From 2c20ede487420972cbeefbb4461c2a3907ab5c46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= Date: Thu, 26 Sep 2019 13:09:20 +0200 Subject: [PATCH] finish authentication by trusted header --- certweb/auth.py | 12 +++++++++++- certweb/schema.sql | 2 +- certweb/templates/auth/login.html | 5 ++++- certweb/templates/auth/register.html | 3 ++- certweb/templates/auth/update.html | 2 +- certweb/templates/base.html | 3 ++- certweb/templates/pubkeys/index.html | 1 + 7 files changed, 22 insertions(+), 6 deletions(-) diff --git a/certweb/auth.py b/certweb/auth.py index aa8b06b..1391076 100644 --- a/certweb/auth.py +++ b/certweb/auth.py @@ -106,18 +106,28 @@ def login(): flash(error) elif request.method == 'GET': print(request.headers.get('X-AUTHENTICATION-id')) - #print(dict(request.headers)) + print(dict(request.headers)) db = get_db() error = None if request.headers.get('X-AUTHENTICATION-id') is not None: username = request.headers.get('X-AUTHENTICATION-id') + fullname = request.headers.get('X-AUTHENTICATION-cn') + email = request.headers.get('X-AUTHENTICATION-email') user = db.execute( 'SELECT * FROM user WHERE username = ?', (username,) ).fetchone() if user is None: + fullname = username if fullname is None else username + email = username+'@'+ request.headers.get('X-FORWARDED-FOR') if fullname is None else username + db.execute( + 'INSERT INTO user (username, fullname, email) VALUES (?, ?, ?)', + (username, fullname, email) + ) + db.commit() + return redirect(url_for('auth.login')) error = 'Incorrect username.' return redirect(url_for('auth.register')) diff --git a/certweb/schema.sql b/certweb/schema.sql index 6dbf0b6..30c7031 100644 --- a/certweb/schema.sql +++ b/certweb/schema.sql @@ -16,7 +16,7 @@ CREATE TABLE settings ( CREATE TABLE user ( id INTEGER PRIMARY KEY AUTOINCREMENT, username TEXT UNIQUE NOT NULL, - password TEXT NOT NULL, + password TEXT, fullname TEXT NOT NULL, email TEXT NOT NULL, principals TEXT, diff --git a/certweb/templates/auth/login.html b/certweb/templates/auth/login.html index c4551f1..c237458 100644 --- a/certweb/templates/auth/login.html +++ b/certweb/templates/auth/login.html @@ -5,8 +5,11 @@ {% endblock %} {% block content %} + A{{ request.headers }}
+ B{{ request.header.get('X-AUTHENTICATION-id') }}
- + diff --git a/certweb/templates/auth/register.html b/certweb/templates/auth/register.html index 367a260..842561f 100644 --- a/certweb/templates/auth/register.html +++ b/certweb/templates/auth/register.html @@ -7,7 +7,8 @@ {% block content %} - + diff --git a/certweb/templates/auth/update.html b/certweb/templates/auth/update.html index 7a0a30e..6301d5f 100644 --- a/certweb/templates/auth/update.html +++ b/certweb/templates/auth/update.html @@ -14,7 +14,7 @@ value="{{ request.form['username'] or user['username'] }}" required> + value=""> diff --git a/certweb/templates/base.html b/certweb/templates/base.html index 3ed5c0c..6a9e9c1 100644 --- a/certweb/templates/base.html +++ b/certweb/templates/base.html @@ -3,7 +3,8 @@