Module: check_mk
Branch: master
Commit: 4318feffe50ebf4fd9158d449dca0ff88ea31263
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=4318feffe50ebf…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Wed Jul 3 11:42:42 2013 +0200
Recoded form based login for better handling of special cases; Recognizing userdb_automatic_sync in page hook now
---
web/htdocs/index.py | 26 +++++++++++++++-----------
web/htdocs/login.py | 23 ++++++-----------------
web/htdocs/main.py | 5 ++++-
web/htdocs/userdb.py | 5 ++++-
4 files changed, 29 insertions(+), 30 deletions(-)
diff --git a/web/htdocs/index.py b/web/htdocs/index.py
index f70d908..b781421 100644
--- a/web/htdocs/index.py
+++ b/web/htdocs/index.py
@@ -294,21 +294,25 @@ def handler(req, profiling = True):
# While api call don't show the login dialog
raise MKUnauthenticatedException(_('You are not authenticated.'))
+ # Redirect to the login-dialog with the current url as original target
+ # Never render the login form directly when accessing urls like "index.py"
+ # or "dashboard.py". This results in strange problems.
+ if req.myfile != 'login':
+ html.set_http_header('Location',
+ defaults.url_prefix + 'check_mk/login.py?_origtarget=%s' %
+ htmllib.urlencode(html.makeuri([])))
+ raise apache.SERVER_RETURN, apache.HTTP_MOVED_TEMPORARILY
+
# Initialize the i18n for the login dialog. This might be overridden
# later after user login
load_language(html.var("lang", config.get_language()))
- # After auth check the regular page can be shown
- result = login.page_login(plain_error)
- if type(result) == tuple:
- # This is the redirect to the requested page directly after successful login
- req.user = result[0]
- req.uri = result[1]
- req.myfile = req.uri.split("/")[-1][:-3]
- handler = pagehandlers.get(req.myfile, page_not_found)
- else:
- release_all_locks()
- return result
+ # This either displays the login page or validates the information submitted
+ # to the login form. After successful login a http redirect to the originally
+ # requested page is performed.
+ login.page_login(plain_error)
+ release_all_locks()
+ return apache.OK
# Call userdb page hooks which are executed on a regular base to e.g. syncronize
# information withough explicit user triggered actions
diff --git a/web/htdocs/login.py b/web/htdocs/login.py
index 35cb19c..83de0f9 100644
--- a/web/htdocs/login.py
+++ b/web/htdocs/login.py
@@ -197,22 +197,11 @@ def do_login():
# c) Show the real requested page (No redirect needed)
set_auth_cookie(username, load_serial(username))
- # Use redirects for URLs or simply execute other handlers for
- # mulitsite modules
- if '/' in origtarget or '?' in origtarget:
- html.set_http_header('Location', origtarget)
- raise apache.SERVER_RETURN, apache.HTTP_MOVED_TEMPORARILY
- else:
- # Remove login vars to hide them from the next page handler
- try:
- del html.req.vars['_username']
- del html.req.vars['_password']
- del html.req.vars['_login']
- del html.req.vars['_origtarget']
- except:
- pass
-
- return (username, origtarget)
+ # Never use inplace redirect handling anymore as used in the past. This results
+ # in some unexpected situations. We simpy use 302 redirects now. So we have a
+ # clear situation.
+ html.set_http_header('Location', origtarget)
+ raise apache.SERVER_RETURN, apache.HTTP_MOVED_TEMPORARILY
else:
userdb.on_failed_login(username)
raise MKUserError(None, _('Invalid credentials.'))
@@ -264,7 +253,7 @@ def normal_login_page(called_directly = True):
html.write("<img id=login_window src=\"images/login_window.png\">")
html.write("<div id=version>%s</div>" % defaults.check_mk_version)
- html.begin_form("login", method = 'POST', add_transid = False)
+ html.begin_form("login", method = 'POST', add_transid = False, action = 'login.py')
html.hidden_field('_login', '1')
html.hidden_field('_origtarget', htmllib.attrencode(origtarget))
html.write("<label id=label_user class=legend for=_username>%s:</label><br />" % _('Username'))
diff --git a/web/htdocs/main.py b/web/htdocs/main.py
index 87ebd11..5ccb624 100644
--- a/web/htdocs/main.py
+++ b/web/htdocs/main.py
@@ -28,7 +28,10 @@ import defaults, config
def page_index():
start_url = html.var("start_url", config.start_url)
- html.req.headers_out.add("Cache-Control", "max-age=7200, public");
+ # Do not cache the index page -> caching problems when page is accessed
+ # while not logged in
+ #html.req.headers_out.add("Cache-Control", "max-age=7200, public");
+ html.req.headers_out.add("Cache-Control", "no-cache");
if "%s" in config.page_heading:
heading = config.page_heading % (defaults.omd_site or _("Multisite"))
else:
diff --git a/web/htdocs/userdb.py b/web/htdocs/userdb.py
index b7f1f16..82191c6 100644
--- a/web/htdocs/userdb.py
+++ b/web/htdocs/userdb.py
@@ -575,7 +575,7 @@ def hook_save(users):
if config.debug:
import traceback
html.show_error(
- "<h3>" + _("Error executing sync hook") + "</h3>"
+ "<h3>" + _("Error executing save hook") + "</h3>"
"<pre>%s</pre>" % (traceback.format_exc())
)
else:
@@ -603,6 +603,9 @@ def general_page_hook():
# Catch all exceptions and log them to apache error log. Let exceptions raise trough
# when debug mode is enabled.
def hook_page():
+ if 'page' not in config.userdb_automatic_sync:
+ return
+
for connector in enabled_connectors():
handler = connector.get('page', None)
if not handler: