|
1 | | -# $Id: client.py,v 1.201 2004-11-18 14:05:35 a1s Exp $ |
| 1 | +# $Id: client.py,v 1.202 2004-11-18 16:21:07 a1s Exp $ |
2 | 2 |
|
3 | 3 | """WWW request handler (also used in the stand-alone server). |
4 | 4 | """ |
5 | 5 | __docformat__ = 'restructuredtext' |
6 | 6 |
|
7 | | -import os, os.path, cgi, StringIO, urlparse, re, traceback, mimetypes, urllib |
8 | | -import binascii, Cookie, time, random, stat, rfc822 |
9 | | -import codecs |
10 | | - |
| 7 | +import base64, binascii, cgi, codecs, mimetypes, os |
| 8 | +import random, re, rfc822, stat, time, urllib, urlparse |
| 9 | +import Cookie |
11 | 10 |
|
12 | 11 | from roundup import roundupdb, date, hyperdb, password |
13 | 12 | from roundup.cgi import templating, cgitb, TranslationService |
@@ -151,6 +150,9 @@ def __init__(self, instance, request, env, form=None, translator=None): |
151 | 150 | # parse cookies (used in charset and session lookups) |
152 | 151 | self.cookie = Cookie.SimpleCookie(self.env.get('HTTP_COOKIE', '')) |
153 | 152 |
|
| 153 | + self.user = None |
| 154 | + self.userid = None |
| 155 | + |
154 | 156 | def setTranslator(self, translator=None): |
155 | 157 | """Replace the translation engine |
156 | 158 |
|
@@ -294,7 +296,7 @@ def clean_sessions(self): |
294 | 296 | last_clean = sessions.get('last_clean', 'last_use', 0) |
295 | 297 |
|
296 | 298 | # time to clean? |
297 | | - week = 60*60*24*7 |
| 299 | + #week = 60*60*24*7 |
298 | 300 | hour = 60*60 |
299 | 301 | now = time.time() |
300 | 302 | if now - last_clean < hour: |
@@ -376,6 +378,25 @@ def determine_user(self): |
376 | 378 | else: |
377 | 379 | user = 'anonymous' |
378 | 380 |
|
| 381 | + # try handling Basic Auth ourselves |
| 382 | + if (user == 'anonymous') and self.env['HTTP_AUTHORIZATION']: |
| 383 | + scheme, challenge = self.env['HTTP_AUTHORIZATION'].split(' ', 1) |
| 384 | + if scheme.lower() == 'basic': |
| 385 | + try: |
| 386 | + decoded = base64.decodestring(challenge) |
| 387 | + except TypeError: |
| 388 | + # invalid challenge |
| 389 | + pass |
| 390 | + username, password = decoded.split(':') |
| 391 | + try: |
| 392 | + LoginAction(self).verifyLogin(username, password) |
| 393 | + except LoginError, err: |
| 394 | + self.make_user_anonymous() |
| 395 | + self.response_code = 403 |
| 396 | + raise Unauthorised, err |
| 397 | + |
| 398 | + user = username |
| 399 | + |
379 | 400 | # look up the user session cookie (may override the REMOTE_USER) |
380 | 401 | cookie = self.cookie |
381 | 402 | if (cookie.has_key(self.cookie_name) and |
|
0 commit comments