On 06/10/2014 09:27 PM, Aline Manera wrote:
On 06/10/2014 09:42 AM, Sheldon wrote:
On 06/10/2014 02:11 AM, Aline Manera wrote:
On 06/05/2014 01:10 PM, shaohef@linux.vnet.ibm.com wrote:
From: ShaoHe Feng <shaohef@linux.vnet.ibm.com>

If the content type is application/json still raise 401 status code.
And let UI redirect to login page.

or the backe redirects to login page directly.

Signed-off-by: ShaoHe Feng <shaohef@linux.vnet.ibm.com>
Signed-off-by: Yu Xin Huo <huoyuxin@linux.vnet.ibm.com>
---
src/kimchi/auth.py | 11 +++++++++++
src/kimchi/config.py.in | 3 +++
src/kimchi/root.py | 28 +++++++++++++++++++---------
ui/js/src/kimchi.main.js | 5 +----
4 files changed, 34 insertions(+), 13 deletions(-)

diff --git a/src/kimchi/auth.py b/src/kimchi/auth.py
index dc78ded..a38dbd3 100644
--- a/src/kimchi/auth.py
+++ b/src/kimchi/auth.py
@@ -28,6 +28,7 @@
import re
import termios
import time
+import urllib2


from kimchi import template
@@ -41,6 +42,12 @@
REFRESH = 'robot-refresh'


+def redirect_login():
+ next_url = urllib2.quote(
+ cherrypy.request.path_info.encode('utf-8'), safe="")
+ raise cherrypy.HTTPRedirect("/login.html?next=%s" % next_url, 303)
+
+
def debug(msg):
pass
# cherrypy.log.error(msg)
@@ -234,6 +241,10 @@ def kimchiauth(admin_methods=None):
raise cherrypy.HTTPError(403)
return

+ # not a REST full request, redirect login page directly
+ if not template.can_accept('application/json'):
+ redirect_login()
+
if not from_browser():
cherrypy.response.headers['WWW-Authenticate'] = 'Basic realm=kimchi'

diff --git a/src/kimchi/config.py.in b/src/kimchi/config.py.in
index 0206570..d4cbda0 100644
--- a/src/kimchi/config.py.in
+++ b/src/kimchi/config.py.in
@@ -187,6 +187,9 @@ class KimchiConfig(dict):
'/spice.html': {
'tools.kimchiauth.on': True
},
+ '/kimchi-ui.html': {
+ 'tools.kimchiauth.on': True
+ },
'/data/screenshots': {
'tools.staticdir.on': True,
'tools.staticdir.dir': get_screenshot_path(),
diff --git a/src/kimchi/root.py b/src/kimchi/root.py
index 8b1d09b..181ab13 100644
--- a/src/kimchi/root.py
+++ b/src/kimchi/root.py
@@ -81,7 +81,7 @@ def get(self):
@cherrypy.expose
def default(self, page, **kwargs):
if page.endswith('.html'):
- return template.render(page, None)
+ return template.render(page, kwargs)
raise cherrypy.HTTPError(404)

@cherrypy.expose
@@ -110,14 +110,24 @@ def __init__(self, model, dev_env):
self.messages = messages

@cherrypy.expose
- def login(self, *args):
- params = parse_request()
- try:
- username = params['username']
- password = params['password']
- except KeyError, item:
- e = MissingParameter('KCHAUTH0003E', {'item': str(item)})
- raise cherrypy.HTTPError(400, e.message)

+ def login(self, *args, **kwargs):
+ username = kwargs.get('username')
+ password = kwargs.get('password')
+ # forms base authentication
+ if username is not None:
+ # UI can pass the redirect url by "next" query parameter
+ next_url = kwargs.get('next', "/")
+ next_url = type(next_url) is list and next_url[0]
+ auth.login(username, password)
+ raise cherrypy.HTTPRedirect(next_url, 303)
+ else:
+ try:
+ params = parse_request()
+ username = params['username']
+ password = params['password']
+ except KeyError, item:
+ e = MissingParameter('KCHAUTH0003E', {'item': str(item)})
+ raise cherrypy.HTTPError(400, e.message)

I didn't understand this code.
Why did you get username and password from kwargs and in "else" from parse_request()?
Should that info be in a single location?
parse_request() get the password and username from body for REST API request.
for form authentication. The cherrypy will do it by itself, and pass it to login

And when in which situation we get the username and password from kwargs?

PS. Sorry about too many questions but I am trying to understand the code =)

Request Headersview source
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
gzip, deflate
zh-cn,en-us;q=0.7,en;q=0.3
keep-alive
userid=root; kimchiLang=zh_CN; username=shhfeng; ticketVM=VqO6AWlH; lastPage="/#tabs/templates"; kimchi=fc2fa059ee694c3d959fa1a1902557d21526e78e
1
localhost:8001
https://localhost:8001/login.html
Mozilla/5.0 (X11; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0
Request Headers From Upload Stream
41
application/x-www-form-urlencoded


post body.
I think the cherrypy know x-www-form-urlencoded, it can parser the body by itself.  



By our rest quest,  the Content-Type is application/json we paser it by ourself. 


I have check the cherrypy code:  some explanation for application/x-www-form-urlencoded

    def _get_body_params(self):
        warnings.warn(
                "body_params is deprecated in CherryPy 3.2, will be removed in "
                "CherryPy 3.3.",
                DeprecationWarning
            )
        return self.body.params
    body_params = property(_get_body_params,
                      doc= """
    If the request Content-Type is 'application/x-www-form-urlencoded' or
    multipart, this will be a dict of the params pulled from the entity
    body; that is, it will be the portion of request.params that come
    from the message body (sometimes called "POST params", although they
    can be sent with various HTTP method verbs). This value is set between
    the 'before_request_body' and 'before_handler' hooks (assuming that
    process_request_body is True).
   
    Deprecated in 3.2, will be removed for 3.3 in favor of
    :attr:`request.body.params<cherrypy._cprequest.RequestBody.params>`.""")



And if you raise/return, you don't need a "else" it eliminates some indentation levels.
I can remove the “else”

try:
user_info = auth.login(username, password)
diff --git a/ui/js/src/kimchi.main.js b/ui/js/src/kimchi.main.js
index 184029d..2a8f461 100644
--- a/ui/js/src/kimchi.main.js
+++ b/ui/js/src/kimchi.main.js
@@ -227,10 +227,7 @@ kimchi.main = function() {
kimchi.previousAjax = ajaxSettings;
$(".empty-when-logged-off").empty();
$(".remove-when-logged-off").remove();
- kimchi.window.open({
- url: 'login-window.html',
- id: 'login-window-wrapper'
- });
+ document.location.href='login.html';
return;
}
else if((jqXHR['status'] == 0) && ("error"==jqXHR.statusText)) {










-- 
Thanks and best regards!

Sheldon Feng(冯少合)<shaohef@linux.vnet.ibm.com>
IBM Linux Technology Center