diff --git a/deluge/ui/web/auth.py b/deluge/ui/web/auth.py index 0675d9d9d..ab48eefeb 100644 --- a/deluge/ui/web/auth.py +++ b/deluge/ui/web/auth.py @@ -51,11 +51,14 @@ import time import random import hashlib import logging + from datetime import datetime, timedelta from email.utils import formatdate +from types import FunctionType from twisted.internet.defer import Deferred from twisted.internet.task import LoopingCall +from twisted.web.http import FORBIDDEN from deluge import component from deluge.ui.web.json_api import JSONComponent, export @@ -89,6 +92,29 @@ def make_expires(timeout): expires_str = formatdate(timeval=expires, localtime=False, usegmt=True) return expires, expires_str +def secure(auth_level=AUTH_LEVEL_DEFAULT): + """ + Decorator function to secure a Twisted resource ensuring that the + user is authenticated with the web interface. + """ + def wrap(func, *args, **kwargs): + def secure_render(self, request): + try: + component.get("Auth").check_request(request, + level=auth_level) + except AuthError: + request.setResponseCode(FORBIDDEN) + return "

Forbidden

" + return func(self, request) + return secure_render + + if type(auth_level) is FunctionType: + func = auth_level + auth_level = AUTH_LEVEL_DEFAULT + return wrap(func) + else: + return wrap + class Auth(JSONComponent): """ The component that implements authentification into the JSON interface. diff --git a/deluge/ui/web/server.py b/deluge/ui/web/server.py index b775d9860..51534a04d 100644 --- a/deluge/ui/web/server.py +++ b/deluge/ui/web/server.py @@ -53,7 +53,7 @@ from deluge import common, component, configmanager from deluge.core.rpcserver import check_ssl_keys from deluge.ui import common as uicommon from deluge.ui.tracker_icons import TrackerIcons -from deluge.ui.web.auth import Auth, AuthError, AUTH_LEVEL_DEFAULT +from deluge.ui.web.auth import Auth, secure from deluge.ui.web.common import Template, compress from deluge.ui.web.json_api import JSON, WebApi from deluge.ui.web.pluginmanager import PluginManager @@ -228,14 +228,8 @@ class Peers(TorrentResource): "total": len(peers) }, request) + @secure def render(self, request): - try: - component.get("Auth").check_request(request, - level=AUTH_LEVEL_DEFAULT) - except AuthError: - request.setResponseCode(http.FORBIDDEN) - return '

Forbidden

' - component.get("SessionProxy" ).get_torrent_status(request.torrent_id, PEERS_KEYS ).addCallback(self.on_got_peers, request)