コード例 #1
0
ファイル: auth.py プロジェクト: EmperorBeezie/kimchi
def kimchiauth(admin_methods=None):
    debug("Entering kimchiauth...")
    session_missing = cherrypy.session.missing
    if check_auth_session():
        if not has_permission(admin_methods):
            raise cherrypy.HTTPError(403)
        return

    if check_auth_httpba():
        if not has_permission(admin_methods):
            raise cherrypy.HTTPError(403)
        return

    # not a REST full request, redirect login page directly
    if ("Accept" in cherrypy.request.headers and
       not template.can_accept('application/json')):
        redirect_login()

    # from browser, and it stays on one page.
    if session_missing and cherrypy.request.cookie.get("lastPage") is not None:
        raise cherrypy.HTTPError(401, "sessionTimeout")

    if not from_browser():
        cherrypy.response.headers['WWW-Authenticate'] = 'Basic realm=kimchi'

    e = InvalidOperation('KCHAUTH0002E')
    raise cherrypy.HTTPError(401, e.message.encode('utf-8'))
コード例 #2
0
    def get(self):
        last_page = cherrypy.request.cookie.get("lastPage")
        # when session timeout, only session cookie is None.
        # when first login, both session and lastPage are None.
        if (cherrypy.session.originalid is None and last_page is None
                and not template.can_accept('application/json')
                and template.can_accept_html()):
            raise cherrypy.HTTPRedirect("/login.html", 303)

        return self.default(self.default_page)
コード例 #3
0
ファイル: root.py プロジェクト: SkyWei/kimchi
    def get(self):
        last_page = cherrypy.request.cookie.get("lastPage")
        # when session timeout, only session cookie is None.
        # when first login, both session and lastPage are None.
        if (cherrypy.session.originalid is None and last_page is None and
           not template.can_accept('application/json') and
           template.can_accept_html()):
            raise cherrypy.HTTPRedirect("/login.html", 303)

        return self.default(self.default_page)
コード例 #4
0
ファイル: auth.py プロジェクト: k0da/kimchi
def kimchisession(admin_methods=None):
    session = cherrypy.request.cookie.get("kimchi")
    last_page = cherrypy.request.cookie.get("lastPage")
    headers = cherrypy.request.headers
    authheader = headers.get('AUTHORIZATION')
    # when client browser first login in, both the session and lastPage cookie
    # are None.
    # when session timeout, only session cookie is None.
    if (session is None and last_page is None and authheader is None and
       ("Accept" in headers and not template.can_accept('application/json'))):
            redirect_login()
コード例 #5
0
ファイル: auth.py プロジェクト: k0da/kimchi
def login(username, password):
    try:
        if not authenticate(username, password):
            debug("User cannot be verified with the supplied password")
            return None
    except PAM.error, (resp, code):
        if (cherrypy.request.path_info == "/login" and
           not template.can_accept('application/json')):
            raise cherrypy.HTTPRedirect("/login.html?error=userPassWrong", 303)
        msg_args = {'username': username, 'code': code}
        raise OperationFailed("KCHAUTH0001E", msg_args)
コード例 #6
0
ファイル: auth.py プロジェクト: zofuthan/kimchi
def check_auth_httpba():
    """
    REST API users may authenticate with HTTP Basic Auth.  This is not allowed
    for the UI because web browsers would cache the credentials and make it
    impossible for the user to log out without closing their browser completely
    """
    if from_browser() or not template.can_accept('application/json'):
        return False

    authheader = cherrypy.request.headers.get('AUTHORIZATION')
    if not authheader:
        debug("No authentication headers found")
        return False

    debug("Authheader: %s" % authheader)
    # TODO: what happens if you get an auth header that doesn't use basic auth?
    b64data = re.sub("Basic ", "", authheader)
    decodeddata = base64.b64decode(b64data.encode("ASCII"))
    # TODO: test how this handles ':' characters in username/passphrase.
    username, password = decodeddata.decode().split(":", 1)

    return login(username, password)
コード例 #7
0
ファイル: auth.py プロジェクト: EmperorBeezie/kimchi
def check_auth_httpba():
    """
    REST API users may authenticate with HTTP Basic Auth.  This is not allowed
    for the UI because web browsers would cache the credentials and make it
    impossible for the user to log out without closing their browser completely
    """
    if from_browser() or not template.can_accept('application/json'):
        return False

    authheader = cherrypy.request.headers.get('AUTHORIZATION')
    if not authheader:
        debug("No authentication headers found")
        return False

    debug("Authheader: %s" % authheader)
    # TODO: what happens if you get an auth header that doesn't use basic auth?
    b64data = re.sub("Basic ", "", authheader)
    decodeddata = base64.b64decode(b64data.encode("ASCII"))
    # TODO: test how this handles ':' characters in username/passphrase.
    username, password = decodeddata.decode().split(":", 1)

    return login(username, password)
コード例 #8
0
ファイル: auth.py プロジェクト: melmorabity/kimchi
def kimchiauth():
    debug("Entering kimchiauth...")
    session_missing = cherrypy.session.missing
    if check_auth_session():
        return

    if check_auth_httpba():
        return

    # not a REST full request, redirect login page directly
    if "Accept" in cherrypy.request.headers and not template.can_accept("application/json"):
        redirect_login()

    # from browser, and it stays on one page.
    if session_missing and cherrypy.request.cookie.get("lastPage") is not None:
        raise cherrypy.HTTPError(401, "sessionTimeout")

    if not from_browser():
        cherrypy.response.headers["WWW-Authenticate"] = "Basic realm=kimchi"

    e = InvalidOperation("KCHAUTH0002E")
    raise cherrypy.HTTPError(401, e.message.encode("utf-8"))
コード例 #9
0
ファイル: auth.py プロジェクト: zofuthan/kimchi
def kimchiauth():
    debug("Entering kimchiauth...")
    session_missing = cherrypy.session.missing
    if check_auth_session():
        return

    if check_auth_httpba():
        return

    # not a REST full request, redirect login page directly
    if ("Accept" in cherrypy.request.headers
            and not template.can_accept('application/json')):
        redirect_login()

    # from browser, and it stays on one page.
    if session_missing and cherrypy.request.cookie.get("lastPage") is not None:
        raise cherrypy.HTTPError(401, "sessionTimeout")

    if not from_browser():
        cherrypy.response.headers['WWW-Authenticate'] = 'Basic realm=kimchi'

    e = InvalidOperation('KCHAUTH0002E')
    raise cherrypy.HTTPError(401, e.message.encode('utf-8'))