[WebInterface] Authentification

<<

lyr@d

Posts: 3

Joined: Sun Sep 25, 2011 1:26 am

Post Mon Sep 26, 2011 4:59 pm

[WebInterface] Authentification

Hay guys,

I installed pyload on my server, looks good !
Is there a way to set off the authentification system? Or make an auto-authentification with an account given in pyload.conf maybye?

In fact I need an extern auth (mysql or ldap), but pyload doesn't implement anything like this (He should do in a future version, at least LDAP!!!), so, what did I do :

1) Virtual Apache server with LDAP auth : pyload.xxxx.com
2) On the virtual serv, set an HTML page with Iframe, calling pyload at : xxxx.com:8000
3) Config pyload webinterface to only accept local connections, means he'll only accept the iframe connection.

And that runs guys! The only problem is the pyload login page! I want all users loged by apache/ldap use the SAME pyload account : How to set a default account for the web interface and force the auth without any login ask ????

Here (http://pyload.org/configuration) i can see in [webinterface] section :
"username None sets the username to use to authenticate in the webinterface
password webpw sets the password for the webinterface login"

That looks like what i need, but when I change pyload.conf to add those params and restart pyload, they are deleted and the login page still appears...

My pyload.conf webinterface section :

webinterface - "Webinterface":
str template : "Template" = default
bool activated : "Activated" = True
builtin;threaded;fastcgi;lightweight server : "Server" = builtin
ip host : "IP" = 127.0.0.1
bool https : "Use HTTPS" = False
int port : "Port" = 8000
str username : "Username " = Johny
str password : "Password " = BeGood


Of course the account Johny exists and i can log in through the login page.
My pyload version is 0.4.7...

Any idea?
Thanks!

PS : Sry for the experimental english...
<<

RaNaN

Site Admin

Posts: 1183

Joined: Sat Jul 10, 2010 12:26 pm

Post Mon Sep 26, 2011 5:10 pm

Re: [WebInterface] Authentification

No authentication is not possible, but can be achieved with some code modifications.
<<

lyr@d

Posts: 3

Joined: Sun Sep 25, 2011 1:26 am

Post Mon Sep 26, 2011 5:39 pm

Re: [WebInterface] Authentification

Arf, ok thanks...

So username and password describes on configuration page are not supported?

What should be possible is to set a default value in the login and password inputs. Users will just have to click on "Login"...

I try to modify /usr/share/pyload/module/web/templates/default/login.html (I installed pyload package on a Debian) like this :
<input type="text" size="20" name="username" value="Jonhy"/>
<input type="password" size="20" name="password" value="BeGood">

But no way, fields are empty on the login page... /module/web/templates/default/login.html is it the file to modify ???
Must I compile something? (If I modify a .py, I guess yes, but just with a html template?

Thanks!
<<

RaNaN

Site Admin

Posts: 1183

Joined: Sat Jul 10, 2010 12:26 pm

Post Mon Sep 26, 2011 5:51 pm

Re: [WebInterface] Authentification

You have to restart everything, but modifying login at the python files should be better way.
<<

lyr@d

Posts: 3

Joined: Sun Sep 25, 2011 1:26 am

Post Mon Sep 26, 2011 6:53 pm

Re: [WebInterface] Authentification

Yes it runs thanks, I epic failed forgot to restart..........

I will not change python files to remove auth, because I need to keep 2 pyload users, to difficult python for me :
- 1 for low priv, all users
- 1 for admin, for me :)

But its okay like that, i will maybye add some jvs to auto-confirm authentifiaction form after 5 seconds....

Pyload is a nice work, but you should think about add an user auth trought LDAP in the further realases : I manage a board with proftpd, subsonic, rutorrent, mybb... using a mysql/ldap auth system and pyload is the only service i can't use with that, so sad!

Thanks a lot!
<<

KurrKurr

Posts: 16

Joined: Tue Feb 01, 2011 10:20 pm

Post Fri Sep 30, 2011 2:24 pm

Re: [WebInterface] Authentification

Could you please post the HTML file, that displays your pyload webinterface on port 80?

I'm not good with the HTML stuff...

Thanks
<<

mentex

Posts: 5

Joined: Sat Jan 28, 2012 4:14 pm

Post Sun Apr 22, 2012 12:16 am

Re: [WebInterface] Authentification

could someone please describe how to disable the authentication for the webinterface?
<<

dna

Posts: 1

Joined: Wed Aug 22, 2012 2:27 pm

Post Wed Aug 22, 2012 2:45 pm

Re: [WebInterface] Authentification

Dear all,

It's an old post but here might be some useful info for people looking to "disable" authentication in the webinterface module.
today I've setted up pyLoad in my home network (which is fully kerberized). And I came to to this exact point : how to bypass the webinterface login page. Here is a small hack of the webinterface module that enable autologin in pyload.
Please note that I'm not and doesn't claim to be a python developer, so please do not *insult* :)

Done against pyLoad 0.4.9-4

1) Edit the file :
  Code:
<pyload install>/module/web/pyload_app.py

Add the following function

  Code:
@route("/autologin", method="GET")
def autologin():
    user = ***YOUR AUTOLOGIN USER***
    password = ***THE AUTOLOGIN USER PASSWORD***

    info = PYLOAD.checkAuth(user, password)

    if not info:
        return render_to_response("login.html", {"errors": True}, [pre_processor])

    set_session(request, info)
    return redirect("/")


2) Edit the file :
  Code:
<pyload install>/module/web/utils.py

Modify the login_required function
  Code:
def login_required(perm=None):
    def _dec(func):
        def _view(*args, **kwargs):
            s = request.environ.get('beaker.session')
            if s.get("name", None) and s.get("authenticated", False):
                if perm:
                    perms = parse_permissions(s)
                    if perm not in perms or not perms[perm]:
                        if request.headers.get('X-Requested-With') == 'XMLHttpRequest':
                            return HTTPError(403, "Forbidden")
                        else:
                            return redirect("/nopermission")

                return func(*args, **kwargs)
            else:
                if request.headers.get('X-Requested-With') == 'XMLHttpRequest':
                    return HTTPError(403, "Forbidden")
                else:
                    return redirect("/autologin")

        return _view

    return _dec


3) Create the autologin user :
  Code:
pyLoadCore -u

4) If running: restart pyLoad
5) At this point you might want to tweak the autologin user permissions. You can still login manually in your pyLoad box by going to :
  Code:
http(s)://<pyload box>/login

6) You might also take care of the permission of the files modified above, especially
  Code:
<pyload install>/module/web/pyload_app.py
should not be word readable!
7) Enjoy!

Return to General

Who is online

Users browsing this forum: No registered users and 2 guests

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by ST Software for blacklist.org. Modified by pyLoad - Team © 2008-2011