Mercurial > p > roundup > code

comparison roundup/cgi/client.py @ 3453:8e3c0b88afad

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
prefer http authorization over cookie sessions [SF#1396134]
author Alexander Smishlajev <a1s@users.sourceforge.net>
date Mon, 09 Jan 2006 09:14:27 +0000
parents 198fe87b0254
children 5a56abcf1b22
comparison
equal deleted inserted replaced
3452:be505af06586 3453:8e3c0b88afad
1 # $Id: client.py,v 1.217 2005-12-03 09:35:06 a1s Exp $ 1 # $Id: client.py,v 1.218 2006-01-09 09:14:27 a1s Exp $
2 2
3 """WWW request handler (also used in the stand-alone server). 3 """WWW request handler (also used in the stand-alone server).
4 """ 4 """
5 __docformat__ = 'restructuredtext' 5 __docformat__ = 'restructuredtext'
6 6
413 language, 413 language,
414 tracker_home=self.instance.config["TRACKER_HOME"])) 414 tracker_home=self.instance.config["TRACKER_HOME"]))
415 415
416 def determine_user(self): 416 def determine_user(self):
417 """Determine who the user is""" 417 """Determine who the user is"""
418 # determine the uid to use
419 self.opendb('admin') 418 self.opendb('admin')
420 419
421 # make sure we have the session Class 420 # make sure we have the session Class
422 self.clean_sessions() 421 self.clean_sessions()
423 sessions = self.db.getSessionManager() 422 sessions = self.db.getSessionManager()
424 423
425 # first up, try the REMOTE_USER var (from HTTP Basic Auth handled 424 user = None
426 # by a front-end HTTP server) 425 # first up, try http authorization if enabled
427 use_http_auth = self.instance.config['WEB_HTTP_AUTH'] == 'yes' 426 if self.instance.config['WEB_HTTP_AUTH']:
428 user = 'anonymous'
429 if use_http_auth:
430 if self.env.has_key('REMOTE_USER'): 427 if self.env.has_key('REMOTE_USER'):
428 # we have external auth (e.g. by Apache)
431 user = self.env['REMOTE_USER'] 429 user = self.env['REMOTE_USER']
432 # try handling Basic Auth ourselves
433 elif self.env.get('HTTP_AUTHORIZATION', ''): 430 elif self.env.get('HTTP_AUTHORIZATION', ''):
431 # try handling Basic Auth ourselves
434 auth = self.env['HTTP_AUTHORIZATION'] 432 auth = self.env['HTTP_AUTHORIZATION']
435 scheme, challenge = auth.split(' ', 1) 433 scheme, challenge = auth.split(' ', 1)
436 if scheme.lower() == 'basic': 434 if scheme.lower() == 'basic':
437 try: 435 try:
438 decoded = base64.decodestring(challenge) 436 decoded = base64.decodestring(challenge)
448 self.response_code = 403 446 self.response_code = 403
449 raise Unauthorised, err 447 raise Unauthorised, err
450 448
451 user = username 449 user = username
452 450
453 # look up the user session cookie (may override the HTTP Basic Auth) 451 # if user was not set by http authorization, try session cookie
454 cookie = self.cookie 452 if (not user) and self.cookie.has_key(self.cookie_name) \
455 if (cookie.has_key(self.cookie_name) and 453 and (self.cookie[self.cookie_name].value != 'deleted'):
456 cookie[self.cookie_name].value != 'deleted'):
457
458 # get the session key from the cookie 454 # get the session key from the cookie
459 self.session = cookie[self.cookie_name].value 455 self.session = self.cookie[self.cookie_name].value
460 # get the user from the session 456 # get the user from the session
461 try: 457 try:
462 # update the lifetime datestamp 458 # update the lifetime datestamp
463 sessions.updateTimestamp(self.session) 459 sessions.updateTimestamp(self.session)
464 user = sessions.get(self.session, 'user') 460 user = sessions.get(self.session, 'user')
465 except KeyError: 461 except KeyError:
466 # not valid, ignore id 462 # not valid, ignore id
467 pass 463 pass
468 464
469 # sanity check on the user still being valid, getting the userid 465 # if no user name set by http authorization or session cookie
470 # at the same time 466 # the user is anonymous
467 if not user:
468 user = 'anonymous'
469
470 # sanity check on the user still being valid,
471 # getting the userid at the same time
471 try: 472 try:
472 self.userid = self.db.user.lookup(user) 473 self.userid = self.db.user.lookup(user)
473 except (KeyError, TypeError): 474 except (KeyError, TypeError):
474 user = 'anonymous' 475 user = 'anonymous'
475 476
Roundup Issue Tracker: http://roundup-tracker.org/