Fix authentication for edit

2014-07-23 12:42:05 +02:00 · 2014-07-23 12:42:05 +02:00 · b2a34caa66
commit b2a34caa66
parent 7bf46d9b53
1 changed files with 17 additions and 1 deletions
--- a/isso/views/api.py
+++ b/isso/views/api.py
@ -57,8 +57,9 @@ def auth(func):

        if not self.conf.getboolean("auth", "enabled"):
            return func(self, env, req, *args, **kwargs)
+        cookie_name = self.conf.get("auth", "cookie")
        try:
-            self.load(req.cookies.get("auth", ""))
+            self.load(req.cookies.get(cookie_name, ""))
        except (SignatureExpired, BadSignature):
            raise Forbidden
        return func(self, env, req, *args, **kwargs)
@ -113,6 +114,17 @@ class API(object):

        return obj

+    def auth_cookie_to_data(self, request, data):
+        """Update the received data with the information from cookie."""
+
+        if self.conf.getboolean("auth", "enabled"):
+            cookie_name = self.conf.get("auth", "cookie")
+            auth_data = self.load(request.cookies.get(cookie_name, ""))
+            data["author"] = auth_data.get("username")
+            data["email"] = auth_data.get("email")
+            data["website"] = auth_data.get("website")
+
+
    @xhr
    @auth
    @requires(str, 'uri')
@ -125,6 +137,8 @@ class API(object):
        for field in set(data.keys()) - API.ACCEPT:
            data.pop(field)

+        self.auth_cookie_to_data(request, data)
+
        for field in ("author", "email", "website"):
            if isinstance(data.get(field, None), string_types):
                data[field] = cgi.escape(data[field])
@ -197,6 +211,8 @@ class API(object):
        for field in set(data.keys()) - API.ACCEPT:
            data.pop(field)

+        self.auth_cookie_to_data(request, data)
+
        with self.db.transaction:
            comment = self.comments.edit(id, data)