Merge branch 'master' of https://code.grnet.gr/git/pithos

diff --git a/pithos/admin/static/banner.png b/pithos/admin/static/banner.png
new file mode 100644 (file)
index 0000000..d5c27f4
Binary files /dev/null and b/pithos/admin/static/banner.png differ

diff --git a/pithos/admin/templates/base.html b/pithos/admin/templates/base.html
index 1502dc5..3ff435a 100644 (file)
--- a/pithos/admin/templates/base.html
+++ b/pithos/admin/templates/base.html
@@ -11,6 +11,10 @@
 </head>
 <body>
   <div class="container">
+    <div style="padding: 5px 0px 0px 0px">
+      <img src="/admin/static/banner.png" width="900" height="200">
+    </div>
+
     <ul class="tabs">
       <li{% ifequal tab "home" %} class="active"{% endifequal %}>
         <a href="{% url admin.views.index %}">Home</a>

diff --git a/pithos/admin/views.py b/pithos/admin/views.py
index 9588437..c8f7746 100644 (file)
--- a/pithos/admin/views.py
+++ b/pithos/admin/views.py
@@ -51,11 +51,12 @@ def render(template, tab, **kwargs):
 def requires_admin(func):
     @wraps(func)
     def wrapper(request, *args):
-        if not request.user:
-            login_uri = settings.LOGIN_URL + '?' + urlencode({'next': request.build_absolute_uri()})
-            return HttpResponseRedirect(login_uri)
-        if not request.user_obj.is_admin:
-            return HttpResponse('Forbidden', status=403)
+        if not settings.BYPASS_ADMIN_AUTH:
+            if not request.user:
+                login_uri = settings.LOGIN_URL + '?' + urlencode({'next': request.build_absolute_uri()})
+                return HttpResponseRedirect(login_uri)
+            if not request.user_obj.is_admin:
+                return HttpResponse('Forbidden', status=403)
         return func(request, *args)
     return wrapper
 

diff --git a/pithos/middleware/auth.py b/pithos/middleware/auth.py
index df89ee2..254f57b 100644 (file)
--- a/pithos/middleware/auth.py
+++ b/pithos/middleware/auth.py
@@ -42,12 +42,12 @@ class AuthMiddleware(object):
     def process_request(self, request):
         request.user = None
         
-        # Try to find token in a cookie, in a request header, or as a parameter.
-        token = request.COOKIES.get('X-Auth-Token', None)
+        # Try to find token in a parameter, in a request header, or in a cookie.
+        token = request.REQUEST.get('X-Auth-Token', None)
         if not token:
             token = request.META.get('HTTP_X_AUTH_TOKEN', None)
         if not token:
-            token = request.REQUEST.get('X-Auth-Token', None)
+            token = request.COOKIES.get('X-Auth-Token', None)
         if not token:
             return
         

diff --git a/pithos/settings.py.dist b/pithos/settings.py.dist
index 5c6f9df..bed10a7 100644 (file)
--- a/pithos/settings.py.dist
+++ b/pithos/settings.py.dist
@@ -77,6 +77,8 @@ BACKEND = ('ModularBackend', (backend_module, backend_path, backend_db))
 # Shibboleth-enabled path for authentication.
 LOGIN_URL = "/login"
 
+BYPASS_ADMIN_AUTH = False
+
 # Local time zone for this installation. Choices can be found here:
 # http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
 # although not all choices may be available on all operating systems.
@@ -162,4 +164,3 @@ AUTH_TOKEN_DURATION = 30 * 24
 
 # Default quota for new users.
 DEFAULT_QUOTA = 10 * 1024 * 1024 * 1024
-