# HG changeset patch # User Marcin Kuzminski # Date 2016-07-12 17:56:48 # Node ID 23eb57a02d43b2dbafcd812c4c9040026db29e3f # Parent e32483775e829ea1e2fee06d4bc08d9c9e0760eb auth-token: allow other authentication types to use auth-token. Fixes #4070 diff --git a/rhodecode/authentication/base.py b/rhodecode/authentication/base.py --- a/rhodecode/authentication/base.py +++ b/rhodecode/authentication/base.py @@ -490,13 +490,19 @@ def loadplugin(plugin_id): or None on failure. """ # TODO: Disusing pyramids thread locals to retrieve the registry. - authn_registry = get_current_registry().getUtility(IAuthnPluginRegistry) + authn_registry = get_authn_registry() plugin = authn_registry.get_plugin(plugin_id) if plugin is None: log.error('Authentication plugin not found: "%s"', plugin_id) return plugin +def get_authn_registry(registry=None): + registry = registry or get_current_registry() + authn_registry = registry.getUtility(IAuthnPluginRegistry) + return authn_registry + + def get_auth_cache_manager(custom_ttl=None): return caches.get_cache_manager( 'auth_plugins', 'rhodecode.authentication', custom_ttl) @@ -520,7 +526,7 @@ def authenticate(username, password, env % auth_type) headers_only = environ and not (username and password) - authn_registry = get_current_registry().getUtility(IAuthnPluginRegistry) + authn_registry = get_authn_registry() for plugin in authn_registry.get_plugins_for_authentication(): plugin.set_auth_type(auth_type) user = plugin.get_user(username) diff --git a/rhodecode/authentication/plugins/auth_token.py b/rhodecode/authentication/plugins/auth_token.py --- a/rhodecode/authentication/plugins/auth_token.py +++ b/rhodecode/authentication/plugins/auth_token.py @@ -83,13 +83,17 @@ class RhodeCodeAuthPlugin(RhodeCodeAuthP allowed_auth_plugins=None, allowed_auth_sources=None): """ Custom method for this auth that doesn't accept empty users. And also - allows rhodecode and authtoken extern_type to auth with this. But only - via vcs mode + allows users from all other active plugins to use it and also + authenticate against it. But only via vcs mode """ - # only this and rhodecode plugins can use this type - from rhodecode.authentication.plugins import auth_rhodecode - allowed_auth_plugins = [ - self.name, auth_rhodecode.RhodeCodeAuthPlugin.name] + from rhodecode.authentication.base import get_authn_registry + authn_registry = get_authn_registry() + + active_plugins = set( + [x.name for x in authn_registry.get_plugins_for_authentication()]) + active_plugins.discard(self.name) + + allowed_auth_plugins = [self.name] + list(active_plugins) # only for vcs operations allowed_auth_sources = [VCS_TYPE] diff --git a/rhodecode/authentication/views.py b/rhodecode/authentication/views.py --- a/rhodecode/authentication/views.py +++ b/rhodecode/authentication/views.py @@ -26,8 +26,8 @@ from pyramid.httpexceptions import HTTPF from pyramid.renderers import render from pyramid.response import Response -from rhodecode.authentication.base import get_auth_cache_manager -from rhodecode.authentication.interface import IAuthnPluginRegistry +from rhodecode.authentication.base import ( + get_auth_cache_manager, get_authn_registry) from rhodecode.lib import auth from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator from rhodecode.model.forms import AuthSettingsForm @@ -125,7 +125,7 @@ class AuthSettingsView(object): @HasPermissionAllDecorator('hg.admin') def index(self, defaults=None, errors=None, prefix_error=False): defaults = defaults or {} - authn_registry = self.request.registry.getUtility(IAuthnPluginRegistry) + authn_registry = get_authn_registry(self.request.registry) enabled_plugins = SettingsModel().get_auth_plugins() # Create template context and render it.