,7 @@ $(document).ready( function() { ...@@ -45,7 +46,7 @@ $(document).ready( function() {
send = true; send = true;
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: $SCRIPT_ROOT + '/updateAccount', url: $SCRIPT_ROOT + ((hasAccount)? '/updateAccount':'/configAccount'),
data: {name: $("input#name").val(), username:$("input#username").val(), email:$("input#email").val(), data: {name: $("input#name").val(), username:$("input#username").val(), email:$("input#email").val(),
password:((haspwd) ? $("input#password").val():""), rcode:$("input#rcode").val()}, password:((haspwd) ? $("input#password").val():""), rcode:$("input#rcode").val()},
success: function(data){ success: function(data){
......
...@@ -54,7 +54,7 @@ ...@@ -54,7 +54,7 @@
<div class="line"></div> <div class="line"></div>
<a href="{{ url_for('editCurrentProject') }}" style="float:left" title="Edit your current project"><img alt="" src="{{ url_for('static', filename='images/project.png') }}" /></a> <a href="{{ url_for('editCurrentProject') }}" style="float:left" title="Edit your current project"><img alt="" src="{{ url_for('static', filename='images/project.png') }}" /></a>
<div class="line"></div> <div class="line"></div>
<a href="{{ url_for('logout') }}" style="float:left" title="Close your session"><img alt="" src="{{ url_for('static', filename='images/logout.png') }}" /></a> <a href="{{ url_for('dologout') }}" style="float:left" title="Close your session"><img alt="" src="{{ url_for('static', filename='images/logout.png') }}" /></a>
<div class="line"></div> <div class="line"></div>
<h2 class="info">{% block title %}{% endblock %} - {{session.title}}</h2> <h2 class="info">{% block title %}{% endblock %} - {{session.title}}</h2>
<div class="run"><span id="running" style="display:none"><img alt="" src="{{ url_for('static', filename='images/ajax_roller.gif') }}" <div class="run"><span id="running" style="display:none"><img alt="" src="{{ url_for('static', filename='images/ajax_roller.gif') }}"
......
...@@ -40,32 +40,6 @@ def html_escape(text): ...@@ -40,32 +40,6 @@ def html_escape(text):
"""Produce entities within text.""" """Produce entities within text."""
return "".join(html_escape_table.get(c,c) for c in text) return "".join(html_escape_table.get(c,c) for c in text)
def checkLogin(config, login, pwd):
"""
User authentication method
Args:
config: Slaprunner configuration.
login: username of the user.
pwd: password associate to username.
Returns:
a list of user informations or False if authentication fail.
list=[username, password, email, complete_name]
"""
user = getSession(config)
current_pwd = hashlib.md5( pwd ).hexdigest()
if user and current_pwd == user[1] and login == user[0]:
return user
return False
def checkSession(config, session, account):
"""Return True if current user is connected with rigth data"""
if 'account' in session and account:
return (session['account'][0] == account[0] and
session['account'][1] == account[1])
return False
def getSession(config): def getSession(config):
""" """
Get the session data of current user. Get the session data of current user.
...@@ -75,12 +49,14 @@ def getSession(config): ...@@ -75,12 +49,14 @@ def getSession(config):
user_path = os.path.join(config['etc_dir'], '.users') user_path = os.path.join(config['etc_dir'], '.users')
user = "" user = ""
if os.path.exists(user_path): if os.path.exists(user_path):
user = open(user_path, 'r').read().split(';') f = open(user_path, 'r')
user = f.read().split(';')
f.close()
if type(user) == type(""): if type(user) == type(""):
return False return False
return user return user
def saveSession(config, session, account): def saveSession(config, account):
""" """
Save account information for the current user Save account information for the current user
...@@ -95,17 +71,17 @@ def saveSession(config, session, account): ...@@ -95,17 +71,17 @@ def saveSession(config, session, account):
user = os.path.join(config['etc_dir'], '.users') user = os.path.join(config['etc_dir'], '.users')
backup = False backup = False
try: try:
if account[1]: if os.path.exists(user):
account[1] = hashlib.md5(account[1]).hexdigest() f = open(user, 'r')
else:
account[1] = session['account'][1]
if 'account' in session:
#backup previous data #backup previous data
open(user+'.back', 'w').write(';'.join(session['account'])) data = f.read()
open(user+'.back', 'w').write(data)
f.close()
backup = True backup = True
if not account[1]:
account[1] = data.split(';')[1]
#save new account data #save new account data
open(user, 'w').write((';'.join(account)).encode("utf-8")) open(user, 'w').write((';'.join(account)).encode("utf-8"))
session['account'] = account
return True return True
except Exception, e: except Exception, e:
try: try:
......
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment