python bottle Todo

1. #!/usr/bin/env python
2. #
3. # Copyright (C) 2013 Federico Ceratto and others, see AUTHORS file.
4. # Released under LGPLv3+ license, see LICENSE.txt
5. #
6. # Cork example web application
7. #
8. # The following users are already available:
9. # admin/admin, demo/demo
10.  
11. import bottle
12. from beaker.middleware import SessionMiddleware
13. from cork import Cork
14. import logging
15.  
16. logging.basicConfig(format='localhost - - [%(asctime)s] %(message)s', level=logging.DEBUG)
17. log = logging.getLogger(__name__)
18. bottle.debug(True)
19.  
20. # Use users.json and roles.json in the local example_conf directory
21. aaa = Cork('example_conf', email_sender='[email protected]', smtp_url='smtp://smtp.magnet.ie')
22.  
23. # alias the authorization decorator with defaults
24. authorize = aaa.make_auth_decorator(fail_redirect="/login", role="user")
25.  
26. import datetime
27. app = bottle.app()
28. session_opts = {
29. 'session.cookie_expires': True,
30. 'session.encrypt_key': 'please use a random key and keep it secret!',
31. 'session.httponly': True,
32. 'session.timeout': 3600 * 24, # 1 day
33. 'session.type': 'cookie',
34. 'session.validate_key': True,
35. }
36. app = SessionMiddleware(app, session_opts)
37.  
38.  
39. # # Bottle methods # #
40.  
41. def postd():
42. return bottle.request.forms
43.  
44.  
45. def post_get(name, default=''):
46. return bottle.request.POST.get(name, default).strip()
47.  
48.  
49. @bottle.post('/login')
50. def login():
51. """Authenticate users"""
52. username = post_get('username')
53. password = post_get('password')
54. aaa.login(username, password, success_redirect='/', fail_redirect='/login')
55.  
56. @bottle.route('/user_is_anonymous')
57. def user_is_anonymous():
58. if aaa.user_is_anonymous:
59. return 'True'
60.  
61. return 'False'
62.  
63. @bottle.route('/logout')
64. def logout():
65. aaa.logout(success_redirect='/login')
66.  
67.  
68. @bottle.post('/register')
69. def register():
70. """Send out registration email"""
71. aaa.register(post_get('username'), post_get('password'), post_get('email_address'))
72. return 'Please check your mailbox.'
73.  
74.  
75. @bottle.route('/validate_registration/:registration_code')
76. def validate_registration(registration_code):
77. """Validate registration, create user account"""
78. aaa.validate_registration(registration_code)
79. return 'Thanks. <a href="/login">Go to login</a>'
80.  
81.  
82. @bottle.post('/reset_password')
83. def send_password_reset_email():
84. """Send out password reset email"""
85. aaa.send_password_reset_email(
86. username=post_get('username'),
87. email_addr=post_get('email_address')
88. )
89. return 'Please check your mailbox.'
90.  
91.  
92. @bottle.route('/change_password/:reset_code')
93. @bottle.view('password_change_form')
94. def change_password(reset_code):
95. """Show password change form"""
96. return dict(reset_code=reset_code)
97.  
98.  
99. @bottle.post('/change_password')
100. def change_password():
101. """Change password"""
102. aaa.reset_password(post_get('reset_code'), post_get('password'))
103. return 'Thanks. <a href="/login">Go to login</a>'
104.  
105.  
106. @bottle.route('/')
107. @authorize()
108. def index():
109. """Only authenticated users can see this"""
110. #session = bottle.request.environ.get('beaker.session')
111. #aaa.require(fail_redirect='/login')
112. return 'Welcome! <a href="/admin">Admin page</a> <a href="/logout">Logout</a>'
113.  
114.  
115. # Resources used by tests designed to test decorators specifically
116.  
