diff --git a/BUGS.md b/BUGS.md index 881cf1f..b8298a6 100644 --- a/BUGS.md +++ b/BUGS.md @@ -1,6 +1,9 @@ # BUGS +- no login, dar mensagem de erro se aluno nao existir?? +- Verificar o processo de logout. +- permitir remover alunos que estão online para poderem comecar de novo. - grade gives internal server error - reload do teste recomeça a contagem no inicio do tempo. - em admin, quando scale_max não é 20, as cores das barras continuam a reflectir a escala 0,20. a tabela teste na DB não tem a escala desse teste. diff --git a/perguntations/app.py b/perguntations/app.py index c8be6f4..672ce3d 100644 --- a/perguntations/app.py +++ b/perguntations/app.py @@ -123,11 +123,14 @@ class App(): logger.info('No tests were generated.') # ------------------------------------------------------------------------ - async def login(self, uid, try_pw): + async def login(self, uid, try_pw, headers=None): '''login authentication''' + if uid in self.online: + logger.warning('"%s" already logged in.', uid) + return 'already_online' if uid not in self.allowed and uid != '0': # not allowed - logger.warning('"%s" not allowed to login.', uid) - return False + logger.warning('"%s" unauthorized.', uid) + return 'unauthorized' # get name+password from db with self._db_session() as sess: @@ -142,17 +145,15 @@ class App(): else: # check password pw_ok = await check_password(try_pw, password) # async bcrypt - if pw_ok: # success - self.allowed.discard(uid) # remove from set of allowed students - if uid in self.online: - logger.warning('"%s" already logged in.', uid) - else: # make student online - self.online[uid] = {'student': {'name': name, 'number': uid}} - logger.info('"%s" logged in.', uid) - return True - # wrong password - logger.info('"%s" wrong password.', uid) - return False + if not pw_ok: # wrong password + logger.info('"%s" wrong password.', uid) + return 'wrong_password' + + # success + self.allowed.discard(uid) # remove from set of allowed students + self.online[uid] = {'student': {'name': name, 'number': uid, 'headers': headers}} + logger.info('"%s" logged in from %s.', uid, headers['remote_ip']) + # ------------------------------------------------------------------------ def logout(self, uid): diff --git a/perguntations/serve.py b/perguntations/serve.py index e0721d7..f1a4008 100644 --- a/perguntations/serve.py +++ b/perguntations/serve.py @@ -190,11 +190,14 @@ class RootHandler(BaseHandler): @tornado.web.authenticated async def get(self): ''' - Sends test to student or redirects 0 to admin page + Handles GET / + Sends test to student or redirects 0 to admin page. + Multiple calls to this function will return the same test. ''' uid = self.current_user - logging.info('"%s" GET /', uid) + logging.debug('"%s" GET /', uid) + if uid == '0': self.redirect('/admin') @@ -263,6 +266,11 @@ class LoginHandler(BaseHandler): '''Handles /login''' _prefix = re.compile(r'[a-z]') + _error_msg = { + 'wrong_password': 'Password errada', + 'already_online': 'Já está online, não pode entrar duas vezes', + 'unauthorized': 'Não está autorizado a fazer o teste' + } def get(self): '''Render login page.''' @@ -272,13 +280,18 @@ class LoginHandler(BaseHandler): '''Authenticates student and login.''' uid = self._prefix.sub('', self.get_body_argument('uid')) password = self.get_body_argument('pw') - login_ok = await self.testapp.login(uid, password) + headers = { + 'remote_ip': self.request.remote_ip, + 'user_agent': self.request.headers.get('User-Agent') + } + + error = await self.testapp.login(uid, password, headers) - if login_ok: + if error is None: self.set_secure_cookie('perguntations_user', str(uid), expires_days=1) self.redirect('/') else: - self.render('login.html', error='Não autorizado ou senha inválida') + self.render('login.html', error=self._error_msg[error]) # ---------------------------------------------------------------------------- -- libgit2 0.21.2