Guest User

Untitled

a guest
Jan 14th, 2018
117
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 8.12 KB | None | 0 0
  1. '''Staff management.'''
  2.  
  3. import time
  4. from sqlalchemy.sql import case, or_, and_, select, func, null
  5.  
  6. import strings
  7. import model
  8. import misc
  9. import staff_interface
  10. import config, config_defaults
  11. from util import WakaError, local
  12. from template import Template
  13.  
  14. # TODO: Synchronized cache of staff personnel objects.
  15. # _staff = {}
  16.  
  17. # Staff class types.
  18. ADMIN = 'admin'
  19. GLOBAL_MOD = 'globmod'
  20. MODERATOR = 'mod'
  21. CLASSES = (ADMIN, GLOBAL_MOD, MODERATOR)
  22.  
  23. # Login cookie expire times (in seconds).
  24. SAVED_LOGIN_EXPIRE = 365 * 24 * 3600
  25. UNSAVED_LOGIN_EXPIRE = 3600
  26.  
  27. # Staff Accounts and Logins
  28. class LoginData(object):
  29.     '''Class for interfacing with prefetched login data.'''
  30.  
  31.     def ___init___(self, user, addr):
  32.         self.addr = addr
  33.         self.crypt = misc.hide_critical_data\
  34.                        (','.join((user.password, remote)), config.SECRET)
  35.         self.username = user.username
  36.         self.cookie_str = ','.join((self.username, self.crypt))
  37.  
  38.     def make_cookie(self, save_login=False):
  39.         misc.make_cookies(admin=self._cstring)
  40.  
  41.         if save_login:
  42.             misc.make_cookies(wakaadminsave='1', wakaadmin=self.crypt,
  43.                               expires=time.time()+SAVED_LOGIN_EXPIRE)
  44.         else:
  45.             misc.make_cookies(wakaadminsave='0', wakaadmin=self.crypt,
  46.                               expires=time.time()+UNSAVED_LOGIN_EXPIRE)
  47.  
  48. # Class for representing staff
  49.  
  50. class StaffMember(object):
  51.     '''A staff object for acquiring and updating personnel account
  52.    information. Use the class factory method to initialize:
  53.    
  54.    >> StaffMember.get('SirDerpDeeDoo')
  55.    
  56.    To create new staff accounts, use the add_staff() function instead.'''
  57.  
  58.     def __init__(self, username):
  59.         session = model.Session()
  60.         table = model.account
  61.         table.create(bind=model.engine, checkfirst=True)
  62.         sql = table.select().where(table.c.username == username)
  63.         row = session.execute(sql).fetchone()
  64.         self._table = table
  65.  
  66.         if row is None:
  67.             raise LoginError('Staff not found.')
  68.  
  69.         # Grab parameters from database. Password is pre-encrypted.
  70.         self.username = username
  71.         self._password = row.password
  72.         self._class = row.account
  73.         self._reign = row.reign.split(',')
  74.         self._disabled = row.disabled
  75.         self._update_dict = {}
  76.  
  77.         # Not logged in yet.
  78.         self._login_data = None
  79.  
  80.     def _update_db(self, **kwargs):
  81.         self._update_dict += kwargs
  82.  
  83.     @property
  84.     def password(self):
  85.         return self._password
  86.  
  87.     @password.setter
  88.     def password(self, new):
  89.         table = self._table
  90.         # TODO: Sanity checks
  91.  
  92.         kwargs = {'password' : new}
  93.         self._update_db(**kwargs)
  94.         self._password = new
  95.  
  96.     @property
  97.     def reign(self):
  98.         return self._reign
  99.  
  100.     @reign.setter
  101.     def reign(self, board_list):
  102.         reign_str = ','.join(board_list)
  103.         kwargs = {'reign' : reign_str}
  104.         self._update_db(**kwargs)
  105.  
  106.         self._reign = board_list
  107.  
  108.     @property
  109.     def account(self):
  110.         return self._class
  111.  
  112.     @account.setter
  113.     def account(self, new):
  114.         if new in CLASSES:
  115.             kwargs = {'account' : new}
  116.             self._update_db(**kwargs)
  117.             self._class = new
  118.         else:
  119.             raise WakaError('Invalid class name %s' % new)
  120.  
  121.     @property
  122.     def login_data(self):
  123.         return self._login_data
  124.  
  125.     @property
  126.     def disabled(self):
  127.         return self._disabled
  128.  
  129.     @disabled.setter
  130.     def disabled(self, disable):
  131.         kwargs = {'disabled' : int(disable)}
  132.         self._disabled = disable
  133.  
  134.         self._update_db(**kwargs)
  135.  
  136.     def login_host(self, ip):
  137.         login_data = LoginData(self.username, ip)
  138.         self._login_data = login_data
  139.         return login_data
  140.  
  141.     def logout_user(self):
  142.         self._login_data = None
  143.  
  144.     def flush_db(self):
  145.         session = model.Session()
  146.         table = self._table
  147.  
  148.         if len(self._update_dict) > 0:
  149.             db_update = table.update().where(self.username == username)\
  150.                              .values(**self._update_dict)
  151.  
  152.     @classmethod
  153.     def get(cls, username):
  154. #        if username in _staff:
  155. #            return _staff[username]
  156.  
  157.         staff_obj = cls(username)
  158. #       _staff[username] = staff_obj
  159.         return staff_obj
  160.  
  161. def add_staff(username, pt_password, account, reign):
  162.     session = model.Session()
  163.     table = model.account
  164.     password = misc.hide_critical_data(pt_password, config.SECRET)
  165.     reign_str = ','.join(reign)
  166.  
  167.     sql = table.insert().values(username=username, password=password,
  168.                                 account=account, reign=reign_str,
  169.                                 disabled=0)
  170.     session.execute(sql)
  171.  
  172. def del_staff(username):
  173.     session = model.Session()
  174.     table = model.account
  175.     sql = table.delete(table.c.username == username)
  176.     session.execute(sql)
  177.  
  178. #    try:
  179. #        del _staff[username]
  180. #    except AttributeError:
  181. #        pass
  182.  
  183. def edit_staff(mpass, username, clear_pass=None, new_class=None,
  184.                reign=None):
  185.  
  186.     staff_obj = get_staff(username)
  187.    
  188.     if clear_pass:
  189.         staff_obj.password = misc.hide_critical_data(clear_pass,
  190.                                                      config.SECRET)
  191.  
  192.     if new_class and new_class in CLASSES:
  193.         staff_obj.account = new_class
  194.  
  195.     if reign:
  196.         staff_obj.reign = reign
  197.  
  198.     staff_obj.flush_db()
  199.  
  200. def staff_exist():
  201.     session = model.Session()
  202.     table = model.account
  203.     table.create(bind=model.engine, checkfirst=True)
  204.     sql = select([func.count()], table)
  205.     row = session.execute(sql).fetchone()
  206.  
  207.     return row[0] != 0
  208.  
  209. def do_login(username=None, password=None, save_login=False,
  210.              admin_cookie=None, nexttask='mpanel'):
  211.  
  212.     bad_pass = False
  213.     staff_entry = None
  214.  
  215.     if not staff_exist():
  216.         return staff_interface.make_first_time_setup_gateway()
  217.     elif username and password:
  218.         # Login via login form entry.
  219.         try:
  220.             staff_entry = get_staff(username)
  221.         except LoginError:
  222.             # Bad username.
  223.             bad_pass = True
  224.         else:
  225.             crypt_pass = misc.hide_critical_data(staff_entry.password,
  226.                                                  config.SECRET)
  227.             if crypt_pass == staff_entry.password:
  228.                 staff_entry.login_host(remote)
  229.             else:
  230.                 bad_pass = True
  231.     elif admin_cookie:
  232.         # Attempt automatic login.
  233.         staff_entry = check_password(admin_cookie, nexttask)
  234.     else:
  235.         # No login credentials given.
  236.         bad_pass = True
  237.  
  238.     if bad_pass:
  239.         return staff_interface.make_login_panel()
  240.     else:
  241.         login = staff_entry.login_data
  242.         login.make_cookie(save_login=save_login)
  243.         return staff_interface.make_admin_panel(login.cookie, nexttask)
  244.  
  245. def do_logout(admin):
  246.     # Clear login cache.
  247.     try:
  248.         user = check_password(admin)
  249.         user.logout_user()
  250.     except LoginError:
  251.         pass
  252.  
  253.     # Clear login cookies.
  254.     misc.make_cookies(wakaadmin='', wakaadminsave='0', expires=0)
  255.  
  256. def check_password(cookie_str, editing=None):
  257.     (username, crypt) = cookie_str.split(',')
  258.     staff_entry = get_staff(username)
  259.     cache = staff_entry.login_data
  260.  
  261.     if cache and cache.addr == remote:
  262.         # The host is already logged in.
  263.         pass
  264.     elif crypt != misc.hide_critical_data(','.join([staff_entry.password,
  265.                                                     remote]), config.SECRET):
  266.         raise LoginError(S_WRONGPASS)
  267.     else:
  268.         # NOTE: This will overwrite the current network address login.
  269.         staff_entry.login_host(remote)
  270.  
  271.     return staff_entry
  272.  
  273. def crypt_pass(cleartext):
  274.     remote = local.environ['REMOTE_ADDR']
  275.     return misc.hide_critical_data(','.join((cleartext, remote)),
  276.                                             config.SECRET)
  277.  
  278. class LoginError(WakaError):
  279.     '''WakaError subclass to discriminate login-related exceptions (bad
  280.    password/username combinations).'''
  281.     pass
Add Comment
Please, Sign In to add comment