From b68846f62376dc524c78a610d4f4d87e6bfd2c34 Mon Sep 17 00:00:00 2001
From: Robin Sonnabend <robin@fsmpi.rwth-aachen.de>
Date: Sat, 9 Jun 2018 17:27:09 +0200
Subject: [PATCH] Add second endpoint checking for admin rights
---
app.py | 19 ++++++++++++++++---
wiki.py | 7 +++++++
2 files changed, 23 insertions(+), 3 deletions(-)
diff --git a/app.py b/app.py
index a92823c..9a51043 100644
--- a/app.py
+++ b/app.py
@@ -10,12 +10,15 @@ domain = getattr(config, "WIKI_DOMAIN", None)
app = Flask(__name__)
app.config.from_object(config)
-def try_wiki_login(user, password):
+def try_wiki_login(user, password, check_admin=False):
client = WikiClient(endpoint=config.WIKI_API_ENDPOINT)
try:
client.login(user, password, domain=domain)
+ result = True
+ if check_admin:
+ result = "sysop" in client.get_rights()
client.logout()
- return True
+ return result
except WikiException as error:
print(error)
return False
@@ -30,4 +33,14 @@ def index():
if not try_wiki_login(auth.username, auth.password):
return Response("Forbidden", status=403)
return Response("OK", status=200)
-
+
+@app.route("/admin/")
+def admin():
+ auth = request.authorization
+ if not auth:
+ return Response(
+ "Please authenticate with your Wiki credentials.", 401,
+ {"WWW-Authenticate": "Basic realm=\"Wiki\""})
+ if not try_wiki_login(auth.username, auth.password, check_admin=True):
+ return Response("Forbidden", status=403)
+ return Response("OK", status=200)
diff --git a/wiki.py b/wiki.py
index 16fadcc..f71701c 100644
--- a/wiki.py
+++ b/wiki.py
@@ -70,3 +70,10 @@ class WikiClient:
except JSONDecodeError:
raise WikiException("Server did not return valid JSON.")
+ def get_rights(self):
+ answer = self.do_action("query", meta="userinfo", uiprop="groups")
+ try:
+ return answer["query"]["userinfo"]["groups"]
+ except KeyError as error:
+ print(error)
+ return []
--
GitLab