now with regex

This commit is contained in:
deronnax 2014-10-21 11:47:39 +02:00
parent b863e8390e
commit f846f107e6

View File

@ -36,6 +36,7 @@ import posixpath
import socket import socket
import ssl import ssl
import wsgiref.simple_server import wsgiref.simple_server
import re
# Manage Python2/3 different modules # Manage Python2/3 different modules
# pylint: disable=F0401,E0611 # pylint: disable=F0401,E0611
try: try:
@ -55,6 +56,7 @@ VERSION = "0.9"
# Standard "not allowed" response that is returned when an authenticated user # Standard "not allowed" response that is returned when an authenticated user
# tries to access information they don't have rights to # tries to access information they don't have rights to
NOT_ALLOWED = (client.FORBIDDEN, {}, None) NOT_ALLOWED = (client.FORBIDDEN, {}, None)
WELLKNOWNRE = re.compile(r'/.well-known/(carddav|caldav)/?')
class HTTPServer(wsgiref.simple_server.WSGIServer, object): class HTTPServer(wsgiref.simple_server.WSGIServer, object):
@ -286,24 +288,23 @@ class Application(object):
user = environ.get("REMOTE_USER") user = environ.get("REMOTE_USER")
password = None password = None
if path.startswith('/.well-known/'): wkfragment = WELLKNOWNRE.match(path)
fragment = path.rstrip("/").rsplit('/', 1)[-1] if wkfragment:
redirect = config.get("well-known", fragment) redirect = config.get("well-known", wkfragment.group(1))
if redirect: if not user and "%(user)s" in redirect:
if not user and "%(user)s" in redirect: status = client.UNAUTHORIZED
status = client.UNAUTHORIZED headers = {
headers = { "WWW-Authenticate":
"WWW-Authenticate": "Basic realm=\"%s\"" % config.get("server", "realm")}
"Basic realm=\"%s\"" % config.get("server", "realm")} log.LOGGER.info("refused /.well-known/ redirection to anonymous user")
log.LOGGER.info("refused /.well-known/ redirection to anonymous user") else:
else: redirect = redirect % locals()
redirect = redirect % locals() status = client.SEE_OTHER
status = client.SEE_OTHER log.LOGGER.info("/.well-known/ redirection to: %s" % redirect)
log.LOGGER.info("/.well-known/ redirection to: %s" % redirect) headers = {"Location": redirect.encode('utf8')}
headers = {"Location": redirect.encode('utf8')} status = "%i %s" % (status, client.responses.get(status, "Unknown"))
status = "%i %s" % (status, client.responses.get(status, "Unknown")) start_response(status, headers.items())
start_response(status, headers.items()) return []
return []
is_authenticated = auth.is_authenticated(user, password) is_authenticated = auth.is_authenticated(user, password)
is_valid_user = is_authenticated or not user is_valid_user = is_authenticated or not user