* Updated to django 1.6

* Ensured that, an user when has logged in from interface, has access to REST
The access will be restricted by user permissions of course (this is, simple user will have access to its services, preferences and little more... :-)) This part anyway, is not done yet
This commit is contained in:
Adolfo Gómez 2013-11-11 20:08:23 +00:00
parent 47dff34637
commit 495ab90cc2
6 changed files with 65 additions and 5 deletions

View File

@ -142,7 +142,7 @@ class Dispatcher(View):
def initialize():
'''
This imports all packages that are descendant of this package, and, after that,
it register all subclases of service provider as
it register all subclases of Handler. (In fact, it looks for packages inside "methods" package, child of this)
'''
import os.path, pkgutil
import sys

View File

@ -78,7 +78,7 @@ class Handler(object):
except:
if settings.DEBUG:
if self._authToken == 'a':
self.genAuthToken(-1, 'root', 'es', True)
self.genAuthToken(-1, 'root', 'es', True, True)
else:
self._authToken = None
self._session = None
@ -109,10 +109,15 @@ class Handler(object):
def getAuthToken(self):
return self._authToken
def genAuthToken(self, id_auth, username, locale, is_admin):
@staticmethod
def storeSessionAuthdata(session, id_auth, username, locale, is_admin, staff_member):
session['REST'] = { 'auth': id_auth, 'username': username, 'locale': locale, 'is_admin': is_admin, 'staff_member': staff_member }
def genAuthToken(self, id_auth, username, locale, is_admin, staf_member):
session = SessionStore()
session.set_expiry(GlobalConfig.ADMIN_IDLE_TIME.getInt())
session['REST'] = { 'auth': id_auth, 'username': username, 'locale': locale, 'is_admin': is_admin }
Handler.storeSessionAuthdata(session, id_auth, username, locale, is_admin, staf_member)
session.save()
self._authToken = session.session_key
self._session = session

View File

@ -68,7 +68,7 @@ class Login(Handler):
locale = self._params.get('locale', 'en')
if auth == 'admin':
if GlobalConfig.SUPER_USER_LOGIN.get(True) == username and GlobalConfig.SUPER_USER_PASS.get(True) == password:
self.genAuthToken(-1, username, locale, True)
self.genAuthToken(-1, username, locale, True, True)
return{'result': 'ok', 'token': self.getAuthToken()}
else:
raise Exception('Invalid credentials')

View File

@ -37,6 +37,8 @@ from __future__ import unicode_literals
from functools import wraps
from django.http import HttpResponseRedirect, HttpResponseForbidden
from django.utils.translation import get_language
from uds.core.util.Config import GlobalConfig
from uds.core.util import log
from uds.core import auths
@ -221,10 +223,13 @@ def webLogin(request, response, user, password):
Helper function to, once the user is authenticated, store the information at the user session.
@return: Always returns True
'''
from uds.REST import Handler
user.updateLastAccess()
request.session.clear()
request.session[USER_KEY] = user.id
request.session[PASS_KEY] = CryptoManager.manager().xor(password.encode('utf-8'), request.COOKIES['uds'])
# Ensures that this user will have access througt REST api if logged in through web interface
Handler.storeSessionAuthdata(request.session, user.manager.small_name, user.name, get_language(), user.is_admin, user.staff_member)
return True

View File

@ -0,0 +1,49 @@
# -*- coding: utf-8 -*-
#
# Copyright (c) 2014 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
.. moduleauthor:: Adolfo Gómez, dkmaster at dkmon dot com
'''
from __future__ import unicode_literals
from django import template
import logging
logger = logging.getLogger(__name__)
register = template.Library()
@register.simple_tag(name=auth_token, takes_context=True)
def auth_token(context):
'''
Returns the authentication token, and also ensures that
'''
request = context['request']
return request.session.session_key

View File

@ -30,6 +30,7 @@
'''
.. moduleauthor:: Adolfo Gómez, dkmaster at dkmon dot com
'''
from __future__ import unicode_literals
from django import template
from django.utils import formats