diff options
Diffstat (limited to 'tools/mmd')
-rw-r--r-- | tools/mmd/MmdCommands.py | 34 | ||||
-rw-r--r-- | tools/mmd/MmdDb.py | 26 | ||||
-rw-r--r-- | tools/mmd/MmdMaintainance.py | 8 | ||||
-rw-r--r-- | tools/mmd/MmdSession.py | 73 | ||||
-rw-r--r-- | tools/mmd/MmdUser.py | 21 | ||||
-rw-r--r-- | tools/mmd/MmdWidgets.py | 23 | ||||
-rw-r--r-- | tools/mmd/mmd.wsgi | 71 |
7 files changed, 201 insertions, 55 deletions
diff --git a/tools/mmd/MmdCommands.py b/tools/mmd/MmdCommands.py index 5bf870d..19a5968 100644 --- a/tools/mmd/MmdCommands.py +++ b/tools/mmd/MmdCommands.py @@ -4,12 +4,13 @@ command methods for MURSAT1 Mission Dashboard from cgi import parse_qs, escape from mmd.MmdWidgets import * +from mmd.MmdUser import User def loginForm (session): """ display the login form """ - return indexWidget (dataWidget (), loginFormWidget (), statusWidget (session.session_id, session.user)) + return indexWidget (dataWidget (), loginFormWidget (), statusWidget (session.session_id, session.email)) def login (session): """ @@ -18,43 +19,60 @@ def login (session): email = escape (session.qs.get ('email', [''])[0]) # check for account # verify password - return indexWidget (dataWidget (), loginWidget (email), statusWidget (session.session_id, session.user)) + return indexWidget (dataWidget (), loginWidget (email), statusWidget (session.session_id, email)) def registerForm (session): """ display the register form """ - return indexWidget (dataWidget (), registerFormWidget (), statusWidget (session.session_id, session.user)) + return indexWidget (dataWidget (), registerFormWidget (), statusWidget (session.session_id, session.email)) def register (session): """ evaluate data from registerForm """ - return indexWidget (dataWidget (), registerWidget (), statusWidget (session.session_id, session.user)) + firstname = session.getQsFirstname () + lastname = session.getQsLastname () + email = session.getQsEmail () + callsign = session.getQsCallsign () + longitude = session.getQsLongitude () + latitude = session.getQsLatitude () + password = session.getQsPassword () + confirm = session.getQsConfirm () + + if password != confirm: + error_message = {'error': 'Password', 'description': 'Passwords do not match'} + return indexWidget (dataWidget (), errorWidget (error_message), statusWidget (session.session_id, session.email)) + + user = User () + user.create (session.session_id, firstname, lastname, email, callsign, longitude, latitude, password) + + + return indexWidget (dataWidget (), registerWidget (), statusWidget (session.session_id, session.email)) def submitForm (session): """ display the form for data submission """ - return indexWidget (dataWidget (), submitFormWidget (), statusWidget (session.session_id, session.user)) + return indexWidget (dataWidget (), submitFormWidget (), statusWidget (session.session_id, session.email)) def submit (session): """ evaluate data from submitForm """ - return indexWidget (dataWidget (), submitWidget (), statusWidget (session.session_id, session.user)) + return indexWidget (dataWidget (), submitWidget (), statusWidget (session.session_id, session.email)) def viewlog (session): """ show latest log entries/submissions """ - return indexWidget (dataWidget (), logWidget (), statusWidget (session.session_id, session.user)) + return indexWidget (dataWidget (), logWidget (), statusWidget (session.session_id, session.email)) def index (session): """ display the index page """ - return indexWidget (dataWidget (), osmWidget (), statusWidget (session.session_id, session.user)) + return indexWidget (dataWidget (), osmWidget (), statusWidget (session.session_id, session.email)) def mmdtest (env, cookie): body = '' diff --git a/tools/mmd/MmdDb.py b/tools/mmd/MmdDb.py index 6947c88..640a8ff 100644 --- a/tools/mmd/MmdDb.py +++ b/tools/mmd/MmdDb.py @@ -14,14 +14,36 @@ class Db: self.cursor.execute ('SELECT * FROM session WHERE id=?', (session_id,)) return self.cursor.fetchone () - def sessionInit (self, session_id, user): - self.cursor.execute ('INSERT INTO session VALUES (?,?)', (session_id, user,)) + def sessionInit (self, session_id, email, expires): + self.cursor.execute ('INSERT INTO session (id, email, expires) VALUES (?,?,?)', (session_id, email, expires,)) self.conn.commit () def sessionDelete (self, session_id): self.cursor.execute ('DELETE FROM session WHERE id=?', (session_id,)) self.conn.commit () + def sessionUpdate (self, session_id, expires): + self.cursor.execute ('UPDATE session SET expires=? WHERE id=?', (expires, session_id,)) + self.conn.commit () + + def sessionSetEmail (self, session_id, email): + self.cursor.execute ('UPDATE session SET email=? WHERE id=?', (email, session_id)) + self.conn.commit () + + def sessionSetStatus (self, session_id, status): + self.cursor.execute ('UPDATE session SET status=? WHERE id=?', (status, session_id)) + self.conn.commit () + + def sessionDeleteExpired (self, expires): + self.cursor.execute ('DELETE FROM session WHERE expires<?', (expires,)) + self.conn.commit () + return self.cursor.rowcount + + def userCreate (self, user_id, firstname, lastname, email, callsign, password): + self.cursor.execute ('INSERT INTO user (id, firstname, lastname, email, callsign, password) VALUES (?,?,?,?,?,?)', + (user_id, firstname, lastname, email, callsign, password)) + self.conn.commit () + def close (self): self.cursor.close () self.conn.close () diff --git a/tools/mmd/MmdMaintainance.py b/tools/mmd/MmdMaintainance.py new file mode 100644 index 0000000..32a38ba --- /dev/null +++ b/tools/mmd/MmdMaintainance.py @@ -0,0 +1,8 @@ +#!/usr/bin/env python + +import time +from mmd.MmdDb import Db + +db = Db () +print "Deleted {0} expired session(s)".format (db.sessionDeleteExpired (int (time.strftime ('%s')))) +db.close () diff --git a/tools/mmd/MmdSession.py b/tools/mmd/MmdSession.py index 82f0ecd..c2d41b4 100644 --- a/tools/mmd/MmdSession.py +++ b/tools/mmd/MmdSession.py @@ -3,30 +3,79 @@ Session class for MURSAT1 Mission Dashboard """ from cgi import parse_qs, escape from MmdDb import Db +import time + +# session timeout set to 10 minutes (600 seconds) +timeout = 600 class Session: def __init__ (self, session_id): self.session_id = session_id - self.authenticated = False + self.email = 'Anonymous' + self.status = 'anon' self.headers = [] - db = Db () - data = db.sessionFind (session_id) + self.db = Db () + data = self.db.sessionFind (session_id) if not data: - self.user = 'Anon' - db.sessionInit (self.session_id, self.user) - self.status = 'new' + self.db.sessionInit (self.session_id, self.email, int (time.strftime ('%s')) + timeout) else: - self.user = data[1] - self.status = 'db' - db.close () - - def getCmd (self): - return escape (self.qs.get ('cmd', [''])[0]) + self.email = data[1] + self.status = data[2] def addHeader (self, header): self.headers.append (header) + def update (self): + self.db.sessionUpdate (self.session_id, int (time.strftime ('%s')) + timeout) + + def setEmail (self, email = 'Anonymous'): + self.email = email + self.db.sessionSetEmail (self.session_id, self.email) + + def setStatus (self, status = 'anon'): + self.status = status + self.db.sessionSetStatus (self.session_id, self.status) + + def valid (self): + data = self.db.sessionFind (self.session_id) + if not data: + return False + if data[3] < int (time.strftime ('%s')): + return False + return True + + def delete (self): + self.db.sessionDelete (self.session_id) + + # session methods to extract strings from QueryString + def getQsCmd (self): + return escape (self.qs.get ('cmd', [''])[0]).decode ('utf-8') + + def getQsFirstname (self): + return escape (self.qs.get ('firstname', [''])[0]).decode ('utf-8') + + def getQsLastname (self): + return escape (self.qs.get ('lastname', [''])[0]).decode ('utf-8') + + def getQsEmail (self): + return escape (self.qs.get ('email', [''])[0]).decode ('utf-8') + + def getQsCallsign (self): + return escape (self.qs.get ('callsign', [''])[0]).decode ('utf-8') + + def getQsLongitude (self): + return escape (self.qs.get ('longitude', [''])[0]).decode ('utf-8') + + def getQsLatitude (self): + return escape (self.qs.get ('latitude', [''])[0]).decode ('utf-8') + + def getQsPassword (self): + return escape (self.qs.get ('password', [''])[0]).decode ('utf-8') + + def getQsConfirm (self): + return escape (self.qs.get ('confirm', [''])[0]).decode ('utf-8') + if __name__ == "__main__": pass diff --git a/tools/mmd/MmdUser.py b/tools/mmd/MmdUser.py new file mode 100644 index 0000000..86e0a3d --- /dev/null +++ b/tools/mmd/MmdUser.py @@ -0,0 +1,21 @@ +""" +User class for MURSAT1 Mission Dashboard +""" +import hashlib +from cgi import parse_qs, escape +from MmdDb import Db + +class User: + + def __init__ (self): + self.db = Db () + + def create (self, user_id, firstname, lastname, email, callsign, longitude, latitude, password): + password_hash = hashlib.sha1 (password).hexdigest () + self.db.userCreate (user_id, firstname, lastname, email, callsign, password_hash) + +if __name__ == "__main__": + pass + +# vim: tw=0 ts=2 expandtab +# EOF diff --git a/tools/mmd/MmdWidgets.py b/tools/mmd/MmdWidgets.py index 8bade15..9219e8c 100644 --- a/tools/mmd/MmdWidgets.py +++ b/tools/mmd/MmdWidgets.py @@ -6,12 +6,12 @@ import time def loginFormWidget (): html = ''' - Please enter your email/callsign and your password in the form below. - <form method="post"> + Please enter your email and password in the form below. + <form method="post" accept-charset="UTF-8"> <table> <tr><td class="formfield">Email:</td><td><input type="text" name="email" /></td></tr> <tr><td class="formfield">Password:</td><td><input type="password" name="password" /></td></tr> - <tr><td class="formfield"><input type="submit" value="Login" /></td><td></td></tr> + <tr><td class="formfield"><input type="submit" value="Login" disabled="disabled" /></td><td></td></tr> </table> <input type="hidden" name="cmd" value="login" /> </form> @@ -30,7 +30,7 @@ def loginWidget (email): def registerFormWidget (): html = ''' Please fill in the form below an click on Register. You will receive a confirmation email. - <form method="post"> + <form method="post" accept-charset="UTF-8"> <table> <tr><td class="formfield">Firstname*:</td><td><input type="text" name="firstname" /></td></tr> <tr><td class="formfield">Lastname*: </td><td><input type="text" name="lastname" /></td></tr> @@ -40,7 +40,7 @@ def registerFormWidget (): <tr><td class="formfield">Latitude: </td><td><input type="text" name="longitude" /></td></tr> <tr><td class="formfield">Password*: </td><td><input type="password" name="password" /></td></tr> <tr><td class="formfield">Confirm Password*: </td><td><input type="password" name="confirm" /></td></tr> - <tr><td class="formfield"><input type="submit" value="Register" /></td><td></td></tr> + <tr><td class="formfield"><input type="submit" value="Register" disabled="disabled" /></td><td></td></tr> </table> <input type="hidden" name="cmd" value="register" /> </form> @@ -56,6 +56,15 @@ def registerWidget (): return html +def errorWidget (error_message): + html = ''' + <h3>An error occured!