summaryrefslogtreecommitdiff
path: root/service
diff options
context:
space:
mode:
authorFelix Hammerl <fhammerl@thoughtworks.com>2016-07-04 14:43:48 +0200
committerFelix Hammerl <fhammerl@thoughtworks.com>2016-07-04 14:43:48 +0200
commitf2720ebbc4c860dcb7d5a3e5a1126a14f207b35c (patch)
tree0d81f5c211ecce76b2276432e225453bff59e08a /service
parent1b024b04a7e007b097853656dc5f7a54c5d4f53b (diff)
Issue #738: Bypass cookie validation for sandbox
Diffstat (limited to 'service')
-rw-r--r--service/pixelated/resources/auth.py43
-rw-r--r--service/test/support/test_helper.py1
2 files changed, 24 insertions, 20 deletions
diff --git a/service/pixelated/resources/auth.py b/service/pixelated/resources/auth.py
index 5aedad3a..1e6e293c 100644
--- a/service/pixelated/resources/auth.py
+++ b/service/pixelated/resources/auth.py
@@ -15,6 +15,7 @@
# along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
import logging
+import re
from leap.auth import SRPAuth
from leap.exceptions import SRPAuthenticationError
@@ -123,26 +124,28 @@ class PixelatedAuthSessionWrapper(object):
def _authorizedResource(self, request):
creds = SessionCredential(request)
- return util.DeferredResource(self._login(creds))
+ return util.DeferredResource(self._login(creds, request))
+
+ def _login(self, credentials, request):
+ pattern = re.compile("^/sandbox/")
+
+ def loginSucceeded(args):
+ interface, avatar, logout = args
+ if avatar == checkers.ANONYMOUS and not pattern.match(request.path):
+ return self._anonymous_resource
+ else:
+ return self._root_resource
+
+ def loginFailed(result):
+ if result.check(error.Unauthorized, error.LoginFailed):
+ return UnauthorizedResource(self._credentialFactories)
+ else:
+ log.err(
+ result,
+ "HTTPAuthSessionWrapper.getChildWithDefault encountered "
+ "unexpected error")
+ return ErrorPage(500, None, None)
- def _login(self, credentials):
d = self._portal.login(credentials, None, IResource)
- d.addCallbacks(self._loginSucceeded, self._loginFailed)
+ d.addCallbacks(loginSucceeded, loginFailed)
return d
-
- def _loginSucceeded(self, args):
- interface, avatar, logout = args
- if avatar == checkers.ANONYMOUS:
- return self._anonymous_resource
- else:
- return self._root_resource
-
- def _loginFailed(self, result):
- if result.check(error.Unauthorized, error.LoginFailed):
- return UnauthorizedResource(self._credentialFactories)
- else:
- log.err(
- result,
- "HTTPAuthSessionWrapper.getChildWithDefault encountered "
- "unexpected error")
- return ErrorPage(500, None, None)
diff --git a/service/test/support/test_helper.py b/service/test/support/test_helper.py
index b78da4cd..3323a14e 100644
--- a/service/test/support/test_helper.py
+++ b/service/test/support/test_helper.py
@@ -100,6 +100,7 @@ class TestRequest:
class PixRequestMock(DummyRequest):
def __init__(self, path):
DummyRequest.__init__(self, path)
+ self.path = "/".join(path)
self.content = None
self.code = None
self.cookies = {}