registry.py
139 lines
| 5.6 KiB
| text/x-python
|
PythonLexer
| r5088 | # Copyright (C) 2012-2023 RhodeCode GmbH | |||
| r1 | # | |||
| # This program is free software: you can redistribute it and/or modify | ||||
| # it under the terms of the GNU Affero General Public License, version 3 | ||||
| # (only), as published by the Free Software Foundation. | ||||
| # | ||||
| # This program is distributed in the hope that it will be useful, | ||||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
| # GNU General Public License for more details. | ||||
| # | ||||
| # You should have received a copy of the GNU Affero General Public License | ||||
| # along with this program. If not, see <http://www.gnu.org/licenses/>. | ||||
| # | ||||
| # This program is dual-licensed. If you wish to learn more about the | ||||
| # RhodeCode Enterprise Edition, including its added features, Support services, | ||||
| # and proprietary license terms, please see https://rhodecode.com/licenses/ | ||||
| r4885 | import time | |||
| r1 | import logging | |||
| from pyramid.exceptions import ConfigurationError | ||||
| from zope.interface import implementer | ||||
| from rhodecode.authentication.interface import IAuthnPluginRegistry | ||||
| r4885 | from rhodecode.model.settings import SettingsModel | |||
| r1 | from rhodecode.lib.utils2 import safe_str | |||
| r4885 | from rhodecode.lib.statsd_client import StatsdClient | |||
| from rhodecode.lib import rc_cache | ||||
| r1 | ||||
| log = logging.getLogger(__name__) | ||||
| @implementer(IAuthnPluginRegistry) | ||||
| class AuthenticationPluginRegistry(object): | ||||
| r52 | ||||
| # INI settings key to set a fallback authentication plugin. | ||||
| fallback_plugin_key = 'rhodecode.auth_plugin_fallback' | ||||
| def __init__(self, settings): | ||||
| r1 | self._plugins = {} | |||
| r52 | self._fallback_plugin = settings.get(self.fallback_plugin_key, None) | |||
| r1 | ||||
| def add_authn_plugin(self, config, plugin): | ||||
| plugin_id = plugin.get_id() | ||||
| if plugin_id in self._plugins.keys(): | ||||
| raise ConfigurationError( | ||||
| 'Cannot register authentication plugin twice: "%s"', plugin_id) | ||||
| else: | ||||
| log.debug('Register authentication plugin: "%s"', plugin_id) | ||||
| self._plugins[plugin_id] = plugin | ||||
| def get_plugins(self): | ||||
| def sort_key(plugin): | ||||
| return str.lower(safe_str(plugin.get_display_name())) | ||||
| return sorted(self._plugins.values(), key=sort_key) | ||||
| def get_plugin(self, plugin_id): | ||||
| return self._plugins.get(plugin_id, None) | ||||
| r52 | ||||
| r3988 | def get_plugin_by_uid(self, plugin_uid): | |||
| for plugin in self._plugins.values(): | ||||
| if plugin.uid == plugin_uid: | ||||
| return plugin | ||||
| r5057 | def get_cache_call_method(self, cache=True): | |||
| region, _ns = self.get_cache_region() | ||||
| r4220 | ||||
| r4885 | @region.conditional_cache_on_arguments(condition=cache) | |||
| r5057 | def _get_auth_plugins(name: str, key: str, fallback_plugin): | |||
| log.debug('auth-plugins: calculating plugins available for authentication') | ||||
| r103 | ||||
| r5057 | _plugins = [] | |||
| r4885 | # Add all enabled and active plugins to the list. We iterate over the | |||
| # auth_plugins setting from DB because it also represents the ordering. | ||||
| enabled_plugins = SettingsModel().get_auth_plugins() | ||||
| raw_settings = SettingsModel().get_all_settings(cache=False) | ||||
| r5057 | ||||
| r4885 | for plugin_id in enabled_plugins: | |||
| plugin = self.get_plugin(plugin_id) | ||||
| if plugin is not None and plugin.is_active( | ||||
| plugin_cached_settings=raw_settings): | ||||
| # inject settings into plugin, we can re-use the DB fetched settings here | ||||
| plugin._settings = plugin._propagate_settings(raw_settings) | ||||
| r5057 | _plugins.append(plugin) | |||
| r4220 | ||||
| r4885 | # Add the fallback plugin from ini file. | |||
| if fallback_plugin: | ||||
| r4999 | log.warning( | |||
| r4885 | 'Using fallback authentication plugin from INI file: "%s"', | |||
| fallback_plugin) | ||||
| plugin = self.get_plugin(fallback_plugin) | ||||
| r5057 | if plugin is not None and plugin not in _plugins: | |||
| r4885 | plugin._settings = plugin._propagate_settings(raw_settings) | |||
| r5057 | _plugins.append(plugin) | |||
| return _plugins | ||||
| return _get_auth_plugins | ||||
| def get_plugins_for_authentication(self, cache=True): | ||||
| """ | ||||
| Returns a list of plugins which should be consulted when authenticating | ||||
| a user. It only returns plugins which are enabled and active. | ||||
| Additionally, it includes the fallback plugin from the INI file, if | ||||
| `rhodecode.auth_plugin_fallback` is set to a plugin ID. | ||||
| """ | ||||
| _get_auth_plugins = self.get_cache_call_method(cache=cache) | ||||
| r52 | ||||
| r4885 | start = time.time() | |||
| plugins = _get_auth_plugins('rhodecode_auth_plugins', 'v1', self._fallback_plugin) | ||||
| compute_time = time.time() - start | ||||
| r4936 | log.debug('cached method:%s took %.4fs', _get_auth_plugins.__name__, compute_time) | |||
| r103 | ||||
| r4885 | statsd = StatsdClient.statsd | |||
| if statsd: | ||||
| elapsed_time_ms = round(1000.0 * compute_time) # use ms only | ||||
| statsd.timing("rhodecode_auth_plugins_timing.histogram", elapsed_time_ms, | ||||
| use_decimals=False) | ||||
| return plugins | ||||
| r5057 | @classmethod | |||
| def get_cache_region(cls): | ||||
| r5106 | cache_namespace_uid = 'auth_plugins.v1' | |||
| r5057 | region = rc_cache.get_or_create_region('cache_general', cache_namespace_uid) | |||
| return region, cache_namespace_uid | ||||
| @classmethod | ||||
| def invalidate_auth_plugins_cache(cls, hard=True): | ||||
| region, namespace_key = cls.get_cache_region() | ||||
| log.debug('Invalidation cache [%s] region %s for cache_key: %s', | ||||
| 'invalidate_auth_plugins_cache', region, namespace_key) | ||||
| # we use hard cleanup if invalidation is sent | ||||
| rc_cache.clear_cache_namespace(region, namespace_key, method=rc_cache.CLEAR_DELETE) | ||||
