On 06/10/2014 09:42 AM, Sheldon wrote:
On 06/10/2014 02:11 AM, Aline Manera wrote:
> On 06/05/2014 01:10 PM, shaohef(a)linux.vnet.ibm.com wrote:
>> From: ShaoHe Feng <shaohef(a)linux.vnet.ibm.com>
>>
>> If the content type is application/json still raise 401 status code.
>> And let UI redirect to login page.
>>
>> or the backe redirects to login page directly.
>>
>> Signed-off-by: ShaoHe Feng <shaohef(a)linux.vnet.ibm.com>
>> Signed-off-by: Yu Xin Huo <huoyuxin(a)linux.vnet.ibm.com>
>> ---
>> src/kimchi/auth.py | 11 +++++++++++
>> src/kimchi/config.py.in | 3 +++
>> src/kimchi/root.py | 28 +++++++++++++++++++---------
>> ui/js/src/kimchi.main.js | 5 +----
>> 4 files changed, 34 insertions(+), 13 deletions(-)
>>
>> diff --git a/src/kimchi/auth.py b/src/kimchi/auth.py
>> index dc78ded..a38dbd3 100644
>> --- a/src/kimchi/auth.py
>> +++ b/src/kimchi/auth.py
>> @@ -28,6 +28,7 @@
>> import re
>> import termios
>> import time
>> +import urllib2
>>
>>
>> from kimchi import template
>> @@ -41,6 +42,12 @@
>> REFRESH = 'robot-refresh'
>>
>>
>> +def redirect_login():
>> + next_url = urllib2.quote(
>> + cherrypy.request.path_info.encode('utf-8'), safe="")
>> + raise cherrypy.HTTPRedirect("/login.html?next=%s" % next_url, 303)
>> +
>> +
>> def debug(msg):
>> pass
>> # cherrypy.log.error(msg)
>> @@ -234,6 +241,10 @@ def kimchiauth(admin_methods=None):
>> raise cherrypy.HTTPError(403)
>> return
>>
>> + # not a REST full request, redirect login page directly
>> + if not template.can_accept('application/json'):
>> + redirect_login()
>> +
>> if not from_browser():
>> cherrypy.response.headers['WWW-Authenticate'] = 'Basic
realm=kimchi'
>>
>> diff --git a/src/kimchi/config.py.in b/src/kimchi/config.py.in
>> index 0206570..d4cbda0 100644
>> --- a/src/kimchi/config.py.in
>> +++ b/src/kimchi/config.py.in
>> @@ -187,6 +187,9 @@ class KimchiConfig(dict):
>> '/spice.html': {
>> 'tools.kimchiauth.on': True
>> },
>> + '/kimchi-ui.html': {
>> + 'tools.kimchiauth.on': True
>> + },
>> '/data/screenshots': {
>> 'tools.staticdir.on': True,
>> 'tools.staticdir.dir': get_screenshot_path(),
>> diff --git a/src/kimchi/root.py b/src/kimchi/root.py
>> index 8b1d09b..181ab13 100644
>> --- a/src/kimchi/root.py
>> +++ b/src/kimchi/root.py
>> @@ -81,7 +81,7 @@ def get(self):
>> @cherrypy.expose
>> def default(self, page, **kwargs):
>> if page.endswith('.html'):
>> - return template.render(page, None)
>> + return template.render(page, kwargs)
>> raise cherrypy.HTTPError(404)
>>
>> @cherrypy.expose
>> @@ -110,14 +110,24 @@ def __init__(self, model, dev_env):
>> self.messages = messages
>>
>> @cherrypy.expose
>> - def login(self, *args):
>> - params = parse_request()
>> - try:
>> - username = params['username']
>> - password = params['password']
>> - except KeyError, item:
>> - e = MissingParameter('KCHAUTH0003E', {'item': str(item)})
>> - raise cherrypy.HTTPError(400, e.message)
>
>> + def login(self, *args, **kwargs):
>> + username = kwargs.get('username')
>> + password = kwargs.get('password')
>> + # forms base authentication
>> + if username is not None:
>> + # UI can pass the redirect url by "next" query parameter
>> + next_url = kwargs.get('next', "/")
>> + next_url = type(next_url) is list and next_url[0]
>> + auth.login(username, password)
>> + raise cherrypy.HTTPRedirect(next_url, 303)
>> + else:
>> + try:
>> + params = parse_request()
>> + username = params['username']
>> + password = params['password']
>> + except KeyError, item:
>> + e = MissingParameter('KCHAUTH0003E', {'item': str(item)})
>> + raise cherrypy.HTTPError(400, e.message)
>
> I didn't understand this code.
> Why did you get username and password from kwargs and in "else" from
> parse_request()?
> Should that info be in a single location?
parse_request() get the password and username from body for REST API
request.
for form authentication. The cherrypy will do it by itself, and pass
it to login
And when in which situation we get the username and password from kwargs?
PS. Sorry about too many questions but I am trying to understand the code =)
>
> And if you raise/return, you don't need a "else" it eliminates some
> indentation levels.
I can remove the “else”
>
>> try:
>> user_info = auth.login(username, password)
>> diff --git a/ui/js/src/kimchi.main.js b/ui/js/src/kimchi.main.js
>> index 184029d..2a8f461 100644
>> --- a/ui/js/src/kimchi.main.js
>> +++ b/ui/js/src/kimchi.main.js
>> @@ -227,10 +227,7 @@ kimchi.main = function() {
>> kimchi.previousAjax = ajaxSettings;
>> $(".empty-when-logged-off").empty();
>> $(".remove-when-logged-off").remove();
>> - kimchi.window.open({
>> - url: 'login-window.html',
>> - id: 'login-window-wrapper'
>> - });
>> + document.location.href='login.html';
>> return;
>> }
>> else if((jqXHR['status'] == 0) &&
("error"==jqXHR.statusText)) {
>
>
>