Redirect to login when trying to access setup unauthenticated

2018-10-27 22:20:09 +02:00 · 2018-10-27 22:20:09 +02:00 · 6b38073372
commit 6b38073372
parent d2b410efe8
2 changed files with 12 additions and 8 deletions
--- a/basic/srv/vm/mgr/wsgiapp.py
+++ b/basic/srv/vm/mgr/wsgiapp.py
@ -61,7 +61,7 @@ class WSGIApp(object):
    def get_url_map(self, session):
        rules = [
            Rule('/', endpoint='portal_view'),
-            Rule('/login', methods=['GET'], endpoint='login_view'),
+            Rule('/login', methods=['GET'], endpoint='login_view', defaults={'redirect': '/'}),
            Rule('/login', methods=['POST'], endpoint='login_action'),
            Rule('/logout', endpoint='logout_action')
        ]
@ -87,6 +87,11 @@ class WSGIApp(object):
                Rule('/shutdown-vm', endpoint='shutdown_vm_action'),
                Rule('/reboot-vm', endpoint='reboot_vm_action'),
            ]
+        else:
+            rules += [
+                Rule('/setup-host', endpoint='login_view', defaults={'redirect': '/setup-host'}),
+                Rule('/setup-apps', endpoint='login_view', defaults={'redirect': '/setup-apps'}),
+            ]
        return Map(rules)

    def render_template(self, template_name, request, **context):
@ -100,14 +105,15 @@ class WSGIApp(object):
    def render_json(self, data):
        return Response(json.dumps(data), mimetype='application/json')

-    def login_view(self, request):
-        return self.render_template('login.html', request)
+    def login_view(self, request, **kwargs):
+        return self.render_template('login.html', request, redirect=kwargs['redirect'])

    def login_action(self, request):
        password = request.form['password']
+        redir_url = request.form['redirect']
        if tools.adminpwd_verify(password, self.conf['host']['adminpwd']):
            request.session['admin'] = True
-            return redirect('/')
+            return redirect(redir_url)
        else:
            return self.render_template('login.html', request, message=request.session.lang.bad_password())

--- a/basic/srv/vm/templates/login.html
+++ b/basic/srv/vm/templates/login.html
@ -14,10 +14,8 @@
                <td><input type="password" name="password"></td>
            </tr>
            <tr>
-                <td>&nbsp;</td>
-                <td>
-                    <input type="submit" value="Přihlásit">
-                </td>
+                <td><input type="hidden" name="redirect" value="{{ redirect }}"></td>
+                <td><input type="submit" value="Přihlásit"></td>
            </tr>
        </table>
        {% if message is defined %}