117. @bottle.route('/for_kings_only')
118. @authorize(role="king")
119. def page_for_kings():
120. """
121. This resource is used to test a non-existing role.
122. Only kings or higher (e.g. gods) can see this
123. """
124. return 'Welcome! <a href="/admin">Admin page</a> <a href="/logout">Logout</a>'
125.  
126. @bottle.route('/page_for_specific_user_admin')
127. @authorize(username="admin")
128. def page_for_username_admin():
129. """Only a user named 'admin' can see this"""
130. return 'Welcome! <a href="/admin">Admin page</a> <a href="/logout">Logout</a>'
131.  
132. @bottle.route('/page_for_specific_user_fred_who_doesnt_exist')
133. @authorize(username="fred")
134. def page_for_user_fred():
135. """Only authenticated users by the name of 'fred' can see this"""
136. return 'Welcome! <a href="/admin">Admin page</a> <a href="/logout">Logout</a>'
137.  
138. @bottle.route('/page_for_admins')
139. @authorize(role="admin")
140. def page_for_role_admin():
141. """Only authenticated users (role=user or role=admin) can see this"""
142. return 'Welcome! <a href="/admin">Admin page</a> <a href="/logout">Logout</a>'
143.  
144.  
145.  
146. @bottle.route('/restricted_download')
147. @authorize()
148. def restricted_download():
149. """Only authenticated users can download this file"""
150. #aaa.require(fail_redirect='/login')
151. return bottle.static_file('static_file', root='.')
152.  
153.  
154. @bottle.route('/my_role')
155. def show_current_user_role():
156. """Show current user role"""
157. session = bottle.request.environ.get('beaker.session')
158. print "Session from simple_webapp", repr(session)
159. aaa.require(fail_redirect='/login')
160. return aaa.current_user.role
161.  
162.  
163. # Admin-only pages
164.  
165. @bottle.route('/admin')
166. @authorize(role="admin", fail_redirect='/sorry_page')
167. @bottle.view('admin_page')
168. def admin():
169. """Only admin users can see this"""
170. #aaa.require(role='admin', fail_redirect='/sorry_page')
171. return dict(
172. current_user = aaa.current_user,
173. users = aaa.list_users(),
174. roles = aaa.list_roles()
175. )
176.  
177.  
178. @bottle.post('/create_user')
179. def create_user():
180. try:
181. aaa.create_user(postd().username, postd().role, postd().password)
182. return dict(ok=True, msg='')
183. except Exception, e:
184. return dict(ok=False, msg=e.message)
185.  
186.  
187. @bottle.post('/delete_user')
188. def delete_user():
189. try:
190. aaa.delete_user(post_get('username'))
191. return dict(ok=True, msg='')
192. except Exception, e:
193. print repr(e)
194. return dict(ok=False, msg=e.message)
195.  
196.  
197. @bottle.post('/create_role')
198. def create_role():
199. try:
200. aaa.create_role(post_get('role'), post_get('level'))
201. return dict(ok=True, msg='')
202. except Exception, e:
203. return dict(ok=False, msg=e.message)
204.  
205.  
206. @bottle.post('/delete_role')
207. def delete_role():
208. try:
209. aaa.delete_role(post_get('role'))
210. return dict(ok=True, msg='')
211. except Exception, e:
212. return dict(ok=False, msg=e.message)
213.  
214.  
215. # Static pages
216.  
217. @bottle.route('/login')
218. @bottle.view('login_form')
219. def login_form():
220. """Serve login form"""
221. return {}
222.  
223.  
224. @bottle.route('/sorry_page')
225. def sorry_page():
226. """Serve sorry page"""
227. return '<p>Sorry, you are not authorized to perform this action</p>'
228.  
229.  
230. # # Web application main # #
231.  
232. def main():
233.  
234. # Start the Bottle webapp
235. bottle.debug(True)
236. bottle.run(app=app, quiet=False, reloader=True)
237.  
238. if __name__ == "__main__":
239. main()