From fa2fe85b1228a1a16b557a5abdaf84d52c21df8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= Date: Thu, 26 Sep 2019 09:24:54 +0200 Subject: [PATCH] add authentication by trusted X-HTTP-Header --- certweb/auth.py | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/certweb/auth.py b/certweb/auth.py index e5aa99d..aa8b06b 100644 --- a/certweb/auth.py +++ b/certweb/auth.py @@ -104,6 +104,29 @@ def login(): return redirect(url_for('pubkeys.index')) flash(error) + elif request.method == 'GET': + print(request.headers.get('X-AUTHENTICATION-id')) + #print(dict(request.headers)) + db = get_db() + error = None + + if request.headers.get('X-AUTHENTICATION-id') is not None: + username = request.headers.get('X-AUTHENTICATION-id') + + user = db.execute( + 'SELECT * FROM user WHERE username = ?', (username,) + ).fetchone() + + if user is None: + error = 'Incorrect username.' + return redirect(url_for('auth.register')) + + if error is None: + session.clear() + session['user_id'] = user['id'] + return redirect(url_for('pubkeys.index')) + else: + return redirect(url_for('auth.register')) return render_template('auth/login.html')