reworked authorization, now works on api level

author: RaNaN <Mast3rRaNaN@hotmail.de> 2011-09-27 16:24:03 +0200
committer: RaNaN <Mast3rRaNaN@hotmail.de> 2011-09-27 16:24:03 +0200
commit: 5f8a4d25ea9034cadc8ae19a2ffab788f62cc56c (patch)
tree: 9d947797aafb3e9d97dbf10313c5f48f6f3d6198 /module/remote
parent: Merge (diff)
download: pyload-5f8a4d25ea9034cadc8ae19a2ffab788f62cc56c.tar.xz
2 files changed, 45 insertions, 29 deletions
diff --git a/module/remote/RemoteManager.py b/module/remote/RemoteManager.py
index 792eaec4d..2ac26a677 100644
--- a/module/remote/RemoteManager.py
+++ b/module/remote/RemoteManager.py
@@ -19,14 +19,12 @@
 from threading import Thread
 from traceback import print_exc
 
-from module.database.UserDatabase import ROLE
-
 class BackendBase(Thread):
     def __init__(self, manager):
         Thread.__init__(self)
-        self.manager = manager
+        self.m = manager
         self.core = manager.core
-    
+
     def run(self):
         try:
             self.serve()
@@ -34,18 +32,16 @@ class BackendBase(Thread):
             self.core.log.error(_("Remote backend error: %s") % e)
             if self.core.debug:
                 print_exc()
-    
+
     def setup(self, host, port):
         pass
-    
+
     def checkDeps(self):
         return True
-    
+
     def serve(self):
         pass
-    
-    def checkAuth(self, user, password, remoteip=None):
-        return self.manager.checkAuth(user, password, remoteip)
+
 
 class RemoteManager():
     available = ["ThriftBackend"]
@@ -53,14 +49,13 @@ class RemoteManager():
     def __init__(self, core):
         self.core = core
         self.backends = []
-    
-    def startBackends(self):
 
+    def startBackends(self):
         host = self.core.config["remote"]["listenaddr"]
         port = self.core.config["remote"]["port"]
 
         for b in self.available:
-            klass = getattr(__import__("module.remote.%s" % b, globals(), locals(), [b] , -1), b)
+            klass = getattr(__import__("module.remote.%s" % b, globals(), locals(), [b], -1), b)
             backend = klass(self)
             if not backend.checkDeps():
                 continue
@@ -76,15 +71,3 @@ class RemoteManager():
                 self.backends.append(backend)
 
             port += 1
-
-    def checkAuth(self, user, password, remoteip=None):
-        if self.core.config["remote"]["nolocalauth"] and remoteip == "127.0.0.1":
-            return True
-        if self.core.startedInGui and remoteip == "127.0.0.1":
-            return True
-
-        user = self.core.db.checkAuth(user, password)
-        if user and user["role"] == ROLE.ADMIN:
-            return user
-        else:
-            return {}
diff --git a/module/remote/thriftbackend/Processor.py b/module/remote/thriftbackend/Processor.py
index a8fc94298..a8b87c82c 100644
--- a/module/remote/thriftbackend/Processor.py
+++ b/module/remote/thriftbackend/Processor.py
@@ -12,14 +12,18 @@ class Processor(Pyload.Processor):
         if trans not in self.authenticated:
             self.authenticated[trans] = False
             oldclose = trans.close
+
             def wrap():
                 if self in self.authenticated:
                     del self.authenticated[trans]
                 oldclose()
+
             trans.close = wrap
         authenticated = self.authenticated[trans]
         (name, type, seqid) = iprot.readMessageBegin()
-        if name not in self._processMap or (not authenticated and not name == "login"):
+
+        # unknown method
+        if name not in self._processMap:
             iprot.skip(Pyload.TType.STRUCT)
             iprot.readMessageEnd()
             x = Pyload.TApplicationException(Pyload.TApplicationException.UNKNOWN_METHOD, 'Unknown function %s' % name)
@@ -28,17 +32,46 @@ class Processor(Pyload.Processor):
             oprot.writeMessageEnd()
             oprot.trans.flush()
             return
+
+        # not logged in
+        elif not authenticated and not name == "login":
+            iprot.skip(Pyload.TType.STRUCT)
+            iprot.readMessageEnd()
+            # 20 - Not logged in (in situ declared error code)
+            x = Pyload.TApplicationException(20, 'Not logged in')
+            oprot.writeMessageBegin(name, Pyload.TMessageType.EXCEPTION, seqid)
+            x.write(oprot)
+            oprot.writeMessageEnd()
+            oprot.trans.flush()
+            return
+
         elif not authenticated and name == "login":
             args = Pyload.login_args()
             args.read(iprot)
             iprot.readMessageEnd()
             result = Pyload.login_result()
-            self.authenticated[trans] = self._handler.login(args.username, args.password, trans.remoteaddr[0])
-            result.success = self.authenticated[trans]
+            # api login
+            self.authenticated[trans] = self._handler.checkAuth(args.username, args.password, trans.remoteaddr[0])
+
+            result.success = True if self.authenticated[trans] else False
             oprot.writeMessageBegin("login", Pyload.TMessageType.REPLY, seqid)
             result.write(oprot)
             oprot.writeMessageEnd()
             oprot.trans.flush()
-        else:
+
+        elif self._handler.isAuthorized(name, authenticated):
             self._processMap[name](self, seqid, iprot, oprot)
+
+        else:
+            #no permission
+            iprot.skip(Pyload.TType.STRUCT)
+            iprot.readMessageEnd()
+            # 21 - Not authorized
+            x = Pyload.TApplicationException(21, 'Not authorized')
+            oprot.writeMessageBegin(name, Pyload.TMessageType.EXCEPTION, seqid)
+            x.write(oprot)
+            oprot.writeMessageEnd()
+            oprot.trans.flush()
+            return
+
         return True
author	RaNaN <Mast3rRaNaN@hotmail.de>	2011-09-27 16:24:03 +0200
committer	RaNaN <Mast3rRaNaN@hotmail.de>	2011-09-27 16:24:03 +0200
commit	5f8a4d25ea9034cadc8ae19a2ffab788f62cc56c (patch)
tree	9d947797aafb3e9d97dbf10313c5f48f6f3d6198 /module/remote
parent	Merge (diff)
download	pyload-5f8a4d25ea9034cadc8ae19a2ffab788f62cc56c.tar.xz