From 51e70197c459084c6f9e1d6c1eb64e8377e54f2f Mon Sep 17 00:00:00 2001 From: Chris Pacia Date: Wed, 11 Jan 2017 16:22:55 -0500 Subject: [PATCH] Remove authentication for localhost --- api/restapi.py | 2 +- api/ws.py | 4 +++- openbazaard.py | 2 ++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/api/restapi.py b/api/restapi.py index 9d87191b..2af49204 100644 --- a/api/restapi.py +++ b/api/restapi.py @@ -44,7 +44,7 @@ class OpenBazaarAPI(APIResource): def authenticated(func): def _authenticate(self, request): session = request.getSession() - if session not in self.authenticated_sessions: + if session not in self.authenticated_sessions and "localhost" not in self.authenticated_sessions: session.expire() request.setResponseCode(401) request.write('
Authorization Error
' diff --git a/api/ws.py b/api/ws.py index 7a5a1bb2..f0916085 100644 --- a/api/ws.py +++ b/api/ws.py @@ -367,7 +367,9 @@ class AuthenticatedWebSocketProtocol(WebSocketProtocol): def validateHeaders(self): if "Cookie" in self.headers: for session in self.factory.authenticated_sessions: - if "TWISTED_SESSION=" + session.uid in self.headers["Cookie"]: + if session == "localhost": + return WebSocketProtocol.validateHeaders(self) + elif "TWISTED_SESSION=" + session.uid in self.headers["Cookie"]: return WebSocketProtocol.validateHeaders(self) return False diff --git a/openbazaard.py b/openbazaard.py index 51dee8e7..7a47e3a2 100644 --- a/openbazaard.py +++ b/openbazaard.py @@ -120,6 +120,8 @@ def on_bootstrap_complete(resp): # websockets api authenticated_sessions = [] + if interface == "127.0.0.1": + authenticated_sessions.append("localhost") ws_api = WSFactory(mserver, kserver, only_ip=ALLOWIP) ws_factory = AuthenticatedWebSocketFactory(ws_api) ws_factory.authenticated_sessions = authenticated_sessions