Revision Log

sessionauthenticatefilter.py

Revision 1584 (checked in by lawouach, 2 years ago)	Backport fix to get rid of thread_data. This may need to be documented for applications relying on the value being set. Instead they should now use request.user
Property svn:eol-style set to `native`

Line
1	import cherrypy
2	from basefilter import BaseFilter
3
4
5	def default_login_screen(from_page, login = '', error_msg = ''):
6	return """
7	<html><body>
8	Message: %s
9	<form method="post" action="do_login">
10	Login: <input type="text" name="login" value="%s" size="10"/><br/>
11	Password: <input type="password" name="password" size="10"/><br/>
12	<input type="hidden" name="from_page" value="%s"/><br/>
13	<input type="submit"/>
14	</form>
15	</body></html>
16	""" % (error_msg, login, from_page)
17
18	def default_check_login_and_password(login, password):
19	# Dummy check_login_and_password function
20	if login != 'login' or password != 'password':
21	return u'Wrong login/password'
22
23	class SessionAuthenticateFilter(BaseFilter):
24	"""
25	Filter allows for simple forms based authentication and access control
26	"""
27
28	def before_main(self):
29	cherrypy.request.user = None
30
31	conf = cherrypy.config.get
32	if ((not conf('session_authenticate_filter.on', False))
33	or conf('static_filter.on', False)):
34	return
35
36	check_login_and_password = cherrypy.config.get('session_authenticate_filter.check_login_and_password', default_check_login_and_password)
37	login_screen = cherrypy.config.get('session_authenticate_filter.login_screen', default_login_screen)
38	not_logged_in = cherrypy.config.get('session_authenticate_filter.not_logged_in')
39	load_user_by_username = cherrypy.config.get('session_authenticate_filter.load_user_by_username')
40	session_key = cherrypy.config.get('session_authenticate_filter.session_key', 'username')
41	on_login = cherrypy.config.get('session_authenticate_filter.on_login', None)
42	on_logout = cherrypy.config.get('session_authenticate_filter.on_logout', None)
43
44	if cherrypy.request.path.endswith('login_screen'):
45	return
46	elif cherrypy.request.path.endswith('do_logout'):
47	login = cherrypy.session.get(session_key)
48	cherrypy.session[session_key] = None
49	cherrypy.request.user = None
50	if login and on_logout:
51	on_logout(login)
52	from_page = cherrypy.request.params.get('from_page', '..')
53	raise cherrypy.HTTPRedirect(from_page)
54	elif cherrypy.request.path.endswith('do_login'):
55	from_page = cherrypy.request.params.get('from_page', '..')
56	login = cherrypy.request.params['login']
57	password = cherrypy.request.params['password']
58	error_msg = check_login_and_password(login, password)
59	if error_msg:
60	cherrypy.response.body = login_screen(from_page, login = login, error_msg = error_msg)
61	# Delete Content-Length header so finalize() recalcs it.
62	cherrypy.response.headers.pop("Content-Length", None)
63	cherrypy.request.execute_main = False
64	else:
65	cherrypy.session[session_key] = login
66	if on_login:
67	on_login(login)
68	if not from_page:
69	from_page = '/'
70	raise cherrypy.HTTPRedirect(from_page)
71	return
72
73	# Check if user is logged in
74	temp_user = None
75	if (not cherrypy.session.get(session_key)) and not_logged_in:
76	# Call not_logged_in so that applications where anynymous user
77	# is OK can handle it
78	temp_user = not_logged_in()
79	if (not cherrypy.session.get(session_key)) and not temp_user:
80	cherrypy.response.body = login_screen(cherrypy.request.browser_url)
81	# Delete Content-Length header so finalize() recalcs it.
82	cherrypy.response.headers.pop("Content-Length", None)
83	cherrypy.request.execute_main = False
84	return
85
86	# Everything is OK: user is logged in
87	if load_user_by_username and not cherrypy.request.user:
88	username = temp_user or cherrypy.session[session_key]
89	cherrypy.request.user = load_user_by_username(username)

Note: See TracBrowser for help on using the browser.

root/branches/cherrypy-2.x/cherrypy/filters/sessionauthenticatefilter.py

Download in other formats: