from webcommon import State
class MakoHandler(cherrypy.dispatch.LateParamPageHandler):
- """Callable which sets response.body."""
+ """Callable which processes a dictionary, returning the rendered body."""
def __init__(self, template, next_handler, content_type='text/html; charset=utf-8'):
self.template = template
imports=[]):
cherrypy.request.lookup = lookup = self.get_lookup(directories, module_directory,
collection_size, imports)
-
- # Replace the current handler.
cherrypy.request.template = t = lookup.get_template(filename)
cherrypy.request.handler = MakoHandler(t, cherrypy.request.handler, content_type)
def require_login():
"""If the user isn't logged in, raise 403 with an error."""
- if not cherrypy.request.login:
+ if cherrypy.request.login is False:
raise cherrypy.HTTPError(403,
"You are not authorized to access that resource")
cherrypy.tools.require_POST = cherrypy.Tool('on_start_resource', require_POST, priority=150)
def remote_user_login():
- """Get the current user based on the SSL or GSSAPI environment variables"""
+ """Get remote user from SSL or GSSAPI, and store in request object.
+
+Get the current user based on environment variables set by SSL or
+GSSAPI, and store it in the attribute cherrpy.request.login.
+
+Per the CherryPy API (http://www.cherrypy.org/wiki/RequestObject#login),
+the attribute is set to the username on successful login, to False on
+failed login, and is left at None if the user attempted no authentication.
+"""
environ = cherrypy.request.wsgi_environ
user = environ.get('REMOTE_USER')
if user is None:
- cherrypy.request.login = None
return
-
if environ.get('AUTH_TYPE') == 'Negotiate':
# Convert the krb5 principal into a krb4 username
if not user.endswith('@%s' % config.kerberos.realm):
- cherrypy.request.login = None
+ cherrypy.request.login = False # failed to log in
else:
cherrypy.request.login = user.split('@')[0].replace('/', '.')
else: