Commit 513b01cd authored by Alain Takoudjou's avatar Alain Takoudjou

Revert "Got back to static password for user account"

This reverts commit 7f03294b.
parent 7f03294b
...@@ -118,7 +118,6 @@ def serve(config): ...@@ -118,7 +118,6 @@ def serve(config):
workspace = workdir, workspace = workdir,
instance_profile='instance.cfg', instance_profile='instance.cfg',
software_profile='software.cfg', software_profile='software.cfg',
password=os.path.join(config.etc, '.passwd'),
SECRET_KEY=os.urandom(24), SECRET_KEY=os.urandom(24),
) )
if not os.path.exists(workdir): if not os.path.exists(workdir):
......
...@@ -706,9 +706,9 @@ input[type=radio]:hover { ...@@ -706,9 +706,9 @@ input[type=radio]:hover {
/* Login Css region *******/ /* Login Css region *******/
#login-page{width:429px; height:236px; margin:130px auto 0px; background:url(../images/loginBox.png) no-repeat; #login-page{width:429px; height:236px; margin:130px auto 0px; background:url(../images/loginBox.png) no-repeat;
padding:10px; font-size:14px; color:#03406A} padding:10px; font-size:14px; color:#03406A}
#login-page h2{color:#fff; font-size:26px; font-weight:normal; text-indent:30px;} #login-page h2{color:#fff; font-size:26px; font-weight:normal; text-indent:50px;}
.login-content{position:relative;margin:10px; margin-top:30px; margin-bottom:0;} .login-content{position:relative;margin:10px; margin-top:30px; margin-bottom:0;}
.login-button{width:140px; margin:0 auto;} .login-button{width:140px; margin:0 auto;}
.login-element{float:left; min-width:120px;} .login-element{float:left; min-width:120px;}
.login-label{padding:5px; font-size:16px;} .login-label{padding:5px; font-size:16px;}
.login-input{width:160px;} .login-input{width:220px;}
\ No newline at end of file \ No newline at end of file
...@@ -35,7 +35,7 @@ $(document).ready( function() { ...@@ -35,7 +35,7 @@ $(document).ready( function() {
$("#error").Popup("Invalid project name", {type:'alert', duration:3000}); $("#error").Popup("Invalid project name", {type:'alert', duration:3000});
return false; return false;
} }
if($("input#user").val() !== "" && $("input#user").val() !== "Enter your name..."){ if($("input#user").val() !== ""){
name = $("input#user").val(); name = $("input#user").val();
} }
if($("input#email").val() != "" && $("input#email").val() != "Enter your email adress..."){ if($("input#email").val() != "" && $("input#email").val() != "Enter your email adress..."){
......
...@@ -4,12 +4,16 @@ $(document).ready( function() { ...@@ -4,12 +4,16 @@ $(document).ready( function() {
$("body").css("background", "#9C9C9C"); $("body").css("background", "#9C9C9C");
$("#login").click(function(){ $("#login").click(function(){
if (send) return false; if (send) return false;
if($("input#clogin").val() === "" || !$("input#clogin").val().match(/^[\w\d\.-]+$/)){
$("#error").Popup("Please enter a valid user name", {type:'alert', duration:3000});
return false;
}
if($("input#cpwd").val() === "" || $("input#cpwd").val() ==="******"){ if($("input#cpwd").val() === "" || $("input#cpwd").val() ==="******"){
$("#error").Popup("Please enter your password", {type:'alert', duration:3000}); $("#error").Popup("Please enter your password", {type:'alert', duration:3000});
return false; return false;
} }
send = true; send = true;
var param = {cpwd:$("input#cpwd").val()}; var param = {clogin:$("input#clogin").val(), cpwd:$("input#cpwd").val()};
var url = $SCRIPT_ROOT + "/doLogin"; var url = $SCRIPT_ROOT + "/doLogin";
$.post(url, param, function(data) { $.post(url, param, function(data) {
if (data.code==1){ if (data.code==1){
......
