X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/2cf224f4aad01040c97079273b4624acb0bd3874..a6bc598397e68ca5b7c0571341da3aa81617a327:/code/view.py diff --git a/code/view.py b/code/view.py index a6fa610..4135e24 100644 --- a/code/view.py +++ b/code/view.py @@ -10,7 +10,7 @@ from invirt.config import structs as config from webcommon import State class MakoHandler(cherrypy.dispatch.LateParamPageHandler): - """Callable which sets response.body.""" + """Callable which processes a dictionary, returning the rendered body.""" def __init__(self, template, next_handler, content_type='text/html; charset=utf-8'): self.template = template @@ -52,8 +52,6 @@ class MakoLoader(object): imports=[]): cherrypy.request.lookup = lookup = self.get_lookup(directories, module_directory, collection_size, imports) - - # Replace the current handler. cherrypy.request.template = t = lookup.get_template(filename) cherrypy.request.handler = MakoHandler(t, cherrypy.request.handler, content_type) @@ -102,7 +100,7 @@ cherrypy.tools.jsonify = cherrypy.Tool('before_finalize', jsonify_tool_callback, def require_login(): """If the user isn't logged in, raise 403 with an error.""" - if not cherrypy.request.login: + if cherrypy.request.login is False: raise cherrypy.HTTPError(403, "You are not authorized to access that resource") @@ -117,17 +115,26 @@ def require_POST(): cherrypy.tools.require_POST = cherrypy.Tool('on_start_resource', require_POST, priority=150) def remote_user_login(): - """Get the current user based on the SSL or GSSAPI environment variables""" + """Get the current user based on the SSL or GSSAPI environment +variables and store it in the request object's login variable. This +conforms to the CherryPy API: +http://www.cherrypy.org/wiki/RequestObject#login + +If the user is logged in successfully, cherrypy.request.login is set +to the username. If the user failed to log in, cherrypy.request.login +is set to False. If the user did not attempt authentication, +cherrypy.request.login is set to None.""" environ = cherrypy.request.wsgi_environ user = environ.get('REMOTE_USER') if user is None: - cherrypy.request.login = None return + else: + cherrypy.request.login = None # clear what cherrypy put there if environ.get('AUTH_TYPE') == 'Negotiate': # Convert the krb5 principal into a krb4 username if not user.endswith('@%s' % config.kerberos.realm): - cherrypy.request.login = None + cherrypy.request.login = False # failed to login else: cherrypy.request.login = user.split('@')[0].replace('/', '.') else: