# HG changeset patch # User osimons # Date 1259136724 0 # Node ID cd4405466a77feb20a1e0161f600d0a28db3ac8f # Parent ec43da7bb63c01ccfa1f26ac8156e1c11130209c Add a `referer=` argument when logging in, and redirect to a Bitten URL so that slave doesn't need non-build permissions. Closes #459. diff --git a/bitten/master.py b/bitten/master.py --- a/bitten/master.py +++ b/bitten/master.py @@ -99,8 +99,8 @@ if 'id' not in req.args: if req.method != 'POST': - self._send_error(req, HTTP_METHOD_NOT_ALLOWED, - 'Only POST allowed for build creation') + self._send_response(req, + body='Only POST allowed for build creation.') return self._process_build_creation(req, slave_token) build = Build.fetch(self.env, req.args['id']) diff --git a/bitten/slave.py b/bitten/slave.py --- a/bitten/slave.py +++ b/bitten/slave.py @@ -192,10 +192,12 @@ try: try: if self.username and not self.auth_map.get(url): + login_url = '%s/login?referer=%s' % (url[:-7], + urllib.quote_plus(url)) # First request to url, authentication needed if self.form_auth: log.debug('Performing http form authentication') - resp = self.request('POST', url[:-7] + '/login') + resp = self.request('POST', login_url) match = FORM_TOKEN_RE.search(resp.read()) if not match: log.error("Project %s does not support form " @@ -207,11 +209,11 @@ None, url)[1], 'referer': '', '__FORM_TOKEN': match.group(1)} - self.request('POST', url[:-7] + '/login', + self.request('POST', login_url, body=urllib.urlencode(values)) else: log.debug('Performing basic/digest authentication') - self.request('HEAD', url[:-7] + '/login') + self.request('HEAD', login_url) self.auth_map[url] = True elif self.username: log.debug('Reusing authentication information.') diff --git a/bitten/tests/master.py b/bitten/tests/master.py --- a/bitten/tests/master.py +++ b/bitten/tests/master.py @@ -144,8 +144,8 @@ self.assertRaises(RequestDone, module.process_request, req) - self.assertEquals(405, outheaders['Status']) - self.assertEquals('Only POST allowed for build creation', + self.assertEquals(200, outheaders['Status']) + self.assertEquals('Only POST allowed for build creation.', outbody.getvalue()) def test_create_build_no_match(self):