aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAaron LI <aaronly.me@outlook.com>2016-11-18 12:50:12 +0800
committerAaron LI <aaronly.me@outlook.com>2016-11-18 12:50:12 +0800
commit5805759c264adf96e9feea78a3cd3bfc2871b1de (patch)
treedb39479e71018ef18613b10e62af8cc816d63af0
parent2abadd1a0fc88b9ac16533a994353b3cb7449451 (diff)
downloadfg21sim-5805759c264adf96e9feea78a3cd3bfc2871b1de.tar.bz2
webui: Redirect to login page if not authenticated on POST request
* Remove the authentication requirement on GET operation * "main.js": Redirect to the login page if POST response 403 forbidden * "main.js": Use global AJAX events handling instead of `$.ajaxSetup()`
-rw-r--r--fg21sim/webui/handlers/configs.py1
-rw-r--r--fg21sim/webui/handlers/console.py2
-rw-r--r--fg21sim/webui/handlers/index.py5
-rw-r--r--fg21sim/webui/static/js/main.js18
4 files changed, 14 insertions, 12 deletions
diff --git a/fg21sim/webui/handlers/configs.py b/fg21sim/webui/handlers/configs.py
index 9736650..296bd11 100644
--- a/fg21sim/webui/handlers/configs.py
+++ b/fg21sim/webui/handlers/configs.py
@@ -26,7 +26,6 @@ class ConfigsAJAXHandler(BaseRequestHandler):
"""Hook for subclass initialization. Called for each request."""
self.configs = self.application.configmanager
- @tornado.web.authenticated
def get(self):
"""
Handle the READ-ONLY configuration manipulations.
diff --git a/fg21sim/webui/handlers/console.py b/fg21sim/webui/handlers/console.py
index 475ccda..91ad075 100644
--- a/fg21sim/webui/handlers/console.py
+++ b/fg21sim/webui/handlers/console.py
@@ -9,7 +9,6 @@ import logging
import time
import tornado.ioloop
-import tornado.gen
from tornado.escape import json_decode, json_encode
from .base import BaseRequestHandler
@@ -36,7 +35,6 @@ class ConsoleAJAXHandler(BaseRequestHandler):
# from another thread, which executes the submitted task.
self.io_loop = tornado.ioloop.IOLoop.instance()
- @tornado.web.authenticated
def get(self):
"""
Handle the READ-ONLY tasks operations.
diff --git a/fg21sim/webui/handlers/index.py b/fg21sim/webui/handlers/index.py
index e95c310..b351619 100644
--- a/fg21sim/webui/handlers/index.py
+++ b/fg21sim/webui/handlers/index.py
@@ -2,11 +2,9 @@
# MIT license
"""
-Login handler
+Index page handler
"""
-import tornado.web
-
from .base import BaseRequestHandler
@@ -14,6 +12,5 @@ class IndexHandler(BaseRequestHandler):
"""
Index page handler of the Web UI.
"""
- @tornado.web.authenticated
def get(self):
self.render("index.html")
diff --git a/fg21sim/webui/static/js/main.js b/fg21sim/webui/static/js/main.js
index 27638a7..64b65c1 100644
--- a/fg21sim/webui/static/js/main.js
+++ b/fg21sim/webui/static/js/main.js
@@ -9,12 +9,19 @@
/**
- * jQuery settings
+ * jQuery AJAX global callbacks using the global AJAX event handler methods
+ *
+ * NOTE:
+ * It is NOT recommended to use `jQuery.ajaxSetup` which will affect ALL calls
+ * to `jQuery.ajax` or AJAX-based derivatives.
*/
-jQuery.ajaxSetup({
- error: function (error) {
- console.error("AJAX request failed: code:", error.status,
- ", reason:", error.statusText); }
+$(document).ajaxError(function (event, jqxhr, settings, exception) {
+ console.error("AJAX request failed: code:", jqxhr.status,
+ ", reason:", jqxhr.statusText);
+ if (jqxhr.status === 403) {
+ // Forbidden error: redirect to login page
+ window.location.href = "/login";
+ }
});
@@ -37,6 +44,7 @@ var getCookie = function (name) {
return m ? m[1] : undefined;
};
+
/**
* jQuery extension for easier AJAX JSON post
*