Allow non-ssl login in case SSL/TLS is not used

2025-04-19 00:45:15 +00:00 · 2024-05-04 22:09:32 +02:00 · 2024-05-04 22:09:32 +02:00 · 1f07cb927a
commit 1f07cb927a
parent 8a979e674a
1 changed files with 20 additions and 17 deletions
--- a/src/wgfrontend/webapp.py
+++ b/src/wgfrontend/webapp.py
@ -74,7 +74,9 @@ class WebApp():
    def check_username_and_password(self, username, password):
        """Check whether provided username and password are valid when authenticating"""
        if (username in self.cfg.users) and (pwdtools.verify_password(self.cfg.users[username], password)):
+            cherrypy.log('Login of user: ' + username, context='WEBAPP', severity=logging.INFO, traceback=False)
            return
+        cherrypy.log('Login failed for user: ' + username, context='WEBAPP', severity=logging.WARNING, traceback=False)
        return 'invalid username/password'

    def login_screen(self, from_page='..', username='', error_msg='', **kwargs):
@ -105,6 +107,23 @@ def run_webapp(cfg):
    """Runs the CherryPy web application with the provided configuration data"""
    script_path = os.path.dirname(os.path.abspath(__file__))
    app = WebApp(cfg)
+    # Use SSL if certificate files exist
+    ssl = os.path.exists(cfg.sslcertfile) and os.path.exists(cfg.sslkeyfile)
+    if ssl:
+        # Use ssl/tls if certificate files are present
+        cherrypy.server.ssl_module = 'builtin'
+        cherrypy.server.ssl_certificate = cfg.sslcertfile
+        cherrypy.server.ssl_private_key = cfg.sslkeyfile
+    # Define socket parameters
+    cherrypy.config.update({'server.socket_host': cfg.socket_host,
+                            'server.socket_port': cfg.socket_port,
+                           })
+    # Select environment
+    cherrypy.config.update({'staging':
+                             {
+                               'environment' : 'production'
+                             }
+                           })
    # Configure the web application
    app_conf = {
      'global': {
@ -112,7 +131,7 @@ def run_webapp(cfg):
       },
       '/': {
            'tools.sessions.on': True,
-            'tools.sessions.secure': True,
+            'tools.sessions.secure': ssl,
            'tools.sessions.httponly': True,
            'tools.staticdir.root': os.path.join(script_path, 'webroot'),
            'tools.session_auth.on': True,
@ -136,22 +155,6 @@ def run_webapp(cfg):
            'tools.staticfile.filename': os.path.join(script_path, 'webroot', 'static', 'favicon.ico')
        }
    }
-    # Use SSL if certificate files exist
-    if os.path.exists(cfg.sslcertfile) and os.path.exists(cfg.sslkeyfile):
-        # Use ssl/tls if certificate files are present
-        cherrypy.server.ssl_module = 'builtin'
-        cherrypy.server.ssl_certificate = cfg.sslcertfile
-        cherrypy.server.ssl_private_key = cfg.sslkeyfile
-    # Define socket parameters
-    cherrypy.config.update({'server.socket_host': cfg.socket_host,
-                            'server.socket_port': cfg.socket_port,
-                           })
-    # Select environment
-    cherrypy.config.update({'staging':
-                             {
-                               'environment' : 'production'
-                             }
-                           })
    # Start CherryPy
    cherrypy.tree.mount(app, config=app_conf)
    if setupenv.is_root():