From 43aedaa8cf3cbcb9b1d7d4815e5db3e223dac417 Mon Sep 17 00:00:00 2001 From: Michael DeHaan Date: Mon, 17 Sep 2007 14:58:05 -0400 Subject: Commit Al Tobey's auth patches to the Web UI. --- scripts/cobbler_webui.cgi | 85 +++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 75 insertions(+), 10 deletions(-) (limited to 'scripts') diff --git a/scripts/cobbler_webui.cgi b/scripts/cobbler_webui.cgi index a4ee8db..6e93a27 100755 --- a/scripts/cobbler_webui.cgi +++ b/scripts/cobbler_webui.cgi @@ -13,6 +13,7 @@ import cgi import cgitb +import Cookie import os import sys from cobbler.webui.CobblerWeb import CobblerWeb @@ -33,17 +34,50 @@ def map_modes(): def base_url(): return os.environ.get('SCRIPT_NAME', '') -def main(): +def configure(): + # FIXME: read a config file ... + config = { + 'token': None, + 'server': None, + 'base_url': None, + 'token_cookie_name': None, + 'username': None, + 'password': None, + 'cgitb_enabled': 0 + } + #config.username = 'testuser', + #config.password = 'llamas2007' - cgitb.enable() + # defaults + if config['server'] is None: + config['server'] = "http://localhost/cobbler_api_rw" - print "Content-type: text/html" - print + if config['base_url'] is None: + config['base_url'] = base_url() + + if config['token_cookie_name'] is None: + config['token_cookie_name'] = 'cobbler_xmlrpc_token' + + return config + +def main(): + content = "Something went wrong and I couldn't generate any content for you!" + cw_conf = configure() + path = map_modes() + form = cgi.parse() + cookies = Cookie.SimpleCookie(os.environ.get("HTTP_COOKIE","")) - path = map_modes() - form = cgi.parse() + # make cgitb enablement configurable + if cw_conf['cgitb_enabled'] == 1: + cgitb.enable() + cw_conf.pop('cgitb_enabled') - # ditch single-element arrays in the 'form' dictionary + # look for the token cookie and put it in the config dict if found + if cookies.has_key( cw_conf['token_cookie_name'] ): + cw_conf['token'] = cookies[ cw_conf['token_cookie_name'] ].value + + # exchnage single-element arrays in the 'form' dictionary for just that item + # so there isn't a ton of 'foo[0]' craziness where 'foo' should suffice # - may be bad for form elements that are sometimes lists and sometimes # single items for key,val in form.items(): @@ -51,10 +85,41 @@ def main(): if len(val) == 1: form[key] = val[0] - cw = CobblerWeb( server="http://localhost/cobbler_api_rw", base_url=base_url(), username='testuser', password='llamas2007' ) + # instantiate a CobblerWeb object + cw = CobblerWeb( **cw_conf ) + + if not path.startswith('login') and (cw_conf['token'] is None and (cw_conf['username'] is None or cw_conf['password'] is None)): + func = getattr( cw, 'login' ) + content = func( message="Authentication Required." ) - if path in cw.modes(): + # check for a valid path/mode + elif path in cw.modes(): func = getattr( cw, path ) - print func( **form ) + try: + content = func( **form ) + # handle failed authentication gracefully + except Exception, e: + if str(e).find('login failed:') > 0: + func = getattr( cw, 'login' ) + content = func( message="Authentication failed." ) + # everything else is a bug? + else: + raise e + + # handle invalid paths gracefully + else: + func = getattr( cw, 'error_page' ) + content = func( "Invalid Mode: \"%s\"" % path ) + + # finally, get any cookies generated by the CobblerWeb object + cookie_header = cw.cookies().output() + if cookie_header: + print cookie_header + + # deliver content + print "Content-type: text/html" + print + print content main() + -- cgit