From a70c51193bac87ed1ced6deb6d4650687be143d2 Mon Sep 17 00:00:00 2001
From: Jakob Ketterl <jakob.ketterl@gmx.de>
Date: Sun, 23 Feb 2020 20:52:32 +0100
Subject: [PATCH] parse login data

---
 htdocs/login.html            |  4 ++--
 owrx/controllers/__init__.py |  8 +++++++-
 owrx/controllers/session.py  | 18 +++++++++++++++++-
 3 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/htdocs/login.html b/htdocs/login.html
index 27f8ad9..a776531 100644
--- a/htdocs/login.html
+++ b/htdocs/login.html
@@ -13,11 +13,11 @@
         <form method="POST">
             <div class="form-group">
                 <label for="user">Username</label>
-                <input type="text" class="form-control" id="user" placeholder="Username">
+                <input type="text" class="form-control" id="user" name="user" placeholder="Username">
             </div>
             <div class="form-group">
                 <label for="password">Password</label>
-                <input type="password" class="form-control" id="password" placeholder="Password">
+                <input type="password" class="form-control" id="password" name="password" placeholder="Password">
             </div>
             <button type="submit" class="btn btn-login">Login</button>
         </form>
diff --git a/owrx/controllers/__init__.py b/owrx/controllers/__init__.py
index 6e0be48..2faa1ab 100644
--- a/owrx/controllers/__init__.py
+++ b/owrx/controllers/__init__.py
@@ -20,11 +20,17 @@ class Controller(object):
             content = content.encode()
         self.handler.wfile.write(content)
 
-    def send_redirect(self, location, code=303):
+    def send_redirect(self, location, code=303, cookies=[]):
         self.handler.send_response(code)
         self.handler.send_header("Location", location)
         self.handler.end_headers()
 
+    def get_body(self):
+        if "Content-Length" not in self.handler.headers:
+            return None
+        length = int(self.handler.headers["Content-Length"])
+        return self.handler.rfile.read(length)
+
     def handle_request(self):
         action = "indexAction"
         if "action" in self.options:
diff --git a/owrx/controllers/session.py b/owrx/controllers/session.py
index 3561c05..ea2721a 100644
--- a/owrx/controllers/session.py
+++ b/owrx/controllers/session.py
@@ -1,4 +1,8 @@
 from .template import WebpageController
+from urllib.parse import parse_qs
+import logging
+
+logger = logging.getLogger(__name__)
 
 
 class SessionController(WebpageController):
@@ -6,7 +10,19 @@ class SessionController(WebpageController):
         self.serve_template("login.html", **self.template_variables())
 
     def processLoginAction(self):
-        self.send_redirect("/")
+        data = parse_qs(self.get_body().decode("utf-8"))
+        data = {k: v[0] for k, v in data.items()}
+        logger.debug(data)
+        if "user" in data and "password" in data:
+            # TODO actually check user and password
+            if data["user"] == "admin" and data["password"] == "password":
+                # TODO pass the final destination
+                # TODO actual session cookie
+                self.send_redirect("/settings", cookies=["session-cookie"])
+            else:
+                self.send_redirect("/login")
+        else:
+            self.send_response("invalid request", code=400)
 
     def logoutAction(self):
         self.send_redirect("logout happening here")