Added authentication handler for basic auth check

This commit is contained in:
Michael 2014-09-03 00:05:06 -06:00
parent a95cc678e9
commit 382e693fc8
3 changed files with 89 additions and 4 deletions

View File

@ -0,0 +1,71 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2014 GNS3 Technologies Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
Simple file upload & listing handler.
"""
import os
import tornado.web
import logging
log = logging.getLogger(__name__)
class GNS3BaseHandler(tornado.web.RequestHandler):
def get_current_user(self):
user = self.get_secure_cookie("user")
if not user:
return None
if self.settings['required_user'] == user.decode("utf-8"):
return user
class LoginHandler(tornado.web.RequestHandler):
def get(self):
self.write('<html><body><form action="/login" method="post">'
'Name: <input type="text" name="name">'
'Password: <input type="text" name="password">'
'<input type="submit" value="Sign in">'
'</form></body></html>')
try:
redirect_to = self.get_argument("next")
self.set_secure_cookie("login_success_redirect_to", redirect_to)
except tornado.web.MissingArgumentError:
pass
def post(self):
user = self.get_argument("name")
password = self.get_argument("password")
if self.settings['required_user'] == user and self.settings['required_pass'] == password:
self.set_secure_cookie("user", user)
auth_status = "successful"
else:
self.set_secure_cookie("user", "None")
auth_status = "failure"
log.info("Authentication attempt %s: %s" %(auth_status, user))
try:
redirect_to = self.get_secure_cookie("login_success_redirect_to")
except tornado.web.MissingArgumentError:
redirect_to = "/"
self.redirect(redirect_to)

View File

@ -16,11 +16,13 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
import tornado.web import tornado.web
from .auth_handler import GNS3BaseHandler
from ..version import __version__ from ..version import __version__
class VersionHandler(tornado.web.RequestHandler): class VersionHandler(GNS3BaseHandler):
@tornado.web.authenticated
def get(self): def get(self):
response = {'version': __version__} response = {'version': __version__}
self.write(response) self.write(response)

View File

@ -34,12 +34,15 @@ import tornado.web
import tornado.autoreload import tornado.autoreload
import pkg_resources import pkg_resources
from os.path import expanduser from os.path import expanduser
import base64
import uuid
from pkg_resources import parse_version from pkg_resources import parse_version
from .config import Config from .config import Config
from .handlers.jsonrpc_websocket import JSONRPCWebSocket from .handlers.jsonrpc_websocket import JSONRPCWebSocket
from .handlers.version_handler import VersionHandler from .handlers.version_handler import VersionHandler
from .handlers.file_upload_handler import FileUploadHandler from .handlers.file_upload_handler import FileUploadHandler
from .handlers.auth_handler import LoginHandler
from .builtins.server_version import server_version from .builtins.server_version import server_version
from .builtins.interfaces import interfaces from .builtins.interfaces import interfaces
from .modules import MODULES from .modules import MODULES
@ -47,12 +50,12 @@ from .modules import MODULES
import logging import logging
log = logging.getLogger(__name__) log = logging.getLogger(__name__)
class Server(object): class Server(object):
# built-in handlers # built-in handlers
handlers = [(r"/version", VersionHandler), handlers = [(r"/version", VersionHandler),
(r"/upload", FileUploadHandler)] (r"/upload", FileUploadHandler),
(r"/login", LoginHandler)]
def __init__(self, host, port, ipc=False): def __init__(self, host, port, ipc=False):
@ -160,6 +163,15 @@ class Server(object):
Starts the Tornado web server and ZeroMQ server. Starts the Tornado web server and ZeroMQ server.
""" """
# FIXME: debug mode!
settings = {
"debug":True,
"cookie_secret": base64.b64encode(uuid.uuid4().bytes + uuid.uuid4().bytes),
"login_url": "/login",
"required_user" : "test123",
"required_pass" : "test456",
}
router = self._create_zmq_router() router = self._create_zmq_router()
# Add our JSON-RPC Websocket handler to Tornado # Add our JSON-RPC Websocket handler to Tornado
self.handlers.extend([(r"/", JSONRPCWebSocket, dict(zmq_router=router))]) self.handlers.extend([(r"/", JSONRPCWebSocket, dict(zmq_router=router))])
@ -169,7 +181,7 @@ class Server(object):
templates_dir = pkg_resources.resource_filename("gns3server", "templates") templates_dir = pkg_resources.resource_filename("gns3server", "templates")
tornado_app = tornado.web.Application(self.handlers, tornado_app = tornado.web.Application(self.handlers,
template_path=templates_dir, template_path=templates_dir,
debug=True) # FIXME: debug mode! **settings) # FIXME: debug mode!
try: try:
print("Starting server on {}:{} (Tornado v{}, PyZMQ v{}, ZMQ v{})".format(self._host, print("Starting server on {}:{} (Tornado v{}, PyZMQ v{}, ZMQ v{})".format(self._host,