Exemplo n.º 1
0
def del_auth_cookie() -> None:
    cookie_name = auth_cookie_name()
    if not request.has_cookie(cookie_name):
        return

    cookie = _fetch_cookie(cookie_name)
    if auth_cookie_is_valid(cookie):
        response.delete_cookie(cookie_name)
Exemplo n.º 2
0
def _check_auth_by_cookie() -> Optional[UserId]:
    cookie_name = auth_cookie_name()
    if not request.has_cookie(cookie_name):
        return None

    try:
        set_auth_type("cookie")
        return _check_auth_cookie(cookie_name)
    except MKAuthException:
        # Suppress cookie validation errors from other sites cookies
        auth_logger.debug("Exception while checking cookie %s: %s" %
                          (cookie_name, traceback.format_exc()))
    except Exception:
        auth_logger.debug("Exception while checking cookie %s: %s" %
                          (cookie_name, traceback.format_exc()))
    return None
Exemplo n.º 3
0
    def page(self) -> None:
        assert user.id is not None

        _invalidate_auth_session()

        session_id = _get_session_id_from_cookie(user.id,
                                                 revalidate_cookie=True)
        userdb.on_logout(user.id, session_id)

        if auth_type == "cookie":  # type: ignore[has-type]
            raise HTTPRedirect(url_prefix() + "check_mk/login.py")

        # Implement HTTP logout with cookie hack
        if not request.has_cookie("logout"):
            response.headers["WWW-Authenticate"] = (
                'Basic realm="OMD Monitoring Site %s"' % omd_site())
            response.set_http_cookie("logout", "1", secure=request.is_secure)
            raise FinalizeRequest(http.client.UNAUTHORIZED)

        response.delete_cookie("logout")
        raise HTTPRedirect(url_prefix() + "check_mk/")
Exemplo n.º 4
0
    def page(self) -> None:
        assert config.user.id is not None

        _invalidate_auth_session()

        session_id = _get_session_id_from_cookie(config.user.id,
                                                 revalidate_cookie=True)
        userdb.on_logout(config.user.id, session_id)

        if auth_type == 'cookie':
            raise HTTPRedirect(config.url_prefix() + 'check_mk/login.py')

        # Implement HTTP logout with cookie hack
        if not request.has_cookie('logout'):
            response.headers['WWW-Authenticate'] = (
                'Basic realm="OMD Monitoring Site %s"' % config.omd_site())
            response.set_http_cookie('logout', '1', secure=request.is_secure)
            raise FinalizeRequest(http.client.UNAUTHORIZED)

        response.delete_cookie('logout')
        raise HTTPRedirect(config.url_prefix() + 'check_mk/')