Mercurial > p > roundup > code

--- a/roundup/cgi/client.py	Thu Nov 18 15:58:23 2004 +0000
+++ b/roundup/cgi/client.py	Thu Nov 18 16:21:07 2004 +0000
@@ -1,13 +1,12 @@
-# $Id: client.py,v 1.201 2004-11-18 14:05:35 a1s Exp $
+# $Id: client.py,v 1.202 2004-11-18 16:21:07 a1s Exp $

 """WWW request handler (also used in the stand-alone server).
 """
 __docformat__ = 'restructuredtext'

-import os, os.path, cgi, StringIO, urlparse, re, traceback, mimetypes, urllib
-import binascii, Cookie, time, random, stat, rfc822
-import codecs
-
+import base64, binascii, cgi, codecs, mimetypes, os
+import random, re, rfc822, stat, time, urllib, urlparse
+import Cookie

 from roundup import roundupdb, date, hyperdb, password
 from roundup.cgi import templating, cgitb, TranslationService
@@ -151,6 +150,9 @@
         # parse cookies (used in charset and session lookups)
         self.cookie = Cookie.SimpleCookie(self.env.get('HTTP_COOKIE', ''))

+        self.user = None
+        self.userid = None
+
     def setTranslator(self, translator=None):
         """Replace the translation engine

@@ -294,7 +296,7 @@
         last_clean = sessions.get('last_clean', 'last_use', 0)

         # time to clean?
-        week = 60*60*24*7
+        #week = 60*60*24*7
         hour = 60*60
         now = time.time()
         if now - last_clean < hour:
@@ -376,6 +378,25 @@
         else:
             user = 'anonymous'

+        # try handling Basic Auth ourselves
+        if (user == 'anonymous') and self.env['HTTP_AUTHORIZATION']:
+            scheme, challenge = self.env['HTTP_AUTHORIZATION'].split(' ', 1)
+            if scheme.lower() == 'basic':
+                try:
+                    decoded = base64.decodestring(challenge)
+                except TypeError:
+                    # invalid challenge
+                    pass
+                username, password = decoded.split(':')
+                try:
+                    LoginAction(self).verifyLogin(username, password)
+                except LoginError, err:
+                    self.make_user_anonymous()
+                    self.response_code = 403
+                    raise Unauthorised, err
+
+                user = username
+
         # look up the user session cookie (may override the REMOTE_USER)
         cookie = self.cookie
         if (cookie.has_key(self.cookie_name) and
author	Alexander Smishlajev <a1s@users.sourceforge.net>
date	Thu, 18 Nov 2004 16:21:07 +0000
parents	29563959c026
children	46fdfcf42806