Show More
@@ -719,6 +719,14 b' def set_available_permissions(config):' | |||||
719 | #============================================================================== |
|
719 | #============================================================================== | |
720 | # CHECK DECORATORS |
|
720 | # CHECK DECORATORS | |
721 | #============================================================================== |
|
721 | #============================================================================== | |
|
722 | ||||
|
723 | def redirect_to_login(message=None): | |||
|
724 | from kallithea.lib import helpers as h | |||
|
725 | p = url.current() | |||
|
726 | h.flash(h.literal(message), category='warning') | |||
|
727 | log.debug('Redirecting to login page, origin: %s' % p) | |||
|
728 | return redirect(url('login_home', came_from=p)) | |||
|
729 | ||||
722 | class LoginRequired(object): |
|
730 | class LoginRequired(object): | |
723 | """ |
|
731 | """ | |
724 | Must be logged in to execute this function else |
|
732 | Must be logged in to execute this function else | |
@@ -738,14 +746,11 b' class LoginRequired(object):' | |||||
738 | cls = fargs[0] |
|
746 | cls = fargs[0] | |
739 | user = cls.authuser |
|
747 | user = cls.authuser | |
740 | loc = "%s:%s" % (cls.__class__.__name__, func.__name__) |
|
748 | loc = "%s:%s" % (cls.__class__.__name__, func.__name__) | |
|
749 | log.debug('Checking access for user %s @ %s' % (user, loc)) | |||
741 |
|
750 | |||
742 | # check if our IP is allowed |
|
751 | # check if our IP is allowed | |
743 | ip_access_valid = True |
|
|||
744 | if not user.ip_allowed: |
|
752 | if not user.ip_allowed: | |
745 | from kallithea.lib import helpers as h |
|
753 | return redirect_to_login(_('IP %s not allowed' % (user.ip_addr))) | |
746 | h.flash(h.literal(_('IP %s not allowed' % (user.ip_addr))), |
|
|||
747 | category='warning') |
|
|||
748 | ip_access_valid = False |
|
|||
749 |
|
754 | |||
750 | # check if we used an APIKEY and it's a valid one |
|
755 | # check if we used an APIKEY and it's a valid one | |
751 | # defined whitelist of controllers which API access will be enabled |
|
756 | # defined whitelist of controllers which API access will be enabled | |
@@ -775,21 +780,17 b' class LoginRequired(object):' | |||||
775 | log.debug('Checking if %s is authenticated @ %s' % (user.username, loc)) |
|
780 | log.debug('Checking if %s is authenticated @ %s' % (user.username, loc)) | |
776 | reason = 'RegularAuth' if user.is_authenticated else 'APIAuth' |
|
781 | reason = 'RegularAuth' if user.is_authenticated else 'APIAuth' | |
777 |
|
782 | |||
778 |
if |
|
783 | if user.is_authenticated or api_access_valid: | |
779 | log.info('user %s authenticating with:%s IS authenticated on func %s ' |
|
784 | log.info('user %s authenticating with:%s IS authenticated on func %s ' | |
780 | % (user, reason, loc) |
|
785 | % (user, reason, loc) | |
781 | ) |
|
786 | ) | |
782 | return func(*fargs, **fkwargs) |
|
787 | return func(*fargs, **fkwargs) | |
783 | else: |
|
788 | else: | |
784 | log.warning('user %s authenticating with:%s NOT authenticated on func: %s: ' |
|
789 | log.warning('user %s authenticating with:%s NOT authenticated on func: %s: ' | |
785 |
' |
|
790 | 'API_ACCESS:%s' | |
786 |
% (user, reason, loc, |
|
791 | % (user, reason, loc, api_access_valid) | |
787 | ) |
|
792 | ) | |
788 | p = url.current() |
|
793 | return redirect_to_login() | |
789 |
|
||||
790 | log.debug('redirecting to login page with %s' % p) |
|
|||
791 | return redirect(url('login_home', came_from=p)) |
|
|||
792 |
|
||||
793 |
|
794 | |||
794 | class NotAnonymous(object): |
|
795 | class NotAnonymous(object): | |
795 | """ |
|
796 | """ | |
@@ -808,13 +809,8 b' class NotAnonymous(object):' | |||||
808 | anonymous = self.user.username == User.DEFAULT_USER |
|
809 | anonymous = self.user.username == User.DEFAULT_USER | |
809 |
|
810 | |||
810 | if anonymous: |
|
811 | if anonymous: | |
811 | p = url.current() |
|
812 | return redirect_to_login(_('You need to be a registered user to ' | |
812 |
|
813 | 'perform this action')) | ||
813 | import kallithea.lib.helpers as h |
|
|||
814 | h.flash(_('You need to be a registered user to ' |
|
|||
815 | 'perform this action'), |
|
|||
816 | category='warning') |
|
|||
817 | return redirect(url('login_home', came_from=p)) |
|
|||
818 | else: |
|
814 | else: | |
819 | return func(*fargs, **fkwargs) |
|
815 | return func(*fargs, **fkwargs) | |
820 |
|
816 | |||
@@ -845,14 +841,7 b' class PermsDecorator(object):' | |||||
845 | anonymous = self.user.username == User.DEFAULT_USER |
|
841 | anonymous = self.user.username == User.DEFAULT_USER | |
846 |
|
842 | |||
847 | if anonymous: |
|
843 | if anonymous: | |
848 | p = url.current() |
|
844 | return redirect_to_login(_('You need to be signed in to view this page')) | |
849 |
|
||||
850 | import kallithea.lib.helpers as h |
|
|||
851 | h.flash(_('You need to be signed in to ' |
|
|||
852 | 'view this page'), |
|
|||
853 | category='warning') |
|
|||
854 | return redirect(url('login_home', came_from=p)) |
|
|||
855 |
|
||||
856 | else: |
|
845 | else: | |
857 | # redirect with forbidden ret code |
|
846 | # redirect with forbidden ret code | |
858 | return abort(403) |
|
847 | return abort(403) |
General Comments 0
You need to be logged in to leave comments.
Login now