diff options
| author | Michael Elkins <melkins@tislabs.com> | 2013-01-31 01:13:24 +0000 |
|---|---|---|
| committer | Michael Elkins <melkins@tislabs.com> | 2013-01-31 01:13:24 +0000 |
| commit | e065bbc64b4dc3fc51387eb5275ece174baf8242 (patch) | |
| tree | 7cba90e23df1c22e0cedaa586f716a7fb0c2889a | |
| parent | ef13cddc2f03d9e97d700e57454e164bfa6a4815 (diff) | |
require a connection secured with TLS, otherwise return a HTTP 500 error
closes #401
svn path=/branches/tk401/; revision=4985
| -rw-r--r-- | rpkid/rpki/gui/app/templates/base.html | 2 | ||||
| -rw-r--r-- | rpkid/rpki/gui/app/templates/registration/login.html | 2 | ||||
| -rw-r--r-- | rpkid/rpki/gui/app/views.py | 2 | ||||
| -rw-r--r-- | rpkid/rpki/gui/decorators.py | 31 | ||||
| -rw-r--r-- | rpkid/rpki/gui/urls.py | 4 | ||||
| -rw-r--r-- | rpkid/rpki/gui/views.py | 30 |
6 files changed, 67 insertions, 4 deletions
diff --git a/rpkid/rpki/gui/app/templates/base.html b/rpkid/rpki/gui/app/templates/base.html index 0af1d241..89aa0b9a 100644 --- a/rpkid/rpki/gui/app/templates/base.html +++ b/rpkid/rpki/gui/app/templates/base.html @@ -24,7 +24,7 @@ {% if user.is_authenticated %} <li><p class="navbar-text">Logged in as {{ user }}</li> <li class="divider-vertical"></li> - <li><a href="{% url django.contrib.auth.views.logout %}">Log Out</a></li> + <li><a href="{% url rpki.gui.views.logout %}">Log Out</a></li> {% endif %} </ul> </div> diff --git a/rpkid/rpki/gui/app/templates/registration/login.html b/rpkid/rpki/gui/app/templates/registration/login.html index 27ad21cf..d2ee9468 100644 --- a/rpkid/rpki/gui/app/templates/registration/login.html +++ b/rpkid/rpki/gui/app/templates/registration/login.html @@ -8,7 +8,7 @@ </div> {% endif %} -<form method="post" action="{% url django.contrib.auth.views.login %}"> +<form method="post" action="{% url rpki.gui.views.login %}"> {% csrf_token %} <div class="clearfix"> diff --git a/rpkid/rpki/gui/app/views.py b/rpkid/rpki/gui/app/views.py index 535ffe6c..2d674c95 100644 --- a/rpkid/rpki/gui/app/views.py +++ b/rpkid/rpki/gui/app/views.py @@ -42,6 +42,7 @@ import rpki.exceptions from rpki.gui.cacheview.models import ROAPrefixV4, ROA from rpki.gui.routeview.models import RouteOrigin +from rpki.gui.decorators import tls_required def superuser_required(f): @@ -63,6 +64,7 @@ def handle_required(f): """ @login_required + @tls_required def wrapped_fn(request, *args, **kwargs): if 'handle' not in request.session: if request.user.is_superuser: diff --git a/rpkid/rpki/gui/decorators.py b/rpkid/rpki/gui/decorators.py new file mode 100644 index 00000000..69d20c46 --- /dev/null +++ b/rpkid/rpki/gui/decorators.py @@ -0,0 +1,31 @@ +# Copyright (C) 2013 SPARTA, Inc. a Parsons Company +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND SPARTA DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL SPARTA BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +__version__ = '$Id$' + +from django import http + + +def tls_required(f): + """Decorator which returns a 500 error if the connection is not secured + with TLS (https). + + """ + def _tls_required(request, *args, **kwargs): + if not request.is_secure(): + return http.HttpResponseServerError( + 'This resource may only be accessed securely via https', + content_type='text/plain') + return f(request, *args, **kwargs) + return _tls_required diff --git a/rpkid/rpki/gui/urls.py b/rpkid/rpki/gui/urls.py index 52949b73..58e2ea9f 100644 --- a/rpkid/rpki/gui/urls.py +++ b/rpkid/rpki/gui/urls.py @@ -30,7 +30,7 @@ urlpatterns = patterns('', (r'^cacheview/', include('rpki.gui.cacheview.urls')), (r'^rpki/', include('rpki.gui.app.urls')), - (r'^accounts/login/$', 'django.contrib.auth.views.login'), - (r'^accounts/logout/$', 'django.contrib.auth.views.logout', + (r'^accounts/login/$', 'rpki.gui.views.login'), + (r'^accounts/logout/$', 'rpki.gui.views.logout', {'next_page': '/rpki/'}), ) diff --git a/rpkid/rpki/gui/views.py b/rpkid/rpki/gui/views.py new file mode 100644 index 00000000..5c62cf62 --- /dev/null +++ b/rpkid/rpki/gui/views.py @@ -0,0 +1,30 @@ +# Copyright (C) 2013 SPARTA, Inc. a Parsons Company +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND SPARTA DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL SPARTA BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +__version__ = '$Id$' + +import django.contrib.auth.views +from rpki.gui.decorators import tls_required + + +@tls_required +def login(request, *args, **kwargs): + "Wrapper around django.contrib.auth.views.login to force use of TLS." + return django.contrib.auth.views.login(request, *args, **kwargs) + + +@tls_required +def logout(request, *args, **kwargs): + "Wrapper around django.contrib.auth.views.logout to force use of TLS." + return django.contrib.auth.views.login(request, *args, **kwargs) |