mirror of
https://github.com/9001/copyparty.git
synced 2025-08-19 01:42:20 -06:00
separate http/https logins (breaks ie4 / win3.11 login)
This commit is contained in:
parent
b005acbfda
commit
4310580cd4
|
@ -129,7 +129,6 @@ class HttpCli(object):
|
||||||
self.host = " "
|
self.host = " "
|
||||||
self.ua = " "
|
self.ua = " "
|
||||||
self.is_rclone = False
|
self.is_rclone = False
|
||||||
self.is_ancient = False
|
|
||||||
self.ouparam: dict[str, str] = {}
|
self.ouparam: dict[str, str] = {}
|
||||||
self.uparam: dict[str, str] = {}
|
self.uparam: dict[str, str] = {}
|
||||||
self.cookies: dict[str, str] = {}
|
self.cookies: dict[str, str] = {}
|
||||||
|
@ -254,7 +253,6 @@ class HttpCli(object):
|
||||||
|
|
||||||
self.ua = self.headers.get("user-agent", "")
|
self.ua = self.headers.get("user-agent", "")
|
||||||
self.is_rclone = self.ua.startswith("rclone/")
|
self.is_rclone = self.ua.startswith("rclone/")
|
||||||
self.is_ancient = self.ua.startswith("Mozilla/4.")
|
|
||||||
|
|
||||||
zs = self.headers.get("connection", "").lower()
|
zs = self.headers.get("connection", "").lower()
|
||||||
self.keepalive = "close" not in zs and (
|
self.keepalive = "close" not in zs and (
|
||||||
|
@ -300,7 +298,10 @@ class HttpCli(object):
|
||||||
else:
|
else:
|
||||||
self.keepalive = False
|
self.keepalive = False
|
||||||
|
|
||||||
if self.args.ihead:
|
ptn: Optional[Pattern[str]] = self.conn.lf_url # mypy404
|
||||||
|
self.do_log = not ptn or not ptn.search(self.req)
|
||||||
|
|
||||||
|
if self.args.ihead and self.do_log:
|
||||||
keys = self.args.ihead
|
keys = self.args.ihead
|
||||||
if "*" in keys:
|
if "*" in keys:
|
||||||
keys = list(sorted(self.headers.keys()))
|
keys = list(sorted(self.headers.keys()))
|
||||||
|
@ -345,7 +346,7 @@ class HttpCli(object):
|
||||||
if zso:
|
if zso:
|
||||||
zsll = [x.split("=", 1) for x in zso.split(";") if "=" in x]
|
zsll = [x.split("=", 1) for x in zso.split(";") if "=" in x]
|
||||||
cookies = {k.strip(): unescape_cookie(zs) for k, zs in zsll}
|
cookies = {k.strip(): unescape_cookie(zs) for k, zs in zsll}
|
||||||
for kc, ku in [["cppwd", "pw"], ["b", "b"]]:
|
for kc, ku in (("cppws", "pw"), ("cppwd", "pw"), ("b", "b")):
|
||||||
if kc in cookies and ku not in uparam:
|
if kc in cookies and ku not in uparam:
|
||||||
uparam[ku] = cookies[kc]
|
uparam[ku] = cookies[kc]
|
||||||
else:
|
else:
|
||||||
|
@ -390,16 +391,13 @@ class HttpCli(object):
|
||||||
self.upvol = self.asrv.vfs.apget[self.uname]
|
self.upvol = self.asrv.vfs.apget[self.uname]
|
||||||
|
|
||||||
if self.pw:
|
if self.pw:
|
||||||
self.out_headerlist.append(("Set-Cookie", self.get_pwd_cookie(self.pw)[0]))
|
self.get_pwd_cookie(self.pw)
|
||||||
|
|
||||||
if self.is_rclone:
|
if self.is_rclone:
|
||||||
uparam["dots"] = ""
|
uparam["dots"] = ""
|
||||||
uparam["b"] = ""
|
uparam["b"] = ""
|
||||||
cookies["b"] = ""
|
cookies["b"] = ""
|
||||||
|
|
||||||
ptn: Optional[Pattern[str]] = self.conn.lf_url # mypy404
|
|
||||||
self.do_log = not ptn or not ptn.search(self.req)
|
|
||||||
|
|
||||||
(
|
(
|
||||||
self.can_read,
|
self.can_read,
|
||||||
self.can_write,
|
self.can_write,
|
||||||
|
@ -1850,19 +1848,19 @@ class HttpCli(object):
|
||||||
self.out_headerlist = [
|
self.out_headerlist = [
|
||||||
x
|
x
|
||||||
for x in self.out_headerlist
|
for x in self.out_headerlist
|
||||||
if x[0] != "Set-Cookie" or "cppwd=" not in x[1]
|
if x[0] != "Set-Cookie" or "cppwd" != x[1][:5]
|
||||||
]
|
]
|
||||||
|
|
||||||
dst = self.args.SRS
|
dst = self.args.SRS
|
||||||
if self.vpath:
|
if self.vpath:
|
||||||
dst += quotep(self.vpath)
|
dst += quotep(self.vpath)
|
||||||
|
|
||||||
ck, msg = self.get_pwd_cookie(pwd)
|
msg = self.get_pwd_cookie(pwd)
|
||||||
html = self.j2s("msg", h1=msg, h2='<a href="' + dst + '">ack</a>', redir=dst)
|
html = self.j2s("msg", h1=msg, h2='<a href="' + dst + '">ack</a>', redir=dst)
