Show More
| @@ -719,6 +719,14 b' def set_available_permissions(config):' | |||||
| 719 | #============================================================================== |
|
719 | #============================================================================== | |
| 720 | # CHECK DECORATORS |
|
720 | # CHECK DECORATORS | |
| 721 | #============================================================================== |
|
721 | #============================================================================== | |
|
|
722 | ||||
|
|
723 | def redirect_to_login(message=None): | |||
|
|
724 | from kallithea.lib import helpers as h | |||
|
|
725 | p = url.current() | |||
|
|
726 | h.flash(h.literal(message), category='warning') | |||
|
|
727 | log.debug('Redirecting to login page, origin: %s' % p) | |||
|
|
728 | return redirect(url('login_home', came_from=p)) | |||
|
|
729 | ||||
| 722 | class LoginRequired(object): |
|
730 | class LoginRequired(object): | |
| 723 | """ |
|
731 | """ | |
| 724 | Must be logged in to execute this function else |
|
732 | Must be logged in to execute this function else | |
| @@ -738,14 +746,11 b' class LoginRequired(object):' | |||||
| 738 | cls = fargs[0] |
|
746 | cls = fargs[0] | |
| 739 | user = cls.authuser |
|
747 | user = cls.authuser | |
| 740 | loc = "%s:%s" % (cls.__class__.__name__, func.__name__) |
|
748 | loc = "%s:%s" % (cls.__class__.__name__, func.__name__) | |
|
|
749 | log.debug('Checking access for user %s @ %s' % (user, loc)) | |||
| 741 |
|
750 | |||
| 742 | # check if our IP is allowed |
|
751 | # check if our IP is allowed | |
| 743 | ip_access_valid = True |
|
|||
| 744 | if not user.ip_allowed: |
|
752 | if not user.ip_allowed: | |
| 745 | from kallithea.lib import helpers as h |
|
753 | return redirect_to_login(_('IP %s not allowed' % (user.ip_addr))) | |
| 746 | h.flash(h.literal(_('IP %s not allowed' % (user.ip_addr))), |
|
|||
| 747 | category='warning') |
|
|||
| 748 | ip_access_valid = False |
|
|||
| 749 |
|
754 | |||
| 750 | # check if we used an APIKEY and it's a valid one |
|
755 | # check if we used an APIKEY and it's a valid one | |
| 751 | # defined whitelist of controllers which API access will be enabled |
|
756 | # defined whitelist of controllers which API access will be enabled | |
| @@ -775,21 +780,17 b' class LoginRequired(object):' | |||||
| 775 | log.debug('Checking if %s is authenticated @ %s' % (user.username, loc)) |
|
780 | log.debug('Checking if %s is authenticated @ %s' % (user.username, loc)) | |
| 776 | reason = 'RegularAuth' if user.is_authenticated else 'APIAuth' |
|
781 | reason = 'RegularAuth' if user.is_authenticated else 'APIAuth' | |
| 777 |
|
782 | |||
| 778 |
if |
|
783 | if user.is_authenticated or api_access_valid: | |
| 779 | log.info('user %s authenticating with:%s IS authenticated on func %s ' |
|
784 | log.info('user %s authenticating with:%s IS authenticated on func %s ' | |
| 780 | % (user, reason, loc) |
|
785 | % (user, reason, loc) | |
| 781 | ) |
|
786 | ) | |
| 782 | return func(*fargs, **fkwargs) |
|
787 | return func(*fargs, **fkwargs) | |
| 783 | else: |
|
788 | else: | |
| 784 | log.warning('user %s authenticating with:%s NOT authenticated on func: %s: ' |
|
789 | log.warning('user %s authenticating with:%s NOT authenticated on func: %s: ' | |
| 785 |
' |
|
790 | 'API_ACCESS:%s' | |
| 786 |
% (user, reason, loc, |
|
791 | % (user, reason, loc, api_access_valid) | |
| 787 | ) |
|
792 | ) | |
| 788 | p = url.current() |
|
793 | return redirect_to_login() | |
| 789 |
|
||||
| 790 | log.debug('redirecting to login page with %s' % p) |
|
|||
| 791 | return redirect(url('login_home', came_from=p)) |
|
|||
| 792 |
|
||||
| 793 |
|
794 | |||
| 794 | class NotAnonymous(object): |
|
795 | class NotAnonymous(object): | |
| 795 | """ |
|
796 | """ | |
| @@ -808,13 +809,8 b' class NotAnonymous(object):' | |||||
| 808 | anonymous = self.user.username == User.DEFAULT_USER |
|
809 | anonymous = self.user.username == User.DEFAULT_USER | |
| 809 |
|
810 | |||
| 810 | if anonymous: |
|
811 | if anonymous: | |
| 811 | p = url.current() |
|
812 | return redirect_to_login(_('You need to be a registered user to ' | |
| 812 |
|
813 | 'perform this action')) | ||
| 813 | import kallithea.lib.helpers as h |
|
|||
| 814 | h.flash(_('You need to be a registered user to ' |
|
|||
| 815 | 'perform this action'), |
|
|||
| 816 | category='warning') |
|
|||
| 817 | return redirect(url('login_home', came_from=p)) |
|
|||
| 818 | else: |
|
814 | else: | |
| 819 | return func(*fargs, **fkwargs) |
|
815 | return func(*fargs, **fkwargs) | |
| 820 |
|
816 | |||
| @@ -845,14 +841,7 b' class PermsDecorator(object):' | |||||
| 845 | anonymous = self.user.username == User.DEFAULT_USER |
|
841 | anonymous = self.user.username == User.DEFAULT_USER | |
| 846 |
|
842 | |||
| 847 | if anonymous: |
|
843 | if anonymous: | |
| 848 | p = url.current() |
|
844 | return redirect_to_login(_('You need to be signed in to view this page')) | |
| 849 |
|
||||
| 850 | import kallithea.lib.helpers as h |
|
|||
| 851 | h.flash(_('You need to be signed in to ' |
|
|||
| 852 | 'view this page'), |
|
|||
| 853 | category='warning') |
|
|||
| 854 | return redirect(url('login_home', came_from=p)) |
|
|||
| 855 |
|
||||
| 856 | else: |
|
845 | else: | |
| 857 | # redirect with forbidden ret code |
|
846 | # redirect with forbidden ret code | |
| 858 | return abort(403) |
|
847 | return abort(403) | |
General Comments 0
You need to be logged in to leave comments.
Login now