Changeset 2397


Ignore:
Timestamp:
Aug 9, 2009, 6:45:27 PM (15 years ago)
Author:
quentin
Message:

Get login information from Apache, if available

Location:
package_branches/invirt-web/cherrypy/code
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • package_branches/invirt-web/cherrypy/code/main.conf

    r2388 r2397  
    44engine.auto_reload = False
    55tools.mako.module_directory = "/tmp/invirt-web-templatecache"
     6tools.remote_user_login.on = True
    67
    78engine.SIGHUP = None
  • package_branches/invirt-web/cherrypy/code/main.py

    r2396 r2397  
    691691    return templates.error(searchList=[d])
    692692
    693 def getUser(environ):
    694     """Return the current user based on the SSL environment variables"""
    695     user = environ.get('REMOTE_USER')
    696     if user is None:
    697         return
    698    
    699     if environ.get('AUTH_TYPE') == 'Negotiate':
    700         # Convert the krb5 principal into a krb4 username
    701         if not user.endswith('@%s' % config.kerberos.realm):
    702             return
    703         else:
    704             return user.split('@')[0].replace('/', '.')
    705     else:
    706         return user
    707 
    708693def handler(username, state, path, fields):
    709694    operation, path = pathSplit(path)
  • package_branches/invirt-web/cherrypy/code/view.py

    r2391 r2397  
    66import simplejson
    77import datetime, decimal
     8from invirt.config import structs as config
    89
    910class MakoHandler(cherrypy.dispatch.LateParamPageHandler):
     
    7778            "You are not authorized to access that resource")
    7879
    79 cherrypy.tools.require_login = cherrypy.Tool('on_start_resource', require_login)
     80cherrypy.tools.require_login = cherrypy.Tool('on_start_resource', require_login, priority=150)
     81
     82def remote_user_login():
     83    """Get the current user based on the SSL or GSSAPI environment variables"""
     84    environ = cherrypy.request.wsgi_environ
     85    user = environ.get('REMOTE_USER')
     86    if user is None:
     87        return
     88    else:
     89        cherrypy.request.login = None # clear what cherrypy put there
     90
     91    if environ.get('AUTH_TYPE') == 'Negotiate':
     92        # Convert the krb5 principal into a krb4 username
     93        if not user.endswith('@%s' % config.kerberos.realm):
     94            cherrypy.request.login = False # failed to login
     95        else:
     96            cherrypy.request.login = user.split('@')[0].replace('/', '.')
     97    else:
     98        cherrypy.request.login = user
     99
     100cherrypy.tools.remote_user_login = cherrypy.Tool('on_start_resource', remote_user_login, priority=50)
    80101
    81102class View(object):
Note: See TracChangeset for help on using the changeset viewer.