is_authorized returns True when no auth method is set

This commit is contained in:
Guillaume Ayoub 2012-08-08 18:44:25 +02:00
parent 45afac5353
commit b4a7ada5f2
2 changed files with 46 additions and 47 deletions

View File

@ -46,7 +46,7 @@ except ImportError:
from urlparse import urlparse from urlparse import urlparse
# pylint: enable=F0401,E0611 # pylint: enable=F0401,E0611
from radicale import config, ical, log, storage, xmlutils, access from radicale import access, config, ical, log, storage, xmlutils
VERSION = "git" VERSION = "git"
@ -199,10 +199,7 @@ class Application(object):
function = getattr(self, environ["REQUEST_METHOD"].lower()) function = getattr(self, environ["REQUEST_METHOD"].lower())
# Check rights # Check rights
if not items or not access or function == self.options: if items and function != self.options:
# No collection, or no auth, or OPTIONS request: don't check rights
status, headers, answer = function(environ, items, content, None)
else:
# Ask authentication backend to check rights # Ask authentication backend to check rights
authorization = environ.get("HTTP_AUTHORIZATION", None) authorization = environ.get("HTTP_AUTHORIZATION", None)
@ -213,53 +210,53 @@ class Application(object):
else: else:
user = password = None user = password = None
if access.is_authenticated(user, password): if access.is_authenticated(user, password):
last_collection_allowed = None last_collection_allowed = None
allowed_items = [] allowed_items = []
for item in items: for item in items:
log.LOGGER.debug("Testing %s" % (item.name)) log.LOGGER.debug("Testing %s" % (item.name))
if not isinstance(item, ical.Collection): if not isinstance(item, ical.Collection):
# item is not a colleciton, it's the child of the last # item is not a colleciton, it's the child of the last
# collection we've met in the loop. Only add this item # collection we've met in the loop. Only add this item
# if this last collection was allowed. # if this last collection was allowed.
if last_collection_allowed: if last_collection_allowed:
allowed_items.append(item) allowed_items.append(item)
else:
if access.read_authorized(user, item) or \
access.write_authorized(user, item):
log.LOGGER.info("%s has access to %s" % (
user, item.name))
last_collection_allowed = True
allowed_items.append(item)
else: else:
if access.read_authorized(user, item) or \ last_collection_allowed = False
access.write_authorized(user, item):
log.LOGGER.info("%s has access to %s" % (
user, item.name))
last_collection_allowed = True
allowed_items.append(item)
else:
last_collection_allowed = False
if allowed_items: if allowed_items:
# Collections found # Collections found
status, headers, answer = function(
environ, allowed_items, content, user)
else:
# Good user and no collections found, redirect user to home
location = "/%s/" % str(quote(user))
if path == location:
# Send answer anyway since else we're getting into a
# redirect loop
status, headers, answer = function( status, headers, answer = function(
environ, allowed_items, content, user) environ, allowed_items, content, user)
else: else:
# Good user and no collections found, redirect user to home log.LOGGER.info("redirecting to %s" % location)
location = "/%s/" % str(quote(user)) status = client.FOUND
if path == location: headers = {"Location": location}
# Send answer anyway since else we're getting into a answer = "Redirecting to %s" % location
# redirect loop else:
status, headers, answer = function( # Unknown or unauthorized user
environ, allowed_items, content, user) log.LOGGER.info(
else: "%s refused" % (user or "Anonymous user"))
log.LOGGER.info("redirecting to %s" % location) status = client.UNAUTHORIZED
status = client.FOUND headers = {
headers = {"Location": location} "WWW-Authenticate":
answer = "Redirecting to %s" % location "Basic realm=\"Radicale Server - Password Required\""}
else: answer = None
# Unknown or unauthorized user
log.LOGGER.info(
"%s refused" % (user or "Anonymous user"))
status = client.UNAUTHORIZED
headers = {
"WWW-Authenticate":
"Basic realm=\"Radicale Server - Password Required\""}
answer = None
# Set content length # Set content length
if answer: if answer:

View File

@ -38,6 +38,8 @@ def load():
def is_authenticated(user, password): def is_authenticated(user, password):
"""Check if the user is authenticated.""" """Check if the user is authenticated."""
if AUTH is None:
return True
return AUTH.is_authenticated(user, password) if user else False return AUTH.is_authenticated(user, password) if user else False