diff options
| -rw-r--r-- | module/Api.py | 3 | ||||
| -rw-r--r-- | module/config/default.py | 1 | ||||
| -rw-r--r-- | module/web/api_app.py | 9 | ||||
| -rw-r--r-- | module/web/pyload_app.py | 2 |
4 files changed, 8 insertions, 7 deletions
diff --git a/module/Api.py b/module/Api.py index d3a7cb472..fb42a122a 100644 --- a/module/Api.py +++ b/module/Api.py @@ -170,9 +170,6 @@ class Api(Iface): :param remoteip: :return: dict with info, empty when login is incorrect """ - if self.core.config["remote"]["nolocalauth"] and remoteip == "127.0.0.1": - return "local" - self.core.log.info(_("User '%s' tried to log in") % username) return self.core.db.checkAuth(username, password) diff --git a/module/config/default.py b/module/config/default.py index 902d4a6ad..8515a8f33 100644 --- a/module/config/default.py +++ b/module/config/default.py @@ -12,7 +12,6 @@ def make_config(config): config.addConfigSection("remote", _("Remote"), _("Description"), _("Long description"), [ - ("nolocalauth", "bool", _("No authentication on local connections"), _("Tooltip"), True), ("activated", "bool", _("Activated"), _("Tooltip"), True), ("port", "int", _("Port"), _("Tooltip"), 7227), ("listenaddr", "ip", _("Adress"), _("Tooltip"), "0.0.0.0"), diff --git a/module/web/api_app.py b/module/web/api_app.py index c0a7df528..75a817c46 100644 --- a/module/web/api_app.py +++ b/module/web/api_app.py @@ -5,7 +5,7 @@ from urllib import unquote from itertools import chain from traceback import format_exc, print_exc -from bottle import route, request, response, HTTPError +from bottle import route, request, response, HTTPError, parse_auth from utils import set_session, get_user_api from webinterface import PYLOAD @@ -27,9 +27,14 @@ def call_api(func, args=""): add_header(response) s = request.environ.get('beaker.session') + auth = parse_auth(request.get_header('Authorization', '')) if 'session' in request.POST: # removes "' so it works on json strings s = s.get_by_id(remove_chars(request.POST['session'], "'\"")) + elif auth: + user = PYLOAD.checkAuth(auth[0], auth[1], request.environ.get('REMOTE_ADDR', None)) + # if auth is correct create a pseudo session + if user: s = {'uid': user.uid} api = get_user_api(s) if not api: @@ -78,7 +83,7 @@ def login(): username = request.forms.get("username") password = request.forms.get("password") - user = PYLOAD.checkAuth(username, password) + user = PYLOAD.checkAuth(username, password, request.environ.get('REMOTE_ADDR', None)) if not user: return dumps(False) diff --git a/module/web/pyload_app.py b/module/web/pyload_app.py index 9f3c2413a..f8578fcf0 100644 --- a/module/web/pyload_app.py +++ b/module/web/pyload_app.py @@ -130,7 +130,7 @@ def nopermission(): def login_post(): username = request.forms.get("username") password = request.forms.get("password") - user = PYLOAD.checkAuth(username, password) + user = PYLOAD.checkAuth(username, password, request.environ.get('REMOTE_ADDR', None)) if not user: return render_to_response("login.html", {"errors": True}, [pre_processor]) set_session(request, user) |