...@@ -23,9 +23,9 @@ ...@@ -23,9 +23,9 @@
<label for='repo'>&nbsp;url*: &nbsp;&nbsp;</label> <label for='repo'>&nbsp;url*: &nbsp;&nbsp;</label>
<input type="text" name="repo" id="repo" size='25' value="Enter the url of your repository..." /><br/> <input type="text" name="repo" id="repo" size='25' value="Enter the url of your repository..." /><br/>
<label for='user'>Your name: &nbsp;&nbsp;&nbsp;&nbsp;</label> <label for='user'>Your name: &nbsp;&nbsp;&nbsp;&nbsp;</label>
<input type="text" name="user" id="user" size='20' value="Enter your name..." /> <input type="text" name="user" id="user" size='20' value="{{name}}" />
<label for='email'>Email: </label> <label for='email'>Email: </label>
<input type="text" name="email" id="email" size='25' value="Enter your email adress..." /> <input type="text" name="email" id="email" size='25' value="{% if not email %}Enter your email adress...{% else %}{{email}}{%endif%}" />
<input type="hidden" name="workdir" id="workdir" value="{{workDir}}" /> <input type="hidden" name="workdir" id="workdir" value="{{workDir}}" />
<button class="button" id="clone">clone</button> <button class="button" id="clone">clone</button>
<img class="waitting" id="imgwaitting" src="{{ url_for('static', filename='images/waiting.gif') }}" alt="" /> <img class="waitting" id="imgwaitting" src="{{ url_for('static', filename='images/waiting.gif') }}" alt="" />
......
...@@ -23,14 +23,19 @@ ...@@ -23,14 +23,19 @@
<img src="{{ url_for('static', filename='images/manage_repo.png') }}" /> <img src="{{ url_for('static', filename='images/manage_repo.png') }}" />
</div> </div>
<div class="clear"></div> <div class="clear"></div>
<div class="lmenu"> <div class="lmenu smaller">
<h2><a href="{{ url_for('openProject', method='new')}}">Create your Software Release</a></h2> <h2><a href="{{ url_for('openProject', method='new')}}">Create your Software Release</a></h2>
<p><br/>To create a new Software Release, choose the project directory in which you want to create your software.<!-- You will then be able to edit and <p>To create a new Software Release, choose the project directory in which you want to create your software.<!-- You will then be able to edit and
run the new software release.--> run the new software release.-->
</p> </p>
<img src="{{ url_for('static', filename='images/folder_blue.png') }}" /> <img src="{{ url_for('static', filename='images/folder_blue.png') }}" />
<div class="clear"></div> <div class="clear"></div>
</div> </div>
<div class="umenu">
<h2><a href="{{ url_for('myAccount')}}">Your Account</a></h2>
<p>Update your account informations</p>
<img src="{{ url_for('static', filename='images/user_card.png') }}" />
</div>
<div class="clear"></div> <div class="clear"></div>
</div> </div>
</div> </div>
......
...@@ -97,7 +97,7 @@ ...@@ -97,7 +97,7 @@
</div> </div>
{% if request.path != '/login' %} {% if request.path != '/login' %}
<div id="footer"> <div id="footer">
SlapOS web runner &copy; Vifib SARL 2011 - All right reserved - Creative Commons Shared Alike Non Commercial SlapOs web runner &copy; Vifib SARL 2011 - All right reserved - Creative Commons Shared Alike Non Commercial
</div> </div>
{%endif%} {%endif%}
</div> </div>
......
