Disassembler/Spotter-VM
1
0
Fork 0
Code Issues 78 Pull Requests Actions Packages Projects Releases Wiki Activity

Redirect to login when trying to access setup unauthenticated

Browse Source
This commit is contained in:
Disassembler 2018-10-27 22:20:09 +02:00
parent d2b410efe8
commit 6b38073372
Signed by: Disassembler
GPG Key ID: 524BD33A0EE29499
2 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
basic/srv/vm/mgr/wsgiapp.py
View File

@ -61,7 +61,7 @@ class WSGIApp(object):
def get_url_map(self, session): def get_url_map(self, session):
rules = [ rules = [
Rule('/', endpoint='portal_view'), Rule('/', endpoint='portal_view'),
Rule('/login', methods=['GET'], endpoint='login_view'), Rule('/login', methods=['GET'], endpoint='login_view', defaults={'redirect': '/'}),
Rule('/login', methods=['POST'], endpoint='login_action'), Rule('/login', methods=['POST'], endpoint='login_action'),
Rule('/logout', endpoint='logout_action') Rule('/logout', endpoint='logout_action')
] ]
@ -87,6 +87,11 @@ class WSGIApp(object):
Rule('/shutdown-vm', endpoint='shutdown_vm_action'), Rule('/shutdown-vm', endpoint='shutdown_vm_action'),
Rule('/reboot-vm', endpoint='reboot_vm_action'), Rule('/reboot-vm', endpoint='reboot_vm_action'),
] ]
else:
rules += [
Rule('/setup-host', endpoint='login_view', defaults={'redirect': '/setup-host'}),
Rule('/setup-apps', endpoint='login_view', defaults={'redirect': '/setup-apps'}),
]
return Map(rules) return Map(rules)
def render_template(self, template_name, request, **context): def render_template(self, template_name, request, **context):
@ -100,14 +105,15 @@ class WSGIApp(object):
def render_json(self, data): def render_json(self, data):
return Response(json.dumps(data), mimetype='application/json') return Response(json.dumps(data), mimetype='application/json')
def login_view(self, request): def login_view(self, request, **kwargs):
return self.render_template('login.html', request) return self.render_template('login.html', request, redirect=kwargs['redirect'])
def login_action(self, request): def login_action(self, request):
password = request.form['password'] password = request.form['password']
redir_url = request.form['redirect']
if tools.adminpwd_verify(password, self.conf['host']['adminpwd']): if tools.adminpwd_verify(password, self.conf['host']['adminpwd']):
request.session['admin'] = True request.session['admin'] = True
return redirect('/') return redirect(redir_url)
else: else:
return self.render_template('login.html', request, message=request.session.lang.bad_password()) return self.render_template('login.html', request, message=request.session.lang.bad_password())

6
basic/srv/vm/templates/login.html
View File

@ -14,10 +14,8 @@
<td><input type="password" name="password"></td> <td><input type="password" name="password"></td>
</tr> </tr>
<tr> <tr>
<td>&nbsp;</td> <td><input type="hidden" name="redirect" value="{{ redirect }}"></td>
<td> <td><input type="submit" value="Přihlásit"></td>
<input type="submit" value="Přihlásit">
</td>
</tr> </tr>
</table> </table>
{% if message is defined %} {% if message is defined %}