From bd8b8ca410f40e64a9c84977c8d6d09b9e60b4ec Mon Sep 17 00:00:00 2001
From: Jakob Ketterl <jakob.ketterl@gmx.de>
Date: Sun, 23 Feb 2020 21:52:13 +0100
Subject: [PATCH] session cookie handling

---
 owrx/controllers/session.py  | 6 +-----
 owrx/controllers/settings.py | 4 ++++
 owrx/http.py                 | 9 +++++++--
 3 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/owrx/controllers/session.py b/owrx/controllers/session.py
index e4da220..bb40bd4 100644
--- a/owrx/controllers/session.py
+++ b/owrx/controllers/session.py
@@ -2,9 +2,6 @@ from .template import WebpageController
 from urllib.parse import parse_qs
 from uuid import uuid4
 from http.cookies import SimpleCookie
-import logging
-
-logger = logging.getLogger(__name__)
 
 
 class SessionStorage(object):
@@ -43,14 +40,13 @@ class SessionController(WebpageController):
     def processLoginAction(self):
         data = parse_qs(self.get_body().decode("utf-8"))
         data = {k: v[0] for k, v in data.items()}
-        logger.debug(data)
         if "user" in data and "password" in data:
             # TODO actually check user and password
             if data["user"] == "admin" and data["password"] == "password":
                 # TODO pass the final destination
                 key = SessionStorage.getSharedInstance().startSession({"user": data["user"]})
                 cookie = SimpleCookie()
-                cookie["session"] = key
+                cookie["owrx-session"] = key
                 self.send_redirect("/settings", cookies=cookie)
             else:
                 self.send_redirect("/login")
diff --git a/owrx/controllers/settings.py b/owrx/controllers/settings.py
index 2a8e768..748c646 100644
--- a/owrx/controllers/settings.py
+++ b/owrx/controllers/settings.py
@@ -1,8 +1,12 @@
 from . import Controller
+from .session import SessionStorage
 
 
 class Authentication(object):
     def isAuthenticated(self, request):
+        if "owrx-session" in request.cookies:
+            session = SessionStorage.getSharedInstance().getSession(request.cookies["owrx-session"].value)
+            return session is not None
         return False
 
 
diff --git a/owrx/http.py b/owrx/http.py
index 3927bf8..07d7867 100644
--- a/owrx/http.py
+++ b/owrx/http.py
@@ -17,6 +17,7 @@ from http.server import BaseHTTPRequestHandler
 from urllib.parse import urlparse, parse_qs
 import re
 from abc import ABC, abstractmethod
+from http.cookies import SimpleCookie
 
 import logging
 
@@ -40,11 +41,12 @@ class RequestHandler(BaseHTTPRequestHandler):
 
 
 class Request(object):
-    def __init__(self, url, method):
+    def __init__(self, url, method, cookies):
         self.path = url.path
         self.query = parse_qs(url.query)
         self.matches = None
         self.method = method
+        self.cookies = cookies
 
     def setMatches(self, matches):
         self.matches = matches
@@ -111,7 +113,10 @@ class Router(object):
 
     def route(self, handler, method):
         url = urlparse(handler.path)
-        request = Request(url, method)
+        cookies = SimpleCookie()
+        if "Cookie" in handler.headers:
+            cookies.load(handler.headers["Cookie"])
+        request = Request(url, method, cookies)
         route = self.find_route(request)
         if route is not None:
             controller = route.controller