diff options
Diffstat (limited to 'fg21sim/webui')
-rw-r--r-- | fg21sim/webui/handlers/__init__.py | 5 | ||||
-rw-r--r-- | fg21sim/webui/handlers/base.py | 30 | ||||
-rw-r--r-- | fg21sim/webui/handlers/login.py | 40 | ||||
-rw-r--r-- | fg21sim/webui/templates/login.html | 30 |
4 files changed, 105 insertions, 0 deletions
diff --git a/fg21sim/webui/handlers/__init__.py b/fg21sim/webui/handlers/__init__.py new file mode 100644 index 0000000..f97ef07 --- /dev/null +++ b/fg21sim/webui/handlers/__init__.py @@ -0,0 +1,5 @@ +# Copyright (c) 2016 Weitian LI <liweitianux@live.com> +# MIT license + +from .index import IndexHandler +from .login import LoginHandler diff --git a/fg21sim/webui/handlers/base.py b/fg21sim/webui/handlers/base.py new file mode 100644 index 0000000..5a6e3a9 --- /dev/null +++ b/fg21sim/webui/handlers/base.py @@ -0,0 +1,30 @@ +# Copyright (c) 2016 Weitian LI <liweitianux@live.com> +# MIT license + +""" +Base handler for other handlers +""" + + +import tornado.web +from tornado.options import options + + +class BaseRequestHandler(tornado.web.RequestHandler): + def get_current_user(self): + """ + Override the ``get_current_user()`` method to implement user + authentication. + + Determine the current user based on the value of a cookie. + + References + ---------- + - Tornado: Authentication and security + http://www.tornadoweb.org/en/stable/guide/security.html + """ + if (options.password is None) or (options.password == ""): + # Password not set, then all accesses are allowed + return True + else: + return self.get_secure_cookie("user") diff --git a/fg21sim/webui/handlers/login.py b/fg21sim/webui/handlers/login.py new file mode 100644 index 0000000..4529005 --- /dev/null +++ b/fg21sim/webui/handlers/login.py @@ -0,0 +1,40 @@ +# Copyright (c) 2016 Weitian LI <liweitianux@live.com> +# MIT license + +""" +Login handler +""" + +from tornado.options import options +from tornado.escape import xhtml_escape + +from .base import BaseRequestHandler + + +class LoginHandler(BaseRequestHandler): + """ + Login page handler of the Web UI. + + NOTE + ---- + Only check the password to authenticate the access, therefore, the + default username "FG21SIM" is used. + """ + def get(self): + if (options.password is None) or (options.password == ""): + # Password is not set, just allow + self.redirect(self.reverse_url("index")) + elif self.current_user: + # Already authenticated + self.redirect(self.reverse_url("index")) + else: + self.render("login.html", error="") + + def post(self): + password = xhtml_escape(self.get_argument("password")) + if password == options.password: + self.set_secure_cookie("user", "FG21SIM") + self.redirect(self.reverse_url("index")) + else: + # Password incorrect + self.render("login.html", error="Incorrect password!") diff --git a/fg21sim/webui/templates/login.html b/fg21sim/webui/templates/login.html new file mode 100644 index 0000000..51d4cd1 --- /dev/null +++ b/fg21sim/webui/templates/login.html @@ -0,0 +1,30 @@ +{# + # Copyright (c) 2016 Weitian LI <liweitianux@live.com> + # MIT license + # + # Login page for the Web UI of "fg21sim" + #} + +{% extends "base.html" %} + +{% block subtitle %}Login |{% end %} + +{% block main %} +<section id="login"> + <h2><span class="fa fa-key" aria-hidden="true"></span> Login</h2> + <hr /> + + <form action="/login" method="post"> + {% module xsrf_form_html() %} + <fieldset> + <label for="password">Password: + {% if (error != "") %} + <span class="label label-warning">{{ error }}</span> + {% end %} + </label> + <input class="form-control" type="password" id="password" name="password" required /> + <button type="submit">Login</button> + </fieldset> + </form> +</section> +{% end %} |