...@@ -5,21 +5,27 @@ ...@@ -5,21 +5,27 @@
{% endblock %} {% endblock %}
{% block body %} {% block body %}
<form method="POST" action=""> <form method="POST" action="">
<h2>Welcome to SlapOS Web Runner</h2> <h2>Login to Slapos Web Runner</h2>
<div class="login-content"><br/> <div class="login-content"><br/>
<div class="login-element login-label"><label for="cpwd">Enter your password : </label></div> <div class="login-element login-label"><label for="clogin">Your login&nbsp; : </label></div>
<div class="login-element"><input type="text" class="login-input" name="clogin" id="clogin" value="Enter login..." /></div><br/><br/>
<div class="clear"></div>
<div class="login-element login-label"><label for="cpwd">Password : </label></div>
<div class="login-element"><input type="password" class="idleField login-input" name="cpwd" id="cpwd" value="******" /></div> <div class="login-element"><input type="password" class="idleField login-input" name="cpwd" id="cpwd" value="******" /></div>
<div class="clear"></div><br/>
<div class="login-element login-label"><label for="cpwd"><a href="#" id="information" rel="tooltip">I need for help</a><br/></label></div>
<div class="clear"></div> <div class="clear"></div>
<!--<br/><a href="#" id="information" rel="tooltip">do you need help?</a><br/>-->
</div> </div>
<div style="text-align:center; margin-top:7px;"> <div style="text-align:center; margin-top:7px;">
<input type="submit" class="button" id="login" value="Open Session" /> <input type="reset" class="button" value="reset" />
<input type="submit" class="button" id="login" value="login" />
</div> </div>
</form> </form>
<!--
<div id="tooltip-information" style="display:none"> <div id="tooltip-information" style="display:none">
<p style="font-size:12px;"> <p style="font-size:12px;">
Please find this information in your slaprunner<br/> instance parameters. If it is your first connexion, use default parameters:<br/>
login: <strong>root</strong>, password: <strong>insecure</strong> and set your
one<br/> parameters at <strong>home->Your Account</strong>.
</p> </p>
</div> </div>-->
{% endblock %} {% endblock %}
\ No newline at end of file
...@@ -40,14 +40,88 @@ def html_escape(text): ...@@ -40,14 +40,88 @@ def html_escape(text):
"""Produce entities within text.""" """Produce entities within text."""
return "".join(html_escape_table.get(c,c) for c in text) return "".join(html_escape_table.get(c,c) for c in text)
def checkSession(config, password): def checkLogin(config, login, pwd):
"""Return True if given `password` is correct""" """
if not os.path.exists(config['password']): User authentication method
return False
pwd_file = open(config['password'], 'r') Args:
pwd = pwd_file.read() config: Slaprunner configuration.
pwd_file.close() login: username of the user.
return pwd == password pwd: password associate to username.
Returns:
a list of user informations or False if authentication fail.
list=[username, password, email, complete_name]
"""
user = getSession(config)
salt = "runner81" #to be changed
current_pwd = hashlib.md5( salt + pwd ).hexdigest()
if user and current_pwd == user[1] and login == user[0]:
return user
return False
def checkSession(config, session, account):
"""Return True if current user is connected with rigth data"""
if 'account' in session and account:
return (session['account'][0] == account[0] and
session['account'][1] == account[1])
return False
def getSession(config):
"""
Get the session data of current user.
Returns:
a list of user informations or False if fail to read data.
"""
user_path = os.path.join(config['runner_workdir'], '.users')
user = ""
if os.path.exists(user_path):
user = open(user_path, 'r').read().split(';')
if type(user) == type(""):
#Error: try to restore data from backup
if os.path.exists(user_path+'.back'):
os.rename(user_path+'.back', user_path)
user = open(user_path, 'r').read().split(';')
else:
return False
return user
def saveSession(config, session, account):
"""
Save account information for the current user
Args:
config: Slaprunner configuration
session: Flask session
account: New session data to be save
Returns:
True if all goes well or str (error message) if fail
"""
user = os.path.join(config['runner_workdir'], '.users')
backup = False
try:
if account[1]:
salt = "runner81" #to be changed
account[1] = hashlib.md5(salt + account[1]).hexdigest()
else:
account[1] = session['account'][1]
if 'account' in session:
#backup previous data
open(user+'.back', 'w').write(';'.join(session['account']))
backup = True
#save new account data
open(user, 'w').write((';'.join(account)).encode("utf-8"))
session['account'] = account
return True
except Exception, e:
try:
if backup:
os.remove(user)
os.rename(user+'.back', user)
except:
pass
return str(e)
def updateProxy(config): def updateProxy(config):
""" """
......
...@@ -14,11 +14,18 @@ app = Flask(__name__) ...@@ -14,11 +14,18 @@ app = Flask(__name__)
#Access Control: Only static files and login pages are allowed to guest #Access Control: Only static files and login pages are allowed to guest
@app.before_request @app.before_request
def before_request(): def before_request():
if not 'account' in session and request.path != '/login' \ if not request.path.startswith('/static'):
and request.path != '/doLogin' and not request.path.startswith('/static'): account = getSession(app.config)
return redirect(url_for('login')) if account:
if 'account' in session: if request.path != '/login' and request.path != '/doLogin' and \
session['title'] = getProjectTitle(app.config) not checkSession(app.config, session, account):
return redirect(url_for('login'))
session['title'] = getProjectTitle(app.config)
else:
session.pop('account', None)
session['title'] = "No account is defined"
if request.path != "/updateAccount" and request.path != "/myAccount":
return redirect(url_for('myAccount'))
# general views # general views
@app.route('/') @app.route('/')
...@@ -29,6 +36,14 @@ def home(): ...@@ -29,6 +36,14 @@ def home():
def login(): def login():
return render_template('login.html') return render_template('login.html')
@app.route("/myAccount")
def myAccount():
if 'account' in session:
return render_template('account.html', username=session['account'][0],
email=session['account'][2], name=session['account'][3].decode('utf-8'))
else:
return render_template('account.html')
@app.route("/logout") @app.route("/logout")
def logout(): def logout():
session.pop('account', None) session.pop('account', None)
...@@ -38,15 +53,17 @@ def logout(): ...@@ -38,15 +53,17 @@ def logout():
def configRepo(): def configRepo():
public_key = open(app.config['public_key'], 'r').read() public_key = open(app.config['public_key'], 'r').read()
return render_template('cloneRepository.html', workDir='workspace', return render_template('cloneRepository.html', workDir='workspace',
public_key=public_key) public_key=public_key, name=session['account'][3].decode('utf-8'),
email=session['account'][2])
@app.route("/doLogin", methods=['POST']) @app.route("/doLogin", methods=['POST'])
def doLogin(): def doLogin():
if not checkSession(app.config, request.form['cpwd']): check_user = checkLogin(app.config, request.form['clogin'], request.form['cpwd'])
if not check_user:
return jsonify(code=0, result="Login or password is incorrect, please check it!") return jsonify(code=0, result="Login or password is incorrect, please check it!")
else: else:
session['account'] = "logged in" session['account'] = check_user
return jsonify(code=1, result="") return jsonify(code=1, result=check_user)
# software views # software views
@app.route('/editSoftwareProfile') @app.route('/editSoftwareProfile')
...@@ -457,4 +474,19 @@ def getParameterXml(request): ...@@ -457,4 +474,19 @@ def getParameterXml(request):
if type(parameters) == type('') and request != "xml": if type(parameters) == type('') and request != "xml":
return jsonify(code=0, result=parameters) return jsonify(code=0, result=parameters)
else: else:
return jsonify(code=1, result=parameters) return jsonify(code=1, result=parameters)
\ No newline at end of file
#update user account data
@app.route("/updateAccount", methods=['POST'])
def updateAccount():
account = []
user = os.path.join(app.config['runner_workdir'], '.users')
account.append(request.form['username'].strip())
account.append(request.form['password'].strip())
account.append(request.form['email'].strip())
account.append(request.form['name'].strip())
result = saveSession(app.config, session, account)
if type(result) == type(""):
return jsonify(code=0, result=result)
else:
return jsonify(code=1, result="")
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment