Cookie fixes

netz.coop
Commit 315d06fc authored Jan 19, 2018 by netz.coop
Showing with 21 additions and 9 deletions
CHANGELOG
web/ncauth/ncauth_base.py
web/ncauth/ncauth_user.py
web/srvcnf.py
--- a/CHANGELOG
+++ b/CHANGELOG
+2018-01-19 v0.1.9 Cookie 1 Tag
 2018-01-19 v0.1.8 small fixes
 2018-01-17 v0.1.7 Posttools Monitoring
 2018-01-16 v0.1.6 Posttools Fix

--- a/web/ncauth/ncauth_base.py
+++ b/web/ncauth/ncauth_base.py
 import tornado
-
+import tornado.web
+from tornado.web import RequestHandler
+#import tornado.web
+#import tornado.websocket.WebSocketHandler
+#import tornado.web.RequestHandler
 class ncauth_base(tornado.web.RequestHandler):
    def get_current_user(self):
-        return self.get_secure_cookie("user")
+        #test=RequestHandler.get_secure_cookie_key_version("user");
+        #self.write(test)
+        for cookie_key in self.request.cookies.keys():
+            cookie = self.request.cookies[cookie_key]
+            print(cookie_key, cookie['expires'], cookie.output())
+        return self.get_secure_cookie("user",min_version=2,max_age_days=1)
--- a/web/ncauth/ncauth_user.py
+++ b/web/ncauth/ncauth_user.py
@@ -14,19 +14,21 @@ class ncauth_user(ncauth_base):
 #                       '</form></body></html>')

    def post(self):
-        self.set_secure_cookie("user", self.get_argument("name"))
+        self.set_secure_cookie("user", self.get_argument("name"),expires_days=1,secure=True)
+#        self.set_secure_cookie("expires_days", "1")
        pw=self.get_argument("password")
        username=self.get_argument("name")
        salt='xy4$rt'
        #hashlib.sha512(pw.encode('utf-8') + salt.encode('utf-8')).hexdigest()
        if hashlib.md5(pw.encode('utf-8')).hexdigest()    ==  self.getuserpw(username):
-            self.set_secure_cookie("user", self.get_argument("name"))
-            self.set_secure_cookie("incorrect", "0")
-            self.write("Jo")
+            self.set_secure_cookie("user", self.get_argument("name"),expires_days=1,secure=True)
+            self.set_secure_cookie("incorrect", "0",expires_days=1,secure=True)
+           
+#            self.write("Jo")
            self.redirect("/")
        else:
-            self.write("Hello, world"+self.get_argument("name")+' '+self.get_argument("password")+ ' /// '+hashlib.md5(pw.encode('utf-8')).hexdigest() +' vs. '+self.getuserpw(username))
-            self.set_secure_cookie("incorrect", "1")
+#            self.write("Hello, world"+self.get_argument("name")+' '+self.get_argument("password")+ ' /// '+hashlib.md5(pw.encode('utf-8')).hexdigest() +' vs. '+self.getuserpw(username))
+            self.set_secure_cookie("incorrect", "1",expires_days=1,secure=True)
            self.redirect("/login")



--- a/web/srvcnf.py
+++ b/web/srvcnf.py
@@ -64,7 +64,7 @@ def make_app():
        template_path=os.path.join(os.path.dirname(__file__), "templates"),
        static_path=os.path.join(os.path.dirname(__file__), "static"),
        debug=True, 
-        cookie_secret='ancsrvcnf2'
+        cookie_secret='axcermnogtlehdded12334'
        
        )