diff libervia/pages/_bridge/page_meta.py @ 1431:7472d5a88006

browser(bridge): allow some bridge methods for session profile: This let the cache to be filled to retrieve identities, and avoid an error message.
author Goffi <goffi@goffi.org>
date Fri, 04 Jun 2021 17:57:29 +0200
parents b1215347b5c3
children 106bae41f5c8
line wrap: on
line diff
--- a/libervia/pages/_bridge/page_meta.py	Fri Jun 04 14:45:49 2021 +0200
+++ b/libervia/pages/_bridge/page_meta.py	Fri Jun 04 17:57:29 2021 +0200
@@ -1,16 +1,10 @@
 #!/usr/bin/env python3
 
-import tempfile
-import os
-import os.path
 import json
-from twisted.internet import defer
-from twisted.web import static
 from sat.core.i18n import _
 from sat.core.log import getLogger
 from sat_frontends.bridge.bridge_frontend import BridgeException
 from libervia.server.constants import Const as C
-from libervia.server.utils import ProgressHandler
 
 
 log = getLogger(__name__)
@@ -19,6 +13,9 @@
 name = "bridge"
 on_data_post = "continue"
 
+# bridge method allowed when no profile is connected
+NO_SESSION_ALLOWED = ("getContacts", "identitiesBaseGet", "identitiesGet")
+
 
 def parse_url(self, request):
     self.getPathArgs(request, ["method_name"], min_args=1)
@@ -30,11 +27,15 @@
         return self.pageError(request, C.HTTP_BAD_REQUEST)
     data = self.getRData(request)
     profile = self.getProfile(request)
-    if profile is None:
-        log.warning("_bridge endpoint accessed without authorisation")
-        return self.pageError(request, C.HTTP_UNAUTHORIZED)
     self.checkCSRF(request)
     method_name = data["method_name"]
+    if profile is None:
+        if method_name in NO_SESSION_ALLOWED:
+            # this method is allowed, we use the service profile
+            profile = C.SERVICE_PROFILE
+        else:
+            log.warning("_bridge endpoint accessed without authorisation")
+            return self.pageError(request, C.HTTP_UNAUTHORIZED)
     method_data = json.load(request.content)
     try:
         bridge_method = getattr(self.host.restricted_bridge, method_name)