Skip to content

irul / opensipkd-base

Go to a project
Commit 6354fa0b by aagusti
Options

perbaikan manajemen cookies

1 parent 78d0185a
Inline Side-by-side
Showing 6 changed files with 190 additions and 22 deletions
opensipkd/base/views/base_google.py
......@@ -60,11 +60,11 @@ def googlesignin(request):
# Or, if multiple clients access the backend server:
gtoken = json.loads(request.params['id_token'])
# idinfo = id_token.verify_oauth2_token(gtoken, requests.Request())
# test
import jwt
idinfo = jwt.decode(gtoken["credential"], options={"verify_signature": False}) # KEY, algorithms=["RS256"]) #
# idinfo = id_token.verify_oauth2_token(gtoken, requests.Request())
if idinfo['aud'] not in CLIENT_IDS:
if idinfo['aud'] not in CLIENT_IDS or idinfo['azp'] not in CLIENT_IDS:
raise ValueError('Could not verify audience.')
if idinfo['iss'] not in ['accounts.google.com', 'https://accounts.google.com']:
......
opensipkd/base/views/base_views.py
......@@ -18,12 +18,6 @@ from ..models import User
class BaseView(object):
def __init__(self, request):
if not "test" in request.session:
request.session["test"]='TEST'
print("********8 Session test not found")
else:
print("********9 Session", request.session["test"])
self.req = request
self.ses = self.req.session
self.params = self.req.params
......@@ -184,12 +178,12 @@ class BaseView(object):
def validation_failure(self, value):
return value
def cancel_act(self):
pass
def view_add(self):
print("*************** view_add", self.ses)
form = self.get_form(self.add_schema)
if self.req.POST:
print("*************** view_add_pos", self.ses)
if 'save' in self.req.POST:
controls = self.req.POST.items()
try:
......@@ -197,13 +191,14 @@ class BaseView(object):
except ValidationFailure as e:
value = self.validation_failure(e.cstruct)
value.update(self.before_add())
print("*************** on error", self.ses)
form.render(appstruct=value)
return dict(form=form.render(), scripts=self.form_scripts)
self.save_request(dict(controls))
if "cancel" in self.req.POST or 'batal' in self.req.POST:
self.cancel_act()
return self.route_list()
values = self.before_add()
print("*************** on view", self.ses)
form.set_appstruct(values)
table = self.get_item_table()
return dict(form=form.render(), table=table and table.render() or None,
......
opensipkd/base/views/register.py
......@@ -33,6 +33,7 @@ from deform import (widget, Button, FileData)
from opensipkd.tools import Upload
from pyramid.httpexceptions import HTTPFound
from pyramid.i18n import TranslationStringFactory
from pyramid.security import forget
from pyramid.view import view_config
from ziggurat_foundations.models.services.user import UserService
......@@ -350,16 +351,25 @@ class Registrasi(BaseView):
DBSession.add(partner)
DBSession.flush()
return row
def cancel_act(self):
forget(self.req)
self.ses.delete()
@view_config(route_name='register', renderer='templates/form_input.pt')
def view_register(self):
if "g_state" in self.req.cookies:
if "id_info" not in self.ses or not self.ses["id_info"]:
return HTTPFound(location=self.req.route_url("login"))
request = self.req
reg_form = get_params("reg_form")
if reg_form:
return HTTPFound(location=self.req.route_url(reg_form))
self.bindings = dict(user=None)
if request.user:
return HTTPFound(location=request.route_url("profile"))
return super(Registrasi, self).view_add()
def query_id(self):
......
opensipkd/base/views/templates/login.pt
......@@ -136,6 +136,15 @@
src="https://accounts.google.com/gsi/client" async defer></script>
<script tal:condition="request.google_signin_client_id">
window.onload = function (e) {
const value = document.cookie;
const parts = value.split(`g_state=`);
console.log(parts.length)
if (parts.length === 2) {
document.cookie = document.cookie + ";max-age=0";
}
}
function onSignIn(googleUser) {
// var profile = googleUser.getBasicProfile();
// console.log('ID: ' + profile.getId()); // Do not send to your backend! Use an ID token instead.
