Issue #738: Bypass cookie validation for sandbox

author: Felix Hammerl <fhammerl@thoughtworks.com> 2016-07-04 14:43:48 +0200
committer: Felix Hammerl <fhammerl@thoughtworks.com> 2016-07-04 14:43:48 +0200
commit: f2720ebbc4c860dcb7d5a3e5a1126a14f207b35c (patch)
tree: 0d81f5c211ecce76b2276432e225453bff59e08a /service
parent: 1b024b04a7e007b097853656dc5f7a54c5d4f53b (diff)
2 files changed, 24 insertions, 20 deletions
diff --git a/service/pixelated/resources/auth.py b/service/pixelated/resources/auth.py
index 5aedad3a..1e6e293c 100644
--- a/service/pixelated/resources/auth.py
+++ b/service/pixelated/resources/auth.py
@@ -15,6 +15,7 @@
 # along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
 
 import logging
+import re
 
 from leap.auth import SRPAuth
 from leap.exceptions import SRPAuthenticationError
@@ -123,26 +124,28 @@ class PixelatedAuthSessionWrapper(object):
 
     def _authorizedResource(self, request):
         creds = SessionCredential(request)
-        return util.DeferredResource(self._login(creds))
+        return util.DeferredResource(self._login(creds, request))
+
+    def _login(self, credentials, request):
+        pattern = re.compile("^/sandbox/")
+
+        def loginSucceeded(args):
+            interface, avatar, logout = args
+            if avatar == checkers.ANONYMOUS and not pattern.match(request.path):
+                return self._anonymous_resource
+            else:
+                return self._root_resource
+
+        def loginFailed(result):
+            if result.check(error.Unauthorized, error.LoginFailed):
+                return UnauthorizedResource(self._credentialFactories)
+            else:
+                log.err(
+                    result,
+                    "HTTPAuthSessionWrapper.getChildWithDefault encountered "
+                    "unexpected error")
+                return ErrorPage(500, None, None)
 
-    def _login(self, credentials):
         d = self._portal.login(credentials, None, IResource)
-        d.addCallbacks(self._loginSucceeded, self._loginFailed)
+        d.addCallbacks(loginSucceeded, loginFailed)
         return d
-
-    def _loginSucceeded(self, args):
-        interface, avatar, logout = args
-        if avatar == checkers.ANONYMOUS:
-            return self._anonymous_resource
-        else:
-            return self._root_resource
-
-    def _loginFailed(self, result):
-        if result.check(error.Unauthorized, error.LoginFailed):
-            return UnauthorizedResource(self._credentialFactories)
-        else:
-            log.err(
-                result,
-                "HTTPAuthSessionWrapper.getChildWithDefault encountered "
-                "unexpected error")
-            return ErrorPage(500, None, None)
diff --git a/service/test/support/test_helper.py b/service/test/support/test_helper.py
index b78da4cd..3323a14e 100644
--- a/service/test/support/test_helper.py
+++ b/service/test/support/test_helper.py
@@ -100,6 +100,7 @@ class TestRequest:
 class PixRequestMock(DummyRequest):
     def __init__(self, path):
         DummyRequest.__init__(self, path)
+        self.path = "/".join(path)
         self.content = None
         self.code = None
         self.cookies = {}
author	Felix Hammerl <fhammerl@thoughtworks.com>	2016-07-04 14:43:48 +0200
committer	Felix Hammerl <fhammerl@thoughtworks.com>	2016-07-04 14:43:48 +0200
commit	f2720ebbc4c860dcb7d5a3e5a1126a14f207b35c (patch)
tree	0d81f5c211ecce76b2276432e225453bff59e08a /service
parent	1b024b04a7e007b097853656dc5f7a54c5d4f53b (diff)