return self.message
-class APIMixin(KerberosAuthMixin, BackendMixin):
+class APIMixin(KerberosAuthMixin):
# Generally do not permit users to authenticate against the API
allow_users = False
+ # Allow builders to authenticate?
+ allow_builders = True
+
# Do not perform any XSRF cookie validation on API calls
def check_xsrf_cookie(self):
pass
principal, delimiter, realm = principal.partition("@")
# Return any builders
- if principal.startswith("host/"):
+ if self.allow_builders and principal.startswith("host/"):
hostname = principal.removeprefix("host/")
return self.backend.builders.get_by_name(hostname)
- # End here if users are not allowed to authenticate
- if not self.allow_users:
- return
-
- # Return users
- return self.backend.users.get_by_name(principal)
+ # Return any users
+ if self.allow_users:
+ return self.backend.users.get_by_name(principal)
def get_user_locale(self):
return self.get_browser_locale()
# Setup logging
log = logging.getLogger("pbs.web.builders")
-class APIv1ControlHandler(base.APIMixin, tornado.websocket.WebSocketHandler):
- @tornado.web.authenticated
+class APIv1ControlHandler(base.APIMixin, base.BackendMixin, tornado.websocket.WebSocketHandler):
+ @base.negotiate
+ def prepare(self):
+ # This is here to require authentication before
+ # the websocket connection is being negotiated.
+ pass
+
async def open(self):
# The builder has opened a new connection
self.current_user.connected(self)
from .. import uploads
from .. import users
-class APIv1IndexHandler(base.APIMixin, tornado.web.RequestHandler):
+class APIv1IndexHandler(base.APIMixin, base.BaseHandler):
# Allow users to perform uploads
allow_users = True
@tornado.web.stream_request_body
-class APIv1DetailHandler(base.APIMixin, tornado.web.RequestHandler):
+class APIv1DetailHandler(base.APIMixin, base.BaseHandler):
# Allow users to perform uploads
allow_users = True