is_authorized returns True when no auth method is set
This commit is contained in:
parent
45afac5353
commit
b4a7ada5f2
@ -46,7 +46,7 @@ except ImportError:
|
|||||||
from urlparse import urlparse
|
from urlparse import urlparse
|
||||||
# pylint: enable=F0401,E0611
|
# pylint: enable=F0401,E0611
|
||||||
|
|
||||||
from radicale import config, ical, log, storage, xmlutils, access
|
from radicale import access, config, ical, log, storage, xmlutils
|
||||||
|
|
||||||
|
|
||||||
VERSION = "git"
|
VERSION = "git"
|
||||||
@ -199,10 +199,7 @@ class Application(object):
|
|||||||
function = getattr(self, environ["REQUEST_METHOD"].lower())
|
function = getattr(self, environ["REQUEST_METHOD"].lower())
|
||||||
|
|
||||||
# Check rights
|
# Check rights
|
||||||
if not items or not access or function == self.options:
|
if items and function != self.options:
|
||||||
# No collection, or no auth, or OPTIONS request: don't check rights
|
|
||||||
status, headers, answer = function(environ, items, content, None)
|
|
||||||
else:
|
|
||||||
# Ask authentication backend to check rights
|
# Ask authentication backend to check rights
|
||||||
authorization = environ.get("HTTP_AUTHORIZATION", None)
|
authorization = environ.get("HTTP_AUTHORIZATION", None)
|
||||||
|
|
||||||
@ -213,53 +210,53 @@ class Application(object):
|
|||||||
else:
|
else:
|
||||||
user = password = None
|
user = password = None
|
||||||
|
|
||||||
if access.is_authenticated(user, password):
|
if access.is_authenticated(user, password):
|
||||||
last_collection_allowed = None
|
last_collection_allowed = None
|
||||||
allowed_items = []
|
allowed_items = []
|
||||||
for item in items:
|
for item in items:
|
||||||
log.LOGGER.debug("Testing %s" % (item.name))
|
log.LOGGER.debug("Testing %s" % (item.name))
|
||||||
if not isinstance(item, ical.Collection):
|
if not isinstance(item, ical.Collection):
|
||||||
# item is not a colleciton, it's the child of the last
|
# item is not a colleciton, it's the child of the last
|
||||||
# collection we've met in the loop. Only add this item
|
# collection we've met in the loop. Only add this item
|
||||||
# if this last collection was allowed.
|
# if this last collection was allowed.
|
||||||
if last_collection_allowed:
|
if last_collection_allowed:
|
||||||
allowed_items.append(item)
|
allowed_items.append(item)
|
||||||
|
else:
|
||||||
|
if access.read_authorized(user, item) or \
|
||||||
|
access.write_authorized(user, item):
|
||||||
|
log.LOGGER.info("%s has access to %s" % (
|
||||||
|
user, item.name))
|
||||||
|
last_collection_allowed = True
|
||||||
|
allowed_items.append(item)
|
||||||
else:
|
else:
|
||||||
if access.read_authorized(user, item) or \
|
last_collection_allowed = False
|
||||||
access.write_authorized(user, item):
|
|
||||||
log.LOGGER.info("%s has access to %s" % (
|
|
||||||
user, item.name))
|
|
||||||
last_collection_allowed = True
|
|
||||||
allowed_items.append(item)
|
|
||||||
else:
|
|
||||||
last_collection_allowed = False
|
|
||||||
|
|
||||||
if allowed_items:
|
if allowed_items:
|
||||||
# Collections found
|
# Collections found
|
||||||
|
status, headers, answer = function(
|
||||||
|
environ, allowed_items, content, user)
|
||||||
|
else:
|
||||||
|
# Good user and no collections found, redirect user to home
|
||||||
|
location = "/%s/" % str(quote(user))
|
||||||
|
if path == location:
|
||||||
|
# Send answer anyway since else we're getting into a
|
||||||
|
# redirect loop
|
||||||
status, headers, answer = function(
|
status, headers, answer = function(
|
||||||
environ, allowed_items, content, user)
|
environ, allowed_items, content, user)
|
||||||
else:
|
else:
|
||||||
# Good user and no collections found, redirect user to home
|
log.LOGGER.info("redirecting to %s" % location)
|
||||||
location = "/%s/" % str(quote(user))
|
status = client.FOUND
|
||||||
if path == location:
|
headers = {"Location": location}
|
||||||
# Send answer anyway since else we're getting into a
|
answer = "Redirecting to %s" % location
|
||||||
# redirect loop
|
else:
|
||||||
status, headers, answer = function(
|
# Unknown or unauthorized user
|
||||||
environ, allowed_items, content, user)
|
log.LOGGER.info(
|
||||||
else:
|
"%s refused" % (user or "Anonymous user"))
|
||||||
log.LOGGER.info("redirecting to %s" % location)
|
status = client.UNAUTHORIZED
|
||||||
status = client.FOUND
|
headers = {
|
||||||
headers = {"Location": location}
|
"WWW-Authenticate":
|
||||||
answer = "Redirecting to %s" % location
|
"Basic realm=\"Radicale Server - Password Required\""}
|
||||||
else:
|
answer = None
|
||||||
# Unknown or unauthorized user
|
|
||||||
log.LOGGER.info(
|
|
||||||
"%s refused" % (user or "Anonymous user"))
|
|
||||||
status = client.UNAUTHORIZED
|
|
||||||
headers = {
|
|
||||||
"WWW-Authenticate":
|
|
||||||
"Basic realm=\"Radicale Server - Password Required\""}
|
|
||||||
answer = None
|
|
||||||
|
|
||||||
# Set content length
|
# Set content length
|
||||||
if answer:
|
if answer:
|
||||||
|
@ -38,6 +38,8 @@ def load():
|
|||||||
|
|
||||||
def is_authenticated(user, password):
|
def is_authenticated(user, password):
|
||||||
"""Check if the user is authenticated."""
|
"""Check if the user is authenticated."""
|
||||||
|
if AUTH is None:
|
||||||
|
return True
|
||||||
return AUTH.is_authenticated(user, password) if user else False
|
return AUTH.is_authenticated(user, password) if user else False
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user