Commit b68846f6 authored by Robin Sonnabend's avatar Robin Sonnabend

Add second endpoint checking for admin rights

parent e5b1fb15
......@@ -10,12 +10,15 @@ domain = getattr(config, "WIKI_DOMAIN", None)
app = Flask(__name__)
app.config.from_object(config)
def try_wiki_login(user, password):
def try_wiki_login(user, password, check_admin=False):
client = WikiClient(endpoint=config.WIKI_API_ENDPOINT)
try:
client.login(user, password, domain=domain)
result = True
if check_admin:
result = "sysop" in client.get_rights()
client.logout()
return True
return result
except WikiException as error:
print(error)
return False
......@@ -30,4 +33,14 @@ def index():
if not try_wiki_login(auth.username, auth.password):
return Response("Forbidden", status=403)
return Response("OK", status=200)
@app.route("/admin/")
def admin():
auth = request.authorization
if not auth:
return Response(
"Please authenticate with your Wiki credentials.", 401,
{"WWW-Authenticate": "Basic realm=\"Wiki\""})
if not try_wiki_login(auth.username, auth.password, check_admin=True):
return Response("Forbidden", status=403)
return Response("OK", status=200)
......@@ -70,3 +70,10 @@ class WikiClient:
except JSONDecodeError:
raise WikiException("Server did not return valid JSON.")
def get_rights(self):
answer = self.do_action("query", meta="userinfo", uiprop="groups")
try:
return answer["query"]["userinfo"]["groups"]
except KeyError as error:
print(error)
return []
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment