Commit d326eb6a authored by Alain Takoudjou's avatar Alain Takoudjou

Use Flask-Auth for slaprunner account management

parent 0d5fa8e6
......@@ -46,6 +46,7 @@ setup(name=name,
'lampconfigure': ["mysql-python"], #needed for MySQL Database access
'zodbpack': ['ZODB3'], # needed to play with ZODB
'agent': ['erp5.util'],
'flask_auth' : ["Flask-Auth"],
},
zip_safe=False, # proxy depends on Flask, which has issues with
# accessing templates
......
......@@ -618,6 +618,8 @@ a.lshare img{
border-radius: 0 0 4px 4px;
box-shadow: 0 2px 4px rgba(0, 0, 0, 0.2);
text-align: center;
position: relative;
z-index: 170;
}
#error table{
......
......@@ -2,6 +2,7 @@ $(document).ready( function() {
var send = false;
$("#update").click(function(){
var haspwd = false;
var hasAccount = !($("input#hasAccount").val() === "");
if($("input#username").val() === "" || !$("input#username").val().match(/^[\w\d\._-]+$/)){
$("#error").Popup("Invalid user name. Please check it!", {type:'alert', duration:3000});
return false;
......@@ -18,7 +19,7 @@ $(document).ready( function() {
$("#error").Popup("Please enter a valid email adress!", {type:'alert', duration:3000});
return false;
}
if($("input#hasAccount").val() === "" && !$("input#password").val().match(/^[\w\d\._-]+$/)){
if(!hasAccount && !$("input#password").val().match(/^[\w\d\._-]+$/)){
$("#error").Popup("Please enter your new password!", {type:'alert', duration:3000});
return false;
}
......@@ -45,7 +46,7 @@ $(document).ready( function() {
send = true;
$.ajax({
type: "POST",
url: $SCRIPT_ROOT + '/updateAccount',
url: $SCRIPT_ROOT + ((hasAccount)? '/updateAccount':'/configAccount'),
data: {name: $("input#name").val(), username:$("input#username").val(), email:$("input#email").val(),
password:((haspwd) ? $("input#password").val():""), rcode:$("input#rcode").val()},
success: function(data){
......
......@@ -54,7 +54,7 @@
<div class="line"></div>
<a href="{{ url_for('editCurrentProject') }}" style="float:left" title="Edit your current project"><img alt="" src="{{ url_for('static', filename='images/project.png') }}" /></a>
<div class="line"></div>
<a href="{{ url_for('logout') }}" style="float:left" title="Close your session"><img alt="" src="{{ url_for('static', filename='images/logout.png') }}" /></a>
<a href="{{ url_for('dologout') }}" style="float:left" title="Close your session"><img alt="" src="{{ url_for('static', filename='images/logout.png') }}" /></a>
<div class="line"></div>
<h2 class="info">{% block title %}{% endblock %} - {{session.title}}</h2>
<div class="run"><span id="running" style="display:none"><img alt="" src="{{ url_for('static', filename='images/ajax_roller.gif') }}"
......
......@@ -40,32 +40,6 @@ def html_escape(text):
"""Produce entities within text."""
return "".join(html_escape_table.get(c,c) for c in text)
def checkLogin(config, login, pwd):
"""
User authentication method
Args:
config: Slaprunner configuration.
login: username of the user.
pwd: password associate to username.
Returns:
a list of user informations or False if authentication fail.
list=[username, password, email, complete_name]
"""
user = getSession(config)
current_pwd = hashlib.md5( pwd ).hexdigest()
if user and current_pwd == user[1] and login == user[0]:
return user
return False
def checkSession(config, session, account):
"""Return True if current user is connected with rigth data"""
if 'account' in session and account:
return (session['account'][0] == account[0] and
session['account'][1] == account[1])
return False
def getSession(config):
"""
Get the session data of current user.
......@@ -75,12 +49,14 @@ def getSession(config):
user_path = os.path.join(config['etc_dir'], '.users')
user = ""
if os.path.exists(user_path):
user = open(user_path, 'r').read().split(';')
f = open(user_path, 'r')
user = f.read().split(';')
f.close()
if type(user) == type(""):
return False
return user
def saveSession(config, session, account):
def saveSession(config, account):
"""
Save account information for the current user
......@@ -95,17 +71,17 @@ def saveSession(config, session, account):
user = os.path.join(config['etc_dir'], '.users')
backup = False
try:
if account[1]:
account[1] = hashlib.md5(account[1]).hexdigest()
else:
account[1] = session['account'][1]
if 'account' in session:
if os.path.exists(user):
f = open(user, 'r')
#backup previous data
open(user+'.back', 'w').write(';'.join(session['account']))
data = f.read()
open(user+'.back', 'w').write(data)
f.close()
backup = True
if not account[1]:
account[1] = data.split(';')[1]
#save new account data
open(user, 'w').write((';'.join(account)).encode("utf-8"))
session['account'] = account
return True
except Exception, e:
try:
......
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment