Commit 5fb69007 authored by Mark Watts's avatar Mark Watts
Browse files

Adding a setting to disable auth for POSTing to the tresults resources

parent 10aed851
......@@ -2,6 +2,7 @@ import logging
from functools import wraps
from django.contrib.auth import authenticate
from django.http import HttpResponse, HttpResponseForbidden
from django.conf import settings
from base64 import b64decode
......@@ -9,7 +10,10 @@ def basic_auth_required(realm='default'):
def _helper(func):
@wraps(func)
def _decorator(request, *args, **kwargs):
if 'HTTP_AUTHORIZATION' in request.META:
allowed = False
if settings.ALLOW_ANONYMOUS_POST:
allowed = True
elif 'HTTP_AUTHORIZATION' in request.META:
http_auth = request.META['HTTP_AUTHORIZATION']
authmeth, auth = http_auth.split(' ', 1)
if authmeth.lower() == 'basic':
......@@ -17,12 +21,14 @@ def basic_auth_required(realm='default'):
auth = authb.decode()
username, password = auth.split(':', 1)
user = authenticate(username=username, password=password)
if user is not None:
if user is None:
logging.info(
'Authentication succeeded for {}'.format(username))
return func(request, *args, **kwargs)
allowed = True
else:
return HttpResponseForbidden()
if allowed:
return func(request, *args, **kwargs)
res = HttpResponse()
res.status_code = 401
res.reason_phrase = 'Unauthorized'
......
......@@ -68,3 +68,6 @@ COMP_EXECUTABLES = None # Which executable + revision should be checked as defa
# ('myexe', 'L'),]
USE_MEDIAN_BANDS = True # True to enable median bands on Timeline view
ALLOW_ANONYMOUS_POST = False # Whether anonymous users be allowed to post results
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment