diff options
author | Kali Kaneko <kali@leap.se> | 2017-02-14 23:40:29 +0100 |
---|---|---|
committer | Kali Kaneko <kali@leap.se> | 2017-02-15 01:20:57 +0100 |
commit | ccb280703ba851265702b8a92cdedb294cc93608 (patch) | |
tree | a2fc6844b3f10707a4c04f073b3711cc7c24fed0 /server/src/leap/soledad/server/session.py | |
parent | ed85f545a9965eb637c1544b3973e3d68e5a602c (diff) |
[feature] authenticate as anonymous if no token in header
and serve / banner and robots to anon users.
instead of returning 401 for all cases, I treat the unauthenticated case
as a special case, and switch the service tree apart.
this allows to serve a different resource tree to unauthenticated users.
the new URLs are registered with the mapper.
I don't really like that dependency, could be handled by twisted alone, but meh.
- Resolves: #8764
Diffstat (limited to 'server/src/leap/soledad/server/session.py')
-rw-r--r-- | server/src/leap/soledad/server/session.py | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/server/src/leap/soledad/server/session.py b/server/src/leap/soledad/server/session.py index a2793bd3..70e4a35b 100644 --- a/server/src/leap/soledad/server/session.py +++ b/server/src/leap/soledad/server/session.py @@ -19,8 +19,9 @@ Twisted resource containing an authenticated Soledad session. """ from zope.interface import implementer +from twisted.cred.credentials import Anonymous from twisted.cred import error -from twisted.python import log +from twisted.logger import Logger from twisted.web import util from twisted.web._auth import wrapper from twisted.web.guard import HTTPAuthSessionWrapper @@ -32,6 +33,9 @@ from leap.soledad.server.auth import credentialFactory from leap.soledad.server.url_mapper import URLMapper +log = Logger() + + @implementer(IResource) class UnauthorizedResource(wrapper.UnauthorizedResource): isLeaf = True @@ -80,7 +84,7 @@ class SoledadSession(HTTPAuthSessionWrapper): # get authorization header or fail header = request.getHeader(b'authorization') if not header: - return UnauthorizedResource() + return util.DeferredResource(self._login(Anonymous())) # parse the authorization header auth_data = self._parseHeader(header) |