Commit cb257e9d authored by Daniele Iamartino's avatar Daniele Iamartino Committed by JackV

Added MAC address submission

parent 2ccf455f
......@@ -16,7 +16,7 @@ from sqlalchemy import desc
from tornado.options import options
from .engine import persist, query_by_timestamp, count, query_by_attribute
from .models import TemperatureSample, Status, Message, Page, User
from .models import TemperatureSample, Status, Message, Page, User, MACToUser
## Exceptions ##
......@@ -101,6 +101,10 @@ def get_last_login_attempt(session, ip_address, username=None):
else:
return session.query(L).filter(L.ipaddress == ip_address).order_by(desc(L.timestamp)).first()
def get_userid_from_mac_hash(session, mac_hash):
"""Get MACToUser with specified mac_hash"""
return query_by_attribute(session, MACToUser, 'mac_hash', mac_hash)
## Loggers ##
......@@ -119,6 +123,11 @@ def log_message(session, user, message):
return persist(session, Message(user.userid, message))
def log_user_mac(session, user, mac_hash):
"""Persist MAC address by user to DB."""
return persist(session, MACToUser(user.userid, mac_hash))
def log_last_login_attempt(session, ip_address, username):
""""Persist failed login attempt (either insert or update)"""
attempt = LoginAttempt(username, ip_address)
......
......@@ -149,3 +149,9 @@ define("mqtt_password",
help="Password for MQTT authentication",
group="Networking"
)
define("mac_hash_salt",
default="Your key here",
help="Salt string to combine for building the MAC addresses hashes.",
group="Networking"
)
......@@ -36,7 +36,8 @@ def start():
(r'/message', handlers.MessagePageHandler),
(r'/data.php', handlers.RTCHandler),
(r'/macupdate', handlers.MACUpdateHandler),
(r'/presence.svg', handlers.PresenceGraphHandler)
(r'/presence.svg', handlers.PresenceGraphHandler),
(r'/submitmac', handlers.MACPageHandler),
],
ui_modules=uimodules,
gzip=True,
......
......@@ -369,6 +369,43 @@ class MessagePageHandler(BaseHandler):
)
class MACPageHandler(BaseHandler):
@tornado.web.authenticated
def get(self):
self.render('templates/submitmac.html', message=None, text='')
@tornado.web.authenticated
def post(self):
mac = self.get_argument('msgtext').lower()
if not re.match("((?:[a-f0-9]{2}:){5}[a-f0-9]{2})", mac):
self.render(
'templates/submitmac.html',
message='MAC address non valido.',
text=mac
)
return
username = self.get_current_user()
LOG.info("%r requested to add a new MAC address", username)
with session_scope() as session:
user = query.get_user(session, username)
mac_hash = hmac.new(options.mac_hash_salt, mac,
hashlib.sha256).hexdigest()
if query.get_userid_from_mac_hash(session, mac_hash) != None:
message = u'Il MAC address è già presente nel database.'
else:
query.log_user_mac(session, user, mac_hash)
message = 'MAC address associato al tuo utente.'
self.render(
'templates/submitmac.html',
message=message,
text=''
)
class RTCHandler(BaseHandler):
def get(self):
now = datetime.now()
......
......@@ -66,6 +66,7 @@
<i class="material-icons">message</i> Invia messaggio
</button>
</a>
<a id="submitmac" href="/submitmac">Aggiungi MAC address</a>
</div>
</div>
</div>
......
{% extends "base.html" %}
{#
# Copyright (C) 2016 Daniele Iamartino
# Copyright (C) 2016 BITS development team
#
# This file is part of bitsd, which is released under the terms of
# GNU GPLv3. See COPYING at top level for more information.
#}
{% block title %}Aggiungi MAC address{% end %}
{% block attrs %}class="submitmac"{% end %}
{% block subtitle %}Annuncia automaticamente quando sei in sede{% end %}
{% block body %}
<form action="/submitmac" method="post">
<p>MAC Address:</p>
<textarea name="msgtext" rows="1" cols="20">{{ text }}</textarea>
<p><small>Nota: Il MAC address viene inserito in un hash con salt.
<br>Nessun MAC address viene salvato in chiaro nel database.</small></p>
{% module xsrf_form_html() %}
<p><input type="submit" value="Aggiungi"></p>
</form>
{% if message %}
<div id="message">{{ message }}</div>
{% end %}
<ul class="link">
<li><a id="logout" href="/logout">Logout</a></li>
<li><a id="admin" href="/admin">Cambia stato sede</a></li>
</ul>
{% end %}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment