Commit dbc0b214 authored by Daniele Venzano's avatar Daniele Venzano

Guest users cannot use the API

parent e99aef30
...@@ -74,6 +74,8 @@ def get_auth(handler: tornado.web.RequestHandler): ...@@ -74,6 +74,8 @@ def get_auth(handler: tornado.web.RequestHandler):
cookie_val = str(handler.get_secure_cookie('zoe')) cookie_val = str(handler.get_secure_cookie('zoe'))
uid, role = cookie_val[2:-1].split('.') uid, role = cookie_val[2:-1].split('.')
log.debug('Authentication done using cookie') log.debug('Authentication done using cookie')
if role == "guest":
raise ZoeRestAPIException('Guest users cannot use the API, ask for a role upgrade', 401, {'WWW-Authenticate': 'Basic realm="Login Required"'})
return uid, role return uid, role
auth_header = handler.request.headers.get('Authorization') auth_header = handler.request.headers.get('Authorization')
...@@ -118,6 +120,9 @@ def get_auth(handler: tornado.web.RequestHandler): ...@@ -118,6 +120,9 @@ def get_auth(handler: tornado.web.RequestHandler):
raise ZoeRestAPIException('missing or wrong authentication information', 401, {'WWW-Authenticate': 'Basic realm="Login Required"'}) raise ZoeRestAPIException('missing or wrong authentication information', 401, {'WWW-Authenticate': 'Basic realm="Login Required"'})
log.debug('Authentication done using auth-mechanism') log.debug('Authentication done using auth-mechanism')
if role == "guest":
raise ZoeRestAPIException('Guest users cannot use the API, ask for a role upgrade', 401, {'WWW-Authenticate': 'Basic realm="Login Required"'})
return uid, role return uid, role
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment