Improvement to validate HTTP authentication config. Ref #1662

5 years ago · 1b845225b2
parent 5a3f8b9a9b
commit 1b845225b2
2 changed files with 12 additions and 5 deletions
--- a/gns3server/run.py
+++ b/gns3server/run.py
@ -229,6 +229,13 @@ def run():
    if server_config.getboolean("local"):
        log.warning("Local mode is enabled. Beware, clients will have full control on your filesystem")

+    if server_config.getboolean("auth"):
+        user = server_config.get("user", "").strip()
+        if not user:
+            log.critical("HTTP authentication is enabled but no username is configured")
+            return
+        log.info("HTTP authentication is enabled with username '{}'".format(user))
+
    # we only support Python 3 version >= 3.5
    if sys.version_info < (3, 5, 3):
        raise SystemExit("Python 3.5.3 or higher is required")
--- a/gns3server/web/route.py
+++ b/gns3server/web/route.py
@ -111,14 +111,14 @@ class Route(object):
        user = server_config.get("user", "").strip()
        password = server_config.get("password", "").strip()

-        if not user:
-            return
-
-        if "AUTHORIZATION" in request.headers:
+        if user and "AUTHORIZATION" in request.headers:
            if request.headers["AUTHORIZATION"] == aiohttp.helpers.BasicAuth(user, password, "utf-8").encode():
                return None

-        log.error("Invalid authentication. Username should be {}".format(user))
+        if not user:
+            log.error("HTTP authentication is enabled but no username is configured")
+        else:
+            log.error("Invalid authentication for username '{}'".format(user))

        response = Response(request=request, route=route)
        response.set_status(401)