Get login information from Apache, if available

author Quentin Smith <quentin@mit.edu>

Sun, 9 Aug 2009 22:45:27 +0000 (18:45 -0400)

committer Quentin Smith <quentin@mit.edu>

Sun, 9 Aug 2009 22:45:27 +0000 (18:45 -0400)
author Quentin Smith <quentin@mit.edu>
Sun, 9 Aug 2009 22:45:27 +0000 (18:45 -0400)
committer Quentin Smith <quentin@mit.edu>
Sun, 9 Aug 2009 22:45:27 +0000 (18:45 -0400)
diff --git a/code/main.conf b/code/main.conf

index 2130697..6381f19 100644 (file)
--- a/code/main.conf
+++ b/code/main.conf
@@ -3,6 +3,7 @@
  #auto_reload doesn't work with FastCGI
  engine.auto_reload = False
  tools.mako.module_directory = "/tmp/invirt-web-templatecache"
+tools.remote_user_login.on = True
  
  engine.SIGHUP = None
  engine.SIGTERM = None
diff --git a/code/main.py b/code/main.py

index fd95e84..17bbd62 100755 (executable)
--- a/code/main.py
+++ b/code/main.py
@@ -690,21 +690,6 @@ def show_error(op, username, fields, err, emsg, traceback):
      d['details'] = details
      return templates.error(searchList=[d])
  
-def getUser(environ):
-    """Return the current user based on the SSL environment variables"""
-    user = environ.get('REMOTE_USER')
-    if user is None:
-        return
-    
-    if environ.get('AUTH_TYPE') == 'Negotiate':
-        # Convert the krb5 principal into a krb4 username
-        if not user.endswith('@%s' % config.kerberos.realm):
-            return
-        else:
-            return user.split('@')[0].replace('/', '.')
-    else:
-        return user
-
  def handler(username, state, path, fields):
      operation, path = pathSplit(path)
      if not operation:
diff --git a/code/view.py b/code/view.py

index 1a63eda..5d4750d 100644 (file)
--- a/code/view.py
+++ b/code/view.py
@@ -78,7 +78,27 @@ def require_login():
          raise cherrypy.HTTPError(403,
              "You are not authorized to access that resource")
  
-cherrypy.tools.require_login = cherrypy.Tool('on_start_resource', require_login)
+cherrypy.tools.require_login = cherrypy.Tool('on_start_resource', require_login, priority=150)
+
+def remote_user_login():
+    """Get the current user based on the SSL or GSSAPI environment variables"""
+    environ = cherrypy.request.wsgi_environ
+    user = environ.get('REMOTE_USER')
+    if user is None:
+        return
+    else:
+        cherrypy.request.login = None # clear what cherrypy put there
+
+    if environ.get('AUTH_TYPE') == 'Negotiate':
+        # Convert the krb5 principal into a krb4 username
+        if not user.endswith('@%s' % config.kerberos.realm):
+            cherrypy.request.login = False # failed to login
+        else:
+            cherrypy.request.login = user.split('@')[0].replace('/', '.')
+    else:
+        cherrypy.request.login = user
+
+cherrypy.tools.remote_user_login = cherrypy.Tool('on_start_resource', remote_user_login, priority=50)
  
  def invirtwebstate_init():
      """Initialize the cherrypy.request.state object from Invirt"""
author	Quentin Smith <quentin@mit.edu>
	Sun, 9 Aug 2009 22:45:27 +0000 (18:45 -0400)
committer	Quentin Smith <quentin@mit.edu>
	Sun, 9 Aug 2009 22:45:27 +0000 (18:45 -0400)
code/main.conf		patch \| blob \| history
code/main.py		patch \| blob \| history
code/view.py		patch \| blob \| history