From: ShaoHe Feng <shaohef(a)linux.vnet.ibm.com>
If the content type is application/json still raise 401 status code.
And let UI redirect to login page.
or the backe redirects to login page directly.
enable kimchi-ui.html authentication protected.
and update the test case
Signed-off-by: ShaoHe Feng <shaohef(a)linux.vnet.ibm.com>
Signed-off-by: Yu Xin Huo <huoyuxin(a)linux.vnet.ibm.com>
---
src/kimchi/auth.py | 11 +++++++++++
src/kimchi/config.py.in | 3 +++
src/kimchi/root.py | 28 +++++++++++++++++++---------
tests/test_rest.py | 1 -
ui/js/src/kimchi.main.js | 5 +----
5 files changed, 34 insertions(+), 14 deletions(-)
diff --git a/src/kimchi/auth.py b/src/kimchi/auth.py
index dc78ded..a38dbd3 100644
--- a/src/kimchi/auth.py
+++ b/src/kimchi/auth.py
@@ -28,6 +28,7 @@
import re
import termios
import time
+import urllib2
from kimchi import template
@@ -41,6 +42,12 @@
REFRESH = 'robot-refresh'
+def redirect_login():
+ next_url = urllib2.quote(
+ cherrypy.request.path_info.encode('utf-8'), safe="")
+ raise cherrypy.HTTPRedirect("/login.html?next=%s" % next_url, 303)
+
+
def debug(msg):
pass
# cherrypy.log.error(msg)
@@ -234,6 +241,10 @@ def kimchiauth(admin_methods=None):
raise cherrypy.HTTPError(403)
return
+ # not a REST full request, redirect login page directly
+ if not template.can_accept('application/json'):
+ redirect_login()
+
if not from_browser():
cherrypy.response.headers['WWW-Authenticate'] = 'Basic
realm=kimchi'
diff --git a/src/kimchi/config.py.in b/src/kimchi/config.py.in
index 0206570..d4cbda0 100644
--- a/src/kimchi/config.py.in
+++ b/src/kimchi/config.py.in
@@ -187,6 +187,9 @@ class KimchiConfig(dict):
'/spice.html': {
'tools.kimchiauth.on': True
},
+ '/kimchi-ui.html': {
+ 'tools.kimchiauth.on': True
+ },
'/data/screenshots': {
'tools.staticdir.on': True,
'tools.staticdir.dir': get_screenshot_path(),
diff --git a/src/kimchi/root.py b/src/kimchi/root.py
index 8b1d09b..5ec1cf5 100644
--- a/src/kimchi/root.py
+++ b/src/kimchi/root.py
@@ -81,7 +81,7 @@ def get(self):
@cherrypy.expose
def default(self, page, **kwargs):
if page.endswith('.html'):
- return template.render(page, None)
+ return template.render(page, kwargs)
raise cherrypy.HTTPError(404)
@cherrypy.expose
@@ -110,14 +110,24 @@ def __init__(self, model, dev_env):
self.messages = messages
@cherrypy.expose
- def login(self, *args):
- params = parse_request()
- try:
- username = params['username']
- password = params['password']
- except KeyError, item:
- e = MissingParameter('KCHAUTH0003E', {'item': str(item)})
- raise cherrypy.HTTPError(400, e.message)
+ def login(self, *args, **kwargs):
+ username = kwargs.get('username')
+ password = kwargs.get('password')
+ # forms base authentication
+ if username is not None:
+ # UI can parser the redirect url by "next" query parameter
+ next_url = kwargs.get('next', "/")
+ next_url = next_url[0] if(type(next_url) is list) else next_url
+ auth.login(username, password)
+ raise cherrypy.HTTPRedirect(next_url, 303)
+ else:
+ try:
+ params = parse_request()
+ username = params['username']
+ password = params['password']
+ except KeyError, item:
+ e = MissingParameter('KCHAUTH0003E', {'item':
str(item)})
+ raise cherrypy.HTTPError(400, e.message)
try:
user_info = auth.login(username, password)
diff --git a/tests/test_rest.py b/tests/test_rest.py
index 7ed94cb..18ba66e 100644
--- a/tests/test_rest.py
+++ b/tests/test_rest.py
@@ -1431,7 +1431,6 @@ def test_auth_unprotected(self):
'/css/theme-default.min.css',
'/libs/jquery-1.10.0.min.js',
'/images/icon-vm.png',
- '/kimchi-ui.html',
'/login-window.html',
'/logout']
for uri in uris:
diff --git a/ui/js/src/kimchi.main.js b/ui/js/src/kimchi.main.js
index 184029d..2a8f461 100644
--- a/ui/js/src/kimchi.main.js
+++ b/ui/js/src/kimchi.main.js
@@ -227,10 +227,7 @@ kimchi.main = function() {
kimchi.previousAjax = ajaxSettings;
$(".empty-when-logged-off").empty();
$(".remove-when-logged-off").remove();
- kimchi.window.open({
- url: 'login-window.html',
- id: 'login-window-wrapper'
- });
+ document.location.href='login.html';
return;
}
else if((jqXHR['status'] == 0) &&
("error"==jqXHR.statusText)) {
--
1.9.3