Home Explore Help
Register Sign In
RISCI_ATOM
/
ZeroNet
mirror of https://github.com/HelloZeroNet/ZeroNet.git
1
0
Fork 0
Files Issues 0 Wiki
Branch: master
Branches Tags
ZeroNet
/
plugins
/
disabled-UiPassword
/
UiPasswordPlugin.py

UiPasswordPlugin.py 5.2 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134 
  1. import string
    2. 

  2. import random
    3. 

  3. import time
    4. 

  4. import json
    5. 

  5. import re
    6. 

  6. 

  7. from Config import config
    8. 

  8. from Plugin import PluginManager
    9. 

  9. 

  10. if "sessions" not in locals().keys():  # To keep sessions between module reloads
    11. 

  11.     sessions = {}
    12. 

  12. 

  13. 

  14. def showPasswordAdvice(password):
    15. 

  15.     error_msgs = []
    16. 

  16.     if not password or not isinstance(password, (str, unicode)):
    17. 

  17.         error_msgs.append("You have enabled <b>UiPassword</b> plugin, but you forgot to set a password!")
    18. 

  18.     elif len(password) < 8:
    19. 

  19.         error_msgs.append("You are using a very short UI password!")
    20. 

  20.     return error_msgs
    21. 

  21. 

  22. @PluginManager.registerTo("UiRequest")
    23. 

  23. class UiRequestPlugin(object):
    24. 

  24.     sessions = sessions
    25. 

  25.     last_cleanup = time.time()
    26. 

  26. 

  27.     def route(self, path):
    28. 

  28.         # Restict Ui access by ip
    29. 

  29.         if config.ui_restrict and self.env['REMOTE_ADDR'] not in config.ui_restrict:
    30. 

  30.             return self.error403(details=False)
    31. 

  31.         if path.endswith("favicon.ico"):
    32. 

  32.             return self.actionFile("src/Ui/media/img/favicon.ico")
    33. 

  33.         else:
    34. 

  34.             if config.ui_password:
    35. 

  35.                 if time.time() - self.last_cleanup > 60 * 60:  # Cleanup expired sessions every hour
    36. 

  36.                     self.cleanup()
    37. 

  37.                 # Validate session
    38. 

  38.                 session_id = self.getCookies().get("session_id")
    39. 

  39.                 if session_id not in self.sessions:  # Invalid session id, display login
    40. 

  40.                     return self.actionLogin()
    41. 

  41.             return super(UiRequestPlugin, self).route(path)
    42. 

  42. 

  43.     # Action: Login
    44. 

  44.     def actionLogin(self):
    45. 

  45.         template = open("plugins/UiPassword/login.html").read()
    46. 

  46.         self.sendHeader()
    47. 

  47.         posted = self.getPosted()
    48. 

  48.         if posted:  # Validate http posted data
    49. 

  49.             if self.checkPassword(posted.get("password")):
    50. 

  50.                 # Valid password, create session
    51. 

  51.                 session_id = self.randomString(26)
    52. 

  52.                 self.sessions[session_id] = {
    53. 

  53.                     "added": time.time(),
    54. 

  54.                     "keep": posted.get("keep")
    55. 

  55.                 }
    56. 

  56. 

  57.                 # Redirect to homepage or referer
    58. 

  58.                 url = self.env.get("HTTP_REFERER", "")
    59. 

  59.                 if not url or re.sub(r"\?.*", "", url).endswith("/Login"):
    60. 

  60.                     url = "/" + config.homepage
    61. 

  61.                 cookie_header = ('Set-Cookie', "session_id=%s;path=/;max-age=2592000;" % session_id)  # Max age = 30 days
    62. 

  62.                 self.start_response('301 Redirect', [('Location', url), cookie_header])
    63. 

  63.                 yield "Redirecting..."
    64. 

  64. 

  65.             else:
    66. 

  66.                 # Invalid password, show login form again
    67. 

  67.                 template = template.replace("{result}", "bad_password")
    68. 

  68.         yield template
    69. 

  69. 

  70.     def checkPassword(self, password):
    71. 

  71.         return password == config.ui_password
    72. 

  72. 

  73.     def randomString(self, nchars):
    74. 

  74.         return ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase + string.digits) for _ in range(nchars))
    75. 

  75. 

  76.     @classmethod
    77. 

  77.     def cleanup(cls):
    78. 

  78.         cls.last_cleanup = time.time()
    79. 

  79.         for session_id, session in cls.sessions.items():
    80. 

  80.             if session["keep"] and time.time() - session["added"] > 60 * 60 * 24 * 60:  # Max 60days for keep sessions
    81. 

  81.                 del(cls.sessions[session_id])
    82. 

  82.             elif not session["keep"] and time.time() - session["added"] > 60 * 60 * 24:  # Max 24h for non-keep sessions
    83. 

  83.                 del(cls.sessions[session_id])
    84. 

  84. 

  85.     # Action: Display sessions
    86. 

  86.     def actionSessions(self):
    87. 

  87.         self.sendHeader()
    88. 

  88.         yield "<pre>"
    89. 

  89.         yield json.dumps(self.sessions, indent=4)
    90. 

  90. 

  91.     # Action: Logout
    92. 

  92.     def actionLogout(self):
    93. 

  93.         # Session id has to passed as get parameter or called without referer to avoid remote logout
    94. 

  94.         session_id = self.getCookies().get("session_id")
    95. 

  95.         if not self.env.get("HTTP_REFERER") or session_id == self.get.get("session_id"):
    96. 

  96.             if session_id in self.sessions:
    97. 

  97.                 del self.sessions[session_id]
    98. 

  98.             self.start_response('301 Redirect', [
    99. 

  99.                 ('Location', "/"),
    100. 

  100.                 ('Set-Cookie', "session_id=deleted; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT")
    101. 

  101.             ])
    102. 

  102.             yield "Redirecting..."
    103. 

  103.         else:
    104. 

  104.             self.sendHeader()
    105. 

  105.             yield "Error: Invalid session id"
    106. 

  106. 

  107. 

  108. 

  109. @PluginManager.registerTo("ConfigPlugin")
    110. 

  110. class ConfigPlugin(object):
    111. 

  111.     def createArguments(self):
    112. 

  112.         group = self.parser.add_argument_group("UiPassword plugin")
    113. 

  113.         group.add_argument('--ui_password', help='Password to access UiServer', default=None, metavar="password")
    114. 

  114. 

  115.         return super(ConfigPlugin, self).createArguments()
    116. 

  116. 

  117. 

  118. from Translate import translate as lang
    119. 

  119. @PluginManager.registerTo("UiWebsocket")
    120. 

  120. class UiWebsocketPlugin(object):
    121. 

  121.     def actionUiLogout(self, to):
    122. 

  122.         permissions = self.getPermissions(to)
    123. 

  123.         if "ADMIN" not in permissions:
    124. 

  124.             return self.response(to, "You don't have permission to run this command")
    125. 

  125. 

  126.         session_id = self.request.getCookies().get("session_id", "")
    127. 

  127.         self.cmd("redirect", '/Logout?session_id=%s' % session_id)
    128. 

  128. 

  129.     def addHomepageNotifications(self):
    130. 

  130.         error_msgs = showPasswordAdvice(config.ui_password)
    131. 

  131.         for msg in error_msgs:
    132. 

  132.             self.site.notifications.append(["error", lang[msg]])
    133. 

  133. 

  134.         return super(UiWebsocketPlugin, self).addHomepageNotifications()
    135.