|
||||||
self.reply(html.encode("utf-8"), headers={"Set-Cookie": ck})
|
self.reply(html.encode("utf-8"))
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def get_pwd_cookie(self, pwd: str) -> tuple[str, str]:
|
def get_pwd_cookie(self, pwd: str) -> str:
|
||||||
if pwd in self.asrv.iacct:
|
if pwd in self.asrv.iacct:
|
||||||
msg = "login ok"
|
msg = "login ok"
|
||||||
dur = int(60 * 60 * self.args.logout)
|
dur = int(60 * 60 * self.args.logout)
|
||||||
|
@ -1879,11 +1877,18 @@ class HttpCli(object):
|
||||||
pwd = "x" # nosec
|
pwd = "x" # nosec
|
||||||
dur = None
|
dur = None
|
||||||
|
|
||||||
r = gencookie("cppwd", pwd, dur)
|
if pwd == "x":
|
||||||
if self.is_ancient:
|
# reset both plaintext and tls
|
||||||
r = r.rsplit(" ", 1)[0]
|
# (only affects active tls cookies when tls)
|
||||||
|
for k in ("cppwd", "cppws") if self.tls else ("cppwd",):
|
||||||
|
ck = gencookie(k, pwd, self.args.R, False, dur)
|
||||||
|
self.out_headerlist.append(("Set-Cookie", ck))
|
||||||
|
else:
|
||||||
|
k = "cppws" if self.tls else "cppwd"
|
||||||
|
ck = gencookie(k, pwd, self.args.R, self.tls, dur)
|
||||||
|
self.out_headerlist.append(("Set-Cookie", ck))
|
||||||
|
|
||||||
return r, msg
|
return msg
|
||||||
|
|
||||||
def handle_mkdir(self) -> bool:
|
def handle_mkdir(self) -> bool:
|
||||||
assert self.parser
|
assert self.parser
|
||||||
|
@ -2802,21 +2807,22 @@ class HttpCli(object):
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def set_k304(self) -> bool:
|
def set_k304(self) -> bool:
|
||||||
ck = gencookie("k304", self.uparam["k304"], 60 * 60 * 24 * 299)
|
ck = gencookie("k304", self.uparam["k304"], self.args.R, False, 86400 * 299)
|
||||||
self.out_headerlist.append(("Set-Cookie", ck))
|
self.out_headerlist.append(("Set-Cookie", ck))
|
||||||
self.redirect("", "?h#cc")
|
self.redirect("", "?h#cc")
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def set_am_js(self) -> bool:
|
def set_am_js(self) -> bool:
|
||||||
v = "n" if self.uparam["am_js"] == "n" else "y"
|
v = "n" if self.uparam["am_js"] == "n" else "y"
|
||||||
ck = gencookie("js", v, 60 * 60 * 24 * 299)
|
ck = gencookie("js", v, self.args.R, False, 86400 * 299)
|
||||||
self.out_headerlist.append(("Set-Cookie", ck))
|
self.out_headerlist.append(("Set-Cookie", ck))
|
||||||
self.reply(b"promoted\n")
|
self.reply(b"promoted\n")
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def set_cfg_reset(self) -> bool:
|
def set_cfg_reset(self) -> bool:
|
||||||
for k in ("k304", "js", "cppwd"):
|
for k in ("k304", "js", "cppwd", "cppws"):
|
||||||
self.out_headerlist.append(("Set-Cookie", gencookie(k, "x", None)))
|
cookie = gencookie(k, "x", self.args.R, False, None)
|
||||||
|
self.out_headerlist.append(("Set-Cookie", cookie))
|
||||||
|
|
||||||
self.redirect("", "?h#cc")
|
self.redirect("", "?h#cc")
|
||||||
return True
|
return True
|
||||||
|
|
|
@ -1555,14 +1555,16 @@ def gen_filekey_dbg(
|
||||||
return ret
|
return ret
|
||||||
|
|
||||||
|
|
||||||
def gencookie(k: str, v: str, dur: Optional[int]) -> str:
|
def gencookie(k: str, v: str, r: str, tls: bool, dur: Optional[int]) -> str:
|
||||||
v = v.replace(";", "")
|
v = v.replace(";", "")
|
||||||
if dur:
|
if dur:
|
||||||
exp = formatdate(time.time() + dur, usegmt=True)
|
exp = formatdate(time.time() + dur, usegmt=True)
|
||||||
else:
|
else:
|
||||||
exp = "Fri, 15 Aug 1997 01:00:00 GMT"
|
exp = "Fri, 15 Aug 1997 01:00:00 GMT"
|
||||||
|
|
||||||
return "{}={}; Path=/; Expires={}; SameSite=Lax".format(k, v, exp)
|
return "{}={}; Path=/{}; Expires={}; HttpOnly{}; SameSite=Lax".format(
|
||||||
|
k, v, r, exp, "; Secure" if tls else ""
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
def humansize(sz: float, terse: bool = False) -> str:
|
def humansize(sz: float, terse: bool = False) -> str:
|
||||||
|
|
Loading…
Reference in a new issue