The protect decorator was not really being used for anything, remove it.
Change the way UserSession's remote_login() works.
If called now it either sets a REMOTE_USER (if found) or nukes the current
user data in the session.
This means this function can be safely called only in a login plugin now.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
for option in admin_config:
cherrypy.config[option] = admin_config[option]
-cherrypy.tools.protect = cherrypy.Tool('before_handler', page.protect)
-
templates = os.path.join(cherrypy.config['base.dir'], 'templates')
template_env = Environment(loader=FileSystemLoader(templates))
return check
-def protect():
- UserSession().remote_login()
-
-
class Page(object):
def __init__(self, site, form=False):
if 'template_env' not in site:
def remote_login(self):
if cherrypy.request.login:
- return self.login(cherrypy.request.login)
+ self.login(cherrypy.request.login)
+ else:
+ self.nuke_data('user')
def login(self, username):
if self.user == username:
# REMOTE_USER changed, replace user
self.nuke_data('user')
self.save_data('user', 'name', username)
+ self.user = username
- cherrypy.log('LOGIN SUCCESSFUL: %s', username)
+ cherrypy.log('LOGIN SUCCESSFUL: %s' % username)
def logout(self, user):
if user is not None:
tools.sessions.timeout = 60
tools.sessions.httponly = ${secure}
tools.sessions.secure = ${secure}
-tools.protect.on = True