Better unauthorized error page

2025-05-29 17:40:21 +02:00 · 2025-05-29 17:40:21 +02:00 · 292185bb7d
commit 292185bb7d
parent 99d40ad66e
3 changed files with 39 additions and 4 deletions
--- a/hmdooris/BottleHelpers.py
+++ b/hmdooris/BottleHelpers.py
@ -17,19 +17,51 @@ class BottleHelpers:
    def require_login(self, func: Callable) -> Callable:
        if self.group is not None:
-            return self.auth.require_login(self.auth.require_attribute('groups', self.group)(func))
+            return self.auth.require_login(self.require_attribute('groups', self.group)(func))
        else:
            return self.auth.require_login(func)
    def require_attribute(self, attr, value):
        """ Decorator requires specific attribute value. """
        def test_attrs(challenge, standard):
            """Compare list or val the standard."""
            stand_list = standard if type(standard) is list else [standard]
            chal_list = challenge if type(challenge) is list else [challenge]
            for chal in chal_list:
                if chal in stand_list:
                    return True
            return False
        def _outer_wrapper(f):
            def _wrapper(*args, **kwargs):
                if attr in self.auth.my_attrs:
                    resource = request.session[self.auth.sess_attr][attr]
                    if test_attrs(resource, value):
                        return f(*args, **kwargs)
                abort(401, 'Not Authorized')
            _wrapper.__name__ = f.__name__
            return _wrapper
        return _outer_wrapper
    def require_authz(self, func: Callable) -> Callable:
        if self.group is not None:
-            return self.auth.require_attribute('groups', self.group)(func)
+            return self.require_attribute('groups', self.group)(func)
        else:
            def _outer_wrapper(f):
                def _wrapper(*args, **kwargs):
                    if self.auth.my_username is not None:
                        return f(*args, **kwargs)
                    abort(401, 'Not Authorized')
                    return None
                _wrapper.__name__ = f.__name__
                return _wrapper
@ -47,6 +79,7 @@ class BottleHelpers:
                    if addr.overlaps(allowed):
                        return f(*args, **kwargs)
                abort(401, 'Not Authorized')
                return None
            _wrapper.__name__ = f.__name__
            return _wrapper
--- a/hmdooris/main.py
+++ b/hmdooris/main.py
@ -84,6 +84,7 @@ def get_api_lock(id):
    return update_poller.get_lock(id)
@app.post('/api/lock/<id>')
@bottle_helpers.require_sourceip
@bottle_helpers.require_authz
 def post_api_lock(id):
    return ccujack.lock_unlock(id, request.json["locking"])
@ -92,15 +93,16 @@ def post_api_lock(id):
@jinja2_view("not_authorized.html.j2")
 def not_authorized(error):
    code, msg = error.args
    groups = request.session[auth.sess_attr]['groups'] if 'groups' in request.session[auth.sess_attr] else []
    return {
        'user': auth.my_username,
        'ip': request.remote_addr,
        'error': error,
        'code': code,
        'msg': msg,
        'groups': groups,
    }
 app.error_handler[401] = not_authorized
 if __name__ == '__main__':
    app.run(host=config.listen_host, port=config.listen_port, server=GeventWebSocketServer, debug=config.debug, quiet=not config.debug)
--- a/hmdooris/templates/not_authorized.html.j2
+++ b/hmdooris/templates/not_authorized.html.j2
@ -8,6 +8,6 @@
 <body>
 <h1>HM Dooris - {{ msg }}</h1>
 <p>You are not authorized to lock or unlock.</p>
-<p>user: {{ user }}, ip: {{ ip }}, error: {{ error }}, code: {{ code }}, msg: {{ msg }}</p>
+<p>user: {{ user }}, groups: {{ groups }}, ip: {{ ip }}, error: {{ error }}, code: {{ code }}, msg: {{ msg }}</p>
 </body>
 </html>