[CalendarServer-changes] [6840] CalendarServer/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Tue Feb 1 12:13:16 PST 2011
Revision: 6840
http://trac.macosforge.org/projects/calendarserver/changeset/6840
Author: sagen at apple.com
Date: 2011-02-01 12:13:14 -0800 (Tue, 01 Feb 2011)
Log Message:
-----------
Move the auth service redirect logic to locateChild where it can be used for other resources and so it can happen prior to SACL checks. (Also some pyflakes clean up)
Modified Paths:
--------------
CalendarServer/trunk/calendarserver/provision/root.py
CalendarServer/trunk/calendarserver/webcal/resource.py
CalendarServer/trunk/twistedcaldav/resource.py
Modified: CalendarServer/trunk/calendarserver/provision/root.py
===================================================================
--- CalendarServer/trunk/calendarserver/provision/root.py 2011-02-01 18:16:24 UTC (rev 6839)
+++ CalendarServer/trunk/calendarserver/provision/root.py 2011-02-01 20:13:14 UTC (rev 6840)
@@ -23,7 +23,7 @@
from twext.web2 import responsecode
from twext.web2.auth.wrapper import UnauthorizedResponse
from twext.web2.dav import davxml
-from twext.web2.http import HTTPError, StatusResponse
+from twext.web2.http import HTTPError, StatusResponse, RedirectResponse
from twisted.cred.error import LoginFailed, UnauthorizedLogin
from twisted.internet.defer import inlineCallbacks, returnValue
@@ -64,6 +64,12 @@
"webcal" : ("calendar",),
}
+ # If a top-level resource path starts with any of these, an unauthenticated
+ # request is redirected to the auth url (config.WebCalendarAuthPath)
+ authServiceMap = {
+ "webcal" : True,
+ }
+
def __init__(self, path, *args, **kwargs):
super(RootResource, self).__init__(path, *args, **kwargs)
@@ -264,6 +270,35 @@
davxml.HRef.fromString("/principals/__uids__/%s/" % (record.guid,))
)
+ if not hasattr(request, "authzUser") and config.WebCalendarAuthPath:
+ topLevel = request.path.strip("/").split("/")[0]
+ if self.authServiceMap.get(topLevel, False):
+ # We've not been authenticated and the auth service is enabled
+ # for this resource, so redirect.
+
+ # Use config.ServerHostName if no x-forwarded-host header,
+ # otherwise use the final hostname in x-forwarded-host.
+ host = request.headers.getRawHeaders("x-forwarded-host",
+ [config.ServerHostName])[-1].split(",")[-1].strip()
+ port = 443 if config.EnableSSL else 80
+ scheme = "https" if config.EnableSSL else "http"
+
+ response = RedirectResponse(
+ request.unparseURL(
+ host=host,
+ port=port,
+ scheme=scheme,
+ path=config.WebCalendarAuthPath,
+ querystring="redirect=%s://%s%s" % (
+ scheme,
+ host,
+ request.path
+ )
+ )
+ )
+ raise HTTPError(response)
+
+
# We don't want the /inbox resource to pay attention to SACLs because
# we just want it to use the hard-coded ACL for the imip reply user.
# The /timezones resource is used by the wiki web calendar, so open
Modified: CalendarServer/trunk/calendarserver/webcal/resource.py
===================================================================
--- CalendarServer/trunk/calendarserver/webcal/resource.py 2011-02-01 18:16:24 UTC (rev 6839)
+++ CalendarServer/trunk/calendarserver/webcal/resource.py 2011-02-01 20:13:14 UTC (rev 6840)
@@ -29,7 +29,7 @@
from cgi import parse_qs
from twext.web2 import responsecode
-from twext.web2.http import Response, RedirectResponse, HTTPError
+from twext.web2.http import Response
from twext.web2.http_headers import MimeType
from twext.web2.stream import MemoryStream
from twext.web2.dav import davxml
@@ -37,48 +37,10 @@
from twistedcaldav.config import config
from twistedcaldav.extensions import DAVFile, ReadOnlyResourceMixIn
-from twisted.internet.defer import inlineCallbacks, returnValue
class WebCalendarResource (ReadOnlyResourceMixIn, DAVFile):
- @inlineCallbacks
- def http_GET(self, request):
- """
- If configured to use Wiki authentication dialog, redirect to the
- auth URL rather than return a 401 when unauthenticated.
- """
- if config.WebCalendarAuthPath:
- try:
- (yield self.authorize(request, (davxml.Read(),)))
- except HTTPError:
- # Use config.ServerHostName if no x-forwarded-host header,
- # otherwise use the final hostname in x-forwarded-host.
- host = request.headers.getRawHeaders("x-forwarded-host",
- [config.ServerHostName])[-1].split(",")[-1].strip()
- port = 443 if config.EnableSSL else 80
- scheme = "https" if config.EnableSSL else "http"
-
- returnValue(
- RedirectResponse(
- request.unparseURL(
- host=host,
- port=port,
- scheme=scheme,
- path=config.WebCalendarAuthPath,
- querystring="redirect=%s://%s%s" % (
- scheme,
- host,
- request.path
- )
- )
- )
- )
-
- returnValue(
- (yield super(WebCalendarResource, self).http_GET(request))
- )
-
def defaultAccessControlList(self):
return davxml.ACL(
davxml.ACE(
Modified: CalendarServer/trunk/twistedcaldav/resource.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/resource.py 2011-02-01 18:16:24 UTC (rev 6839)
+++ CalendarServer/trunk/twistedcaldav/resource.py 2011-02-01 20:13:14 UTC (rev 6840)
@@ -75,9 +75,10 @@
from twistedcaldav.ical import allowedComponents
from twistedcaldav.icaldav import ICalDAVResource, ICalendarPrincipalResource
from twistedcaldav.linkresource import LinkResource
-from twistedcaldav.notify import (getPubSubConfiguration, getPubSubPath,
- getPubSubXMPPURI, getPubSubHeartbeatURI, getPubSubAPSConfiguration,
- getNodeCacher, NodeCreationException)
+from twistedcaldav.notify import (
+ getPubSubConfiguration, getPubSubXMPPURI, getPubSubHeartbeatURI,
+ getPubSubAPSConfiguration,
+)
from twistedcaldav.sharing import SharedCollectionMixin, SharedHomeMixin
from twistedcaldav.vcard import Component as vComponent
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20110201/5c5b208e/attachment-0001.html>
More information about the calendarserver-changes
mailing list