diff options
| -rw-r--r-- | .gitignore | 2 | ||||
| -rwxr-xr-x | session_app.py.publish | 43 | ||||
| -rw-r--r-- | templates/login_form.html | 20 |
3 files changed, 62 insertions, 3 deletions
@@ -2,3 +2,5 @@ __pycache__ session_app.py *.keytab *.log +.*.swp +WORKHERE diff --git a/session_app.py.publish b/session_app.py.publish index 915693a..520f676 100755 --- a/session_app.py.publish +++ b/session_app.py.publish @@ -130,11 +130,41 @@ def protected_page_real(): print(cookie) return render_template('view.html', c_user = c_user, s_user=s_user, cookie=cookie) -@app.route("/login/") +@app.route("/login/new") +def login_new(): + return redirect(url_for("login", new="")) + +@app.route("/login/", methods=['POST','GET']) #@requires_authn_kerberos def login(user="None"): - # prefer kerberos - return redirect(url_for("login_kerberos")) + if request.method == "GET": + if 'user' in session and request.cookies.get('user') == session['user'] and (not 'new' in request.args): + return redirect(url_for("protected_page")) + auth_header = request.headers.get("Authorization") + if auth_header: + if "negotiate" in auth_header: + # assume we are already trying to log in with kerberos + return redirect(url_for("login_kerberos")) + # default, show login form + return redirect(url_for("login_form")) + elif request.method == "POST": + # so far only the login form sends a POST to this endpoint. + username=request.form['username'] + pw=request.form['password'] + #pw="******" + args="" + for i in request.args: + args += str(i) + #resp = Response(f"Login functionality still in progress. <br/>Args: {args}<br/>data: {request.data}</br>query_string: {request.query_string}<br/>values: {request.values}",200) + ldap_result = ldap_login(username,pw) + resp = Response(f"Login functionality still in progress. <br/>username: {username}<br/>password: {pw}<br/>form: {request.form}<br/>ldap result:{ldap_result}",200) + return resp + +def ldap_login(username,password): + response = f"Trying user {username} with pw '{password}'" + print(response) + return response + @app.route("/login/kerberos") @requires_authn_kerberos @@ -164,6 +194,13 @@ def login_ldap(user = "none"): resp.set_cookie('timestamp',app.permanent_session_lifetime) return resp +@app.route("/login/form/", methods=['GET']) +def login_form(): + options = { + "ldap": "ldap", + } + return render_template("login_form.html",login_url=url_for("login"),options=options) + @app.route("/logout") def logout(): resp = Response(f"logged out") diff --git a/templates/login_form.html b/templates/login_form.html new file mode 100644 index 0000000..1b42e60 --- /dev/null +++ b/templates/login_form.html @@ -0,0 +1,20 @@ +<html> +<head> +<title>Login Form</title> +</head> +<body> +<center> +<h1>Login Form</h1> +<form action="/submit" method="post"> +{% if options %}Login type <select name="logintype"> +{% for option in options %}<option value="{{ option }}">{{ options[option] }}</option>{% endfor %} +{#<option value="ldap">ldap</option> +<option value="kerberos">kerberos</option>#} +</select>{% endif %} +<p>Username <input type="text" value="" name="username" required/></p> +<p>Password <input type="password" name="password" required/></p> +<p><input accesskey="s" type="submit" formaction="{{ login_url }}" value="Submit"/></p> +</form> +</center> +</body> +</html> |