diff --git a/daemon.py b/daemon.py index b7a4efc0..83a26e29 100644 --- a/daemon.py +++ b/daemon.py @@ -88,7 +88,7 @@ class PubServer(BaseHTTPRequestHandler): self.send_response(200) self.send_header('Content-type', fileFormat) self.send_header('Host', self.server.domainFull) - self.send_header('WWW-Authenticate', 'Basic realm="simple", charset="UTF-8"') + self.send_header('WWW-Authenticate', 'title="Login to Epicyon", Basic realm="epicyon"') self.end_headers() def _set_headers(self,fileFormat: str) -> None: @@ -998,24 +998,38 @@ class PubServer(BaseHTTPRequestHandler): self.postToNickname=None if self.path.startswith('/login'): - print("headers: "+str(self.headers)) - print("path: "+self.path) - loginNickname,loginPassword=htmlGetLoginCredentials(self.path,self.server.lastLoginTime) + # get the contents of POST containing login credentials + length = int(self.headers['Content-length']) + if length>512: + print('Login failed - credentials too long') + self.send_response(401) + self.end_headers() + self.server.POSTbusy=False + return + loginParams=self.rfile.read(length).decode('utf-8') + loginNickname,loginPassword=htmlGetLoginCredentials(loginParams,self.server.lastLoginTime) if loginNickname: self.server.lastLoginTime=int(time.time()) - print('Nickname: '+loginNickname) - print('Password: '+loginPassword) authHeader=createBasicAuthHeader(loginNickname,loginPassword) if not authorizeBasic(self.server.baseDir,'/users/'+loginNickname+'/outbox',authHeader,False): + print('Login failed: '+loginNickname) self.send_response(401) self.end_headers() self.server.POSTbusy=False return + else: + # login success - redirect with authorization + print('Login success: '+loginNickname) + self.send_response(303) + self.send_header('Location', self.server.httpPrefix+'://'+self.server.domainFull+'/users/'+loginNickname+'/outbox') + self.send_header('Authorization', authHeader) + self.end_headers() + self.server.POSTbusy=False + return self.send_response(200) self.end_headers() self.server.POSTbusy=False return - #self.path='/users/'+loginNickname+'/outbox' if self.path.endswith('/outbox') or self.path.endswith('/shares'): if '/users/' in self.path: diff --git a/webinterface.py b/webinterface.py index 1263168e..4becfcb8 100644 --- a/webinterface.py +++ b/webinterface.py @@ -16,16 +16,15 @@ from utils import getNicknameFromActor from utils import getDomainFromActor from posts import getPersonBox -def htmlGetLoginCredentials(path: str,lastLoginTime: int) -> (str,str): - """Receives login credentials via HTTPServer GET +def htmlGetLoginCredentials(loginParams: str,lastLoginTime: int) -> (str,str): + """Receives login credentials via HTTPServer POST """ - if not path.startswith('/login?'): + if not loginParams.startswith('username='): return None,None # minimum time between login attempts currTime=int(time.time()) if currTime (str,str): password=None for arg in loginArgs: if '=' in arg: - if arg.split('=',1)[0]=='nickname': + if arg.split('=',1)[0]=='username': nickname=arg.split('=',1)[1] elif arg.split('=',1)[0]=='password': password=arg.split('=',1)[1] @@ -118,12 +117,12 @@ def htmlLogin(baseDir: str) -> str: '' \ '
' \ ' ' \ - ' ' \ + ' ' \ '' \ ' ' \ ' ' \ '' \ - ' ' \ + ' ' \ '
' \ '' loginForm+=htmlFooter()