diff options
author | Miguel Jacq <mig@mig5.net> | 2021-08-30 13:41:15 +1000 |
---|---|---|
committer | Miguel Jacq <mig@mig5.net> | 2021-08-30 13:41:15 +1000 |
commit | dd7938a1344138eabf32d91d1ba452670eb4cc04 (patch) | |
tree | e84fda42ec2aaf539eef80d853bab4ae42bb6424 /cli/onionshare_cli/web/web.py | |
parent | a132cd28f5aa20668d5fc52a38f2411458712f04 (diff) | |
parent | 3a07bbe16126c6b14fc7ff553d2ef441e959a333 (diff) | |
download | onionshare-dd7938a1344138eabf32d91d1ba452670eb4cc04.tar.gz onionshare-dd7938a1344138eabf32d91d1ba452670eb4cc04.zip |
Merge develop and resolve conflict
Diffstat (limited to 'cli/onionshare_cli/web/web.py')
-rw-r--r-- | cli/onionshare_cli/web/web.py | 107 |
1 files changed, 13 insertions, 94 deletions
diff --git a/cli/onionshare_cli/web/web.py b/cli/onionshare_cli/web/web.py index a5c26232..3ba27ef7 100644 --- a/cli/onionshare_cli/web/web.py +++ b/cli/onionshare_cli/web/web.py @@ -34,7 +34,6 @@ from flask import ( send_file, __version__ as flask_version, ) -from flask_httpauth import HTTPBasicAuth from flask_socketio import SocketIO from .share_mode import ShareModeWeb @@ -64,18 +63,16 @@ class Web: REQUEST_STARTED = 1 REQUEST_PROGRESS = 2 REQUEST_CANCELED = 3 - REQUEST_RATE_LIMIT = 4 - REQUEST_UPLOAD_INCLUDES_MESSAGE = 5 - REQUEST_UPLOAD_FILE_RENAMED = 6 - REQUEST_UPLOAD_SET_DIR = 7 - REQUEST_UPLOAD_FINISHED = 8 - REQUEST_UPLOAD_CANCELED = 9 - REQUEST_INDIVIDUAL_FILE_STARTED = 10 - REQUEST_INDIVIDUAL_FILE_PROGRESS = 11 - REQUEST_INDIVIDUAL_FILE_CANCELED = 12 - REQUEST_ERROR_DATA_DIR_CANNOT_CREATE = 13 - REQUEST_OTHER = 14 - REQUEST_INVALID_PASSWORD = 15 + REQUEST_UPLOAD_INCLUDES_MESSAGE = 4 + REQUEST_UPLOAD_FILE_RENAMED = 5 + REQUEST_UPLOAD_SET_DIR = 6 + REQUEST_UPLOAD_FINISHED = 7 + REQUEST_UPLOAD_CANCELED = 8 + REQUEST_INDIVIDUAL_FILE_STARTED = 9 + REQUEST_INDIVIDUAL_FILE_PROGRESS = 10 + REQUEST_INDIVIDUAL_FILE_CANCELED = 11 + REQUEST_ERROR_DATA_DIR_CANNOT_CREATE = 12 + REQUEST_OTHER = 13 def __init__(self, common, is_gui, mode_settings, mode="share"): self.common = common @@ -92,8 +89,6 @@ class Web: ) self.app.secret_key = self.common.random_string(8) self.generate_static_url_path() - self.auth = HTTPBasicAuth() - self.auth.error_handler(self.error401) # Verbose mode? if self.common.verbose: @@ -132,9 +127,6 @@ class Web: ] self.q = queue.Queue() - self.password = None - - self.reset_invalid_passwords() self.done = False @@ -191,7 +183,6 @@ class Web: self.app.static_url_path = self.static_url_path self.app.add_url_rule( self.static_url_path + "/<path:filename>", - endpoint="static", view_func=self.app.send_static_file, ) @@ -200,28 +191,6 @@ class Web: Common web app routes between all modes. """ - @self.auth.get_password - def get_pw(username): - if username == "onionshare": - return self.password - else: - return None - - @self.app.before_request - def conditional_auth_check(): - # Allow static files without basic authentication - if request.path.startswith(self.static_url_path + "/"): - return None - - # If public mode is disabled, require authentication - if not self.settings.get("general", "public"): - - @self.auth.login_required - def _check_login(): - return None - - return _check_login() - @self.app.after_request def add_security_headers(r): """ @@ -276,28 +245,6 @@ class Web: f"{self.common.get_resource_path('static')}/img/favicon.ico" ) - def error401(self): - auth = request.authorization - if auth: - if ( - auth["username"] == "onionshare" - and auth["password"] not in self.invalid_passwords - ): - print(f"Invalid password guess: {auth['password']}") - self.add_request(Web.REQUEST_INVALID_PASSWORD, data=auth["password"]) - - self.invalid_passwords.append(auth["password"]) - self.invalid_passwords_count += 1 - - if self.invalid_passwords_count == 20: - self.add_request(Web.REQUEST_RATE_LIMIT) - self.force_shutdown() - print( - "Someone has made too many wrong attempts to guess your password, so OnionShare has stopped the server. Start sharing again and send the recipient a new address to share." - ) - - return render_template("401.html", static_url_path=self.static_url_path), 401 - def error403(self): self.add_request(Web.REQUEST_OTHER, request.path) return render_template("403.html", static_url_path=self.static_url_path), 403 @@ -349,21 +296,6 @@ class Web: """ self.q.put({"type": request_type, "path": path, "data": data}) - def generate_password(self, saved_password=None): - self.common.log("Web", "generate_password", f"saved_password={saved_password}") - if saved_password is not None and saved_password != "": - self.password = saved_password - self.common.log( - "Web", - "generate_password", - f'saved_password sent, so password is: "{self.password}"', - ) - else: - self.password = self.common.build_password() - self.common.log( - "Web", "generate_password", f'built random password: "{self.password}"' - ) - def verbose_mode(self): """ Turn on verbose mode, which will log flask errors to a file. @@ -373,10 +305,6 @@ class Web: log_handler.setLevel(logging.WARNING) self.app.logger.addHandler(log_handler) - def reset_invalid_passwords(self): - self.invalid_passwords_count = 0 - self.invalid_passwords = [] - def force_shutdown(self): """ Stop the flask web server, from the context of the flask app. @@ -433,18 +361,9 @@ class Web: # To stop flask, load http://shutdown:[shutdown_password]@127.0.0.1/[shutdown_password]/shutdown # (We're putting the shutdown_password in the path as well to make routing simpler) if self.running: - if self.password: - requests.get( - f"http://127.0.0.1:{port}/{self.shutdown_password}/shutdown", - auth=requests.auth.HTTPBasicAuth("onionshare", self.password), - ) - else: - requests.get( - f"http://127.0.0.1:{port}/{self.shutdown_password}/shutdown" - ) - - # Reset any password that was in use - self.password = None + requests.get( + f"http://127.0.0.1:{port}/{self.shutdown_password}/shutdown" + ) def cleanup(self): """ |