libervia-web: libervia_server/__init_

comparison libervia_server/init.py @ 446:c406e46fe9c0

server_side: update the connection mechanism to handle profile passwords

author	souliane <souliane@mailoo.org>
date	Wed, 07 May 2014 19:46:58 +0200
parents	c0ff91cabea0
children	14c35f7f1ef5

comparison

equal deleted inserted replaced

-:c0ff91cabea0
+:c406e46fe9c0
 Render method with some hacks:
 - if login is requested, try to login with form data
 - except login, every method is jsonrpc
 - user doesn't need to be authentified for explicitely listed methods, but must be for all others
 """
-if request.postpath==['login']:
+if request.postpath == ['login']:
-return self.login(request)
+return self.loginOrRegister(request)
 _session = request.getSession()
 parsed = jsonrpclib.loads(request.content.read())
 method = parsed.get("method")
 if  method not in ['isRegistered', 'registerParams', 'getMenus']:
 #if we don't call these methods, we need to be identified
 fault = jsonrpclib.Fault(C.ERRNUM_LIBERVIA, "Not allowed") #FIXME: define some standard error codes for libervia
 return jsonrpc.JSONRPC._cbRender(self, fault, request, parsed.get('id'), parsed.get('jsonrpc'))
 self.request = request
 return jsonrpc.JSONRPC.render(self, request)
-def login(self, request):
+def loginOrRegister(self, request):
-"""
+"""This method is called with the POST information from the registering form.
-this method is called with the POST information from the registering form
-it test if the password is ok, and log in if it's the case,
+@param request: request of the register form
-else it return an error
+@return: a constant indicating the state:
-@param request: request of the register formulaire, must have "login" and "password" as arguments
+- BAD REQUEST: something is wrong in the request (bad arguments)
-@return: A constant indicating the state:
+- a return value from self._loginAccount or self._registerNewAccount
-- BAD REQUEST: something is wrong in the request (bad arguments, profile_key for login)
+"""
-- AUTH ERROR: either the profile or the password is wrong
-- ALREADY WAITING: a request has already be made for this profile
-- server.NOT_DONE_YET: the profile is being processed, the return value will be given by self._logged or self._logginError
-"""
 try:
-if request.args['submit_type'][0] == 'login':
+submit_type = request.args['submit_type'][0]
-_login = request.args['login'][0]
-if _login.startswith('@'):
-raise Exception('No profile_key allowed')
-_pass = request.args['login_password'][0]
-elif request.args['submit_type'][0] == 'register':
-return self._registerNewAccount(request)
-else:
-raise Exception('Unknown submit type')
 except KeyError:
 return "BAD REQUEST"
-_profile_check = self.sat_host.bridge.getProfileName(_login)
+if submit_type == 'register':
+return self._registerNewAccount(request)
-def profile_pass_cb(_profile_pass):
+elif submit_type == 'login':
-if not _profile_check or _profile_check != _login or _profile_pass != _pass:
+return self._loginAccount(request)
-request.write("AUTH ERROR")
+return Exception('Unknown submit type')
-request.finish()
-return
+def _loginAccount(self, request):
+"""Try to authenticate the user with the request information.
-if self.profiles_waiting.has_key(_login):
+@param request: request of the register form
-request.write("ALREADY WAITING")
+@return: a constant indicating the state:
-request.finish()
+- BAD REQUEST: something is wrong in the request (bad arguments)
-return
+- AUTH ERROR: either the profile (login) or the password is wrong
+- ALREADY WAITING: a request has already been submitted for this profile
-if self.sat_host.bridge.isConnected(_login):
+- server.NOT_DONE_YET: the profile is being processed, the return
-request.write(self._logged(_login, request, finish=False))
+value will be given by self._logged or self._logginError
-request.finish()
+"""
-return
+try:
+login_ = request.args['login'][0]
-self.profiles_waiting[_login] = request
+password_ = request.args['login_password'][0]
-d = self.asyncBridgeCall("asyncConnect", _login)
+except KeyError:
-return d
+return "BAD REQUEST"
-def profile_pass_errback(ignore):
+if login_.startswith('@'):
-log.error("INTERNAL ERROR: can't check profile password")
+raise Exception('No profile_key allowed')
+profile_check = self.sat_host.bridge.getProfileName(login_)
+if not profile_check or profile_check != login_ or not password_:
+# profiles with empty passwords are restricted to local frontends
+return "AUTH ERROR"
+if login_ in self.profiles_waiting:
+return "ALREADY WAITING"
+def auth_eb(ignore=None):
+self.__cleanWaiting(login_)
+log.info("Profile %s doesn't exist or the submitted password is wrong" % login_)
 request.write("AUTH ERROR")
 request.finish()
-d = self.asyncBridgeCall("asyncGetParamA", "Password", "Connection", profile_key=_login)
+self.profiles_waiting[login_] = request
-d.addCallbacks(profile_pass_cb, profile_pass_errback)
+d = self.asyncBridgeCall("asyncConnect", login_, password_)
+d.addCallbacks(lambda connected: self._logged(login_, request) if connected else None, auth_eb)
 return server.NOT_DONE_YET
 def _registerNewAccount(self, request):
 """Create a new account, or return error
-@param request: initial login request
+@param request: request of the register form
-@return: "REGISTRATION" in case of success"""
+@return: a constant indicating the state:
-#TODO: must be moved in SàT core
+- BAD REQUEST: something is wrong in the request (bad arguments)
+- REGISTRATION: new account has been successfully registered
+- ALREADY EXISTS: the given profile already exists
+- INTERNAL or 'Unknown error (...)'
+- server.NOT_DONE_YET: the profile is being processed, the return
+value will be given later (one of those previously described)
+"""
 try:
 profile = login = request.args['register_login'][0]
-password = request.args['register_password'][0] #FIXME: password is ignored so far
+password = request.args['register_password'][0]
 email = request.args['email'][0]
 except KeyError:
 return "BAD REQUEST"
 if not re.match(r'^[a-z0-9_-]+$', login, re.IGNORECASE) or \
 not re.match(r'^.+@.+\..+', email, re.IGNORECASE) or \
 try:
 del self.profiles_waiting[login]
 except KeyError:
 pass
-def _logged(self, profile, request, finish=True):
+def _logged(self, profile, request):
-"""Set everything when a user just logged
+"""Set everything when a user just logged in
-and return "LOGGED" to the requester"""
-def result(answer):
+@param profile
-if finish:
+@param request
-request.write(answer)
+@return: a constant indicating the state:
-request.finish()
+- LOGGED
-else:
+- SESSION_ACTIVE
-return answer
+"""
 self.__cleanWaiting(profile)
 _session = request.getSession()
 sat_session = ISATSession(_session)
 if sat_session.profile:
-log.error (('/!\\ Session has already a profile, this should NEVER happen !'))
+log.error(('/!\\ Session has already a profile, this should NEVER happen!'))
-return result('SESSION_ACTIVE')
+request.write('SESSION_ACTIVE')
+request.finish()
+return
 sat_session.profile = profile
 self.sat_host.prof_connected.add(profile)
 def onExpire():
-log.info ("Session expired (profile=%s)" % (profile,))
+log.info("Session expired (profile=%s)" % (profile,))
 try:
 #We purge the queue
 del self.sat_host.signal_handler.queue[profile]
 except KeyError:
 pass
 #and now we disconnect the profile
 self.sat_host.bridge.disconnect(profile)
 _session.notifyOnExpire(onExpire)
-return result('LOGGED')
+request.write('LOGGED')
+request.finish()
 def _logginError(self, login, request, error_type):
-"""Something went wrong during loggin, return an error"""
+"""Something went wrong during logging in
+@return: error
+"""
 self.__cleanWaiting(login)
 return error_type
 def jsonrpc_isConnected(self):
 _session = self.request.getSession()
 self.queue[profile] = []
 self.queue[profile].append((function_name, args[:-1]))
 return genericCb
 def connected(self, profile):
-assert(self.register) #register must be plugged
+assert(self.register)  # register must be plugged
 request = self.register.getWaitingRequest(profile)
 if request:
 self.register._logged(profile, request)
 def disconnected(self, profile):
 ['port_https', 's', 8443, 'The port number to listen HTTPS on.', int],
 ['port_https_ext', 'e', 0, 'The external port number used for HTTPS (0 means port_https value).', int],
 ['ssl_certificate', 'c', 'libervia.pem', 'PEM certificate with both private and public parts.', str],
 ['redirect_to_https', 'r', 1, 'automatically redirect from HTTP to HTTPS.', int],
 ['security_warning', 'w', 1, 'warn user that he is about to connect on HTTP.', int],
+['passphrase', 'k', '', u"passphrase for the SàT profile named '%s'" % C.SERVICE_PROFILE, str],
 ]
 def __init__(self, *args, **kwargs):
 if not kwargs:
 # During the loading of the twisted plugins, we just need the default values.
 if not self.port_https_ext:
 self.port_https_ext = self.port_https
 self.ssl_certificate = kwargs['ssl_certificate']
 self.redirect_to_https = kwargs['redirect_to_https']
 self.security_warning = kwargs['security_warning']
+self.passphrase = kwargs['passphrase']
 self._cleanup = []
 root = ProtectedFile(C.LIBERVIA_DIR)
 self.signal_handler = SignalHandler(self)
 _register = Register(self)
 _upload_radiocol = UploadManagerRadioCol(self)
 @param *args: list of arguments of the callback
 @param **kwargs: list of keyword arguments of the callback"""
 self._cleanup.insert(0, (callback, args, kwargs))
 def startService(self):
+"""Connect the profile for Libervia and start the HTTP(S) server(s)"""
+def eb(e):
+log.error(_("Connection failed: %s") % e)
+self.stop()
 def initOk(dummy):
-if self.connection_type in ('https', 'both'):
+if not self.bridge.isConnected(C.SERVICE_PROFILE):
-if not ssl_available:
+self.bridge.asyncConnect(C.SERVICE_PROFILE, self.passphrase,
-raise(ImportError(_("Python module pyOpenSSL is not installed!")))
+callback=self._startService, errback=eb)
-try:
-with open(os.path.expanduser(self.ssl_certificate)) as keyAndCert:
-try:
-cert = ssl.PrivateCertificate.loadPEM(keyAndCert.read())
-except OpenSSL.crypto.Error as e:
-log.error(_("The file '%s' must contain both private and public parts of the certificate") % self.ssl_certificate)
-raise e
-except IOError as e:
-log.error(_("The file '%s' doesn't exist") % self.ssl_certificate)
-raise e
-reactor.listenSSL(self.port_https, self.site, cert.options())
-if self.connection_type in ('http', 'both'):
-if self.connection_type == 'both' and self.redirect_to_https:
-reactor.listenTCP(self.port, server.Site(RedirectToHTTPS(self.port, self.port_https_ext)))
-else:
-reactor.listenTCP(self.port, self.site)
 self.initialised.addCallback(initOk)
+def _startService(self, dummy):
+"""Actually start the HTTP(S) server(s) after the profile for Libervia is connected"""
+if self.connection_type in ('https', 'both'):
+if not ssl_available:
+raise(ImportError(_("Python module pyOpenSSL is not installed!")))
+try:
+with open(os.path.expanduser(self.ssl_certificate)) as keyAndCert:
+try:
+cert = ssl.PrivateCertificate.loadPEM(keyAndCert.read())
+except OpenSSL.crypto.Error as e:
+log.error(_("The file '%s' must contain both private and public parts of the certificate") % self.ssl_certificate)
+raise e
+except IOError as e:
+log.error(_("The file '%s' doesn't exist") % self.ssl_certificate)
+raise e
+reactor.listenSSL(self.port_https, self.site, cert.options())
+if self.connection_type in ('http', 'both'):
+if self.connection_type == 'both' and self.redirect_to_https:
+reactor.listenTCP(self.port, server.Site(RedirectToHTTPS(self.port, self.port_https_ext)))
+else:
+reactor.listenTCP(self.port, self.site)
 def stopService(self):
 print "launching cleaning methods"
 for callback, args, kwargs in self._cleanup:
 callback(*args, **kwargs)
+self.bridge.disconnect(C.SERVICE_PROFILE)
 def run(self):
 reactor.run()
 def stop(self):

Mercurial > libervia-web

comparison libervia_server/__init__.py @ 446:c406e46fe9c0

comparison libervia_server/init.py @ 446:c406e46fe9c0