web: Add decorator to require clients to do SPNEGO

author Michael Tremer <michael.tremer@ipfire.org>

Thu, 19 Oct 2023 13:25:51 +0000 (13:25 +0000)

committer Michael Tremer <michael.tremer@ipfire.org>

Thu, 19 Oct 2023 13:25:51 +0000 (13:25 +0000)
author Michael Tremer <michael.tremer@ipfire.org>
Thu, 19 Oct 2023 13:25:51 +0000 (13:25 +0000)
committer Michael Tremer <michael.tremer@ipfire.org>
Thu, 19 Oct 2023 13:25:51 +0000 (13:25 +0000)
diff --git a/src/web/base.py b/src/web/base.py

index 3bfff3c16d48be58718797c110cc6220fd774d29..815beda99a65ece2eff815895df433c57a806351 100644 (file)
--- a/src/web/base.py
+++ b/src/web/base.py
@@ -390,6 +390,26 @@ class APIMixin(KerberosAuthMixin, BackendMixin):
                 return message
  
  
+def negotiate(method):
+       """
+               Requires clients to use SPNEGO
+       """
+       @functools.wraps(method)
+       def wrapper(self, *args, **kwargs):
+               if not self.current_user:
+                       # Send the Negotiate header
+                       self.add_header("WWW-Authenticate", "Negotiate")
+
+                       # Respond with 401
+                       self.set_status(401)
+                       self.finish()
+
+                       return None
+
+               return method(self, *args, **kwargs)
+
+       return wrapper
+
  class ratelimit(object):
         """
                 A decorator class which limits how often a function can be called
author	Michael Tremer <michael.tremer@ipfire.org>
	Thu, 19 Oct 2023 13:25:51 +0000 (13:25 +0000)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Thu, 19 Oct 2023 13:25:51 +0000 (13:25 +0000)