rhodecode-enterprise-ce Files · rhodecode/authentication/plugins/auth_jasig_cas.py

templating: use .mako as extensions for template files.

marcink - - Load All Authors

File last commit:

r1282:90601d74 default


                r1282:90601d74

default

Download file

             auth_jasig_cas.py
        
                    167 lines
            
             | 5.8 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / rhodecode / authentication / plugins / auth_jasig_cas.py
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        marcink
    
project: added all source files and assets

              r1
            
      # -*- coding: utf-8 -*-

        marcink
    
license: updated copyright year to 2017

              r1271
            
      # Copyright (C) 2012-2017 RhodeCode GmbH

        marcink
    
project: added all source files and assets

              r1
            
      #

      # This program is free software: you can redistribute it and/or modify

      # it under the terms of the GNU Affero General Public License, version 3

      # (only), as published by the Free Software Foundation.

      #

      # This program is distributed in the hope that it will be useful,

      # but WITHOUT ANY WARRANTY; without even the implied warranty of

      # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

      # GNU General Public License for more details.

      #

      # You should have received a copy of the GNU Affero General Public License

      # along with this program.  If not, see <http://www.gnu.org/licenses/>.

      #

      # This program is dual-licensed. If you wish to learn more about the

      # RhodeCode Enterprise Edition, including its added features, Support services,

      # and proprietary license terms, please see https://rhodecode.com/licenses/

      """

      RhodeCode authentication plugin for Jasig CAS

      http://www.jasig.org/cas

      """

      import colander

      import logging

      import rhodecode

      import urllib

      import urllib2

      from pylons.i18n.translation import lazy_ugettext as _

      from sqlalchemy.ext.hybrid import hybrid_property

      from rhodecode.authentication.base import RhodeCodeExternalAuthPlugin

      from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase

      from rhodecode.authentication.routes import AuthnPluginResourceBase

        johbo
    
authn: Add whitespace stripping to authentication plugin settings.

              r55
            
      from rhodecode.lib.colander_utils import strip_whitespace

        marcink
    
project: added all source files and assets

              r1
            
      from rhodecode.lib.utils2 import safe_unicode

      from rhodecode.model.db import User

      log = logging.getLogger(__name__)

      def plugin_factory(plugin_id, *args, **kwds):

          """

          Factory function that is called during plugin discovery.

          It returns the plugin instance.

          """

          plugin = RhodeCodeAuthPlugin(plugin_id)

          return plugin

      class JasigCasAuthnResource(AuthnPluginResourceBase):

          pass

      class JasigCasSettingsSchema(AuthnPluginSettingsSchemaBase):

          service_url = colander.SchemaNode(

              colander.String(),

              default='https://domain.com/cas/v1/tickets',

              description=_('The url of the Jasig CAS REST service'),

        johbo
    
authn: Add whitespace stripping to authentication plugin settings.

              r55
            
              preparer=strip_whitespace,

        marcink
    
project: added all source files and assets

              r1
            
              title=_('URL'),

              widget='string')

      class RhodeCodeAuthPlugin(RhodeCodeExternalAuthPlugin):

          def includeme(self, config):

              config.add_authn_plugin(self)

              config.add_authn_resource(self.get_id(), JasigCasAuthnResource(self))

              config.add_view(

                  'rhodecode.authentication.views.AuthnPluginViewBase',

                  attr='settings_get',

        marcink
    
templating: use .mako as extensions for template files.

              r1282
            
                  renderer='rhodecode:templates/admin/auth/plugin_settings.mako',

        marcink
    
project: added all source files and assets

              r1
            
                  request_method='GET',

                  route_name='auth_home',

                  context=JasigCasAuthnResource)

              config.add_view(

                  'rhodecode.authentication.views.AuthnPluginViewBase',

                  attr='settings_post',

        marcink
    
templating: use .mako as extensions for template files.

              r1282
            
                  renderer='rhodecode:templates/admin/auth/plugin_settings.mako',

        marcink
    
project: added all source files and assets

              r1
            
                  request_method='POST',

                  route_name='auth_home',

                  context=JasigCasAuthnResource)

          def get_settings_schema(self):

              return JasigCasSettingsSchema()

          def get_display_name(self):

              return _('Jasig-CAS')

          @hybrid_property

          def name(self):

              return "jasig-cas"

        johbo
    
authn: Use new is_headers_auth function.

              r108
            
          @property

          def is_headers_auth(self):

        marcink
    
project: added all source files and assets

              r1
            
              return True

          def use_fake_password(self):

              return True

          def user_activation_state(self):

              def_user_perms = User.get_default_user().AuthUser.permissions['global']

              return 'hg.extern_activate.auto' in def_user_perms

          def auth(self, userobj, username, password, settings, **kwargs):

              """

              Given a user object (which may be null), username, a plaintext password,

              and a settings object (containing all the keys needed as listed in settings()),

              authenticate this user's login attempt.

