def get(self):
last_page = cherrypy.request.cookie.get("lastPage")
# when session timeout, only session cookie is None.
# when first login, both session and lastPage are None.
if (cherrypy.session.originalid is None and last_page is None
and not template.can_accept('application/json')
and template.can_accept_html()):
raise cherrypy.HTTPRedirect("/login.html", 303)
return self.default(self.default_page)
def get(self):
last_page = cherrypy.request.cookie.get("lastPage")
# when session timeout, only session cookie is None.
# when first login, both session and lastPage are None.
if (cherrypy.session.originalid is None and last_page is None and
not template.can_accept('application/json') and
template.can_accept_html()):
raise cherrypy.HTTPRedirect("/login.html", 303)
return self.default(self.default_page)
def check_auth_httpba():
"""
REST API users may authenticate with HTTP Basic Auth. This is not allowed
for the UI because web browsers would cache the credentials and make it
impossible for the user to log out without closing their browser completely
"""
if from_browser() or not template.can_accept('application/json'):
return False
authheader = cherrypy.request.headers.get('AUTHORIZATION')
if not authheader:
debug("No authentication headers found")
return False
debug("Authheader: %s" % authheader)
# TODO: what happens if you get an auth header that doesn't use basic auth?
b64data = re.sub("Basic ", "", authheader)
decodeddata = base64.b64decode(b64data.encode("ASCII"))
# TODO: test how this handles ':' characters in username/passphrase.
username, password = decodeddata.decode().split(":", 1)
return login(username, password)
def check_auth_httpba():
"""
REST API users may authenticate with HTTP Basic Auth. This is not allowed
for the UI because web browsers would cache the credentials and make it
impossible for the user to log out without closing their browser completely
"""
if from_browser() or not template.can_accept('application/json'):
return False
authheader = cherrypy.request.headers.get('AUTHORIZATION')
if not authheader:
debug("No authentication headers found")
return False
debug("Authheader: %s" % authheader)
# TODO: what happens if you get an auth header that doesn't use basic auth?
b64data = re.sub("Basic ", "", authheader)
decodeddata = base64.b64decode(b64data.encode("ASCII"))
# TODO: test how this handles ':' characters in username/passphrase.
username, password = decodeddata.decode().split(":", 1)
return login(username, password)
def wokauth():
debug("Entering wokauth...")
session_missing = cherrypy.session.missing
if check_auth_session():
return
if check_auth_httpba():
return
# not a REST full request, redirect login page directly
if ("Accept" in cherrypy.request.headers and
not template.can_accept('application/json')):
redirect_login()
# from browser, and it stays on one page.
if session_missing and cherrypy.request.cookie.get("lastPage") is not None:
raise cherrypy.HTTPError(401, "sessionTimeout")
if not from_browser():
cherrypy.response.headers['WWW-Authenticate'] = 'Basic realm=wok'
e = InvalidOperation('WOKAUTH0002E')
raise cherrypy.HTTPError(401, e.message.encode('utf-8'))
def wokauth():
debug("Entering wokauth...")
session_missing = cherrypy.session.missing
if check_auth_session():
return
if check_auth_httpba():
return
# not a REST full request, redirect login page directly
if ("Accept" in cherrypy.request.headers
and not template.can_accept('application/json')):
redirect_login()
# from browser, and it stays on one page.
if session_missing and cherrypy.request.cookie.get("lastPage") is not None:
raise cherrypy.HTTPError(401, "sessionTimeout")
if not from_browser():
cherrypy.response.headers['WWW-Authenticate'] = 'Basic realm=wok'
e = InvalidOperation('WOKAUTH0002E')
raise cherrypy.HTTPError(401, e.message.encode('utf-8'))
