TheCloud/panda3d
1
0
Fork 0
mirror of https://github.com/panda3d/panda3d.git synced 2025-10-02 09:52:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

Retro fitted the class with security: Username/Password protection.

Browse Source
This commit is contained in:
Joe Hager 2007-11-21 02:35:15 +00:00
parent c11e8411d9
commit 80c18644be
1 changed files with 154 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

181
direct/src/http/webNotifyDebug.py
View File

@ -1,18 +1,63 @@
from direct.task import Task
from direct.http import WebRequest
from direct.directnotify import DirectNotifyGlobal
import random, string
class webNotifyDebug:
def __init__(self, portNumber = 8888):
def __init__(self, portNumber = 8888, username = None, password = None):
self.portNumber = portNumber
self.username = username
self.password = password
self.passwordProtect = False
self.pageToHit = 'debug'
self.authTokens = []
self.web = WebRequest.WebRequestDispatcher()
self.web.listenOnPort(int(self.portNumber))
# 'debug' will be the name of the page we have to hit
self.web.registerGETHandler('debug', self.debug)
# If both a username and password should be specified, then
# we will need to present a username and password prompt to the user
if self.username and self.password:
# set self.passwordProtect to True
self.passwordProtect = True
# Register 'debug' with the password prompt
self.web.registerGETHandler('debug', self.passwordPrompt)
self.web.registerGETHandler('authDebug', self.authDebug)
self.pageToHit = 'authDebug'
else:
self.web.registerGETHandler('debug', self.debug)
self.startCheckingIncomingHTTP()
def listAllCategories(self, replyTo, optionalMessage = None):
def passwordPrompt(self, replyTo, **kw):
# This should get called if we need to prompt the user for
# a username and password.
try:
username = kw['username']
password = kw['password']
except KeyError:
# the user is probably making their initial connection to the
# password protected site. Present them with the login page
replyTo.respond('<HTML>\n<HEAD><TITLE>Direct Notify Web Interface - Username and Password Required</TITLE></HEAD>\n<BODY>\n<FONT SIZE=4>Username/Password authentication has been enabled. You must provide the following before gaining access to the system:<P><FORM action="debug" method="get">\nUsername: <INPUT type="text" name="username"><BR>\nPassword: <INPUT type="password" name="password"><BR>\n<input type=submit name="Submit" text="Login"></form>\n</BODY></HTML>')
return
# If the username and password are correct, we need to generate an
# auth token and place it in self.authTokens. If the username and
# password are incorrect. Return an error message indicating such.
if username == self.username and password == self.password:
# Username and Password match
# Generate auth token
authToken = self.genToken()
# Place the authToken in the list of valid auth tokens
self.authTokens.append(authToken)
replyTo.respond('<HTML><HEAD><TITLE>Username and Password Good</TITLE></HEAD><BODY>Username and Password are good, please remember to logout when done. <A HREF=authDebug?authToken=%s>Click here to continue</a></BODY></HTML>' % (authToken))
return
else:
replyTo.respond('Username and/or password are incorrect')
return
def listAllCategories(self, replyTo, optionalMessage = None, authToken = None):
# Return a web page with a list of all registered notify categories
# along with an HTML widget to chage their debug state
@ -27,7 +72,10 @@ class webNotifyDebug:
# define the static foot
foot = '</tbody></table></CENTER><BR><A HREF="debug">Main Menu</a></body></html>'
if authToken:
foot = '</tbody></table></CENTER><BR><A HREF="%s?authToken=%s">Main Menu</a></body></html>' % (self.pageToHit, authToken)
else:
foot = '</tbody></table></CENTER><BR><A HREF="%s">Main Menu</a></body></html>' % self.pageToHit
# Sort our catagory list into alpha order
@ -41,39 +89,45 @@ class webNotifyDebug:
tempCategory = DirectNotifyGlobal.directNotify.getCategory(item)
debugStatus = tempCategory.getDebug()
if debugStatus == 0:
body = '%s%s<A HREF="debug?command=on&item=%s">Off</a></td></tr>' % (body, select, item)
if authToken:
body = '%s%s<A HREF="%s?command=on&item=%s&authToken=%s">Off</a></td></tr>' % (body, select, self.pageToHit, item, authToken)
else:
body = '%s%s<A HREF="%s?command=on&item=%s">Off</a></td></tr>' % (body, select, self.pageToHit, item)
else:
body = '%s%s<A HREF="debug?command=off&item=%s">On</a></td></tr>' % (body, select, item)
if authToken:
body = '%s%s<A HREF="%s?command=off&item=%s&authToken=%s">On</a></td></tr>' % (body, select, self.pageToHit, item, authToken)
else:
body = '%s%s<A HREF="%s?command=off&item=%s">On</a></td></tr>' % (body, select, self.pageToHit, item)
replyTo.respond('%s\n%s\n%s\n' % (head, body, foot))
def turnCatOn(self, item, replyTo, sString = None):
def turnCatOn(self, item, replyTo, sString = None, authToken = None):
# Used to turn a catagory (item), to the on state
try:
notifyItem = DirectNotifyGlobal.directNotify.getCategory(item)
notifyItem.setDebug(1)
updateMessage = 'Category <b>%s</b>, has been turned on' % (item)
if not sString:
self.listAllCategories(replyTo, updateMessage)
self.listAllCategories(replyTo, updateMessage, authToken)
else:
self.searchForCat(sString, replyTo, updateMessage)
self.searchForCat(sString, replyTo, updateMessage, authToken)
except AttributeError:
replyTo.respond('Invalid Category Passed')
def turnCatOff(self, item, replyTo, sString = None):
def turnCatOff(self, item, replyTo, sString = None, authToken = None):
# Used to turn a catagory (item), to the off state
try:
notifyItem = DirectNotifyGlobal.directNotify.getCategory(item)
notifyItem.setDebug(0)
updateMessage = 'Category <b>%s</b>, has been turned off' % (item)
if not sString:
self.listAllCategories(replyTo, updateMessage)
self.listAllCategories(replyTo, updateMessage, authToken)
else:
self.searchForCat(sString, replyTo, updateMessage)
self.searchForCat(sString, replyTo, updateMessage, authToken)
except AttributeError:
replyTo.respond('Invalid Category Passed')
def searchForCat(self, searchString, replyTo, toggle = None):
def searchForCat(self, searchString, replyTo, toggle = None, authToken = None):
# Used to execute a substring search for a category
completeList = DirectNotifyGlobal.directNotify.getCategories()
resultList = []
@ -88,53 +142,110 @@ class webNotifyDebug:
head = '<html>\n<head>\n<meta content="text/html; charset=ISO-8859-1" http-equiv="content-type">\n<title>DirectNotify - Search Results</title>\n</head>\n<body>\n<h1 style="text-align: center;">DirectNotify - Listing All Categories</h1>\n<CENTER><table style="text-align: left;" border="1" cellpadding="2" cellspacing="2">\n<tbody>\n<tr><th>Category</th><th>Debug Status</th></tr>\n'
else:
head = '<html>\n<head>\n<meta content="text/html; charset=ISO-8859-1" http-equiv="content-type">\n<title>DirectNotify - Search Results</title>\n</head>\n<body>\n<h1 style="text-align: center;">DirectNotify - Listing All Categories</h1>\n<CENTER><HR>%s<HR><br><table style="text-align: left;" border="1" cellpadding="2" cellspacing="2">\n<tbody>\n<tr><th>Category</th><th>Debug Status</th></tr>\n' % (toggle)
foot = '</tbody></table></CENTER><BR><A HREF="debug">Main Menu</a></body></html>'
if authToken:
foot = '</tbody></table></CENTER><BR><A HREF="authDebug?authToken=%s">Main Menu</a></body></html>' % (authToken)
else:
foot = '</tbody></table></CENTER><BR><A HREF="debug">Main Menu</a></body></html>'
body = ''
for item in resultList:
select = '<tr><td>%s</td><td style="text-align: center;">' % (item)
tempCategory = DirectNotifyGlobal.directNotify.getCategory(item)
debugStatus = tempCategory.getDebug()
if debugStatus == 0:
body = '%s%s<A HREF="debug?command=on&item=%s&sString=%s">Off</a></td></tr>' % (body, select, item, searchString)
if authToken:
body = '%s%s<A HREF="%s?command=on&item=%s&sString=%s&authToken=%s">Off</a></td></tr>' % (body, select, self.pageToHit, item, searchString, authToken)
else:
body = '%s%s<A HREF="%s?command=on&item=%s&sString=%s">Off</a></td></tr>' % (body, select, self.pageToHit, item, searchString)
else:
body = '%s%s<A HREF="debug?command=off&item=%s&sString=%s">On</a></td></tr>' % (body, select, item, searchString)
if authToken:
body = '%s%s<A HREF="%s?command=off&item=%s&sString=%s&authToken=%s">On</a></td></tr>' % (body, select, self.pageToHit, item, searchString, authToken)
else:
body = '%s%s<A HREF="%s?command=off&item=%s&sString=%s">On</a></td></tr>' % (body, select, self.pageToHit, item, searchString)
replyTo.respond('%s\n%s\n%s\n' % (head, body, foot))
def debug(self, replyTo, **kw):
try:
authToken = kw['authToken']
except KeyError:
authToken = None
try:
command = kw['command']
if command == 'listAll':
self.listAllCategories(replyTo)
if self.passwordProtect:
self.listAllCategories(replyTo, None, authToken)
else:
self.listAllCategories(replyTo)
elif command == 'on':
item = kw['item']
try:
sString = kw['sString']
self.turnCatOn(item, replyTo, sString)
if self.passwordProtect:
self.turnCatOn(item, replyTo, sString, authToken)
