From 52385f7346d53daa6e990a738a75ea9f7eee0595 Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Wed, 18 Feb 2015 11:04:18 -0500 Subject: [PATCH] Process Token from query string instead of cookie header on the api side for the socket.io service --- .../commands/run_socketio_service.py | 26 +++++++++---------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/awx/main/management/commands/run_socketio_service.py b/awx/main/management/commands/run_socketio_service.py index 2a47818893..a49a7a9e3a 100644 --- a/awx/main/management/commands/run_socketio_service.py +++ b/awx/main/management/commands/run_socketio_service.py @@ -49,23 +49,21 @@ class TowerBaseNamespace(BaseNamespace): return set(['recv_connect']) def valid_user(self): - if 'HTTP_COOKIE' not in self.environ: + if 'QUERY_STRING' not in self.environ: return False else: try: - all_keys = [e.strip() for e in self.environ['HTTP_COOKIE'].split(";")] - for each_key in all_keys: - k, v = each_key.split("=") - if k == "token": - token_actual = urllib.unquote_plus(v).decode().replace("\"","") - auth_token = AuthToken.objects.filter(key=token_actual) - if not auth_token.exists(): - return False - auth_token = auth_token[0] - if not auth_token.expired: - return auth_token.user - else: - return False + k, v = self.environ['QUERY_STRING'].split("=") + if k == "Token": + token_actual = urllib.unquote_plus(v).decode().replace("\"","") + auth_token = AuthToken.objects.filter(key=token_actual) + if not auth_token.exists(): + return False + auth_token = auth_token[0] + if not auth_token.expired: + return auth_token.user + else: + return False except Exception, e: logger.error("Exception validating user: " + str(e)) return False