[Kimchi-devel] [PATCH V3 2/5] redirect the URL to login page when session timeout or first login

Tue Jun 10 12:42:19 UTC 2014

On 06/10/2014 02:11 AM, Aline Manera wrote:
> On 06/05/2014 01:10 PM, shaohef at linux.vnet.ibm.com wrote:
>> From: ShaoHe Feng <shaohef at linux.vnet.ibm.com>
>>
>> If the content type is application/json still raise 401 status code.
>> And let UI redirect to login page.
>>
>> or the backe redirects to login page directly.
>>
>> Signed-off-by: ShaoHe Feng <shaohef at linux.vnet.ibm.com>
>> Signed-off-by: Yu Xin Huo <huoyuxin at linux.vnet.ibm.com>
>> ---
>> src/kimchi/auth.py | 11 +++++++++++
>> src/kimchi/config.py.in | 3 +++
>> src/kimchi/root.py | 28 +++++++++++++++++++---------
>> ui/js/src/kimchi.main.js | 5 +----
>> 4 files changed, 34 insertions(+), 13 deletions(-)
>>
>> diff --git a/src/kimchi/auth.py b/src/kimchi/auth.py
>> index dc78ded..a38dbd3 100644
>> --- a/src/kimchi/auth.py
>> +++ b/src/kimchi/auth.py
>> @@ -28,6 +28,7 @@
>> import re
>> import termios
>> import time
>> +import urllib2
>>
>>
>> from kimchi import template
>> @@ -41,6 +42,12 @@
>> REFRESH = 'robot-refresh'
>>
>>
>> +def redirect_login():
>> + next_url = urllib2.quote(
>> + cherrypy.request.path_info.encode('utf-8'), safe="")
>> + raise cherrypy.HTTPRedirect("/login.html?next=%s" % next_url, 303)
>> +
>> +
>> def debug(msg):
>> pass
>> # cherrypy.log.error(msg)
>> @@ -234,6 +241,10 @@ def kimchiauth(admin_methods=None):
>> raise cherrypy.HTTPError(403)
>> return
>>
>> + # not a REST full request, redirect login page directly
>> + if not template.can_accept('application/json'):
>> + redirect_login()
>> +
>> if not from_browser():
>> cherrypy.response.headers['WWW-Authenticate'] = 'Basic realm=kimchi'
>>
>> diff --git a/src/kimchi/config.py.in b/src/kimchi/config.py.in
>> index 0206570..d4cbda0 100644
>> --- a/src/kimchi/config.py.in
>> +++ b/src/kimchi/config.py.in
>> @@ -187,6 +187,9 @@ class KimchiConfig(dict):
>> '/spice.html': {
>> 'tools.kimchiauth.on': True
>> },
>> + '/kimchi-ui.html': {
>> + 'tools.kimchiauth.on': True
>> + },
>> '/data/screenshots': {
>> 'tools.staticdir.on': True,
>> 'tools.staticdir.dir': get_screenshot_path(),
>> diff --git a/src/kimchi/root.py b/src/kimchi/root.py
>> index 8b1d09b..181ab13 100644
>> --- a/src/kimchi/root.py
>> +++ b/src/kimchi/root.py
>> @@ -81,7 +81,7 @@ def get(self):
>> @cherrypy.expose
>> def default(self, page, **kwargs):
>> if page.endswith('.html'):
>> - return template.render(page, None)
>> + return template.render(page, kwargs)
>> raise cherrypy.HTTPError(404)
>>
>> @cherrypy.expose
>> @@ -110,14 +110,24 @@ def __init__(self, model, dev_env):
>> self.messages = messages
>>
>> @cherrypy.expose
>> - def login(self, *args):
>> - params = parse_request()
>> - try:
>> - username = params['username']
>> - password = params['password']
>> - except KeyError, item:
>> - e = MissingParameter('KCHAUTH0003E', {'item': str(item)})
>> - raise cherrypy.HTTPError(400, e.message)
>
>> + def login(self, *args, **kwargs):
>> + username = kwargs.get('username')
>> + password = kwargs.get('password')
>> + # forms base authentication
>> + if username is not None:
>> + # UI can pass the redirect url by "next" query parameter
>> + next_url = kwargs.get('next', "/")
>> + next_url = type(next_url) is list and next_url[0]
>> + auth.login(username, password)
>> + raise cherrypy.HTTPRedirect(next_url, 303)
>> + else:
>> + try:
>> + params = parse_request()
>> + username = params['username']
>> + password = params['password']
>> + except KeyError, item:
>> + e = MissingParameter('KCHAUTH0003E', {'item': str(item)})
>> + raise cherrypy.HTTPError(400, e.message)
>
> I didn't understand this code.
> Why did you get username and password from kwargs and in "else" from 
> parse_request()?
> Should that info be in a single location?
parse_request() get the password and username from body for REST API 
request.
for form authentication. The cherrypy will do it by itself, and pass it 
to login

>
> And if you raise/return, you don't need a "else" it eliminates some 
> indentation levels.
I can remove the “else”
>
>> try:
>> user_info = auth.login(username, password)
>> diff --git a/ui/js/src/kimchi.main.js b/ui/js/src/kimchi.main.js
>> index 184029d..2a8f461 100644
>> --- a/ui/js/src/kimchi.main.js
>> +++ b/ui/js/src/kimchi.main.js
>> @@ -227,10 +227,7 @@ kimchi.main = function() {
>> kimchi.previousAjax = ajaxSettings;
>> $(".empty-when-logged-off").empty();
>> $(".remove-when-logged-off").remove();
>> - kimchi.window.open({
>> - url: 'login-window.html',
>> - id: 'login-window-wrapper'
>> - });
>> + document.location.href='login.html';
>> return;
>> }
>> else if((jqXHR['status'] == 0) && ("error"==jqXHR.statusText)) {
>
>
>


-- 
Thanks and best regards!

Sheldon Feng(冯少合)<shaohef at linux.vnet.ibm.com>
IBM Linux Technology Center