Repository :
http://git.fedorahosted.org/cgit/copr.git
On branch : master
---------------------------------------------------------------
commit 5c6fb54ad2d70688361db28923404be9bf3a1c06
Author: Pierre-Yves Chibon <pingou(a)pingoured.fr>
Date: Mon Feb 4 11:56:09 2013 +0100
Change from using parameters to HTTP Basic access authentication
This change prevent the username/API token from being displayed in the server logs
and makes the API actually working in a more standardized maner, using the http
headers as they are expected to be.
---------------------------------------------------------------
copr_cli/subcommands.py | 4 +++-
coprs_frontend/coprs/views/misc.py | 10 ++++++++--
2 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/copr_cli/subcommands.py b/copr_cli/subcommands.py
index ce267a2..c1af50a 100644
--- a/copr_cli/subcommands.py
+++ b/copr_cli/subcommands.py
@@ -101,7 +101,9 @@ class AddCopr(Command):
for chroot in args.chroots:
data[chroot] = 'y'
- req = requests.post(URL, params=user, data=data)
+ req = requests.post(URL,
+ auth=(user['username'], user['token']),
+ data=data)
output = json.loads(req.text)
if output['output'] == 'ok':
print output['message']
diff --git a/coprs_frontend/coprs/views/misc.py b/coprs_frontend/coprs/views/misc.py
index 48a1f3a..d7eb73e 100644
--- a/coprs_frontend/coprs/views/misc.py
+++ b/coprs_frontend/coprs/views/misc.py
@@ -1,3 +1,4 @@
+import base64
import datetime
import functools
@@ -79,8 +80,13 @@ def logout():
def login_required(f):
@functools.wraps(f)
def decorated_function(*args, **kwargs):
- token = flask.request.args.get('token')
- username = flask.request.args.get('username')
+ token = None
+ username = None
+ if 'Authorization' in flask.request.headers:
+ base64string = flask.request.headers['Authorization']
+ base64string = base64string.split()[1].strip()
+ userstring = base64.b64decode(base64string)
+ (username, token) = userstring.split(':')
token_auth = False
if token and username:
user = models.User.query.filter(