Rework remote_login and remove protect decorator

The protect decorator was not really being used for anything, remove it.

Change the way UserSession's remote_login() works.
If called now it either sets a REMOTE_USER (if found) or nukes the current
user data in the session.
This means this function can be safely called only in a login plugin now.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>

diff --git a/ipsilon/ipsilon b/ipsilon/ipsilon
index fec19e4..8cabc85 100755 (executable)
--- a/ipsilon/ipsilon
+++ b/ipsilon/ipsilon
@@ -60,8 +60,6 @@ admin_config = datastore.get_admin_config()
 for option in admin_config:
     cherrypy.config[option] = admin_config[option]
 
 for option in admin_config:
     cherrypy.config[option] = admin_config[option]
 

-cherrypy.tools.protect = cherrypy.Tool('before_handler', page.protect)
-

 templates = os.path.join(cherrypy.config['base.dir'], 'templates')
 template_env = Environment(loader=FileSystemLoader(templates))
 
 templates = os.path.join(cherrypy.config['base.dir'], 'templates')
 template_env = Environment(loader=FileSystemLoader(templates))
 

diff --git a/ipsilon/util/page.py b/ipsilon/util/page.py
index ae1f116..e90ec2d 100755 (executable)
--- a/ipsilon/util/page.py
+++ b/ipsilon/util/page.py
@@ -33,10 +33,6 @@ def admin_protect(fn):
     return check
 
 
     return check
 
 

-def protect():
-    UserSession().remote_login()
-
-

 class Page(object):
     def __init__(self, site, form=False):
         if 'template_env' not in site:
 class Page(object):
     def __init__(self, site, form=False):
         if 'template_env' not in site:

diff --git a/ipsilon/util/user.py b/ipsilon/util/user.py
index f47c072..7c53526 100755 (executable)
--- a/ipsilon/util/user.py
+++ b/ipsilon/util/user.py
@@ -111,7 +111,9 @@ class UserSession(object):
 
     def remote_login(self):
         if cherrypy.request.login:
 
     def remote_login(self):
         if cherrypy.request.login:

-            return self.login(cherrypy.request.login)
+            self.login(cherrypy.request.login)
+        else:
+            self.nuke_data('user')

 
     def login(self, username):
         if self.user == username:
 
     def login(self, username):
         if self.user == username:


@@ -120,8 +122,9 @@ class UserSession(object):
         # REMOTE_USER changed, replace user
         self.nuke_data('user')
         self.save_data('user', 'name', username)
         # REMOTE_USER changed, replace user
         self.nuke_data('user')
         self.save_data('user', 'name', username)

+        self.user = username

 
 

-        cherrypy.log('LOGIN SUCCESSFUL: %s', username)
+        cherrypy.log('LOGIN SUCCESSFUL: %s' % username)

 
     def logout(self, user):
         if user is not None:
 
     def logout(self, user):
         if user is not None:

diff --git a/templates/install/ipsilon.conf b/templates/install/ipsilon.conf
index 8ab17d1..bbc4de6 100644 (file)
--- a/templates/install/ipsilon.conf
+++ b/templates/install/ipsilon.conf
@@ -13,4 +13,3 @@ tools.sessions.storage_path = "${datadir}/sessions"
 tools.sessions.timeout = 60
 tools.sessions.httponly = ${secure}
 tools.sessions.secure = ${secure}
 tools.sessions.timeout = 60
 tools.sessions.httponly = ${secure}
 tools.sessions.secure = ${secure}

-tools.protect.on = True