arcanis/ahriman
1
0
Fork 0
mirror of https://github.com/arcan1s/ahriman.git synced 2025-09-15 21:29:56 +00:00
Code Issues Projects Releases Wiki Activity

expiration on server side support (#33)

Browse Source
This commit is contained in:
Evgenii Alekseev
2021-09-13 01:10:09 +03:00
committed by Evgeniy Alekseev
parent d211cc17c6
commit 6f5b28c4f8
8 changed files with 197 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/ahriman/web/middlewares/auth_handler.py
View File

@ -30,6 +30,7 @@ from typing import Optional
from ahriman.core.auth.auth import Auth
from ahriman.models.user_access import UserAccess
from ahriman.models.user_identity import UserIdentity
from ahriman.web.middlewares import HandlerType, MiddlewareType
@ -52,7 +53,10 @@ class AuthorizationPolicy(aiohttp_security.AbstractAuthorizationPolicy): # type
:param identity: username
:return: user identity (username) in case if user exists and None otherwise
"""
return identity if await self.validator.known_username(identity) else None
user = UserIdentity.from_identity(identity)
if user is None:
return None
return user.username if await self.validator.known_username(user.username) else None
async def permits(self, identity: str, permission: UserAccess, context: Optional[str] = None) -> bool:
"""
@ -62,7 +66,10 @@ class AuthorizationPolicy(aiohttp_security.AbstractAuthorizationPolicy): # type
:param context: URI request path
:return: True in case if user is allowed to perform this request and False otherwise
"""
return await self.validator.verify_access(identity, permission, context)
user = UserIdentity.from_identity(identity)
if user is None:
return False
return await self.validator.verify_access(user.username, permission, context)
def auth_handler(validator: Auth) -> MiddlewareType:

11
src/ahriman/web/views/user/login.py
View File

@ -20,6 +20,7 @@
from aiohttp.web import HTTPFound, HTTPMethodNotAllowed, HTTPUnauthorized, Response
from ahriman.core.auth.helpers import remember
from ahriman.models.user_identity import UserIdentity
from ahriman.web.views.base import BaseView
@ -49,8 +50,9 @@ class LoginView(BaseView):
response = HTTPFound("/")
username = await oauth_provider.get_oauth_username(code)
if await self.validator.known_username(username):
await remember(self.request, response, username)
identity = UserIdentity.from_username(username, self.validator.max_age)
if identity is not None and await self.validator.known_username(username):
await remember(self.request, response, identity.to_identity())
return response
raise HTTPUnauthorized()
@ -71,8 +73,9 @@ class LoginView(BaseView):
username = data.get("username")
response = HTTPFound("/")
if await self.validator.check_credentials(username, data.get("password")):
await remember(self.request, response, username)
identity = UserIdentity.from_username(username, self.validator.max_age)
if identity is not None and await self.validator.check_credentials(username, data.get("password")):
await remember(self.request, response, identity.to_identity())
return response
raise HTTPUnauthorized()