Skip to content
Permalink
Browse files

☔ forcelogin: Never handle the UI if ACL is disabled

The following `passive_login` should always succeed if ACL is disabled
and hence this *should* not have caused issues, but considering

https://community.octoprint.org/t/cant-login-to-the-web-interface/7908/3

it might have after all, so better be safe than sorry here.
  • Loading branch information
foosel committed Mar 4, 2019
1 parent d64b851 commit 47179f29568ef14761043392810bc4c5fa4d209b
Showing with 15 additions and 22 deletions.
  1. +15 −22 src/octoprint/plugins/forcelogin/__init__.py
@@ -23,14 +23,19 @@ def __init__(self):
self._message_backlog = defaultdict(list)
self._message_backlog_mutex = threading.RLock()

@property
def active(self):
# we are only active if ACL is enabled AND configured
return self._user_manager.enabled and self._user_manager.hasBeenCustomized()

def get_assets(self):
return dict(
js=["js/viewmodel.js"]
)

def will_handle_ui(self, request):
if self._user_manager.enabled and not self._user_manager.hasBeenCustomized():
# ACL hasn't been configured yet, make an exception
if not self.active:
# not active, not responsible
return False

from octoprint.server.util import loginUserFromApiKey, loginUserFromAuthorizationHeader, InvalidApiKeyException
@@ -113,11 +118,8 @@ def get_sorting_key(self, context=None):

def get_before_request_handlers(self):
def check_login_required():
if self._user_manager.enabled and not self._user_manager.hasBeenCustomized():
# ACL hasn't been configured yet, make an exception
return
elif not self._user_manager.enabled:
# ACL isn't enabled
if not self.active:
# not active, no handling
return

if flask.request.endpoint in ("api.login",):
@@ -130,11 +132,8 @@ def check_login_required():
return [check_login_required]

def access_validator(self, request):
if self._user_manager.enabled and not self._user_manager.hasBeenCustomized():
# ACL hasn't been configured yet, make an exception
return
elif not self._user_manager.enabled:
# ACL isn't enabled
if not self.active:
# not active, no handling
return

import tornado.web
@@ -145,11 +144,8 @@ def access_validator(self, request):
raise tornado.web.HTTPError(403)

def socket_register_validator(self, socket, user):
if self._user_manager.enabled and not self._user_manager.hasBeenCustomized():
# ACL hasn't been configured yet, make an exception
return True
elif not self._user_manager.enabled:
# ACL isn't enabled
if not self.active:
# not active, no limitation
return True

return user is not None and not user.is_anonymous() and user.is_active()
@@ -164,11 +160,8 @@ def socket_authed(self, socket, user):
self._logger.debug("Sent backlog of {} message(s) via socket".format(len(backlog)))

def socket_emit_validator(self, socket, user, message, payload):
if self._user_manager.enabled and not self._user_manager.hasBeenCustomized():
# ACL hasn't been configured yet, make an exception
return True
elif not self._user_manager.enabled:
# ACL isn't enabled
if not self.active:
# not active, no limitation
return True

if message in ("connected", "reauthRequired"):

1 comment on commit 47179f2

@GitIssueBot

This comment has been minimized.

Copy link
Collaborator

GitIssueBot commented on 47179f2 Mar 13, 2019

This commit has been mentioned on OctoPrint Community Forum. There might be relevant details there:

https://community.octoprint.org/t/cant-login-to-the-web-interface/7908/10

Please sign in to comment.
You can’t perform that action at this time.