Changeset 5292


Ignore:
Timestamp:
15/05/09 11:30:49 (10 years ago)
Author:
pjkersha
Message:

Fix to ndg.security.server.wsgi.authn.AuthenticationRedirectMiddleware?: when user is authenticated return next app in stack rather raising 403 response. 403 is not needed here in order to activate the authorisation middleware. The latter can trigger itself.

Location:
TI12-security/trunk/python
Files:
3 edited
1 moved

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/authn.py

    r5290 r5292  
    114114        log.debug("AuthenticationRedirectMiddleware.__call__ ...") 
    115115         
    116         if not self.isAuthenticated: 
    117             # Redirect to OpenID Relying Party URI for user OpenID entry 
     116        if self.isAuthenticated: 
     117            # Call next app in stack 
     118            return self._app(environ, start_response)         
     119        else: 
     120            # User is not authenticated - Redirect to OpenID Relying Party URI 
     121            # for user OpenID entry 
    118122            return self._setRedirectResponse() 
    119          
    120         else: 
    121             # Set a Forbidden response to trigger the PEP to check to see if  
    122             # the requested URI is a secured one 
    123              
    124 #            def set403Response(status, header, exc_info=None): 
    125 #                return start_response(self.getStatusMessage(403), 
    126 #                                      header, 
    127 #                                      exc_info) 
    128 #                 
    129 #            return self._app(environ, set403Response)  
    130             return self._setErrorResponse(code=403)            
    131123    
    132124    def _setRedirectURI(self, uri): 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/authz/__init__.py

    r5285 r5292  
    5858        self.session = self.environ.get(self.sessionKey) 
    5959        if not self.isAuthenticated: 
    60             # This condition should be caught be the PEPFilter 
     60            # This check is included as a precaution: this condition should be 
     61            # caught be the AuthNRedirectHandlerMiddleware or PEPFilter 
    6162            log.warning("PEPResultHandlerMiddleware: user is not " 
    6263                        "authenticated - setting HTTP 401 response") 
     
    148149         
    149150        if not self.isAuthenticated: 
    150             log.info("PEPFilter: user is not authenticated") 
     151            log.info("PEPFilter: user is not authenticated - setting HTTP " 
     152                     "401 response ...") 
    151153             
    152154            # Set a 401 response for an authentication handler to capture 
    153155            return self._setErrorResponse(code=401) 
     156         
     157        log.debug("PEPFilter: creating request to call PDP to check user " 
     158                  "authorisation ...") 
    154159         
    155160        # Make a request object to pass to the PDP 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/unit/nosetests.py

    r5289 r5292  
    99__date__ = "01/06/08" 
    1010__copyright__ = "(C) 2009 Science and Technology Facilities Council" 
     11__license__ = "BSD - see top level directory for license file" 
    1112__contact__ = "Philip.Kershaw@stfc.ac.uk" 
    1213__revision__ = "$Id$" 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/unit/wsgi/authn/test_authn.py

    r5291 r5292  
    8282    def test02Skip200WithLoggedIn(self): 
    8383        response = self.app.get('/test_200WithLoggedIn', 
    84                                 extra_environ={'REMOTE_USER': 'testuser'}, 
    85                                 status=403) 
     84                                extra_environ={'REMOTE_USER': 'testuser'}) 
    8685 
    8786    def test03Catch401WithLoggedIn(self): 
    8887        response = self.app.get('/test_401WithLoggedIn',  
    8988                                extra_environ={'REMOTE_USER': 'testuser'}, 
    90                                 status=403) 
     89                                status=401) 
    9190         
    9291    def test04Catch200WithNotLoggedIn(self): 
Note: See TracChangeset for help on using the changeset viewer.