[Kimchi-devel] [PATCH V4 2/5] redirect the URL to login page when session timeout or first login

shaohef at linux.vnet.ibm.com shaohef at linux.vnet.ibm.com
Wed Jun 11 16:24:34 UTC 2014


From: ShaoHe Feng <shaohef at linux.vnet.ibm.com>

If the content type is application/json still raise 401 status code.
And let UI redirect to login page.

or the backe redirects to login page directly.

enable kimchi-ui.html authentication protected.
and update the test case

Signed-off-by: ShaoHe Feng <shaohef at linux.vnet.ibm.com>
Signed-off-by: Yu Xin Huo <huoyuxin at linux.vnet.ibm.com>
---
 src/kimchi/auth.py       | 11 +++++++++++
 src/kimchi/config.py.in  |  3 +++
 src/kimchi/root.py       | 28 +++++++++++++++++++---------
 tests/test_rest.py       |  1 -
 ui/js/src/kimchi.main.js |  5 +----
 5 files changed, 34 insertions(+), 14 deletions(-)

diff --git a/src/kimchi/auth.py b/src/kimchi/auth.py
index dc78ded..a38dbd3 100644
--- a/src/kimchi/auth.py
+++ b/src/kimchi/auth.py
@@ -28,6 +28,7 @@
 import re
 import termios
 import time
+import urllib2
 
 
 from kimchi import template
@@ -41,6 +42,12 @@
 REFRESH = 'robot-refresh'
 
 
+def redirect_login():
+    next_url = urllib2.quote(
+        cherrypy.request.path_info.encode('utf-8'), safe="")
+    raise cherrypy.HTTPRedirect("/login.html?next=%s" % next_url, 303)
+
+
 def debug(msg):
     pass
     # cherrypy.log.error(msg)
@@ -234,6 +241,10 @@ def kimchiauth(admin_methods=None):
             raise cherrypy.HTTPError(403)
         return
 
+    # not a REST full request, redirect login page directly
+    if not template.can_accept('application/json'):
+        redirect_login()
+
     if not from_browser():
         cherrypy.response.headers['WWW-Authenticate'] = 'Basic realm=kimchi'
 
diff --git a/src/kimchi/config.py.in b/src/kimchi/config.py.in
index 0206570..d4cbda0 100644
--- a/src/kimchi/config.py.in
+++ b/src/kimchi/config.py.in
@@ -187,6 +187,9 @@ class KimchiConfig(dict):
         '/spice.html': {
             'tools.kimchiauth.on': True
         },
+       '/kimchi-ui.html': {
+            'tools.kimchiauth.on': True
+        },
         '/data/screenshots': {
             'tools.staticdir.on': True,
             'tools.staticdir.dir': get_screenshot_path(),
diff --git a/src/kimchi/root.py b/src/kimchi/root.py
index 8b1d09b..181ab13 100644
--- a/src/kimchi/root.py
+++ b/src/kimchi/root.py
@@ -81,7 +81,7 @@ def get(self):
     @cherrypy.expose
     def default(self, page, **kwargs):
         if page.endswith('.html'):
-            return template.render(page, None)
+            return template.render(page, kwargs)
         raise cherrypy.HTTPError(404)
 
     @cherrypy.expose
@@ -110,14 +110,24 @@ def __init__(self, model, dev_env):
         self.messages = messages
 
     @cherrypy.expose
-    def login(self, *args):
-        params = parse_request()
-        try:
-            username = params['username']
-            password = params['password']
-        except KeyError, item:
-            e = MissingParameter('KCHAUTH0003E', {'item': str(item)})
-            raise cherrypy.HTTPError(400, e.message)
+    def login(self, *args, **kwargs):
+        username = kwargs.get('username')
+        password = kwargs.get('password')
+        # forms base authentication
+        if username is not None:
+            # UI can pass the redirect url by "next" query parameter
+            next_url = kwargs.get('next', "/")
+            next_url = type(next_url) is list and next_url[0]
+            auth.login(username, password)
+            raise cherrypy.HTTPRedirect(next_url, 303)
+        else:
+            try:
+                params = parse_request()
+                username = params['username']
+                password = params['password']
+            except KeyError, item:
+                e = MissingParameter('KCHAUTH0003E', {'item': str(item)})
+                raise cherrypy.HTTPError(400, e.message)
 
         try:
             user_info = auth.login(username, password)
diff --git a/tests/test_rest.py b/tests/test_rest.py
index 7ed94cb..18ba66e 100644
--- a/tests/test_rest.py
+++ b/tests/test_rest.py
@@ -1431,7 +1431,6 @@ def test_auth_unprotected(self):
                 '/css/theme-default.min.css',
                 '/libs/jquery-1.10.0.min.js',
                 '/images/icon-vm.png',
-                '/kimchi-ui.html',
                 '/login-window.html',
                 '/logout']
         for uri in uris:
diff --git a/ui/js/src/kimchi.main.js b/ui/js/src/kimchi.main.js
index 184029d..2a8f461 100644
--- a/ui/js/src/kimchi.main.js
+++ b/ui/js/src/kimchi.main.js
@@ -227,10 +227,7 @@ kimchi.main = function() {
                 kimchi.previousAjax = ajaxSettings;
                 $(".empty-when-logged-off").empty();
                 $(".remove-when-logged-off").remove();
-                kimchi.window.open({
-                    url: 'login-window.html',
-                    id: 'login-window-wrapper'
-                });
+                document.location.href='login.html';
                 return;
             }
             else if((jqXHR['status'] == 0) && ("error"==jqXHR.statusText)) {
-- 
1.9.3




More information about the Kimchi-devel mailing list