matemat/matemat/webserver/pagelets/touchkey.py
s3lph 67e2a813d5
All checks were successful
/ test (push) Successful in 1m22s
/ codestyle (push) Successful in 1m6s
/ build_wheel (push) Successful in 2m0s
/ build_debian (push) Successful in 2m32s
feat: redesign ui using bootstrap
feat: split user settings and admin settings
fix: list user tokens in admin user settings
feat!: remove osk, osk should be provided by kiosk browser
2024-12-07 15:53:19 +01:00

59 lines
3.1 KiB
Python

from bottle import get, post, redirect, abort, request
from matemat.db import MatematDatabase
from matemat.db.primitives import User
from matemat.exceptions import AuthenticationError
from matemat.webserver import template, session
from matemat.webserver.template import Notification
from matemat.webserver.config import get_app_config
@get('/touchkey')
@post('/touchkey')
def touchkey_page():
"""
The touchkey login mechanism. If called via GET, render the UI template; if called via POST, attempt to log in with
the provided credentials (username and touchkey).
"""
config = get_app_config()
session_id: str = session.start()
with MatematDatabase(config['DatabaseFile']) as db:
# If a user is already logged in, simply redirect to the main page, showing the product list
if session.has(session_id, 'authenticated_user'):
redirect('/')
# If requested via HTTP GET, render the login page showing the touchkey UI
if request.method == 'GET':
buypid = None
if request.params.buypid:
buypid = str(request.params.buypid)
try:
buyproduct = db.get_product(int(buypid))
Notification.success(
f'Login will purchase <strong>{buyproduct.name}</strong>. ' +
'Click <a class="alert-link" href="/">here</a> to abort.')
except ValueError:
Notification.error(f'No product with id {buypid}', decay=True)
return template.render('touchkey.html', signup=(config.get('SignupEnabled', '0') == '1'),
username=str(request.params.username), uid=int(str(request.params.uid)),
setupname=config['InstanceName'], buypid=buypid)
# If requested via HTTP POST, read the request arguments and attempt to log in with the provided credentials
elif request.method == 'POST':
# Connect to the database
with MatematDatabase(config['DatabaseFile']) as db:
try:
# Read the request arguments and attempt to log in with them
user: User = db.login(str(request.params.username), touchkey=str(request.params.touchkey))
except AuthenticationError:
# Reload the touchkey login page on failure
redirect(f'/touchkey?uid={str(request.params.uid)}&username={str(request.params.username)}')
# Set the user ID session variable
session.put(session_id, 'authenticated_user', user.id)
# Set the authlevel session variable (0 = none, 1 = touchkey, 2 = password login)
session.put(session_id, 'authentication_level', 1)
if request.params.buypid:
buypid = str(request.params.buypid)
redirect(f'/buy?pid={buypid}')
# Redirect to the main page, showing the product list
redirect('/')
# If neither GET nor POST was used, show a 405 Method Not Allowed error page
abort(405)