else:
self.turnCatOn(item, replyTo, sString)
except KeyError:
self.turnCatOn(item, replyTo)
if self.passwordProtect:
self.turnCatOn(item, replyTo, None, authToken)
else:
self.turnCatOn(item, replyTo)
elif command == 'off':
item = kw['item']
try:
sString = kw['sString']
self.turnCatOff(item, replyTo, sString)
if self.passwordProtect:
self.turnCatOff(item, replyTo, sString, authToken)
else:
self.turnCatOff(item, replyTo, sString)
except KeyError:
self.turnCatOff(item, replyTo)
if self.passwordProtect:
self.turnCatOff(item, replyTo, None, authToken)
else:
self.turnCatOff(item, replyTo)
elif command == 'search':
searchString = kw['searchString']
self.searchForCat(searchString, replyTo)
if self.passwordProtect:
self.searchForCat(searchString, replyTo, None, authToken)
else:
self.searchForCat(searchString, replyTo)
elif command == 'logOff' and authToken:
self.logOut(replyTo, authToken)
else:
replyTo.respond('Error: Invalid args')
return
except KeyError:
pass
# Basic Index Page
replyTo.respond('<html><head>\n<meta content="text/html; charset=ISO-8859-1" http-equiv="content-type">\n<title>DirectNotify Web Interface</title>\n</head>\n<body>\n<div style="text-align: center;">\n<h1>DirectNotify Web Interface</h1>\n</div>\n<hr style="width: 100%; height: 2px;">\n<form method="get" action="debug" name="searchfom"><INPUT TYPE=HIDDEN NAME="command" VALUE="search">Search for a DirectNotify Category: <input name="searchString"> <input type=submit name="Submit"></button><br>\n</form>\n<br>\n<A HREF="debug?command=listAll">Display all DirectNotify Categories</a>\n</body>\n</html>')
if not authToken:
replyTo.respond('<html><head>\n<meta content="text/html; charset=ISO-8859-1" http-equiv="content-type">\n<title>DirectNotify Web Interface</title>\n</head>\n<body>\n<div style="text-align: center;">\n<h1>DirectNotify Web Interface</h1>\n</div>\n<hr style="height: 2px;">\n<form method="get" action="debug" name="searchfom"><INPUT TYPE=HIDDEN NAME="command" VALUE="search">Search for a DirectNotify Category: <input name="searchString"> <input type=submit name="Submit"></button><br>\n</form>\n<br>\n<A HREF="%s?command=listAll">Display all DirectNotify Categories</a>\n</body>\n</html>' % (self.pageToHit))
else:
replyTo.respond('<html><head>\n<meta content="text/html; charset=ISO-8859-1" http-equiv="content-type">\n<title>DirectNotify Web Interface</title>\n</head>\n<body>\n<div style="text-align: center;">\n<h1>DirectNotify Web Interface</h1>\n</div>\n<hr style="height: 2px;">\n<form method="get" action="authDebug" name="searchfom"><INPUT TYPE=HIDDEN NAME="command" VALUE="search"><INPUT TYPE=HIDDEN NAME="authToken" VALUE="%s">Search for a DirectNotify Category: <input name="searchString"> <input type=submit name="Submit"></button><br>\n</form>\n<br>\n<A HREF="%s?command=listAll&authToken=%s">Display all DirectNotify Categories</a><BR>\n<A HREF="authDebug?command=logOff&authToken=%s>Log Off</a></body>\n</html>' % (authToken, self.pageToHit, authToken, authToken))
def logOut(self, replyTo, authToken):
# Delete token from auth list
self.authTokens.remove(authToken)
replyTo.respond('<HTML><HEAD><TITLE>Logout Sucessful</TITLE></HEAD>\n<BODY>Logout complete. You will need to login again to use the system</BODY>\n</HTML>')
def authDebug(self, replyTo, **kw):
try:
authToken = kw['authToken']
try:
pos = self.authTokens.index(authToken)
except ValueError:
# authToken passed is not in the list
replyTo.respond('Error: Client not authorized')
return
except (ValueError, KeyError):
# authToken not passed in GET. Return an error
replyTo.respond('Error: No auth token passed from client')
return
# If we've gotten this far, we have determined that an auth token was
# passed in the HTTP GET and it is on the list of auth tokens.
# Now we can pass this to the normal debug URI
kw['authToken'] = authToken
self.debug(replyTo, **kw)
def startCheckingIncomingHTTP(self):
taskMgr.remove('pollDirectDebugHTTPTask')
@ -146,3 +257,19 @@ class webNotifyDebug:
def pollDirectDebugHTTPTask(self,task):
self.web.poll()
return Task.again
def genToken(self):
alpha = string.letters.upper()
num = string.digits
ranNumber = ''
ranAlpha = ''
for i in range(3):
ranNumberOne = ranNumber + random.choice(num)
for i in range(3):
ranAlphaOne = ranAlpha + random.choice(alpha)
for i in range(3):
ranNumberTwo = ranNumber + random.choice(num)
for i in range(3):
ranAlphaTwo = ranAlpha + random.choice(alpha)
token = "%s%s%s%s" % (ranAlphaOne, ranNumberOne, ranAlphaTwo, ranNumberTwo)
return token