Changeset 2397 for package_branches/invirt-web/cherrypy/code/view.py

Timestamp:

Aug 9, 2009, 6:45:27 PM (15 years ago)

Author:

quentin

Message:

Get login information from Apache, if available

File:

• package_branches/invirt-web/cherrypy/code/view.py (modified) (2 diffs)

package_branches/invirt-web/cherrypy/code/view.py

@@ -6 +6 @@
 import simplejson
 import datetime, decimal
+from invirt.config import structs as config
 
 class MakoHandler(cherrypy.dispatch.LateParamPageHandler):
@@ -77 +78 @@
             "You are not authorized to access that resource")
 
-cherrypy.tools.require_login = cherrypy.Tool('on_start_resource', require_login)
+cherrypy.tools.require_login = cherrypy.Tool('on_start_resource', require_login, priority=150)
+
+def remote_user_login():
+    """Get the current user based on the SSL or GSSAPI environment variables"""
+    environ = cherrypy.request.wsgi_environ
+    user = environ.get('REMOTE_USER')
+    if user is None:
+        return
+    else:
+        cherrypy.request.login = None # clear what cherrypy put there
+
+    if environ.get('AUTH_TYPE') == 'Negotiate':
+        # Convert the krb5 principal into a krb4 username
+        if not user.endswith('@%s' % config.kerberos.realm):
+            cherrypy.request.login = False # failed to login
+        else:
+            cherrypy.request.login = user.split('@')[0].replace('/', '.')
+    else:
+        cherrypy.request.login = user
+
+cherrypy.tools.remote_user_login = cherrypy.Tool('on_start_resource', remote_user_login, priority=50)
 
 class View(object):