haproxy-wi/app/login.py

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

import cgi
import os
import sys
import funct
import http.cookies
import sql
import create_db
import datetime
import uuid
from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'))
template = env.get_template('login.html')
form = cgi.FieldStorage()

cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_id = cookie.get('uuid')
ref = form.getvalue('ref')
login = form.getvalue('login')
password = form.getvalue('pass')
db_create = ""
error_log = ""
error = ""

def send_cookie(login):
	session_ttl = int()
	session_ttl = sql.get_setting('session_ttl')
	session_ttl = int(session_ttl)
	expires = datetime.datetime.utcnow() + datetime.timedelta(days=session_ttl) 
	user_uuid = str(uuid.uuid4())
	user_token = str(uuid.uuid4())

	c = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
	c["uuid"] = user_uuid
	c["uuid"]["path"] = "/app/"
	c["uuid"]["expires"] = expires.strftime("%a, %d %b %Y %H:%M:%S GMT")
	print(c)
	sql.write_user_uuid(login, user_uuid)
	sql.write_user_token(login, user_token)
	try:
		funct.logging('locahost', sql.get_user_name_by_uuid(user_uuid)+' log in')
	except:
		pass
	print("Content-type: text/html\n")			
	print('ok')
	sys.exit()	
	
	
def ban():
	c = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
	expires = datetime.datetime.utcnow() + datetime.timedelta(seconds=10)
	c["ban"] = 1
	c["ban"]["path"] = "/app/"
	c["ban"]["expires"] = expires.strftime("%a, %d %b %Y %H:%M:%S GMT")
	print(c)
	print("Content-type: text/html\n")			
	print('ban')
	
	
def check_in_ldap(user, password):
	import ldap
	
	server = sql.get_setting('ldap_server')
	port = sql.get_setting('ldap_port')
	
	l = ldap.initialize("ldap://"+server+':'+port)
	try:
		l.protocol_version = ldap.VERSION3
		l.set_option(ldap.OPT_REFERRALS, 0)

		bind = l.simple_bind_s(user, password)
	except ldap.INVALID_CREDENTIALS:
		print("Content-type: text/html\n")	
		print('<center><div class="alert alert-danger">Invalid credentials</div><br /><br />')
		sys.exit()	
	except ldap.SERVER_DOWN:
		print("Content-type: text/html\n")	
		print('<center><div class="alert alert-danger">Server down')
		sys.exit()	
	except ldap.LDAPError as e:
		if type(e.message) == dict and e.message.has_key('desc'):
			print("Content-type: text/html\n")	
			print('<center><div class="alert alert-danger">Other LDAP error: %s</div><br /><br />' % e.message['desc'])
			sys.exit()	
		else: 
			print("Content-type: text/html\n")	
			print('<center><div class="alert alert-danger">Other LDAP error: %s</div><br /><br />' % e)
			sys.exit()	

	send_cookie(user)
	
	
if ref is None:
	ref = "/index.html"	
	
if form.getvalue('error'):
	error_log = '<div class="alert alert-danger">Somthing wrong :( I\'m sad about this, but try again!</div><br /><br />'

try:
	if sql.get_setting('session_ttl'):
		session_ttl = sql.get_setting('session_ttl')
except:
	error = '<center><div class="alert alert-danger">Can not find "session_ttl" parametr. Check into settings, "main" section</div>'
	pass
	
try:
	role = sql.get_user_role_by_uuid(user_id.value)
	user = sql.get_user_name_by_uuid(user_id.value)
except:
	role = ""
	user = ""
	pass
	
if form.getvalue('logout'):
	try:
		sql.delete_uuid(user_id.value)
	except:
		pass
	print("Set-cookie: uuid=; expires=Wed May 18 03:33:20 2003; path=/app/; httponly")
	print("Content-type: text/html\n")
	print('<meta http-equiv="refresh" content="0; url=/app/login.py">')

if login is not None and password is not None:

	USERS = sql.select_users(user=login)
		
	for users in USERS:	
		if users[7] == 0:
			print("Content-type: text/html\n")	
			print('<center><div class="alert alert-danger">Your login is disabled</div><br /><br />')
			sys.exit()
		if users[6] == 1:
			if login in users[1]:
				check_in_ldap(login, password)
		else:
			if login in users[1] and password == users[3]:
				send_cookie(login)
				break
			else:
				ban()
				sys.exit()
	else:
		ban()
		sys.exit()
	print("Content-type: text/html\n")	
	
if login is None:
	print("Content-type: text/html\n")	
	if create_db.check_db():
		if create_db.create_table():	
			create_db.update_all()
			db_create = '<div class="alert alert-success">DB was created<br /><br />Now you can login, default: admin/admin</div>'
				
create_db.update_all_silent()

output_from_parsed_template = template.render(h2 = 1, title = "Login page. Enter please",
													role = role,
													user = user,
													error_log = error_log,
													error = error,
													ref = ref,
													db_create = db_create)											
print(output_from_parsed_template)
Add files via upload 2018-01-15 06:16:04 +00:00			`#!/usr/bin/env python3`
v3.2.13 ascii 2018-11-02 08:40:10 +00:00			`# -- coding: utf-8 --`