......@@ -143,7 +152,7 @@
// console.log('Image URL: ' + profile.getImageUrl());
// console.log('Email: ' + profile.getEmail()); // This is null if the 'email' scope is not present.
//getId(), getName(), getGivenName(), getFamilyName(), getImageUrl(), getEmail() methods, and
console.log(googleUser);
// console.log(googleUser);
// console.log(googleUser.getId());
// console.log(googleUser.getName());
// var id_token = googleUser.getAuthResponse().id_token;
......
opensipkd/base/views/user_ext.py 0 → 100644
import os
import re
import colander
import transaction
from datatables import (ColumnDT, DataTables, )
from deform import (Form, widget, ValidationFailure, Button, )
# from sqlalchemy.exc import IntegrityErrortpl
from sqlalchemy.exc import IntegrityError
from opensipkd.tools import create_now
from opensipkd.tools.buttons import btn_cancel, btn_save, btn_close, btn_delete, btn_view
from opensipkd.tools.report import open_rml_row, csv_response, open_rml_pdf, pdf_response
from pyramid.httpexceptions import (HTTPFound, HTTPNotFound, )
from pyramid.i18n import TranslationStringFactory
from pyramid.view import view_config
from sqlalchemy import (func, or_, )
from ziggurat_foundations.models.services.user import UserService
from . import BaseView
from .company import company_widget
from .user_login import (
regenerate_security_code, send_email_security_code, generate_api_key, )
from ..models import (DBSession, User, Group, UserGroup, ResCompany, ExternalIdentity)
_ = TranslationStringFactory('user')
########
# List #
########
class AddSchema(colander.Schema):
external_user_name = colander.SchemaNode(
colander.String(), title=_('User Name'))
provider_name = (colander.SchemaNode(colander.String(), title=_('Provider')))
local_user_id = (colander.SchemaNode(colander.String(), title=_('User ID')))
class EditSchema(AddSchema):
external_id = colander.SchemaNode(colander.String(),
widget=widget.TextInputWidget(readonly=True),
missing=colander.drop)
class ListSchema(colander.Schema):
id = colander.SchemaNode(colander.String())
external_user_name = colander.SchemaNode(
colander.String(), title=_('User Name'))
provider_name = (colander.SchemaNode(colander.String(), title=_('Provider')))
local_user_id = (colander.SchemaNode(colander.String(), title=_('User ID')))
class UserExt(BaseView):
def __init__(self, request):
super(UserExt, self).__init__(request)
self.edit_schema = EditSchema
self.list_schema = ListSchema
# self.list_url = "/user/ext"
self.list_route = "user-ext"
self.list_buttons = (btn_view, btn_delete, btn_close)
@view_config(
route_name='user-ext', renderer='templates/form_input.pt',
permission='user-view')
def view_list(self):
form = super(UserExt, self).view_list()
return form
@view_config(
route_name='user-ext-view', renderer='templates/form_input.pt',
permission='user-view')
def view_view(self):
return super(UserExt, self).view_view()
@view_config(
route_name='user-ext-delete', renderer='templates/form_input.pt',
permission='user-edit')
def view_delete(self):
return super(UserExt, self).view_delete()
@view_config(
route_name='user-ext-act', renderer='json', permission='user-view')
def view_act(self):
req = self.req
url_dict = req.matchdict
if url_dict['act'] == 'grid':
columns = [
ColumnDT(ExternalIdentity.external_id, mData='id'),
ColumnDT(ExternalIdentity.external_user_name, mData='external_user_name'),
ColumnDT(ExternalIdentity.provider_name, mData='provider_name'),
ColumnDT(ExternalIdentity.local_user_id, mData='local_user_id'),
]
query = DBSession.query().select_from(ExternalIdentity). \
outerjoin(User, User.id == ExternalIdentity.local_user_id)
if self.req.user.company_id:
query = query.filter(User.company_id == self.req.user.company_id)
row_table = DataTables(req.GET, query, columns)
return row_table.output_result()
def delete_msg(self, row):
return f'Data ID {row.external_id} sudah dihapus.'
