Title: [opsview] [11593] Allow authtkt cookie to be set when logging in via Opsview REST API
- Revision
- 11593
- Author
- tvoon
- Date
- 2013-02-25 15:56:36 +0000 (Mon, 25 Feb 2013)
Log Message
Allow authtkt cookie to be set when logging in via Opsview REST API
Modified Paths
Modified: trunk/CHANGES
===================================================================
--- trunk/CHANGES 2013-02-25 15:53:26 UTC (rev 11592)
+++ trunk/CHANGES 2013-02-25 15:56:36 UTC (rev 11593)
@@ -10,6 +10,7 @@
check_snmp_sysinfo now returns CRITICAL if it cannot connect to SNMP
SNMP throughput thresholds now have an expanded syntax to handle input and output throughput separately
Updated NRPE to 2.14 due to potential security exposure
+ Allow authtkt cookie to be set when logging into Opsview REST API
NOTICES:
NRPE no longer allows shell metacharacters to be passed as command line arguments to the remote plugin
FIXES:
Modified: trunk/opsview-web/lib/Opsview/Web/Controller/REST.pm
===================================================================
--- trunk/opsview-web/lib/Opsview/Web/Controller/REST.pm 2013-02-25 15:53:26 UTC (rev 11592)
+++ trunk/opsview-web/lib/Opsview/Web/Controller/REST.pm 2013-02-25 15:56:36 UTC (rev 11593)
@@ -332,6 +332,10 @@
# If okay, generate token
if ($logged_in) {
$c->forward( "set_token" );
+
+ if ( $c->req->params->{include_auth_tkt} ) {
+ $c->forward( '/extendticket' );
+ }
}
else {
$c->res->status(401);
Modified: trunk/opsview-web/t/650-api2.t
===================================================================
--- trunk/opsview-web/t/650-api2.t 2013-02-25 15:53:26 UTC (rev 11592)
+++ trunk/opsview-web/t/650-api2.t 2013-02-25 15:56:36 UTC (rev 11593)
@@ -24,7 +24,11 @@
my $expected;
my $ua = Test::WWW::Mechanize->new( stack_depth => 0 );
$ua->add_header( 'content-type' => "text/x-data-dumper" );
-my $json = Test::WWW::Mechanize->new( stack_depth => 0 );
+my $cj = HTTP::Cookies->new();
+my $json = Test::WWW::Mechanize->new(
+ stack_depth => 0,
+ cookie_jar => $cj
+);
$json->add_header( 'content-type' => "application/json" );
my $url_prefix = "http://localhost:3000";
@@ -74,6 +78,30 @@
$content = $json->content;
like( $content, qr%^\{"token":"[0-9a-f]{40}"\}$%, "Got JSON content" );
+# Check for opsview_web_session, but no auth_tkt cookie
+my $cookies_hash = $cj->{COOKIES}->{"localhost.local"}->{"/"};
+ok(
+ exists $cookies_hash->{opsview_web_session},
+ "Exists the opsview_web_session cookie"
+);
+ok( !exists $cookies_hash->{auth_tkt}, "And not auth_tkt cookie" );
+
+$json->post( "$url_prefix/rest/login?include_auth_tkt=1",
+ Content => qq%{"username":"admin","password":"initial"}% );
+is( $json->status, 200, "Can login correctly with auth tkt" );
+$content = $json->content;
+like( $content, qr%^\{"token":"[0-9a-f]{40}"\}$%, "Got JSON content" );
+
+# Do again, check for auth_tkt cookie
+$cookies_hash = $cj->{COOKIES}->{"localhost.local"}->{"/"};
+ok(
+ exists $cookies_hash->{opsview_web_session},
+ "Exists the opsview_web_session cookie"
+);
+ok( exists $cookies_hash->{auth_tkt}, "And auth_tkt cookie is now there!" );
+
+delete $cookies_hash->{auth_tkt};
+
$json->post(
"$url_prefix/rest/login?include_one_time_token=1",
Content => qq%{"username":"admin","password":"initial"}%
_______________________________________________
Opsview-checkins mailing list
Opsview-checkins@lists.opsview.org
http://lists.opsview.org/lists/listinfo/opsview-checkins