Add files via upload 2018-01-15 06:16:04 +00:00			`import cgi`
			`import os`
v2.0.3 Bug fixed 2018-04-23 04:49:23 +00:00			`import sys`
Add files via upload 2018-01-15 06:16:04 +00:00			`import funct`
			`import http.cookies`
v2.0 Meet Haproxy-wi 2.0! Now with DB and Admin web interface! Life has become easier, life has become more cheerful! 2018-04-16 07:01:44 +00:00			`import sql`
v2.0.3 Bug fixed 2018-04-23 04:49:23 +00:00			`import create_db`
v2.4 More security! Redesigned authorization system Small change and bugs 2018-05-02 11:11:22 +00:00			`import datetime`
			`import uuid`
v2.5 Welcome, Jinja2! code is optimized 2018-05-05 12:40:41 +00:00			`from jinja2 import Environment, FileSystemLoader`
			`env = Environment(loader=FileSystemLoader('templates/'))`
			`template = env.get_template('login.html')`
			`form = cgi.FieldStorage()`
Add files via upload 2018-01-15 06:16:04 +00:00
			`cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))`
v2.5 Welcome, Jinja2! code is optimized 2018-05-05 12:40:41 +00:00			`user_id = cookie.get('uuid')`
Add files via upload 2018-01-15 06:16:04 +00:00			`ref = form.getvalue('ref')`
			`login = form.getvalue('login')`
			`password = form.getvalue('pass')`
v2.5 Welcome, Jinja2! code is optimized 2018-05-05 12:40:41 +00:00			`db_create = ""`
			`error_log = ""`
			`error = ""`
Add files via upload 2018-01-15 06:16:04 +00:00
v3.3 Ldap support 2018-11-08 08:49:03 +00:00			`def send_cookie(login):`
			`session_ttl = int()`
			`session_ttl = sql.get_setting('session_ttl')`
			`session_ttl = int(session_ttl)`
			`expires = datetime.datetime.utcnow() + datetime.timedelta(days=session_ttl)`
			`user_uuid = str(uuid.uuid4())`
			`user_token = str(uuid.uuid4())`

			`c = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))`
			`c["uuid"] = user_uuid`
			`c["uuid"]["path"] = "/app/"`
			`c["uuid"]["expires"] = expires.strftime("%a, %d %b %Y %H:%M:%S GMT")`
			`print(c)`
			`sql.write_user_uuid(login, user_uuid)`
			`sql.write_user_token(login, user_token)`
v3.3 2018-11-08 08:53:25 +00:00			`try:`
			`funct.logging('locahost', sql.get_user_name_by_uuid(user_uuid)+' log in')`
			`except:`
			`pass`
v3.3 Ldap support 2018-11-08 08:49:03 +00:00			`print("Content-type: text/html\n")`
			`print('ok')`
			`sys.exit()`

v3.4.5.1 Login imporoved 2019-09-11 06:05:57 +00:00
			`def ban():`
			`c = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))`
			`expires = datetime.datetime.utcnow() + datetime.timedelta(seconds=10)`
			`c["ban"] = 1`
			`c["ban"]["path"] = "/app/"`
			`c["ban"]["expires"] = expires.strftime("%a, %d %b %Y %H:%M:%S GMT")`
			`print(c)`
			`print("Content-type: text/html\n")`
			`print('ban')`


v3.3 Ldap support 2018-11-08 08:49:03 +00:00			`def check_in_ldap(user, password):`
			`import ldap`

			`server = sql.get_setting('ldap_server')`
			`port = sql.get_setting('ldap_port')`

			`l = ldap.initialize("ldap://"+server+':'+port)`
			`try:`
			`l.protocol_version = ldap.VERSION3`
			`l.set_option(ldap.OPT_REFERRALS, 0)`

			`bind = l.simple_bind_s(user, password)`
			`except ldap.INVALID_CREDENTIALS:`
			`print("Content-type: text/html\n")`
			`print('<center><div class="alert alert-danger">Invalid credentials</div><br /><br />')`
			`sys.exit()`
			`except ldap.SERVER_DOWN:`
			`print("Content-type: text/html\n")`
			`print('<center><div class="alert alert-danger">Server down')`
			`sys.exit()`
			`except ldap.LDAPError as e:`
			`if type(e.message) == dict and e.message.has_key('desc'):`
			`print("Content-type: text/html\n")`
			`print('<center><div class="alert alert-danger">Other LDAP error: %s</div><br /><br />' % e.message['desc'])`
			`sys.exit()`
			`else:`
			`print("Content-type: text/html\n")`
			`print('<center><div class="alert alert-danger">Other LDAP error: %s</div><br /><br />' % e)`
			`sys.exit()`

			`send_cookie(user)`


v2.5 Welcome, Jinja2! code is optimized 2018-05-05 12:40:41 +00:00			`if ref is None:`
			`ref = "/index.html"`
v2.4 More security! Redesigned authorization system Small change and bugs 2018-05-02 11:11:22 +00:00
v2.5 Welcome, Jinja2! code is optimized 2018-05-05 12:40:41 +00:00			`if form.getvalue('error'):`
			`error_log = '<div class="alert alert-danger">Somthing wrong :( I\'m sad about this, but try again!</div><br /><br />'`

			`try:`
v3.0 Most settings migrate into DB, improved install script, and haproxy install script 2018-08-11 14:47:47 +00:00			`if sql.get_setting('session_ttl'):`
			`session_ttl = sql.get_setting('session_ttl')`
v2.5 Welcome, Jinja2! code is optimized 2018-05-05 12:40:41 +00:00			`except:`
v3.0 Most settings migrate into DB, improved install script, and haproxy install script 2018-08-11 14:47:47 +00:00			`error = '<center><div class="alert alert-danger">Can not find "session_ttl" parametr. Check into settings, "main" section</div>'`
v2.5 Welcome, Jinja2! code is optimized 2018-05-05 12:40:41 +00:00			`pass`
login 2018-01-31 09:22:14 +00:00
v2.5 Welcome, Jinja2! code is optimized 2018-05-05 12:40:41 +00:00			`try:`
			`role = sql.get_user_role_by_uuid(user_id.value)`
			`user = sql.get_user_name_by_uuid(user_id.value)`
			`except:`
			`role = ""`
			`user = ""`
			`pass`
v2.4 More security! Redesigned authorization system Small change and bugs 2018-05-02 11:11:22 +00:00
v2.5 Welcome, Jinja2! code is optimized 2018-05-05 12:40:41 +00:00			`if form.getvalue('logout'):`
v2.4 More security! Redesigned authorization system Small change and bugs 2018-05-02 11:11:22 +00:00			`try:`
			`sql.delete_uuid(user_id.value)`
			`except:`
			`pass`
			`print("Set-cookie: uuid=; expires=Wed May 18 03:33:20 2003; path=/app/; httponly")`
login 2018-01-31 09:22:14 +00:00			`print("Content-type: text/html\n")`
v2.4 More security! Redesigned authorization system Small change and bugs 2018-05-02 11:11:22 +00:00			`print('<meta http-equiv="refresh" content="0; url=/app/login.py">')`
v2.5 Welcome, Jinja2! code is optimized 2018-05-05 12:40:41 +00:00
Add files via upload 2018-01-15 06:16:04 +00:00			`if login is not None and password is not None:`
v2.5 Welcome, Jinja2! code is optimized 2018-05-05 12:40:41 +00:00
v3.3 Ldap support 2018-11-08 08:49:03 +00:00			`USERS = sql.select_users(user=login)`
v2.5 Welcome, Jinja2! code is optimized 2018-05-05 12:40:41 +00:00
v3.3 Ldap support 2018-11-08 08:49:03 +00:00			`for users in USERS:`
v3.4.1 Enable/Disable users 2019-01-05 13:57:15 +00:00			`if users[7] == 0:`
			`print("Content-type: text/html\n")`
			`print('<center><div class="alert alert-danger">Your login is disabled</div><br /><br />')`
			`sys.exit()`
v3.3 Ldap support 2018-11-08 08:49:03 +00:00			`if users[6] == 1:`
			`if login in users[1]:`
			`check_in_ldap(login, password)`
			`else:`
			`if login in users[1] and password == users[3]:`
			`send_cookie(login)`
v3.4.5.1 Login imporoved 2019-09-11 06:05:57 +00:00			`break`
v3.3 Ldap support 2018-11-08 08:49:03 +00:00			`else:`
v3.4.5.1 Login imporoved 2019-09-11 06:05:57 +00:00			`ban()`
v3.3 Ldap support 2018-11-08 08:49:03 +00:00			`sys.exit()`
v3.4.5.1 Login imporoved 2019-09-11 06:05:57 +00:00			`else:`
			`ban()`
			`sys.exit()`
v2.5 Welcome, Jinja2! code is optimized 2018-05-05 12:40:41 +00:00			`print("Content-type: text/html\n")`
v3.3 Ldap support 2018-11-08 08:49:03 +00:00
v2.5 Welcome, Jinja2! code is optimized 2018-05-05 12:40:41 +00:00			`if login is None:`
			`print("Content-type: text/html\n")`
v2.5.3 Now ssh credentials keep in DB, it's more user-frendly and and safer 2018-05-07 13:24:22 +00:00			`if create_db.check_db():`
			`if create_db.create_table():`
			`create_db.update_all()`
			`db_create = '<div class="alert alert-success">DB was created<br /><br />Now you can login, default: admin/admin</div>'`
v2.5.6 Need more security!! bugs 2018-06-01 12:27:58 +00:00
			`create_db.update_all_silent()`

v2.5 Welcome, Jinja2! code is optimized 2018-05-05 12:40:41 +00:00			`output_from_parsed_template = template.render(h2 = 1, title = "Login page. Enter please",`
			`role = role,`
			`user = user,`
			`error_log = error_log,`
			`error = error,`
			`ref = ref,`
			`db_create = db_create)`
			`print(output_from_parsed_template)`