diff options
author | Felix Hammerl <fhammerl@thoughtworks.com> | 2016-07-04 14:43:48 +0200 |
---|---|---|
committer | Felix Hammerl <fhammerl@thoughtworks.com> | 2016-07-04 14:43:48 +0200 |
commit | f2720ebbc4c860dcb7d5a3e5a1126a14f207b35c (patch) | |
tree | 0d81f5c211ecce76b2276432e225453bff59e08a /service/pixelated | |
parent | 1b024b04a7e007b097853656dc5f7a54c5d4f53b (diff) |
Issue #738: Bypass cookie validation for sandbox
Diffstat (limited to 'service/pixelated')
-rw-r--r-- | service/pixelated/resources/auth.py | 43 |
1 files changed, 23 insertions, 20 deletions
diff --git a/service/pixelated/resources/auth.py b/service/pixelated/resources/auth.py index 5aedad3a..1e6e293c 100644 --- a/service/pixelated/resources/auth.py +++ b/service/pixelated/resources/auth.py @@ -15,6 +15,7 @@ # along with Pixelated. If not, see <http://www.gnu.org/licenses/>. import logging +import re from leap.auth import SRPAuth from leap.exceptions import SRPAuthenticationError @@ -123,26 +124,28 @@ class PixelatedAuthSessionWrapper(object): def _authorizedResource(self, request): creds = SessionCredential(request) - return util.DeferredResource(self._login(creds)) + return util.DeferredResource(self._login(creds, request)) + + def _login(self, credentials, request): + pattern = re.compile("^/sandbox/") + + def loginSucceeded(args): + interface, avatar, logout = args + if avatar == checkers.ANONYMOUS and not pattern.match(request.path): + return self._anonymous_resource + else: + return self._root_resource + + def loginFailed(result): + if result.check(error.Unauthorized, error.LoginFailed): + return UnauthorizedResource(self._credentialFactories) + else: + log.err( + result, + "HTTPAuthSessionWrapper.getChildWithDefault encountered " + "unexpected error") + return ErrorPage(500, None, None) - def _login(self, credentials): d = self._portal.login(credentials, None, IResource) - d.addCallbacks(self._loginSucceeded, self._loginFailed) + d.addCallbacks(loginSucceeded, loginFailed) return d - - def _loginSucceeded(self, args): - interface, avatar, logout = args - if avatar == checkers.ANONYMOUS: - return self._anonymous_resource - else: - return self._root_resource - - def _loginFailed(self, result): - if result.check(error.Unauthorized, error.LoginFailed): - return UnauthorizedResource(self._credentialFactories) - else: - log.err( - result, - "HTTPAuthSessionWrapper.getChildWithDefault encountered " - "unexpected error") - return ErrorPage(500, None, None) |