worked out some bugs everything seems like its going good now #549

sandialabs · Jan 7, 2016 · 0a1a779 · 0a1a779
1 parent 609b3d7
commit 0a1a779
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 32 deletions.
diff --git a/packages/slycat/web/server/handlers.py b/packages/slycat/web/server/handlers.py
@@ -720,7 +720,7 @@ def login():
     sid = uuid.uuid4().hex
     session = {"created": datetime.datetime.utcnow(), "creator": user_name}
     database = slycat.web.server.database.couchdb.connect()
-    database.save({"_id": sid, "type": "session", "created": session["created"].isoformat(), "creator": session["creator"]})
+    database.save({"_id": sid, "type": "session", "created": session["created"].isoformat(), "creator": session["creator"], 'groups': groups, 'ip': remote_ip})
 
     login.sessions[sid] = session
 
@@ -729,7 +729,7 @@ def login():
     cherrypy.response.cookie["slycatauth"]["secure"] = 1
     cherrypy.response.cookie["slycatauth"]["httponly"] = 1
     cherrypy.response.status = "200 OK"
-    cherrypy.request.login = user_name
+    cherrypy.request.login = user_name#TODO:might be able to delete this
   else:
     cherrypy.response.status = "404 no auth found!!!"
   return {'session': 'stuff','sid' : sid, 'user_name': user_name, 'password': password, 'success': success, 'groups': groups, 'ip': remote_ip}

diff --git a/web-server/plugins/slycat-standard-authentication.py b/web-server/plugins/slycat-standard-authentication.py
@@ -35,47 +35,52 @@ def authenticate(realm, rules=None):
       try:
         session = couchdb.get("session", sid)
         started = session["created"]
+        user_name = session["creator"]
+        groups = session["groups"]
         if datetime.datetime.utcnow() - datetime.datetime.strptime(unicode(started), '%Y-%m-%dT%H:%M:%S.%f') > cherrypy.request.app.config["slycat"]["session-timeout"]:
           couchdb.delete(session)
           # expire the old cookie
           cherrypy.response.cookie["slycatauth"] = sid
           cherrypy.response.cookie["slycatauth"]['expires'] = 0
           session = None
+        cherrypy.request.login = user_name
+             # Apply (optional) authentication rules.
+        if rules and user_name is not None:
+          deny = None
+          for operation, category, members in rules:
+            if operation not in ["allow", "deny"]:
+              slycat.email.send_error("slycat-standard-authentication.py authenticate", "cherrypy.HTTPError 500 unknown operation: %s." % operation)
+              raise cherrypy.HTTPError("500 Unknown operation: %s." % operation)
+            if category not in ["users", "groups"]:
+              slycat.email.send_error("slycat-standard-authentication.py authenticate", "cherrypy.HTTPError 500 unknown category: %s." % category)
+              raise cherrypy.HTTPError("500 Unknown category: %s." % category)
+
+            operation_default = True if operation == "allow" else False
+            operation_deny = False if operation == "allow" else True
+
+            if deny is None:
+              deny = operation_default
+            if category == "users":
+              if user_name in members:
+                deny = operation_deny
+            elif category == "groups":
+              for group in groups:
+                if group in members:
+                  deny = operation_deny
+                  break
+
+          if deny:
+            raise cherrypy.HTTPError("403 User denied by authentication rules.")
       except Exception as e:
         cherrypy.log.error("@%s: could not get db session." % (e))
 
       # there was no session time to authenticate
       if session is None:
         raise cherrypy.HTTPRedirect("/login/slycat-login.html", 307)
-    return
-    #   # Apply (optional) authentication rules.
-    #   if rules is not None:
-    #     deny = None
-    #     for operation, category, members in rules:
-    #       if operation not in ["allow", "deny"]:
-    #         slycat.email.send_error("slycat-standard-authentication.py authenticate", "cherrypy.HTTPError 500 unknown operation: %s." % operation)
-    #         raise cherrypy.HTTPError("500 Unknown operation: %s." % operation)
-    #       if category not in ["users", "groups"]:
-    #         slycat.email.send_error("slycat-standard-authentication.py authenticate", "cherrypy.HTTPError 500 unknown category: %s." % category)
-    #         raise cherrypy.HTTPError("500 Unknown category: %s." % category)
-    #
-    #       operation_default = True if operation == "allow" else False
-    #       operation_deny = False if operation == "allow" else True
-    #
-    #       if deny is None:
-    #         deny = operation_default
-    #       if category == "users":
-    #         if username in members:
-    #           deny = operation_deny
-    #       elif category == "groups":
-    #         for group in groups:
-    #           if group in members:
-    #             deny = operation_deny
-    #             break
-    #
-    #     if deny:
-    #       raise cherrypy.HTTPError("403 User denied by authentication rules.")
-    #
-    #   # Successful authentication, create a session and return.
+
+      # Successful authentication, create a session and return.
+      #return
+    else:
+      raise cherrypy.HTTPRedirect("/login/slycat-login.html", 307)
 
   context.register_tool("slycat-standard-authentication", "on_start_resource", authenticate)
diff --git a/web-server/slycat-login/js/app.js b/web-server/slycat-login/js/app.js
@@ -26,6 +26,7 @@ require(["jquery", "URI"], function($, URI)
       success: function(result)
       {
         console.log("success " + result);
+        window.location.replace("/");
       },
       error: function(request, status, reason_phrase)
       {