shaba/openuds
1
0
Fork 1
mirror of https://github.com/dkmstr/openuds.git synced 2025-03-20 06:50:23 +03:00
Code Issues Releases Wiki Activity

Refactor authentication and authorization logic for improved clarity and consistency

Browse Source
This commit is contained in:
Adolfo Gómez García 2025-02-03 18:33:02 +01:00
parent 6899cff246
commit 0c4a00e163
No known key found for this signature in database
GPG Key ID: DD1ABF20724CDA23
5 changed files with 24 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
server/src/uds/REST/handlers.py
View File

@ -125,15 +125,14 @@ class Handler:
if self._auth_token is None:
raise AccessDenied()
self._user = self.get_user()
if not self._user.can_access(self.min_access_role):
raise AccessDenied()
try:
self._user = self.get_user()
except Exception as e:
# Maybe the user was deleted, so access is denied
raise AccessDenied() from e
if not self._user.can_access(self.min_access_role):
raise AccessDenied()
else:
self._user = User() # Empty user for non authenticated handlers
self._user.state = types.states.State.ACTIVE # Ensure it's active
@ -219,8 +218,6 @@ class Handler:
password: str,
locale: str,
platform: str,
is_admin: bool,
staff_member: bool,
scrambler: str,
) -> None:
"""
@ -232,11 +229,8 @@ class Handler:
:param is_admin: If user is considered admin or not
:param staff_member: If is considered as staff member
"""
if is_admin:
staff_member = True # Make admins also staff members :-)
# crypt password and convert to base64
passwd = codecs.encode(CryptoManager().symmetric_encrypt(password, scrambler), 'base64').decode()
passwd = codecs.encode(CryptoManager.manager().symmetric_encrypt(password, scrambler), 'base64').decode()
session['REST'] = {
'auth': id_auth,
@ -244,8 +238,6 @@ class Handler:
'password': passwd,
'locale': locale,
'platform': platform,
'is_admin': is_admin,
'staff_member': staff_member,
}
def gen_auth_token(
@ -255,8 +247,6 @@ class Handler:
password: str,
locale: str,
platform: str,
is_admin: bool,
staf_member: bool,
scrambler: str,
) -> str:
"""
@ -276,8 +266,6 @@ class Handler:
password,
locale,
platform,
is_admin,
staf_member,
scrambler,
)
session.save()

4
server/src/uds/REST/methods/login_logout.py
View File

@ -156,7 +156,7 @@ class Login(Handler):
if GlobalConfig.SUPER_USER_LOGIN.get(True) == username and CryptoManager.manager().check_hash(
password, GlobalConfig.SUPER_USER_PASS.get(True)
):
self.gen_auth_token(-1, username, password, locale, platform, True, True, scrambler)
self.gen_auth_token(-1, username, password, locale, platform, scrambler)
return Login.result(result='ok', token=self.get_auth_token())
return Login.result(error='Invalid credentials')
@ -188,8 +188,6 @@ class Login(Handler):
password,
locale,
platform,
auth_result.user.is_admin,
auth_result.user.staff_member,
scrambler,
),
scrambler=scrambler,

38
server/src/uds/REST/model/model.py
View File

@ -327,32 +327,32 @@ class ModelHandler(BaseModelHandler):
return operation()
match self._args[0]:
case consts.rest.OVERVIEW:
if number_of_args == 1:
return list(self.get_items())
match self._args:
case [consts.rest.OVERVIEW]:
return list(self.get_items())
case [consts.rest.OVERVIEW, *_fails]:
raise self.invalid_request_response()
case consts.rest.TABLEINFO:
if number_of_args != 1:
raise self.invalid_request_response()
case [consts.rest.TABLEINFO]:
return self.process_table_fields(
self.table_title,
self.table_fields,
self.table_row_style,
self.table_subtitle,
)
case consts.rest.TYPES:
if number_of_args == 1:
return list(self.get_types())
if number_of_args != 2:
raise self.invalid_request_response()
return self.get_type(self._args[1])
case consts.rest.GUI:
if number_of_args == 1:
return self.get_gui('')
if number_of_args != 2:
raise self.invalid_request_response()
return sorted(self.get_gui(self._args[1]), key=lambda f: f['gui']['order'])
case [consts.rest.TABLEINFO, *_fails]:
raise self.invalid_request_response()
case [consts.rest.TYPES]:
return list(self.get_types())
case [consts.rest.TYPES, type_]:
return self.get_type(type_)
case [consts.rest.TYPES, type_, *_fails]:
raise self.invalid_request_response()
case [consts.rest.GUI]:
return self.get_gui('')
case [consts.rest.GUI, type_]:
return sorted(self.get_gui(type_), key=lambda f: f['gui']['order'])
case [consts.rest.GUI, type_, *_fails]:
raise self.invalid_request_response()
case _: # Maybe an item or a detail
if number_of_args == 1:
try:

2
server/src/uds/core/auths/auth.py
View File

@ -425,8 +425,6 @@ def weblogin(
password,
get_language() or '',
request.os.os.name,
user.is_admin,
user.staff_member,
cookie,
)
return True

2
server/src/uds/core/consts/__init__.py
View File

@ -84,8 +84,6 @@ class UserRole(enum.StrEnum):
ADMIN = 'admin'
STAFF = 'staff'
# Currently not used, but reserved
USER = 'user'
ANONYMOUS = 'anonymous'