Merge branch 'dev' of https://git.xdi.uevora.pt/mjsb/perguntations into dev

Miguel Barão
2 parents 9c370d05 6dca43f1
Showing 3 changed files with 36 additions and 19 deletions Show diff stats
BUGS.md
perguntations/app.py
perguntations/serve.py
  
 # BUGS
  
+- no login, dar mensagem de erro se aluno nao existir??
+- Verificar o processo de logout.
+- permitir remover alunos que estão online para poderem comecar de novo.
 - grade gives internal server error
 - reload do teste recomeça a contagem no inicio do tempo.
 - em admin, quando scale_max não é 20, as cores das barras continuam a reflectir a escala 0,20. a tabela teste na DB não tem a escala desse teste.
@@ -123,11 +123,14 @@ class App():
             logger.info('No tests were generated.')
  
     # ------------------------------------------------------------------------
-    async def login(self, uid, try_pw):
+    async def login(self, uid, try_pw, headers=None):
         '''login authentication'''
+        if uid in self.online:
+            logger.warning('"%s" already logged in.', uid)
+            return 'already_online'
         if uid not in self.allowed and uid != '0':      # not allowed
-            logger.warning('"%s" not allowed to login.', uid)
-            return False
+            logger.warning('"%s" unauthorized.', uid)
+            return 'unauthorized'
  
         # get name+password from db
         with self._db_session() as sess:
@@ -142,17 +145,15 @@ class App():
         else:                           # check password
             pw_ok = await check_password(try_pw, password)  # async bcrypt
  
-        if pw_ok:      # success
-            self.allowed.discard(uid)  # remove from set of allowed students
-            if uid in self.online:
-                logger.warning('"%s" already logged in.', uid)
-            else:                      # make student online
-                self.online[uid] = {'student': {'name': name, 'number': uid}}
-                logger.info('"%s" logged in.', uid)
-            return True
-                        # wrong password
-        logger.info('"%s" wrong password.', uid)
-        return False
+        if not pw_ok:        # wrong password
+            logger.info('"%s" wrong password.', uid)
+            return 'wrong_password'
+
+        # success
+        self.allowed.discard(uid)  # remove from set of allowed students
+        self.online[uid] = {'student': {'name': name, 'number': uid, 'headers': headers}}
+        logger.info('"%s" logged in from %s.', uid, headers['remote_ip'])
+
  
     # ------------------------------------------------------------------------
     def logout(self, uid):
@@ -190,11 +190,14 @@ class RootHandler(BaseHandler):
     @tornado.web.authenticated
     async def get(self):
         '''
-        Sends test to student or redirects 0 to admin page
+        Handles GET /
+        Sends test to student or redirects 0 to admin page.
+        Multiple calls to this function will return the same test.
         '''
  
         uid = self.current_user
-        logging.info('"%s" GET /', uid)
+        logging.debug('"%s" GET /', uid)
+
         if uid == '0':
             self.redirect('/admin')
  
@@ -263,6 +266,11 @@ class LoginHandler(BaseHandler):
     '''Handles /login'''
  
     _prefix = re.compile(r'[a-z]')
+    _error_msg = {
+        'wrong_password': 'Password errada',
+        'already_online': 'Já está online, não pode entrar duas vezes',
+        'unauthorized': 'Não está autorizado a fazer o teste'
+    }
  
     def get(self):
         '''Render login page.'''
@@ -272,13 +280,18 @@ class LoginHandler(BaseHandler):
         '''Authenticates student and login.'''
         uid = self._prefix.sub('', self.get_body_argument('uid'))
         password = self.get_body_argument('pw')
-        login_ok = await self.testapp.login(uid, password)
+        headers = {
+            'remote_ip': self.request.remote_ip,
+            'user_agent': self.request.headers.get('User-Agent')
+        }
+
+        error = await self.testapp.login(uid, password, headers)
  
-        if login_ok:
+        if error is None:
             self.set_secure_cookie('perguntations_user', str(uid), expires_days=1)
             self.redirect('/')
         else:
-            self.render('login.html', error='Não autorizado ou senha inválida')
+            self.render('login.html', error=self._error_msg[error])
  
  
 # ----------------------------------------------------------------------------
1	1
2	2	# BUGS
3	3
	4	+- no login, dar mensagem de erro se aluno nao existir??
	5	+- Verificar o processo de logout.
	6	+- permitir remover alunos que estão online para poderem comecar de novo.
4	7	- grade gives internal server error
5	8	- reload do teste recomeça a contagem no inicio do tempo.
6	9	- em admin, quando scale_max não é 20, as cores das barras continuam a reflectir a escala 0,20. a tabela teste na DB não tem a escala desse teste.
...	...
...	...	@@ -123,11 +123,14 @@ class App():
123	123	logger.info('No tests were generated.')
124	124
125	125	# ------------------------------------------------------------------------
126		- async def login(self, uid, try_pw):
	126	+ async def login(self, uid, try_pw, headers=None):
127	127	'''login authentication'''
	128	+ if uid in self.online:
	129	+ logger.warning('"%s" already logged in.', uid)
	130	+ return 'already_online'
128	131	if uid not in self.allowed and uid != '0': # not allowed
129		- logger.warning('"%s" not allowed to login.', uid)
130		- return False
	132	+ logger.warning('"%s" unauthorized.', uid)
	133	+ return 'unauthorized'
131	134
132	135	# get name+password from db
133	136	with self._db_session() as sess:
...	...	@@ -142,17 +145,15 @@ class App():
142	145	else: # check password
143	146	pw_ok = await check_password(try_pw, password) # async bcrypt
144	147
145		- if pw_ok: # success
146		- self.allowed.discard(uid) # remove from set of allowed students
147		- if uid in self.online:
148		- logger.warning('"%s" already logged in.', uid)
149		- else: # make student online
150		- self.online[uid] = {'student': {'name': name, 'number': uid}}
151		- logger.info('"%s" logged in.', uid)
152		- return True
153		- # wrong password
154		- logger.info('"%s" wrong password.', uid)
155		- return False
	148	+ if not pw_ok: # wrong password
	149	+ logger.info('"%s" wrong password.', uid)
	150	+ return 'wrong_password'
	151	+
	152	+ # success
	153	+ self.allowed.discard(uid) # remove from set of allowed students
	154	+ self.online[uid] = {'student': {'name': name, 'number': uid, 'headers': headers}}
	155	+ logger.info('"%s" logged in from %s.', uid, headers['remote_ip'])
	156	+
156	157
157	158	# ------------------------------------------------------------------------
158	159	def logout(self, uid):
...	...
...	...	@@ -190,11 +190,14 @@ class RootHandler(BaseHandler):
190	190	@tornado.web.authenticated
191	191	async def get(self):
192	192	'''
193		- Sends test to student or redirects 0 to admin page
	193	+ Handles GET /
	194	+ Sends test to student or redirects 0 to admin page.
	195	+ Multiple calls to this function will return the same test.
194	196	'''
195	197
196	198	uid = self.current_user
197		- logging.info('"%s" GET /', uid)
	199	+ logging.debug('"%s" GET /', uid)
	200	+
198	201	if uid == '0':
199	202	self.redirect('/admin')
200	203
...	...	@@ -263,6 +266,11 @@ class LoginHandler(BaseHandler):
263	266	'''Handles /login'''
264	267
265	268	_prefix = re.compile(r'[a-z]')
	269	+ _error_msg = {
	270	+ 'wrong_password': 'Password errada',
	271	+ 'already_online': 'Já está online, não pode entrar duas vezes',
	272	+ 'unauthorized': 'Não está autorizado a fazer o teste'
	273	+ }
266	274
267	275	def get(self):
268	276	'''Render login page.'''
...	...	@@ -272,13 +280,18 @@ class LoginHandler(BaseHandler):
272	280	'''Authenticates student and login.'''
273	281	uid = self._prefix.sub('', self.get_body_argument('uid'))
274	282	password = self.get_body_argument('pw')
275		- login_ok = await self.testapp.login(uid, password)
	283	+ headers = {
	284	+ 'remote_ip': self.request.remote_ip,
	285	+ 'user_agent': self.request.headers.get('User-Agent')
	286	+ }
	287	+
	288	+ error = await self.testapp.login(uid, password, headers)
276	289
277		- if login_ok:
	290	+ if error is None:
278	291	self.set_secure_cookie('perguntations_user', str(uid), expires_days=1)
279	292	self.redirect('/')
280	293	else:
281		- self.render('login.html', error='Não autorizado ou senha inválida')
	294	+ self.render('login.html', error=self._error_msg[error])
282	295
283	296
284	297	# ----------------------------------------------------------------------------
...	...