From bcdc84fb416820493e048fe28ca59e9090762ffb Mon Sep 17 00:00:00 2001 From: Aaron LI Date: Tue, 15 Nov 2016 17:36:51 +0800 Subject: webui: Implement login support (password authentication) --- fg21sim/webui/handlers/__init__.py | 5 +++++ fg21sim/webui/handlers/base.py | 30 ++++++++++++++++++++++++++++ fg21sim/webui/handlers/login.py | 40 ++++++++++++++++++++++++++++++++++++++ fg21sim/webui/templates/login.html | 30 ++++++++++++++++++++++++++++ 4 files changed, 105 insertions(+) create mode 100644 fg21sim/webui/handlers/__init__.py create mode 100644 fg21sim/webui/handlers/base.py create mode 100644 fg21sim/webui/handlers/login.py create mode 100644 fg21sim/webui/templates/login.html (limited to 'fg21sim/webui') diff --git a/fg21sim/webui/handlers/__init__.py b/fg21sim/webui/handlers/__init__.py new file mode 100644 index 0000000..f97ef07 --- /dev/null +++ b/fg21sim/webui/handlers/__init__.py @@ -0,0 +1,5 @@ +# Copyright (c) 2016 Weitian LI +# MIT license + +from .index import IndexHandler +from .login import LoginHandler diff --git a/fg21sim/webui/handlers/base.py b/fg21sim/webui/handlers/base.py new file mode 100644 index 0000000..5a6e3a9 --- /dev/null +++ b/fg21sim/webui/handlers/base.py @@ -0,0 +1,30 @@ +# Copyright (c) 2016 Weitian LI +# MIT license + +""" +Base handler for other handlers +""" + + +import tornado.web +from tornado.options import options + + +class BaseRequestHandler(tornado.web.RequestHandler): + def get_current_user(self): + """ + Override the ``get_current_user()`` method to implement user + authentication. + + Determine the current user based on the value of a cookie. + + References + ---------- + - Tornado: Authentication and security + http://www.tornadoweb.org/en/stable/guide/security.html + """ + if (options.password is None) or (options.password == ""): + # Password not set, then all accesses are allowed + return True + else: + return self.get_secure_cookie("user") diff --git a/fg21sim/webui/handlers/login.py b/fg21sim/webui/handlers/login.py new file mode 100644 index 0000000..4529005 --- /dev/null +++ b/fg21sim/webui/handlers/login.py @@ -0,0 +1,40 @@ +# Copyright (c) 2016 Weitian LI +# MIT license + +""" +Login handler +""" + +from tornado.options import options +from tornado.escape import xhtml_escape + +from .base import BaseRequestHandler + + +class LoginHandler(BaseRequestHandler): + """ + Login page handler of the Web UI. + + NOTE + ---- + Only check the password to authenticate the access, therefore, the + default username "FG21SIM" is used. + """ + def get(self): + if (options.password is None) or (options.password == ""): + # Password is not set, just allow + self.redirect(self.reverse_url("index")) + elif self.current_user: + # Already authenticated + self.redirect(self.reverse_url("index")) + else: + self.render("login.html", error="") + + def post(self): + password = xhtml_escape(self.get_argument("password")) + if password == options.password: + self.set_secure_cookie("user", "FG21SIM") + self.redirect(self.reverse_url("index")) + else: + # Password incorrect + self.render("login.html", error="Incorrect password!") diff --git a/fg21sim/webui/templates/login.html b/fg21sim/webui/templates/login.html new file mode 100644 index 0000000..51d4cd1 --- /dev/null +++ b/fg21sim/webui/templates/login.html @@ -0,0 +1,30 @@ +{# + # Copyright (c) 2016 Weitian LI + # MIT license + # + # Login page for the Web UI of "fg21sim" + #} + +{% extends "base.html" %} + +{% block subtitle %}Login |{% end %} + +{% block main %} +
+

Login

+
+ +
+ {% module xsrf_form_html() %} +
+ + + +
+
+
+{% end %} -- cgit v1.2.2