def get(self): last_page = cherrypy.request.cookie.get("lastPage") # when session timeout, only session cookie is None. # when first login, both session and lastPage are None. if (cherrypy.session.originalid is None and last_page is None and not template.can_accept('application/json') and template.can_accept_html()): raise cherrypy.HTTPRedirect("/login.html", 303) return self.default(self.default_page)
def check_auth_httpba(): """ REST API users may authenticate with HTTP Basic Auth. This is not allowed for the UI because web browsers would cache the credentials and make it impossible for the user to log out without closing their browser completely """ if from_browser() or not template.can_accept('application/json'): return False authheader = cherrypy.request.headers.get('AUTHORIZATION') if not authheader: debug("No authentication headers found") return False debug("Authheader: %s" % authheader) # TODO: what happens if you get an auth header that doesn't use basic auth? b64data = re.sub("Basic ", "", authheader) decodeddata = base64.b64decode(b64data.encode("ASCII")) # TODO: test how this handles ':' characters in username/passphrase. username, password = decodeddata.decode().split(":", 1) return login(username, password)
def wokauth(): debug("Entering wokauth...") session_missing = cherrypy.session.missing if check_auth_session(): return if check_auth_httpba(): return # not a REST full request, redirect login page directly if ("Accept" in cherrypy.request.headers and not template.can_accept('application/json')): redirect_login() # from browser, and it stays on one page. if session_missing and cherrypy.request.cookie.get("lastPage") is not None: raise cherrypy.HTTPError(401, "sessionTimeout") if not from_browser(): cherrypy.response.headers['WWW-Authenticate'] = 'Basic realm=wok' e = InvalidOperation('WOKAUTH0002E') raise cherrypy.HTTPError(401, e.message.encode('utf-8'))