forked from shaba/openuds
* Updated to django 1.6
* Ensured that, an user when has logged in from interface, has access to REST The access will be restricted by user permissions of course (this is, simple user will have access to its services, preferences and little more... :-)) This part anyway, is not done yet
This commit is contained in:
parent
47dff34637
commit
495ab90cc2
@ -142,7 +142,7 @@ class Dispatcher(View):
|
||||
def initialize():
|
||||
'''
|
||||
This imports all packages that are descendant of this package, and, after that,
|
||||
it register all subclases of service provider as
|
||||
it register all subclases of Handler. (In fact, it looks for packages inside "methods" package, child of this)
|
||||
'''
|
||||
import os.path, pkgutil
|
||||
import sys
|
||||
|
@ -78,7 +78,7 @@ class Handler(object):
|
||||
except:
|
||||
if settings.DEBUG:
|
||||
if self._authToken == 'a':
|
||||
self.genAuthToken(-1, 'root', 'es', True)
|
||||
self.genAuthToken(-1, 'root', 'es', True, True)
|
||||
else:
|
||||
self._authToken = None
|
||||
self._session = None
|
||||
@ -109,10 +109,15 @@ class Handler(object):
|
||||
def getAuthToken(self):
|
||||
return self._authToken
|
||||
|
||||
def genAuthToken(self, id_auth, username, locale, is_admin):
|
||||
@staticmethod
|
||||
def storeSessionAuthdata(session, id_auth, username, locale, is_admin, staff_member):
|
||||
session['REST'] = { 'auth': id_auth, 'username': username, 'locale': locale, 'is_admin': is_admin, 'staff_member': staff_member }
|
||||
|
||||
|
||||
def genAuthToken(self, id_auth, username, locale, is_admin, staf_member):
|
||||
session = SessionStore()
|
||||
session.set_expiry(GlobalConfig.ADMIN_IDLE_TIME.getInt())
|
||||
session['REST'] = { 'auth': id_auth, 'username': username, 'locale': locale, 'is_admin': is_admin }
|
||||
Handler.storeSessionAuthdata(session, id_auth, username, locale, is_admin, staf_member)
|
||||
session.save()
|
||||
self._authToken = session.session_key
|
||||
self._session = session
|
||||
|
@ -68,7 +68,7 @@ class Login(Handler):
|
||||
locale = self._params.get('locale', 'en')
|
||||
if auth == 'admin':
|
||||
if GlobalConfig.SUPER_USER_LOGIN.get(True) == username and GlobalConfig.SUPER_USER_PASS.get(True) == password:
|
||||
self.genAuthToken(-1, username, locale, True)
|
||||
self.genAuthToken(-1, username, locale, True, True)
|
||||
return{'result': 'ok', 'token': self.getAuthToken()}
|
||||
else:
|
||||
raise Exception('Invalid credentials')
|
||||
|
@ -37,6 +37,8 @@ from __future__ import unicode_literals
|
||||
|
||||
from functools import wraps
|
||||
from django.http import HttpResponseRedirect, HttpResponseForbidden
|
||||
from django.utils.translation import get_language
|
||||
|
||||
from uds.core.util.Config import GlobalConfig
|
||||
from uds.core.util import log
|
||||
from uds.core import auths
|
||||
@ -221,10 +223,13 @@ def webLogin(request, response, user, password):
|
||||
Helper function to, once the user is authenticated, store the information at the user session.
|
||||
@return: Always returns True
|
||||
'''
|
||||
from uds.REST import Handler
|
||||
user.updateLastAccess()
|
||||
request.session.clear()
|
||||
request.session[USER_KEY] = user.id
|
||||
request.session[PASS_KEY] = CryptoManager.manager().xor(password.encode('utf-8'), request.COOKIES['uds'])
|
||||
# Ensures that this user will have access througt REST api if logged in through web interface
|
||||
Handler.storeSessionAuthdata(request.session, user.manager.small_name, user.name, get_language(), user.is_admin, user.staff_member)
|
||||
return True
|
||||
|
||||
|
||||
|
49
server/src/uds/templatetags/REST.py
Normal file
49
server/src/uds/templatetags/REST.py
Normal file
@ -0,0 +1,49 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
#
|
||||
# Copyright (c) 2014 Virtual Cable S.L.
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without modification,
|
||||
# are permitted provided that the following conditions are met:
|
||||
#
|
||||
# * Redistributions of source code must retain the above copyright notice,
|
||||
# this list of conditions and the following disclaimer.
|
||||
# * Redistributions in binary form must reproduce the above copyright notice,
|
||||
# this list of conditions and the following disclaimer in the documentation
|
||||
# and/or other materials provided with the distribution.
|
||||
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
|
||||
# may be used to endorse or promote products derived from this software
|
||||
# without specific prior written permission.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
||||
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
|
||||
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
||||
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
||||
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
||||
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
'''
|
||||
.. moduleauthor:: Adolfo Gómez, dkmaster at dkmon dot com
|
||||
'''
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django import template
|
||||
|
||||
import logging
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
register = template.Library()
|
||||
|
||||
@register.simple_tag(name=auth_token, takes_context=True)
|
||||
def auth_token(context):
|
||||
'''
|
||||
Returns the authentication token, and also ensures that
|
||||
'''
|
||||
request = context['request']
|
||||
return request.session.session_key
|
@ -30,6 +30,7 @@
|
||||
'''
|
||||
.. moduleauthor:: Adolfo Gómez, dkmaster at dkmon dot com
|
||||
'''
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django import template
|
||||
from django.utils import formats
|
||||
|
Loading…
Reference in New Issue
Block a user