</h3> + <div>Error: {0}</div> + <div>Description: {1}</div> + '''.format (error_message['error'], error_message['description']) + + return html + def submitFormWidget (): html = ''' sorry, no form yet! @@ -102,7 +111,7 @@ def osmWidget (longitude = 15.4426, latitude = 47.06576): return html -def statusWidget (ip, user = 'Anonymous'): +def statusWidget (ip, email): html = ''' <a href="mmd"> <img src="http://sat.mur.at/pics/sat-logo-notext.png" alt="mur.sat logo" /> @@ -111,7 +120,7 @@ def statusWidget (ip, user = 'Anonymous'): <div id="info"> Hello {0} with session id '{1}'! Local time is {2} </div> - '''.format (user, ip, time.strftime ('%c')) + '''.format (email, ip, time.strftime ('%c')) return html diff --git a/tools/mmd/mmd.wsgi b/tools/mmd/mmd.wsgi index a1c780b..4c0d3ee 100644 --- a/tools/mmd/mmd.wsgi +++ b/tools/mmd/mmd.wsgi @@ -6,9 +6,11 @@ for server configuration guidelines """ import sys -sys.path.append ('/var/www/hofos.at/mmd/') -from cgi import parse_qs, escape -from MmdCommands import * +from cgi import escape +from urlparse import parse_qs +from mmd.MmdCommands import * +from mmd.MmdSession import Session +import Cookie def application (environ, response): """ @@ -16,43 +18,60 @@ def application (environ, response): MURSAT1 Dashboard """ - # dict data to be passed to command methods - data = {} - + # session and cookie stuff + cookie = Cookie.SimpleCookie () try: - data['qs'] = parse_qs (environ['wsgi.input'].read (int (environ['CONTENT_LENGTH']))) + cookie.load (environ['HTTP_COOKIE']) + session = Session (cookie['mmd'].value) + if not session.valid (): + session.delete () + session = Session (environ['UNIQUE_ID']) + cookie['mmd'] = session.session_id + session.addHeader (('Set-Cookie', cookie.output (header = '').strip ())) except KeyError: - data['qs'] = parse_qs (environ['QUERY_STRING']) + # no cookie, so we make a new session + session = Session (environ['UNIQUE_ID']) + cookie['mmd'] = session.session_id + session.addHeader (('Set-Cookie', cookie.output (header = '').strip ())) - data['ip'] = environ['REMOTE_ADDR'] - data['user'] = 'Anonymous' - cmd = data['qs'].get ('cmd', [''])[0] - cmd = escape (cmd) + try: + session.qs = parse_qs (environ['wsgi.input'].read (int (environ['CONTENT_LENGTH'])), True) + except KeyError: + session.qs = parse_qs (environ['QUERY_STRING'], True) - # always return 200 OK - status = '200 OK' + + session.update () + session.ip = environ['REMOTE_ADDR'] + session.http_status = '200 OK' + + # evaluate cmd + cmd = session.getQsCmd () + content_type = 'text/html' if cmd == 'loginForm': - body = loginForm (data) + body = loginForm (session) elif cmd == 'login': - body = login (data) + body = login (session) elif cmd == 'registerForm': - body = registerForm (data) + body = registerForm (session) elif cmd == 'register': - body = register (data) + body = register (session) elif cmd == 'submitForm': - body = submitForm (data) + body = submitForm (session) elif cmd == 'submit': - body = submit (data) + body = submit (session) elif cmd == 'viewlog': - body = viewlog (data) - elif cmd == 'msdbtest': - body = msdbtest (environ) + body = viewlog (session) + elif cmd == 'mmdtest': + body = mmdtest (environ, cookie) + content_type = 'text/plain' else: - body = index (data) + body = index (session) + + session.addHeader (('Content-Type', content_type)) + session.addHeader (('Content-Length', str (len (body)))) + response (session.http_status, session.headers) - headers = [('Content-Type', 'text/html'), ('Content-Length', str (len (body)))] - response (status, headers) return [body] # vim: tw=0 ts=2 expandtab |