              Return None on failure. On success, return a dictionary of the form:

                  see: RhodeCodeAuthPluginBase.auth_func_attrs

              This is later validated for correctness

              """

              if not username or not password:

                  log.debug('Empty username or password skipping...')

                  return None

        marcink
    
authn: don't use formatted_json to log statements. It totally screws up...

              r12
            
              log.debug("Jasig CAS settings: %s", settings)

        marcink
    
project: added all source files and assets

              r1
            
              params = urllib.urlencode({'username': username, 'password': password})

              headers = {"Content-type": "application/x-www-form-urlencoded",

                         "Accept": "text/plain",

                         "User-Agent": "RhodeCode-auth-%s" % rhodecode.__version__}

              url = settings["service_url"]

        marcink
    
authn: don't use formatted_json to log statements. It totally screws up...

              r12
            
              log.debug("Sent Jasig CAS: \n%s",

                        {"url": url, "body": params, "headers": headers})

        marcink
    
project: added all source files and assets

              r1
            
              request = urllib2.Request(url, params, headers)

              try:

                  response = urllib2.urlopen(request)

              except urllib2.HTTPError as e:

                  log.debug("HTTPError when requesting Jasig CAS (status code: %d)" % e.code)

                  return None

              except urllib2.URLError as e:

                  log.debug("URLError when requesting Jasig CAS url: %s " % url)

                  return None

              # old attrs fetched from RhodeCode database

              admin = getattr(userobj, 'admin', False)

              active = getattr(userobj, 'active', True)

              email = getattr(userobj, 'email', '')

              username = getattr(userobj, 'username', username)

              firstname = getattr(userobj, 'firstname', '')

              lastname = getattr(userobj, 'lastname', '')

              extern_type = getattr(userobj, 'extern_type', '')

              user_attrs = {

                  'username': username,

                  'firstname': safe_unicode(firstname or username),

                  'lastname': safe_unicode(lastname or ''),

                  'groups': [],

                  'email': email or '',

                  'admin': admin or False,

                  'active': active,

                  'active_from_extern': True,

                  'extern_name': username,

                  'extern_type': extern_type,

              }

              log.info('user %s authenticated correctly' % user_attrs['username'])

              return user_attrs

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

marcink project: added all source files and assets	r1	# -- coding: utf-8 --

marcink license: updated copyright year to 2017	r1271	# Copyright (C) 2012-2017 RhodeCode GmbH
marcink project: added all source files and assets	r1	#
		# This program is free software: you can redistribute it and/or modify
		# it under the terms of the GNU Affero General Public License, version 3
		# (only), as published by the Free Software Foundation.
		#
		# This program is distributed in the hope that it will be useful,
		# but WITHOUT ANY WARRANTY; without even the implied warranty of
		# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		# GNU General Public License for more details.
		#
		# You should have received a copy of the GNU Affero General Public License
		# along with this program. If not, see <http://www.gnu.org/licenses/>.
		#
		# This program is dual-licensed. If you wish to learn more about the
		# RhodeCode Enterprise Edition, including its added features, Support services,
		# and proprietary license terms, please see https://rhodecode.com/licenses/

		"""
		RhodeCode authentication plugin for Jasig CAS
		http://www.jasig.org/cas
		"""


		import colander
		import logging
		import rhodecode
		import urllib
		import urllib2

		from pylons.i18n.translation import lazy_ugettext as _
		from sqlalchemy.ext.hybrid import hybrid_property

		from rhodecode.authentication.base import RhodeCodeExternalAuthPlugin
		from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
		from rhodecode.authentication.routes import AuthnPluginResourceBase
johbo authn: Add whitespace stripping to authentication plugin settings.	r55	from rhodecode.lib.colander_utils import strip_whitespace
marcink project: added all source files and assets	r1	from rhodecode.lib.utils2 import safe_unicode
		from rhodecode.model.db import User

		log = logging.getLogger(__name__)


		def plugin_factory(plugin_id, args, *kwds):
		"""
		Factory function that is called during plugin discovery.
		It returns the plugin instance.
		"""
		plugin = RhodeCodeAuthPlugin(plugin_id)
		return plugin


