112 lines
4.8 KiB
Python
112 lines
4.8 KiB
Python
"""Operator login / logout / change-password. These routes intentionally work
|
|
regardless of OPERATOR_AUTH_ENABLED (you log in while the flag is still off during
|
|
rollout). /login and /logout are on the gate's exempt list; /change-password
|
|
requires a session (the gate sets request.state.operator)."""
|
|
from fastapi import APIRouter, Request, Depends, Form
|
|
from fastapi.responses import RedirectResponse
|
|
from sqlalchemy.orm import Session
|
|
|
|
from backend.database import get_db
|
|
from backend.models import OperatorUser
|
|
from backend.templates_config import templates
|
|
from backend.operator_auth import (
|
|
authenticate, current_operator, change_own_password, make_operator_cookie,
|
|
COOKIE_NAME, COOKIE_MAX_AGE,
|
|
)
|
|
from backend.auth_cookies import COOKIE_SECURE
|
|
from backend.auth_passwords import verify_password
|
|
|
|
router = APIRouter(tags=["operator-auth"])
|
|
|
|
|
|
def _safe_next(next_url: str) -> str:
|
|
"""Only allow same-site relative redirects (an open-redirect guard). Rejects
|
|
`//host` and `/\\host` — browsers treat a backslash as `/` in the authority
|
|
position, so both escape to an external site."""
|
|
if next_url and next_url.startswith("/") and not next_url.startswith(("//", "/\\")):
|
|
return next_url
|
|
return "/"
|
|
|
|
|
|
@router.get("/login")
|
|
async def login_page(request: Request, next: str = "", error: str = ""):
|
|
return templates.TemplateResponse("login.html",
|
|
{"request": request, "next": next, "error": error})
|
|
|
|
|
|
@router.post("/login")
|
|
async def login_submit(request: Request, next: str = "",
|
|
email: str = Form(...), password: str = Form(...),
|
|
db: Session = Depends(get_db)):
|
|
user, status = authenticate(db, email, password)
|
|
if status == "locked":
|
|
return templates.TemplateResponse(
|
|
"login.html",
|
|
{"request": request, "next": next,
|
|
"error": "Too many attempts — try again in 15 minutes."},
|
|
status_code=200)
|
|
if user is None:
|
|
return templates.TemplateResponse(
|
|
"login.html",
|
|
{"request": request, "next": next, "error": "Invalid email or password."},
|
|
status_code=200)
|
|
dest = "/change-password" if user.must_change_password else _safe_next(next)
|
|
resp = RedirectResponse(url=dest, status_code=303)
|
|
resp.set_cookie(COOKIE_NAME, make_operator_cookie(user.id),
|
|
max_age=COOKIE_MAX_AGE, httponly=True, samesite="lax", secure=COOKIE_SECURE)
|
|
return resp
|
|
|
|
|
|
@router.get("/logout")
|
|
async def logout(request: Request):
|
|
resp = RedirectResponse(url="/login", status_code=303)
|
|
resp.delete_cookie(COOKIE_NAME)
|
|
return resp
|
|
|
|
|
|
@router.get("/change-password")
|
|
async def change_password_page(request: Request, db: Session = Depends(get_db)):
|
|
user = getattr(request.state, "operator", None) or current_operator(request, db)
|
|
if user is None:
|
|
return RedirectResponse(url="/login", status_code=303)
|
|
return templates.TemplateResponse(
|
|
"change_password.html",
|
|
{"request": request, "must_change": user.must_change_password, "error": ""})
|
|
|
|
|
|
@router.post("/change-password")
|
|
async def change_password_submit(request: Request,
|
|
current_password: str = Form(...),
|
|
new_password: str = Form(...),
|
|
confirm_password: str = Form(...),
|
|
db: Session = Depends(get_db)):
|
|
_user_ref = getattr(request.state, "operator", None) or current_operator(request, db)
|
|
if _user_ref is None:
|
|
return RedirectResponse(url="/login", status_code=303)
|
|
# Re-fetch a session-bound copy so mutations via `db` will be committed.
|
|
# request.state.operator may be expunged (detached) from the gate's own
|
|
# SessionLocal; operating on a detached object against a different session
|
|
# would silently drop the UPDATE.
|
|
user = db.query(OperatorUser).filter_by(id=_user_ref.id).first()
|
|
if user is None:
|
|
return RedirectResponse(url="/login", status_code=303)
|
|
|
|
def _err(msg):
|
|
return templates.TemplateResponse(
|
|
"change_password.html",
|
|
{"request": request, "must_change": user.must_change_password, "error": msg},
|
|
status_code=200)
|
|
|
|
if not verify_password(current_password, user.password_hash):
|
|
return _err("Current password is incorrect.")
|
|
if len(new_password) < 8:
|
|
return _err("New password must be at least 8 characters.")
|
|
if new_password != confirm_password:
|
|
return _err("New passwords do not match.")
|
|
|
|
new_iat = change_own_password(db, user, new_password)
|
|
resp = RedirectResponse(url="/", status_code=303)
|
|
resp.set_cookie(COOKIE_NAME, make_operator_cookie(user.id, iat=new_iat),
|
|
max_age=COOKIE_MAX_AGE, httponly=True, samesite="lax", secure=COOKIE_SECURE)
|
|
return resp
|