* Fixed configuration commands with parameters with "equal" sign

* Fixed access using ticket
2021-03-12 11:41:53 +01:00 · 2021-03-12 11:41:53 +01:00 · 1505fd346b
commit 1505fd346b
parent 49ee75d986
4 changed files with 12 additions and 2 deletions
--- a/server/src/uds/management/commands/config.py
+++ b/server/src/uds/management/commands/config.py
@ -51,7 +51,7 @@ class Command(BaseCommand):
        try:
            for config in options['name_value']:
                logger.debug('Config: %s', config)
-                first, value = config.split('=')
+                first, value = config.split('=', 1)  # Only first = is separator :)
                first = first.split('.')
                if len(first) == 2:
                    mod, name = first
--- a/server/src/uds/urls.py
+++ b/server/src/uds/urls.py
@ -81,7 +81,7 @@ urlpatterns = [

    # Ticket authentication related
    re_path(r'^uds/page/ticket/auth/(?P<ticketId>[a-zA-Z0-9.-]+)$', uds.web.views.ticketAuth, name='page.ticket.auth'),
-    path(r'uds/page/ticket/launcher', uds.web.views.modern.index, name='page.ticket.launcher'),
+    path(r'uds/page/ticket/launcher', uds.web.views.modern.ticketLauncher, name='page.ticket.launcher'),

    # This must be the last, so any patition will be managed by client in fact
    re_path(r'uds/page/.*', uds.web.views.modern.index, name='page.placeholder'),
--- a/server/src/uds/web/util/configjs.py
+++ b/server/src/uds/web/util/configjs.py
@ -68,6 +68,8 @@ def udsJs(request: 'HttpRequest') -> str:

    if user:
        role = 'staff' if user.isStaff() and not user.is_admin else 'admin' if user.is_admin else 'user'
+        if request.session.get('restricted', False):
+            role = 'restricted'

    profile: typing.Dict[str, typing.Any] = {
        'user': user.name if user else None,
--- a/server/src/uds/web/views/modern.py
+++ b/server/src/uds/web/views/modern.py
@ -59,11 +59,18 @@ def index(request: HttpRequest) -> HttpResponse:
    return response


+# Includes a request.session ticket, indicating that 
+def ticketLauncher(request: HttpRequest) -> HttpResponse:
+    request.session['restricted'] = True  # Access is from ticket
+    return index(request)
+
+
 # Basically, the original /login method, but fixed for modern interface
 def login(request: HttpRequest, tag: typing.Optional[str] = None) -> HttpResponse:
    # Default empty form
    logger.debug('Tag: %s', tag)
    if request.method == 'POST':
+        request.session['restricted'] = False  # Access is from login
        form = LoginForm(request.POST, tag=tag)
        user, data = checkLogin(request, form, tag)
        if user:
@ -92,6 +99,7 @@ def login(request: HttpRequest, tag: typing.Optional[str] = None) -> HttpRespons
@auth.webLoginRequired(admin=False)
 def logout(request: HttpRequest) -> HttpResponse:
    auth.authLogLogout(request)
+    request.session['restricted'] = False  # Remove restricted
    logoutUrl = request.user.logout()
    if logoutUrl is None:
        logoutUrl = request.session.get('logouturl', None)