Skip to content

Commit 306d99e

Browse files
golluxgollux
committed
CWS API: Report login errors properly
Previously, HTML with the login page was returned.
1 parent fbc6e88 commit 306d99e

1 file changed

Lines changed: 27 additions & 8 deletions

File tree

  • cms/server/contest/handlers

cms/server/contest/handlers/api.py

Lines changed: 27 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -20,13 +20,11 @@
2020
2121
"""
2222

23+
from collections.abc import Callable
24+
import functools
2325
import ipaddress
2426
import logging
25-
26-
try:
27-
import tornado4.web as tornado_web
28-
except ImportError:
29-
import tornado.web as tornado_web
27+
import typing
3028

3129
from cms.db.submission import Submission
3230
from cms.server import multi_contest
@@ -49,6 +47,27 @@ def __init__(self, *args, **kwargs):
4947
self.api_request = True
5048

5149

50+
_P = typing.ParamSpec("_P")
51+
_R = typing.TypeVar("_R")
52+
_Self = typing.TypeVar("_Self", bound="ApiContestHandler")
53+
54+
def api_login_required(
55+
func: Callable[typing.Concatenate[_Self, _P], _R],
56+
) -> Callable[typing.Concatenate[_Self, _P], _R | None]:
57+
"""A decorator filtering out unauthenticated requests.
58+
59+
"""
60+
61+
@functools.wraps(func)
62+
def wrapped(self: _Self, *args: _P.args, **kwargs: _P.kwargs):
63+
if not self.current_user:
64+
self.json({"error": "An authenticated user is required"}, 403)
65+
else:
66+
return func(self, *args, **kwargs)
67+
68+
return wrapped
69+
70+
5271
class ApiLoginHandler(ApiContestHandler):
5372
"""Login handler.
5473
@@ -101,7 +120,7 @@ class ApiTaskListHandler(ApiContestHandler):
101120
"""Handler to list all tasks and their statements.
102121
103122
"""
104-
@tornado_web.authenticated
123+
@api_login_required
105124
@actual_phase_required(0, 3)
106125
@multi_contest
107126
def get(self):
@@ -121,7 +140,7 @@ class ApiSubmitHandler(ApiContestHandler):
121140
"""Handles the received submissions.
122141
123142
"""
124-
@tornado_web.authenticated
143+
@api_login_required
125144
@actual_phase_required(0, 3)
126145
@multi_contest
127146
def post(self, task_name: str):
@@ -156,7 +175,7 @@ class ApiSubmissionListHandler(ApiContestHandler):
156175
"""Retrieves the list of submissions on a task.
157176
158177
"""
159-
@tornado_web.authenticated
178+
@api_login_required
160179
@actual_phase_required(0, 3)
161180
@multi_contest
162181
def get(self, task_name: str):

0 commit comments

Comments
 (0)