From 1f07cb927a9449c4f9870611b2d20dec30f034c2 Mon Sep 17 00:00:00 2001
From: Henri <git@henrici.name>
Date: Sat, 4 May 2024 22:09:32 +0200
Subject: [PATCH] Allow non-ssl login in case SSL/TLS is not used

---
 src/wgfrontend/webapp.py | 37 ++++++++++++++++++++-----------------
 1 file changed, 20 insertions(+), 17 deletions(-)

diff --git a/src/wgfrontend/webapp.py b/src/wgfrontend/webapp.py
index 7693ae0..2211fc2 100644
--- a/src/wgfrontend/webapp.py
+++ b/src/wgfrontend/webapp.py
@@ -74,7 +74,9 @@ class WebApp():
     def check_username_and_password(self, username, password):
         """Check whether provided username and password are valid when authenticating"""
         if (username in self.cfg.users) and (pwdtools.verify_password(self.cfg.users[username], password)):
+            cherrypy.log('Login of user: ' + username, context='WEBAPP', severity=logging.INFO, traceback=False)
             return
+        cherrypy.log('Login failed for user: ' + username, context='WEBAPP', severity=logging.WARNING, traceback=False)
         return 'invalid username/password'
 
     def login_screen(self, from_page='..', username='', error_msg='', **kwargs):
@@ -105,6 +107,23 @@ def run_webapp(cfg):
     """Runs the CherryPy web application with the provided configuration data"""
     script_path = os.path.dirname(os.path.abspath(__file__))
     app = WebApp(cfg)
+    # Use SSL if certificate files exist
+    ssl = os.path.exists(cfg.sslcertfile) and os.path.exists(cfg.sslkeyfile)
+    if ssl:
+        # Use ssl/tls if certificate files are present
+        cherrypy.server.ssl_module = 'builtin'
+        cherrypy.server.ssl_certificate = cfg.sslcertfile
+        cherrypy.server.ssl_private_key = cfg.sslkeyfile
+    # Define socket parameters
+    cherrypy.config.update({'server.socket_host': cfg.socket_host,
+                            'server.socket_port': cfg.socket_port,
+                           })
+    # Select environment
+    cherrypy.config.update({'staging':
+                             {
+                               'environment' : 'production'
+                             }
+                           })
     # Configure the web application
     app_conf = {
       'global': {
@@ -112,7 +131,7 @@ def run_webapp(cfg):
        },
        '/': {
             'tools.sessions.on': True,
-            'tools.sessions.secure': True,
+            'tools.sessions.secure': ssl,
             'tools.sessions.httponly': True,
             'tools.staticdir.root': os.path.join(script_path, 'webroot'),
             'tools.session_auth.on': True,
@@ -136,22 +155,6 @@ def run_webapp(cfg):
             'tools.staticfile.filename': os.path.join(script_path, 'webroot', 'static', 'favicon.ico')
         }
     }
-    # Use SSL if certificate files exist
-    if os.path.exists(cfg.sslcertfile) and os.path.exists(cfg.sslkeyfile):
-        # Use ssl/tls if certificate files are present
-        cherrypy.server.ssl_module = 'builtin'
-        cherrypy.server.ssl_certificate = cfg.sslcertfile
-        cherrypy.server.ssl_private_key = cfg.sslkeyfile
-    # Define socket parameters
-    cherrypy.config.update({'server.socket_host': cfg.socket_host,
-                            'server.socket_port': cfg.socket_port,
-                           })
-    # Select environment
-    cherrypy.config.update({'staging':
-                             {
-                               'environment' : 'production'
-                             }
-                           })
     # Start CherryPy
     cherrypy.tree.mount(app, config=app_conf)
     if setupenv.is_root():