diff --git a/server/src/uds/REST/__init__.py b/server/src/uds/REST/__init__.py index d85d1676..0d2be70e 100644 --- a/server/src/uds/REST/__init__.py +++ b/server/src/uds/REST/__init__.py @@ -142,7 +142,7 @@ class Dispatcher(View): def initialize(): ''' This imports all packages that are descendant of this package, and, after that, - it register all subclases of service provider as + it register all subclases of Handler. (In fact, it looks for packages inside "methods" package, child of this) ''' import os.path, pkgutil import sys diff --git a/server/src/uds/REST/handlers.py b/server/src/uds/REST/handlers.py index 0b9c81f3..c90c7eac 100644 --- a/server/src/uds/REST/handlers.py +++ b/server/src/uds/REST/handlers.py @@ -78,7 +78,7 @@ class Handler(object): except: if settings.DEBUG: if self._authToken == 'a': - self.genAuthToken(-1, 'root', 'es', True) + self.genAuthToken(-1, 'root', 'es', True, True) else: self._authToken = None self._session = None @@ -109,10 +109,15 @@ class Handler(object): def getAuthToken(self): return self._authToken - def genAuthToken(self, id_auth, username, locale, is_admin): + @staticmethod + def storeSessionAuthdata(session, id_auth, username, locale, is_admin, staff_member): + session['REST'] = { 'auth': id_auth, 'username': username, 'locale': locale, 'is_admin': is_admin, 'staff_member': staff_member } + + + def genAuthToken(self, id_auth, username, locale, is_admin, staf_member): session = SessionStore() session.set_expiry(GlobalConfig.ADMIN_IDLE_TIME.getInt()) - session['REST'] = { 'auth': id_auth, 'username': username, 'locale': locale, 'is_admin': is_admin } + Handler.storeSessionAuthdata(session, id_auth, username, locale, is_admin, staf_member) session.save() self._authToken = session.session_key self._session = session diff --git a/server/src/uds/REST/methods/authentication.py b/server/src/uds/REST/methods/authentication.py index ff758522..bf948fb4 100644 --- a/server/src/uds/REST/methods/authentication.py +++ b/server/src/uds/REST/methods/authentication.py @@ -68,7 +68,7 @@ class Login(Handler): locale = self._params.get('locale', 'en') if auth == 'admin': if GlobalConfig.SUPER_USER_LOGIN.get(True) == username and GlobalConfig.SUPER_USER_PASS.get(True) == password: - self.genAuthToken(-1, username, locale, True) + self.genAuthToken(-1, username, locale, True, True) return{'result': 'ok', 'token': self.getAuthToken()} else: raise Exception('Invalid credentials') diff --git a/server/src/uds/core/auths/auth.py b/server/src/uds/core/auths/auth.py index 7d16f73b..789f6fe8 100644 --- a/server/src/uds/core/auths/auth.py +++ b/server/src/uds/core/auths/auth.py @@ -37,6 +37,8 @@ from __future__ import unicode_literals from functools import wraps from django.http import HttpResponseRedirect, HttpResponseForbidden +from django.utils.translation import get_language + from uds.core.util.Config import GlobalConfig from uds.core.util import log from uds.core import auths @@ -221,10 +223,13 @@ def webLogin(request, response, user, password): Helper function to, once the user is authenticated, store the information at the user session. @return: Always returns True ''' + from uds.REST import Handler user.updateLastAccess() request.session.clear() request.session[USER_KEY] = user.id request.session[PASS_KEY] = CryptoManager.manager().xor(password.encode('utf-8'), request.COOKIES['uds']) + # Ensures that this user will have access througt REST api if logged in through web interface + Handler.storeSessionAuthdata(request.session, user.manager.small_name, user.name, get_language(), user.is_admin, user.staff_member) return True diff --git a/server/src/uds/templatetags/REST.py b/server/src/uds/templatetags/REST.py new file mode 100644 index 00000000..d4df02a0 --- /dev/null +++ b/server/src/uds/templatetags/REST.py @@ -0,0 +1,49 @@ +# -*- coding: utf-8 -*- + +# +# Copyright (c) 2014 Virtual Cable S.L. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without modification, +# are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# * Neither the name of Virtual Cable S.L. nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +''' +.. moduleauthor:: Adolfo Gómez, dkmaster at dkmon dot com +''' +from __future__ import unicode_literals + +from django import template + +import logging + +logger = logging.getLogger(__name__) + +register = template.Library() + +@register.simple_tag(name=auth_token, takes_context=True) +def auth_token(context): + ''' + Returns the authentication token, and also ensures that + ''' + request = context['request'] + return request.session.session_key \ No newline at end of file diff --git a/server/src/uds/templatetags/html5.py b/server/src/uds/templatetags/html5.py index 05c9204a..a485d6b5 100644 --- a/server/src/uds/templatetags/html5.py +++ b/server/src/uds/templatetags/html5.py @@ -30,6 +30,7 @@ ''' .. moduleauthor:: Adolfo Gómez, dkmaster at dkmon dot com ''' +from __future__ import unicode_literals from django import template from django.utils import formats