		class JasigCasAuthnResource(AuthnPluginResourceBase):
		pass


		class JasigCasSettingsSchema(AuthnPluginSettingsSchemaBase):
		service_url = colander.SchemaNode(
		colander.String(),
		default='https://domain.com/cas/v1/tickets',
		description=_('The url of the Jasig CAS REST service'),
johbo authn: Add whitespace stripping to authentication plugin settings.	r55	preparer=strip_whitespace,
marcink project: added all source files and assets	r1	title=_('URL'),
		widget='string')


		class RhodeCodeAuthPlugin(RhodeCodeExternalAuthPlugin):

		def includeme(self, config):
		config.add_authn_plugin(self)
		config.add_authn_resource(self.get_id(), JasigCasAuthnResource(self))
		config.add_view(
		'rhodecode.authentication.views.AuthnPluginViewBase',
		attr='settings_get',
marcink templating: use .mako as extensions for template files.	r1282	renderer='rhodecode:templates/admin/auth/plugin_settings.mako',
marcink project: added all source files and assets	r1	request_method='GET',
		route_name='auth_home',
		context=JasigCasAuthnResource)
		config.add_view(
		'rhodecode.authentication.views.AuthnPluginViewBase',
		attr='settings_post',
marcink templating: use .mako as extensions for template files.	r1282	renderer='rhodecode:templates/admin/auth/plugin_settings.mako',
marcink project: added all source files and assets	r1	request_method='POST',
		route_name='auth_home',
		context=JasigCasAuthnResource)

		def get_settings_schema(self):
		return JasigCasSettingsSchema()

		def get_display_name(self):
		return _('Jasig-CAS')

		@hybrid_property
		def name(self):
		return "jasig-cas"

johbo authn: Use new is_headers_auth function.	r108	@property
		def is_headers_auth(self):
marcink project: added all source files and assets	r1	return True

		def use_fake_password(self):
		return True

		def user_activation_state(self):
		def_user_perms = User.get_default_user().AuthUser.permissions['global']
		return 'hg.extern_activate.auto' in def_user_perms

		def auth(self, userobj, username, password, settings, **kwargs):
		"""
		Given a user object (which may be null), username, a plaintext password,
		and a settings object (containing all the keys needed as listed in settings()),
		authenticate this user's login attempt.

		Return None on failure. On success, return a dictionary of the form:

		see: RhodeCodeAuthPluginBase.auth_func_attrs
		This is later validated for correctness
		"""
		if not username or not password:
		log.debug('Empty username or password skipping...')
		return None

marcink authn: don't use formatted_json to log statements. It totally screws up...	r12	log.debug("Jasig CAS settings: %s", settings)
marcink project: added all source files and assets	r1	params = urllib.urlencode({'username': username, 'password': password})
		headers = {"Content-type": "application/x-www-form-urlencoded",
		"Accept": "text/plain",
		"User-Agent": "RhodeCode-auth-%s" % rhodecode.__version__}
		url = settings["service_url"]

marcink authn: don't use formatted_json to log statements. It totally screws up...	r12	log.debug("Sent Jasig CAS: \n%s",
		{"url": url, "body": params, "headers": headers})
marcink project: added all source files and assets	r1	request = urllib2.Request(url, params, headers)
		try:
		response = urllib2.urlopen(request)
		except urllib2.HTTPError as e:
		log.debug("HTTPError when requesting Jasig CAS (status code: %d)" % e.code)
		return None
		except urllib2.URLError as e:
		log.debug("URLError when requesting Jasig CAS url: %s " % url)
		return None

		# old attrs fetched from RhodeCode database
		admin = getattr(userobj, 'admin', False)
		active = getattr(userobj, 'active', True)
		email = getattr(userobj, 'email', '')
		username = getattr(userobj, 'username', username)
		firstname = getattr(userobj, 'firstname', '')
		lastname = getattr(userobj, 'lastname', '')
		extern_type = getattr(userobj, 'extern_type', '')

		user_attrs = {
		'username': username,
		'firstname': safe_unicode(firstname or username),
		'lastname': safe_unicode(lastname or ''),
		'groups': [],
		'email': email or '',
		'admin': admin or False,
		'active': active,
		'active_from_extern': True,
		'extern_name': username,
		'extern_type': extern_type,
		}

		log.info('user %s authenticated correctly' % user_attrs['username'])
		return user_attrs