Commit 315d06fc by netz.coop

Cookie fixes

1 parent aa393b90
2018-01-19 v0.1.9 Cookie 1 Tag
2018-01-19 v0.1.8 small fixes 2018-01-19 v0.1.8 small fixes
2018-01-17 v0.1.7 Posttools Monitoring 2018-01-17 v0.1.7 Posttools Monitoring
2018-01-16 v0.1.6 Posttools Fix 2018-01-16 v0.1.6 Posttools Fix
......
import tornado import tornado
import tornado.web
from tornado.web import RequestHandler
#import tornado.web
#import tornado.websocket.WebSocketHandler
#import tornado.web.RequestHandler
class ncauth_base(tornado.web.RequestHandler): class ncauth_base(tornado.web.RequestHandler):
def get_current_user(self): def get_current_user(self):
return self.get_secure_cookie("user") #test=RequestHandler.get_secure_cookie_key_version("user");
#self.write(test)
for cookie_key in self.request.cookies.keys():
cookie = self.request.cookies[cookie_key]
print(cookie_key, cookie['expires'], cookie.output())
return self.get_secure_cookie("user",min_version=2,max_age_days=1)
...@@ -14,19 +14,21 @@ class ncauth_user(ncauth_base): ...@@ -14,19 +14,21 @@ class ncauth_user(ncauth_base):
# '</form></body></html>') # '</form></body></html>')
def post(self): def post(self):
self.set_secure_cookie("user", self.get_argument("name")) self.set_secure_cookie("user", self.get_argument("name"),expires_days=1,secure=True)
# self.set_secure_cookie("expires_days", "1")
pw=self.get_argument("password") pw=self.get_argument("password")
username=self.get_argument("name") username=self.get_argument("name")
salt='xy4$rt' salt='xy4$rt'
#hashlib.sha512(pw.encode('utf-8') + salt.encode('utf-8')).hexdigest() #hashlib.sha512(pw.encode('utf-8') + salt.encode('utf-8')).hexdigest()
if hashlib.md5(pw.encode('utf-8')).hexdigest() == self.getuserpw(username): if hashlib.md5(pw.encode('utf-8')).hexdigest() == self.getuserpw(username):
self.set_secure_cookie("user", self.get_argument("name")) self.set_secure_cookie("user", self.get_argument("name"),expires_days=1,secure=True)
self.set_secure_cookie("incorrect", "0") self.set_secure_cookie("incorrect", "0",expires_days=1,secure=True)
self.write("Jo")
# self.write("Jo")
self.redirect("/") self.redirect("/")
else: else:
self.write("Hello, world"+self.get_argument("name")+' '+self.get_argument("password")+ ' /// '+hashlib.md5(pw.encode('utf-8')).hexdigest() +' vs. '+self.getuserpw(username)) # self.write("Hello, world"+self.get_argument("name")+' '+self.get_argument("password")+ ' /// '+hashlib.md5(pw.encode('utf-8')).hexdigest() +' vs. '+self.getuserpw(username))
self.set_secure_cookie("incorrect", "1") self.set_secure_cookie("incorrect", "1",expires_days=1,secure=True)
self.redirect("/login") self.redirect("/login")
......
...@@ -64,7 +64,7 @@ def make_app(): ...@@ -64,7 +64,7 @@ def make_app():
template_path=os.path.join(os.path.dirname(__file__), "templates"), template_path=os.path.join(os.path.dirname(__file__), "templates"),
static_path=os.path.join(os.path.dirname(__file__), "static"), static_path=os.path.join(os.path.dirname(__file__), "static"),
debug=True, debug=True,
cookie_secret='ancsrvcnf2' cookie_secret='axcermnogtlehdded12334'
) )
......
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!