| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Also regenerate it frequently, so that any change in configuration can be
automatically reflected in the metadata downloaded my clients over time.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This allows us to use apache module that use things like ErrorDocument
directives to do internal redirects and still retain the original
transaction intact.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Return a useful error page every time and invalid or expired
transaction is requested, instead of ending up with an internal
backtrace and an ugly 500 error.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Instead ofhaving to explicitly decorate all methods with auth_protect()
use the fact all pages go through Page.__call__ to conditionally check
if the user is anoynous and set a default when instantiating AdminPage
so that all admin pages require authentication.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
| |
|
|
|
|
|
|
| |
When a Page is called automatically sets default headers by adding
headers on the default_headers variable.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The Page util is supposed to intercept and enable exposed pages on
its own so that additional functions can be run in the generic __call__
Fix the code to check for the function argument correctly and use a
different argument than the standard cherrypy one for admin pages so
that we do actually land in the Page.__call__ all the time for those
pages.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
It makes no sense to let anonymous users interact with the admin
pages so tighten up access and redirect away users that have no
rights.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Replace copies of _debug function sprinkled all over the code
with a single implementation
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
- Removed replace of self._debug to self.debug
|
| |
|
|
|
|
|
| |
This plugin uses mod_intercept_form_submit to perform authentication.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The protect decorator was not really being used for anything, remove it.
Change the way UserSession's remote_login() works.
If called now it either sets a REMOTE_USER (if found) or nukes the current
user data in the session.
This means this function can be safely called only in a login plugin now.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When a SP name included spaces the referer checker would fail to match
the url. It would try to return a 403 error, unfortunately this would
also trip as a return instead of an exception was used, ending up with
a 500 error being returned to the user.
Fix url checks by unquoting before comparing.
Fix error reporting by rasing an exception when needed instead of
returning.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
| |
This removes the need to define a root funciton only to redirect to
a GET/POST one.
Also adds basic CSRF protection if the page is declared a form.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
| |
Use this instead of th misleading "_log" name. These really are just
debugging statements not normal logging.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
| |
This way it is clearer what the defaults are, plus subclasses can
override the defaults if they so choose.
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Petr Vobornik <pvoborni@redhat.com>
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Petr Vobornik <pvoborni@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
| |
Based on patches by Petr Voborni
Signed-off-by: Simo Sorce <simo@redhat.com>
|
|
|
Signed-off-by: Petr Vobornik <pvoborni@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
