Commit Al Tobey's auth patches to the Web UI.

1 files changed, 75 insertions, 10 deletions

diff --git a/scripts/cobbler_webui.cgi b/scripts/cobbler_webui.cgi
index a4ee8db..6e93a27 100755
--- a/scripts/cobbler_webui.cgi
+++ b/scripts/cobbler_webui.cgi
@@ -13,6 +13,7 @@
 
 import cgi
 import cgitb
+import Cookie
 import os
 import sys
 from cobbler.webui.CobblerWeb import CobblerWeb
@@ -33,17 +34,50 @@ def map_modes():
 def base_url():
     return os.environ.get('SCRIPT_NAME', '')
 
-def main():
+def configure():
+    # FIXME: read a config file ...
+    config = {
+        'token':             None,
+        'server':            None,
+        'base_url':          None,
+        'token_cookie_name': None,
+        'username':          None,
+        'password':          None,
+        'cgitb_enabled':     0 
+    }
+    #config.username = 'testuser',
+    #config.password = 'llamas2007'
 
-    cgitb.enable()
+    # defaults
+    if config['server'] is None:
+       config['server'] = "http://localhost/cobbler_api_rw"
 
-    print "Content-type: text/html"
-    print
+    if config['base_url'] is None:
+        config['base_url'] = base_url()
+
+    if config['token_cookie_name'] is None:
+        config['token_cookie_name'] = 'cobbler_xmlrpc_token'
+
+    return config
+
+def main():
+    content = "Something went wrong and I couldn't generate any content for you!"
+    cw_conf = configure()
+    path    = map_modes()
+    form    = cgi.parse()
+    cookies = Cookie.SimpleCookie(os.environ.get("HTTP_COOKIE",""))
 
-    path = map_modes()
-    form = cgi.parse()
+    # make cgitb enablement configurable
+    if cw_conf['cgitb_enabled'] == 1:
+        cgitb.enable()
+    cw_conf.pop('cgitb_enabled')
 
-    # ditch single-element arrays in the 'form' dictionary
+    # look for the token cookie and put it in the config dict if found
+    if cookies.has_key( cw_conf['token_cookie_name'] ):
+        cw_conf['token'] = cookies[ cw_conf['token_cookie_name'] ].value
+
+    # exchnage single-element arrays in the 'form' dictionary for just that item
+    # so there isn't a ton of 'foo[0]' craziness where 'foo' should suffice
     # - may be bad for form elements that are sometimes lists and sometimes
     # single items
     for key,val in form.items():
@@ -51,10 +85,41 @@ def main():
             if len(val) == 1:
                 form[key] = val[0]
 
-    cw = CobblerWeb( server="http://localhost/cobbler_api_rw", base_url=base_url(), username='testuser', password='llamas2007' )
+    # instantiate a CobblerWeb object
+    cw = CobblerWeb( **cw_conf )
+
+    if not path.startswith('login') and (cw_conf['token'] is None and (cw_conf['username'] is None or cw_conf['password'] is None)):
+        func = getattr( cw, 'login' )
+        content = func( message="Authentication Required." )
 
-    if path in cw.modes():
+    # check for a valid path/mode
+    elif path in cw.modes():
         func = getattr( cw, path )
-        print func( **form )
+        try:
+            content = func( **form )
+        # handle failed authentication gracefully
+        except Exception, e:
+            if str(e).find('login failed:') > 0:
+                func = getattr( cw, 'login' )
+                content = func( message="Authentication failed." )
+            # everything else is a bug?
+            else:
+                raise e
+            
+    # handle invalid paths gracefully
+    else:
+        func = getattr( cw, 'error_page' )
+        content = func( "Invalid Mode: \"%s\"" % path )
+
+    # finally, get any cookies generated by the CobblerWeb object
+    cookie_header = cw.cookies().output()
+    if cookie_header:
+        print cookie_header
+
+    # deliver content
+    print "Content-type: text/html"
+    print
+    print content
 
 main()
+