2020-12-12 10:23:17 +00:00
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
|
|
|
# This file is part of the Calibre-Web (https://github.com/janeczku/calibre-web)
|
|
|
|
# Copyright (C) 2018-2020 OzzieIsaacs
|
|
|
|
#
|
|
|
|
# This program is free software: you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
|
|
# (at your option) any later version.
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
2022-03-13 11:34:21 +00:00
|
|
|
from functools import wraps
|
2020-12-12 10:23:17 +00:00
|
|
|
|
|
|
|
from sqlalchemy.sql.expression import func
|
2024-07-14 14:24:07 +00:00
|
|
|
from .cw_login import login_required
|
2021-07-30 09:43:26 +00:00
|
|
|
|
2024-07-14 14:24:07 +00:00
|
|
|
from flask import request, g
|
|
|
|
from flask_httpauth import HTTPBasicAuth
|
|
|
|
from werkzeug.datastructures import Authorization
|
|
|
|
from werkzeug.security import check_password_hash
|
|
|
|
|
|
|
|
from . import lm, ub, config, logger, limiter, constants, services
|
2024-07-13 10:17:48 +00:00
|
|
|
|
2020-12-12 10:23:17 +00:00
|
|
|
|
2023-02-04 10:09:16 +00:00
|
|
|
log = logger.create()
|
2024-07-14 14:24:07 +00:00
|
|
|
auth = HTTPBasicAuth()
|
|
|
|
|
|
|
|
|
|
|
|
@auth.verify_password
|
|
|
|
def verify_password(username, password):
|
|
|
|
user = ub.session.query(ub.User).filter(func.lower(ub.User.name) == username.lower()).first()
|
|
|
|
if user:
|
|
|
|
if user.name.lower() == "guest":
|
|
|
|
if config.config_anonbrowse == 1:
|
|
|
|
return user
|
|
|
|
if config.config_login_type == constants.LOGIN_LDAP and services.ldap:
|
|
|
|
login_result, error = services.ldap.bind_user(user.name, password)
|
|
|
|
if login_result:
|
|
|
|
[limiter.limiter.storage.clear(k.key) for k in limiter.current_limits]
|
|
|
|
return user
|
|
|
|
if error is not None:
|
|
|
|
log.error(error)
|
|
|
|
elif check_password_hash(str(user.password), password):
|
|
|
|
[limiter.limiter.storage.clear(k.key) for k in limiter.current_limits]
|
|
|
|
return user
|
|
|
|
ip_address = request.headers.get('X-Forwarded-For', request.remote_addr)
|
|
|
|
log.warning('OPDS Login failed for user "%s" IP-address: %s', username, ip_address)
|
|
|
|
return None
|
|
|
|
|
|
|
|
|
|
|
|
def requires_basic_auth_if_no_ano(f):
|
|
|
|
@wraps(f)
|
|
|
|
def decorated(*args, **kwargs):
|
|
|
|
authorisation = auth.get_auth()
|
|
|
|
status = None
|
|
|
|
user = None
|
|
|
|
if config.config_allow_reverse_proxy_header_login and not authorisation:
|
|
|
|
user = load_user_from_reverse_proxy_header(request)
|
|
|
|
if config.config_anonbrowse == 1 and not authorisation:
|
|
|
|
authorisation = Authorization(
|
|
|
|
b"Basic", {'username': "Guest", 'password': ""})
|
|
|
|
if not user:
|
|
|
|
user = auth.authenticate(authorisation, "")
|
|
|
|
if user in (False, None):
|
|
|
|
status = 401
|
|
|
|
if status:
|
|
|
|
try:
|
|
|
|
return auth.auth_error_callback(status)
|
|
|
|
except TypeError:
|
|
|
|
return auth.auth_error_callback()
|
|
|
|
g.flask_httpauth_user = user if user is not True \
|
|
|
|
else auth.username if auth else None
|
|
|
|
return auth.ensure_sync(f)(*args, **kwargs)
|
|
|
|
return decorated
|
|
|
|
|
|
|
|
|
2020-12-12 10:23:17 +00:00
|
|
|
def login_required_if_no_ano(func):
|
|
|
|
@wraps(func)
|
|
|
|
def decorated_view(*args, **kwargs):
|
2024-07-14 14:24:07 +00:00
|
|
|
if config.config_allow_reverse_proxy_header_login:
|
|
|
|
user = load_user_from_reverse_proxy_header(request)
|
|
|
|
if user:
|
|
|
|
g.flask_httpauth_user = user
|
|
|
|
return func(*args, **kwargs)
|
|
|
|
# proxy_auth.set_user(user)
|
|
|
|
# return proxy_auth.login_required(func)(*args, **kwargs)
|
|
|
|
g.flask_httpauth_user = None
|
2020-12-12 10:23:17 +00:00
|
|
|
if config.config_anonbrowse == 1:
|
|
|
|
return func(*args, **kwargs)
|
|
|
|
return login_required(func)(*args, **kwargs)
|
|
|
|
|
|
|
|
return decorated_view
|
|
|
|
|
2024-07-13 10:17:48 +00:00
|
|
|
|
2024-07-14 14:24:07 +00:00
|
|
|
def user_login_required(func):
|
|
|
|
@wraps(func)
|
|
|
|
def decorated_view(*args, **kwargs):
|
|
|
|
if config.config_allow_reverse_proxy_header_login:
|
|
|
|
user = load_user_from_reverse_proxy_header(request)
|
|
|
|
if user:
|
|
|
|
g.flask_httpauth_user = user
|
|
|
|
return func(*args, **kwargs)
|
|
|
|
g.flask_httpauth_user = None
|
|
|
|
return login_required(func)(*args, **kwargs)
|
2023-02-04 10:09:16 +00:00
|
|
|
|
2024-07-14 14:24:07 +00:00
|
|
|
return decorated_view
|
2023-02-04 10:09:16 +00:00
|
|
|
|
|
|
|
|
2024-07-14 14:24:07 +00:00
|
|
|
def load_user_from_reverse_proxy_header(req):
|
|
|
|
rp_header_name = config.config_reverse_proxy_login_header_name
|
|
|
|
if rp_header_name:
|
|
|
|
rp_header_username = req.headers.get(rp_header_name)
|
|
|
|
if rp_header_username:
|
|
|
|
user = ub.session.query(ub.User).filter(func.lower(ub.User.name) == rp_header_username.lower()).first()
|
|
|
|
if user:
|
|
|
|
[limiter.limiter.storage.clear(k.key) for k in limiter.current_limits]
|
|
|
|
return user
|
|
|
|
return None
|
2020-12-12 10:23:17 +00:00
|
|
|
|
|
|
|
|
|
|
|
@lm.user_loader
|
2024-07-14 14:24:07 +00:00
|
|
|
def load_user(user_id, random, session_key):
|
2024-07-14 19:20:46 +00:00
|
|
|
# log.info(f"user {user_id}, random {random}")
|
|
|
|
# log.info(request)
|
2023-02-04 13:51:41 +00:00
|
|
|
user = ub.session.query(ub.User).filter(ub.User.id == int(user_id)).first()
|
2024-07-14 19:20:46 +00:00
|
|
|
if random and session_key:
|
|
|
|
entry = ub.session.query(ub.User_Sessions).filter(ub.User_Sessions.random == random,
|
|
|
|
ub.User_Sessions.session_key == session_key).first()
|
|
|
|
if not entry or entry.user_id != user.id:
|
|
|
|
return None
|
|
|
|
return user
|
2023-02-04 10:09:16 +00:00
|
|
|
|