From 70697d96ac15848f145381da40309d6f38fd5d29 Mon Sep 17 00:00:00 2001 From: Matthew Letter Date: Thu, 7 Jan 2016 15:14:29 -0700 Subject: [PATCH] worked out some bugs everything seems like its going good now #549 --- packages/slycat/web/server/handlers.py | 4 +- .../plugins/slycat-standard-authentication.py | 65 ++++++++++--------- web-server/slycat-login/js/app.js | 1 + 3 files changed, 38 insertions(+), 32 deletions(-) diff --git a/packages/slycat/web/server/handlers.py b/packages/slycat/web/server/handlers.py index bef4c890d..090357eaf 100644 --- a/packages/slycat/web/server/handlers.py +++ b/packages/slycat/web/server/handlers.py @@ -720,7 +720,7 @@ def login(): sid = uuid.uuid4().hex session = {"created": datetime.datetime.utcnow(), "creator": user_name} database = slycat.web.server.database.couchdb.connect() - database.save({"_id": sid, "type": "session", "created": session["created"].isoformat(), "creator": session["creator"]}) + database.save({"_id": sid, "type": "session", "created": session["created"].isoformat(), "creator": session["creator"], 'groups': groups, 'ip': remote_ip}) login.sessions[sid] = session @@ -729,7 +729,7 @@ def login(): cherrypy.response.cookie["slycatauth"]["secure"] = 1 cherrypy.response.cookie["slycatauth"]["httponly"] = 1 cherrypy.response.status = "200 OK" - cherrypy.request.login = user_name + cherrypy.request.login = user_name#TODO:might be able to delete this else: cherrypy.response.status = "404 no auth found!!!" return {'session': 'stuff','sid' : sid, 'user_name': user_name, 'password': password, 'success': success, 'groups': groups, 'ip': remote_ip} diff --git a/web-server/plugins/slycat-standard-authentication.py b/web-server/plugins/slycat-standard-authentication.py index 30a4246a4..7277517c4 100644 --- a/web-server/plugins/slycat-standard-authentication.py +++ b/web-server/plugins/slycat-standard-authentication.py @@ -35,47 +35,52 @@ def authenticate(realm, rules=None): try: session = couchdb.get("session", sid) started = session["created"] + user_name = session["creator"] + groups = session["groups"] if datetime.datetime.utcnow() - datetime.datetime.strptime(unicode(started), '%Y-%m-%dT%H:%M:%S.%f') > cherrypy.request.app.config["slycat"]["session-timeout"]: couchdb.delete(session) # expire the old cookie cherrypy.response.cookie["slycatauth"] = sid cherrypy.response.cookie["slycatauth"]['expires'] = 0 session = None + cherrypy.request.login = user_name + # Apply (optional) authentication rules. + if rules and user_name is not None: + deny = None + for operation, category, members in rules: + if operation not in ["allow", "deny"]: + slycat.email.send_error("slycat-standard-authentication.py authenticate", "cherrypy.HTTPError 500 unknown operation: %s." % operation) + raise cherrypy.HTTPError("500 Unknown operation: %s." % operation) + if category not in ["users", "groups"]: + slycat.email.send_error("slycat-standard-authentication.py authenticate", "cherrypy.HTTPError 500 unknown category: %s." % category) + raise cherrypy.HTTPError("500 Unknown category: %s." % category) + + operation_default = True if operation == "allow" else False + operation_deny = False if operation == "allow" else True + + if deny is None: + deny = operation_default + if category == "users": + if user_name in members: + deny = operation_deny + elif category == "groups": + for group in groups: + if group in members: + deny = operation_deny + break + + if deny: + raise cherrypy.HTTPError("403 User denied by authentication rules.") except Exception as e: cherrypy.log.error("@%s: could not get db session." % (e)) # there was no session time to authenticate if session is None: raise cherrypy.HTTPRedirect("/login/slycat-login.html", 307) - return - # # Apply (optional) authentication rules. - # if rules is not None: - # deny = None - # for operation, category, members in rules: - # if operation not in ["allow", "deny"]: - # slycat.email.send_error("slycat-standard-authentication.py authenticate", "cherrypy.HTTPError 500 unknown operation: %s." % operation) - # raise cherrypy.HTTPError("500 Unknown operation: %s." % operation) - # if category not in ["users", "groups"]: - # slycat.email.send_error("slycat-standard-authentication.py authenticate", "cherrypy.HTTPError 500 unknown category: %s." % category) - # raise cherrypy.HTTPError("500 Unknown category: %s." % category) - # - # operation_default = True if operation == "allow" else False - # operation_deny = False if operation == "allow" else True - # - # if deny is None: - # deny = operation_default - # if category == "users": - # if username in members: - # deny = operation_deny - # elif category == "groups": - # for group in groups: - # if group in members: - # deny = operation_deny - # break - # - # if deny: - # raise cherrypy.HTTPError("403 User denied by authentication rules.") - # - # # Successful authentication, create a session and return. + + # Successful authentication, create a session and return. + #return + else: + raise cherrypy.HTTPRedirect("/login/slycat-login.html", 307) context.register_tool("slycat-standard-authentication", "on_start_resource", authenticate) diff --git a/web-server/slycat-login/js/app.js b/web-server/slycat-login/js/app.js index 954e57cd8..6d2f6c1b2 100644 --- a/web-server/slycat-login/js/app.js +++ b/web-server/slycat-login/js/app.js @@ -26,6 +26,7 @@ require(["jquery", "URI"], function($, URI) success: function(result) { console.log("success " + result); + window.location.replace("/"); }, error: function(request, status, reason_phrase) {