Merge pull request #517 from cpacia/master

Remove authentication for localhost
OpenBazaar · Jan 12, 2017 · fd65bbc · fd65bbc
2 parents 248b43c + 51e7019
commit fd65bbc
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 2 deletions.
diff --git a/api/restapi.py b/api/restapi.py
@@ -44,7 +44,7 @@ class OpenBazaarAPI(APIResource):
     def authenticated(func):
         def _authenticate(self, request):
             session = request.getSession()
-            if session not in self.authenticated_sessions:
+            if session not in self.authenticated_sessions and "localhost" not in self.authenticated_sessions:
                 session.expire()
                 request.setResponseCode(401)
                 request.write('<html><body><div><span style="color:red">Authorization Error</span></div>'

diff --git a/api/ws.py b/api/ws.py
@@ -367,7 +367,9 @@ class AuthenticatedWebSocketProtocol(WebSocketProtocol):
     def validateHeaders(self):
         if "Cookie" in self.headers:
             for session in self.factory.authenticated_sessions:
-                if "TWISTED_SESSION=" + session.uid in self.headers["Cookie"]:
+                if session == "localhost":
+                    return WebSocketProtocol.validateHeaders(self)
+                elif "TWISTED_SESSION=" + session.uid in self.headers["Cookie"]:
                     return WebSocketProtocol.validateHeaders(self)
         return False
 

diff --git a/openbazaard.py b/openbazaard.py
@@ -124,6 +124,8 @@ def on_bootstrap_complete(resp):
 
         # websockets api
         authenticated_sessions = []
+        if interface == "127.0.0.1":
+            authenticated_sessions.append("localhost")
         ws_api = WSFactory(mserver, kserver, only_ip=ALLOWIP)
         ws_factory = AuthenticatedWebSocketFactory(ws_api)
         ws_factory.authenticated_sessions = authenticated_sessions