def query_id(self):
return DBSession.query(ExternalIdentity).filter_by(external_id=self.req.matchdict["id"])
# elif url_dict['act'] == 'csv':
# query = query_register()
# row = query.first()
# header = row.keys()
# rows = []
# for item in query.all():
# rows.append(list(item))
#
# filename = 'user.csv'
# value = {
# 'header': header,
# 'rows': rows,
# }
# return csv_response(request, value, filename)
# elif url_dict['act'] == 'pdf':
# # todo ganti rml jadi openoffice
# query = query_register()
# _here = os.path.dirname(__file__) # get current folder -> views
# path = os.path.dirname(_here) # mundur 1 level
# path = os.path.join(path, 'reports')
# rml_row = open_rml_row(path + '/user.row.rml')
# rows = []
# for r in query.all():
# s = rml_row.format(user_name=r.user_name, email=r.email,
# registered_date=r.registered_date)
# rows.append(s)
# pdf, filename = open_rml_pdf(path + '/user.rml', rows=rows,
# company=request.company,
# departement=request.departement,
# address=request.address)
# return pdf_response(request, pdf, filename)
opensipkd/base/views/user_login.py
......@@ -23,6 +23,7 @@ import os
from importlib import import_module
import colander
import requests
from deform import widget, Form, ValidationFailure, Button
from pyramid.httpexceptions import HTTPFound, HTTPNotFound
from pyramid.renderers import render_to_response
......@@ -61,9 +62,7 @@ def get_login_headers(request, user):
@view_config(route_name='login', renderer='templates/login.pt')
def view_login(request):
if "g_state" in request.session:
z
del request.session["g_state"]
request.session["login"]=True
next_url = request.params.get('next', request.referrer)
login_tpl = get_params('login_tpl', 'templates/login.pt')
if not next_url:
......@@ -75,7 +74,7 @@ def view_login(request):
schema = Login(validator=login_validator)
form = Form(schema, buttons=('login',))
message=""
message = ""
if 'login' in request.POST:
identity = request.POST.get('username')
user = schema.user = User.get_by_identity(identity)
......@@ -130,25 +129,42 @@ def view_login(request):
provider_name = request.params["provider_name"]
if provider_name == "google":
from .base_google import googlesignin
try:
id_info = googlesignin(request)
except Exception as e:
login = ""
request.session.flash(str(e), "error")
return render_to_response(login_tpl,
dict(form=form.render(),
message=message,
url=request.route_url('login'),
next_url=next_url,
login=login, ),
request=request)
request.session["id_info"] = id_info
else:
id_info = None
user = id_info and ExternalIdentityService. \
user_by_external_id_and_provider(id_info['sub'], id_info['iss'])
if id_info and not user:
request.session.flash('Silahkan Melakukan Registrasi')
register_form = get_params("register_form", 'register')
return HTTPFound(location=request.route_url(register_form))
if user and user.status==1:
if user and user.status == 1:
return redirect_login(request, user)
else:
message = "User anda masih menunggu verifikasi atau lagi di blokir"
request.session.flash(message, "error")
login = ""
# if "g_state" in request.cookies:
# requests.post("https://accounts.google.com/o/oauth2/revoke?token=" + ACCESS_TOKEN);
# headers = forget(request)
# request.session.delete()
# request.session["start"]="login"
login=""
return render_to_response(login_tpl,
dict(form=form.render(),
message=message,
......@@ -182,9 +198,10 @@ def view_logout(request):
set_user_log("Logout", request, log)
headers = forget(request)
request.session.delete()
if "g_state" in request.cookies:
del request.cookies["g_state"]
return HTTPFound(location=f"{request.route_url('home')}",
headers=headers)
return dict()
......
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!