Improvement of #154

2020-05-18 16:59:01 +02:00 · 2020-05-18 16:59:01 +02:00 · 23a7022bdf
commit 23a7022bdf
parent 390c0034f6
3 changed files with 13 additions and 15 deletions
--- a/configuration.default.ini
+++ b/configuration.default.ini
@ -96,9 +96,9 @@ listening_addr = 127.0.0.1
 listening_port = 8181
 web_logfile =

-auth_method = password
-user = botamusique
-password = mumble
+auth_method = 'none'
+user = 
+password = 

 access_address = http://127.0.0.1:8181

--- a/configuration.example.ini
+++ b/configuration.example.ini
@ -121,14 +121,15 @@ port = 64738
 #listening_addr = 127.0.0.1
 #listening_port = 8181
 #is_web_proxified = True
+# This is the public URL
 #access_address = http://127.0.0.1:8181

 # 'web_logfile': write access logs of the web server into this file.
 #web_logfile =

 # 'auth_method': Method used to authenticate users accessing the web interface.
-#                Options are 'password', 'token', 'none'
-#auth_method = password
+#                Options are 'none', 'password' or 'token' (use unique token, see requests_webinterface_access command)
+#auth_method = token

 # 'user', 'password': If auth_method set to 'password', you need to set the username and
 #                     password.
--- a/interface.py
+++ b/interface.py
@ -105,16 +105,12 @@ def requires_auth(f):
            if var.config.getboolean("webinterface", "require_auth") and (
                    not auth or not check_auth(auth.username, auth.password)):
                if auth:
-                    log.warning(f"web: failed login attempt, user: {auth.username}, from ip {request.remote_addr}.")
+                    log.info(f"web: failed login attempt, user: {auth.username}, from ip {request.remote_addr}.")
                return authenticate()
        if auth_method == 'token':
-            if 'token' in session and 'token' not in request.args:
-                token = session['token']
-                token_user = var.db.get("web_token", token, fallback=None)
-                if token_user is not None:
-                    user = token_user
-                    log.debug(f"web: token validated for the user: {token_user}, from ip {request.remote_addr}.")
-                    return f(*args, **kwargs)
+            if 'user' in session and 'token' not in request.args:
+                user = session['user']
+                return f(*args, **kwargs)
            elif 'token' in request.args:
                token = request.args.get('token')
                token_user = var.db.get("web_token", token, fallback=None)
@ -126,11 +122,12 @@ def requires_auth(f):
                    user_dict['IP'] = request.remote_addr
                    var.db.set("user", user, json.dumps(user_dict))

-                    log.info(f"web: new user access, token validated for the user: {token_user}, from ip {request.remote_addr}.")
+                    log.debug(f"web: new user access, token validated for the user: {token_user}, from ip {request.remote_addr}.")
                    session['token'] = token
+                    session['user'] = token_user
                    return f(*args, **kwargs)

-            log.info(f"web: bad token from ip {request.remote_addr}.")
+            log.debug(f"web: bad token from ip {request.remote_addr}.")
            abort(403)

        return f(*args, **kwargs)