diff options
| author | B. Stack <bgstack15@gmail.com> | 2021-06-27 18:01:37 -0400 |
|---|---|---|
| committer | B. Stack <bgstack15@gmail.com> | 2021-06-27 18:01:37 -0400 |
| commit | 5851bfabb4caba9c24ec4fd5edece49c99137f65 (patch) | |
| tree | 8c0701815edf8ee750e51081f8d7cde668402657 /session_app.py | |
| parent | move config to separate file (diff) | |
| download | session_app-5851bfabb4caba9c24ec4fd5edece49c99137f65.tar.gz session_app-5851bfabb4caba9c24ec4fd5edece49c99137f65.tar.bz2 session_app-5851bfabb4caba9c24ec4fd5edece49c99137f65.zip | |
add settings page for admins group
so far we only support changing the ldap_uri for runtime.
Diffstat (limited to 'session_app.py')
| -rwxr-xr-x | session_app.py | 40 |
1 files changed, 37 insertions, 3 deletions
diff --git a/session_app.py b/session_app.py index 847df19..50a52fd 100755 --- a/session_app.py +++ b/session_app.py @@ -16,7 +16,6 @@ # preserve POST with code 307 https://stackoverflow.com/a/15480983/3569534 # Improve: # remove session info, when logging out? -# provide web page for adjusting settings like ldap uri # Run: # FLASK_APP=session_app.py FLASK_DEBUG=1 flask run --host 0.0.0.0 # Dependencies: @@ -56,13 +55,14 @@ def requires_session(function): if 'user' not in session: return Response("User is not in this session.",401) s_user = session['user'] + s_groups = session['groups'] c_user = request.cookies.get('user') print(f"session user: {s_user}") print(f"cookie user: {c_user}") if session['user'] != c_user: return Response("Wrong user for this session!.",401) # otherwise, everything is good! - return function(*args,**kwargs) + return function(s_user, s_groups, *args,**kwargs) # catch-all return Response("requires session",401) return decorated @@ -205,7 +205,7 @@ def index(): @app.route("/protected/") @requires_session -def protected_page(): +def protected_page(user=None,groups=None): return protected_page_real() def protected_page_real(): @@ -358,6 +358,40 @@ def login_basic(): session['formdata'] = form return redirect(url_for("login_ldap"),code=307) +@app.route("/protected/settings/", methods=['GET','POST']) +@requires_session +def protected_settings(user,groups): + print(f"DEBUG: visit settings page as user {user}") + print(f"DEBUG: with groups {groups}") + if "admins" not in groups: + #return Response(f'<h1>Not Found</h1><p>What you were looking for is just not there.<p><a href="{ url_for("index") }">Start over</a>', 404) + #return Response(f'<h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>', 404) + return Response(f'<h1>Not Authorized</h1><p>You are not authorized to access this page.</p>', 403) + else: + if request.method == "GET": + return render_template( + 'settings.html', + ldap_uri=app.config['LDAP_URI'] + ) + elif request.method == "POST": + form = request.form + print(f"Form: {form}") + message = "" + if 'ldap_uri' not in form: + return Response("Invalid input.", 400) + else: + new_ldap_uri = form['ldap_uri'] + if new_ldap_uri != app.config['LDAP_URI']: + app.config['LDAP_URI'] = new_ldap_uri + # removing LDAP_HOSTS causes get_new_ldap_server to reidentify the ldap servers for this uri. + if 'LDAP_HOSTS' in app.config: + app.config.pop('LDAP_HOSTS') + message += "<li>LDAP_URI</li>" + if "" != message: + message = "Settings updated:<ul>" + message + "</ul>" + message += f"<form action='{url_for('protected_settings')}' method='get'><input type='submit' value='Return to settings'/></form>" + return Response(message, 200) + ## This bumps the session lifetime to two minutes farther out from each web request with this session. #@app.before_request #def make_session_permanent(): |