From 46eb68a8b8105d0746e28fe0d2a4309a01a040d9 Mon Sep 17 00:00:00 2001 From: Quentin Smith Date: Sun, 9 Aug 2009 18:45:27 -0400 Subject: [PATCH] Get login information from Apache, if available svn path=/package_branches/invirt-web/cherrypy-rebased/; revision=2670 --- code/main.conf | 1 + code/main.py | 15 --------------- code/view.py | 22 +++++++++++++++++++++- 3 files changed, 22 insertions(+), 16 deletions(-) diff --git a/code/main.conf b/code/main.conf index 2130697..6381f19 100644 --- a/code/main.conf +++ b/code/main.conf @@ -3,6 +3,7 @@ #auto_reload doesn't work with FastCGI engine.auto_reload = False tools.mako.module_directory = "/tmp/invirt-web-templatecache" +tools.remote_user_login.on = True engine.SIGHUP = None engine.SIGTERM = None diff --git a/code/main.py b/code/main.py index fd95e84..17bbd62 100755 --- a/code/main.py +++ b/code/main.py @@ -690,21 +690,6 @@ def show_error(op, username, fields, err, emsg, traceback): d['details'] = details return templates.error(searchList=[d]) -def getUser(environ): - """Return the current user based on the SSL environment variables""" - user = environ.get('REMOTE_USER') - if user is None: - return - - if environ.get('AUTH_TYPE') == 'Negotiate': - # Convert the krb5 principal into a krb4 username - if not user.endswith('@%s' % config.kerberos.realm): - return - else: - return user.split('@')[0].replace('/', '.') - else: - return user - def handler(username, state, path, fields): operation, path = pathSplit(path) if not operation: diff --git a/code/view.py b/code/view.py index 1a63eda..5d4750d 100644 --- a/code/view.py +++ b/code/view.py @@ -78,7 +78,27 @@ def require_login(): raise cherrypy.HTTPError(403, "You are not authorized to access that resource") -cherrypy.tools.require_login = cherrypy.Tool('on_start_resource', require_login) +cherrypy.tools.require_login = cherrypy.Tool('on_start_resource', require_login, priority=150) + +def remote_user_login(): + """Get the current user based on the SSL or GSSAPI environment variables""" + environ = cherrypy.request.wsgi_environ + user = environ.get('REMOTE_USER') + if user is None: + return + else: + cherrypy.request.login = None # clear what cherrypy put there + + if environ.get('AUTH_TYPE') == 'Negotiate': + # Convert the krb5 principal into a krb4 username + if not user.endswith('@%s' % config.kerberos.realm): + cherrypy.request.login = False # failed to login + else: + cherrypy.request.login = user.split('@')[0].replace('/', '.') + else: + cherrypy.request.login = user + +cherrypy.tools.remote_user_login = cherrypy.Tool('on_start_resource', remote_user_login, priority=50) def invirtwebstate_init(): """Initialize the cherrypy.request.state object from Invirt""" -- 1.7.9.5