Skip to content
Browse files

make login and logout work minimally

  • Loading branch information...
1 parent db7fbed commit b8ac3346dbb482e9cd5de323d8230ca0c6d5ece5 @mcdonc committed Jul 27, 2011
Showing with 49 additions and 41 deletions.
  1. +2 −1 .gitignore
  2. +0 −2 trans/__init__.py
  3. +3 −1 trans/resources.py
  4. +7 −37 trans/security.py
  5. +37 −0 trans/views.py
View
3 .gitignore
@@ -1,3 +1,4 @@
PKG-INFO
*.egg-info
-
+*.pyc
+sessions/
View
2 trans/__init__.py
@@ -8,7 +8,6 @@
from trans.resources import Root
from trans.security import getgroup
-from trans.security import logout
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
@@ -26,7 +25,6 @@ def get_root(request):
authentication_policy=AuthTktAuthenticationPolicy(settings.pop('authkey'), callback=getgroup),
authorization_policy=ACLAuthorizationPolicy())
config.add_static_view(name='static', path='trans:static')
- config.add_view(logout)
config.scan()
View
4 trans/resources.py
@@ -22,7 +22,9 @@ def __getitem__(self, name):
trans_name = os.path.join(self.location, u'trans_%s.json' % name)
# Security to prevent directory escalation
- return Trans(trans_name, self) if trans_name.startswith(self.location) and os.path.isfile(trans_name) else KeyError(name)
+ if trans_name.startswith(self.location) and os.path.isfile(trans_name):
+ return Trans(trans_name, self)
+ raise KeyError(name)
def _get_current(self):
if os.path.isdir(self.location):
View
44 trans/security.py
@@ -1,15 +1,14 @@
import random
import string
import hashlib
-from trans.resources import Root
-from pyramid.httpexceptions import HTTPForbidden, HTTPFound
-from pyramid.view import view_config
-from pyramid.security import remember, forget
-from pprint import pprint
-USERS = {
- 'user': ['salt', 'pw'],
-}
+## USERS = {
+## 'user': ['salt', 'pw'],
+## }
+
+USERS = {'user':
+ ['test', 'f4a92ed38b74b373e60b16176a8e19ca0220cd21bf73e46e68c74c0ca77a8cba3f6738b264000d894f7eff5ca17f8cdd01c7beb2ccc2ba2553987c01df152729']
+ }
GROUPS = {
'user': ['group:users'],
@@ -30,32 +29,3 @@ def getgroup(userid, request):
else: return []
else: return None
-@view_config(context=HTTPForbidden, renderer='login.mak')
-@view_config(context=Root, name='login', renderer='login.mak')
-def viewlogin(context, request):
- print '----------- VIEWLOGIN'
- return {'username': ''}
-
-@view_config(context=Root, request_param='login.submitted',
- request_method='POST', renderer='login.mak')
-def login(context, request):
- print '------ DOLOGIN'
- username = request.params['username']
- password = request.params['password']
-
- if USERS.has_key(username) and calchash(password, USERS[username][0]) == USERS[username][1]:
- headers = remember(request, username)
- print '------------- HEADERS'
- pprint(headers)
- print '------------- /HEADERS'
- return HTTPFound(location='/', headers=headers)
-
- request.session.flash('Username/password combination not found!')
-
- return {'username': username}
-
-@view_config(context=Root, route_name='logout')
-def logout(context, request):
- print '------------ LOGOUT'
- headers = forget(request)
- return HTTPFound(location='/', headers=headers)
View
37 trans/views.py
@@ -1,9 +1,16 @@
from pyramid.view import view_config
from pyramid.httpexceptions import HTTPFound
+from pyramid.httpexceptions import HTTPForbidden
+
+from pyramid.security import remember, forget
from trans.resources import Root
from trans.resources import Trans
from trans.resources import Element
+from trans.security import USERS
+from trans.security import calchash
+
+from pprint import pprint
@view_config(context=Root, renderer='index.mak', permission='view')
def index(context, request):
@@ -46,3 +53,33 @@ def saveelement(context, request):
'newvalue': context.__parent__.map[context.__name__],
'success': True
}
+
+@view_config(context=HTTPForbidden, renderer='login.mak')
+@view_config(context=Root, name='login', renderer='login.mak')
+def viewlogin(context, request):
+ print '----------- VIEWLOGIN'
+ return {'username': ''}
+
+@view_config(context=Root, request_param='login.submitted',
+ request_method='POST', renderer='login.mak')
+def login(context, request):
+ print '------ DOLOGIN'
+ username = request.params['username']
+ password = request.params['password']
+
+ if USERS.has_key(username) and calchash(password, USERS[username][0]) == USERS[username][1]:
+ headers = remember(request, username)
+ print '------------- HEADERS'
+ pprint(headers)
+ print '------------- /HEADERS'
+ return HTTPFound(location='/', headers=headers)
+
+ request.session.flash('Username/password combination not found!')
+
+ return {'username': username}
+
+@view_config(context=Root, name='logout')
+def logout(context, request):
+ print '------------ LOGOUT'
+ headers = forget(request)
+ return HTTPFound(location='/', headers=headers)

0 comments on commit b8ac334

Please sign in to comment.
Something went wrong with that request. Please try again.