add authentication by trusted X-HTTP-Header

2019-09-26 09:24:54 +02:00 · 2019-09-26 09:24:54 +02:00 · fa2fe85b12
parent 3d33f37f23
commit fa2fe85b12
1 changed files with 23 additions and 0 deletions
--- a/certweb/auth.py
+++ b/certweb/auth.py
@ -104,6 +104,29 @@ def login():
            return redirect(url_for('pubkeys.index'))

        flash(error)
+    elif request.method == 'GET':
+        print(request.headers.get('X-AUTHENTICATION-id'))
+        #print(dict(request.headers))
+        db = get_db()
+        error = None
+
+        if request.headers.get('X-AUTHENTICATION-id') is not None:
+            username = request.headers.get('X-AUTHENTICATION-id')
+
+            user = db.execute(
+                'SELECT * FROM user WHERE username = ?', (username,)
+            ).fetchone()
+
+            if user is None:
+                error = 'Incorrect username.'
+                return redirect(url_for('auth.register'))
+
+            if error is None:
+                session.clear()
+                session['user_id'] = user['id']
+                return redirect(url_for('pubkeys.index'))
+        else:
+            return redirect(url_for('auth.register'))

    return render_template('auth/login.html')