Chore Account server

Check-in [c1ba559bed]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Log service registration. Don't let templates ever log in. Start applying per-user enforcement. Supply per-user profile to service.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | master | trunk
Files: files | file ages | folders
SHA3-256:c1ba559bed65eb6004dd98356635428cf8030ab79d7be0c1182bba88b9e29087
User & Date: ajv-899-334-8894@vsta.org 2016-11-24 17:15:58
Context
2016-11-27
18:34
Fix config handling. Add per-user config items for imap. check-in: 0977f2e88c user: ajv-899-334-8894@vsta.org tags: master, trunk
2016-11-24
17:15
Log service registration. Don't let templates ever log in. Start applying per-user enforcement. Supply per-user profile to service. check-in: c1ba559bed user: ajv-899-334-8894@vsta.org tags: master, trunk
17:15
Remove redundant cookie check. Make title reflect SSL or not--makes bookmarks easier to spot check-in: 1417716c42 user: ajv-899-334-8894@vsta.org tags: master, trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to main.py.

202
203
204
205
206
207
208
209
210




211
212
213
214
215
216
217
...
220
221
222
223
224
225
226
227


228


229







230
231
232
233
234
235
236

237
238
239
240
241
242
243
        op = req["op"]
        resp = req["reply-to"]

        # Start of service
        if op == "start":

            # Register service
            self.services[req["service"]] = \
             (req["pid"], req["port"], resp)





            # Replace their port specification with our own
            req["port"] = self.http_ports()

            # And send back registration success
            self.reply("OK", req)
            return
................................................................................
        if op == "cookie?":
            # Correct format?
            tup = chore.authen.parse_cookie(req.get("cookie", "XXX"))
            if tup is None:
                self.reply("?format", req)
                return

            # Ok cookie value?


            user,cookie = tup


            if not self.valid_cookie(user, cookie):







                self.reply("?authen", req)
                return

            # Let them on
            tup = self.cookies[user]
            req["user"] = user
            req["expires"] = tup[1]

            self.reply("OK", req)
            return

        # Unknown
        sys.stderr.write("Unknown op '%s' from '%s'\n" %
            (op, resp))
        self.reply(resp, req["op"], "?Bad-op")







|
|
>
>
>
>







 







|
>
>

>
>
|
>
>
>
>
>
>
>







>







202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
...
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
        op = req["op"]
        resp = req["reply-to"]

        # Start of service
        if op == "start":

            # Register service
            svc = req["service"]
            pid = req["pid"]
            port = req["port"]
            sys.stderr.write("Register %s at %s, pid %d port %r\n" %
                (svc, resp, pid, port))
            self.services[svc] = (pid, port, resp)

            # Replace their port specification with our own
            req["port"] = self.http_ports()

            # And send back registration success
            self.reply("OK", req)
            return
................................................................................
        if op == "cookie?":
            # Correct format?
            tup = chore.authen.parse_cookie(req.get("cookie", "XXX"))
            if tup is None:
                self.reply("?format", req)
                return

            # Ok cookie value?  Have an account?
            # Ok account name?  (Don't ever let template names
            #  get treated as real accounts.)
            user,cookie = tup
            acct = self.accts.get(user)
            if (not acct) or \
                    not self.valid_cookie(user, cookie) or \
                    (user.startswith('*')):
                self.reply("?authen", req)
                return

            # Allowed on the named service?
            acfg = acct["serve"].get(req["service"])
            if acfg is None:
                self.reply("?authen", req)
                return

            # Let them on
            tup = self.cookies[user]
            req["user"] = user
            req["expires"] = tup[1]
            req["config"] = acfg
            self.reply("OK", req)
            return

        # Unknown
        sys.stderr.write("Unknown op '%s' from '%s'\n" %
            (op, resp))
        self.reply(resp, req["op"], "?Bad-op")