1

I am not familiar with CherryPy and Python, but I need to write a very simple web application that performs login ---> do some commands ---> logout. For login I am using the code in the following link:

http://tools.cherrypy.org/wiki/AuthenticationAndAccessRestrictions

the application is:

import cherrypy
import os.path
import struct
from auth import AuthController, require, member_of, name_is

class Server(object):
    led_power=0 
    led_switch=1 #Initial LED on

    _cp_config = {
        'tools.sessions.on': True,
        'tools.auth.on': True
    }   
    auth = AuthController()      
    @cherrypy.expose
    @require()
    def index(self,  switch='', power=''):
        if switch:
            self.led_switch = int(switch)
        if power:
            self.led_power = int(power)  

        html = open('led.html','r').read()

        if self.led_switch:
            print "ON"
        else:
            print "OFF"

        if self.led_power:
            print "Logout"
            cherrypy.session.clear()

        return html
    index.exposed = True


conf = {
    'global' : { 
        'server.socket_host': '0.0.0.0', #0.0.0.0 or specific IP
        'server.socket_port': 8080 #server port
    },

    '/images': { #images served as static files
        'tools.staticdir.on': True,
        'tools.staticdir.dir': os.path.abspath('images')
    },

    '/favicon.ico': {  #favorite icon
        'tools.staticfile.on': True,  
        'tools.staticfile.filename': os.path.abspath("images/bulb.ico")
    }
}
cherrypy.quickstart(Server(), config=conf)

and the html file is:

<html>
<head>
</head>
<body>
<br>
<a href="?switch=1"><img src="images/on.png"></a>
<a href="?switch=0"><img src="images/off.png"></a>
<p>
<a href="?power=1"><img src="images/Logout.png"></a>
</body>
</html>

with a folder contain three images.

When I run the application I can see the login page on the localhost with username and password fields, then I can reach to the web page which has three button "ON, OFF, Logout".

The problem is I must click the logout button twice to logout, and when I login again and click on any button even the ON or OFF buttons the page is logout and show me the login page again. I cannot logout in a right way, any help please ?

Thanks

Linux
  • 325
  • 2
  • 6
  • 17

1 Answers1

0

Try running this code. It calls the AuthController().logout() function.

import cherrypy
import os.path
import struct
from auth import AuthController, require, member_of, name_is

class Server(object):
    led_power=0 
    led_switch=1 #Initial LED on

_cp_config = {
    'tools.sessions.on': True,
    'tools.auth.on': True
}   
auth = AuthController()      
@cherrypy.expose
@require()
def index(self,  switch='', power=''):
    if switch:
        self.led_switch = int(switch)
    if power:
        self.led_power = int(power)  

    html = open('led.html','r').read()

    if self.led_switch:
        print "ON"
    else:
        print "OFF"

    if self.led_power:
        print "Logout"
        AuthController().logout()

        return html
    index.exposed = True


conf = {
    'global' : { 
        'server.socket_host': '0.0.0.0', #0.0.0.0 or specific IP
        'server.socket_port': 8080 #server port
    },

    '/images': { #images served as static files
        'tools.staticdir.on': True,
        'tools.staticdir.dir': os.path.abspath('images')
    },

    '/favicon.ico': {  #favorite icon
        'tools.staticfile.on': True,  
        'tools.staticfile.filename': os.path.abspath("images/bulb.ico")
    }
}
cherrypy.quickstart(Server(), config=conf)

Hope this helps.

Andrew

Andrew Kloos
  • 4,189
  • 4
  • 28
  • 36
  • Thanks Andrew for reply, but when I click on logout button I got the following: – Linux Nov 10 '12 at 13:00
  • Thanks Andrew, but when I click on Logout button I got the following:500 Internal Server Error The server encountered an unexpected condition which prevented it from fulfilling the request. Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/cherrypy/_cprequest.py", line 606, in respond cherrypy.response.body = self.handler() File "/usr/lib/pymodules/python2.7/cherrypy/_cpdispatch.py", line 25, in __call__ return self.callable(*self.args, **self.kwargs) File "run.py", line 33, in index auth.logout() NameError: global name 'auth' is not defined – Linux Nov 10 '12 at 13:03
  • I've edited my response. Try AuthController().logout(). Hope this helps. – Andrew Kloos Nov 10 '12 at 13:31
  • I just tried with AuthController().logout(), It is logout now but I cannot login again, its always ask me to "Enter login information" even when I close that session and open a new one!!! Thanks – Linux Nov 10 '12 at 13:41
  • hmmmm, what url are you redirected to after you logout? Perhaps you're continually going to /?power=1. If that's the case try AuthController().logout('/?switch=1'). Let me know if you still have problems. – Andrew Kloos Nov 10 '12 at 14:00
  • When click logot, the url is http://192.168.15.158:8080/auth/login?from_page=/ when I changed to AuthController().logout('/?switch=1'), I still have the same problem but the url after logout in this case is http://192.168.15.158:8080/auth/login?from_page=/%3Fswitch%3D1 – Linux Nov 10 '12 at 14:26
  • Hi Andrew,I just tried with AuthController().logout('/?power=0') and now its work fine. Thank you so much for help. Andrew, is this the most secure authentication method in Cherrypy/Python? Thanks – Linux Nov 10 '12 at 14:43
  • Awesome - glad to hear! If my solution helped you please accept it as your answer. The AuthController is an extension of tools.sessions library built into CherryPy. I have not heard of it having any insecurities. However, be sure to salt and hash your passwords... http://stackoverflow.com/questions/9594125/salt-and-hash-a-password-in-python – Andrew Kloos Nov 10 '12 at 17:09