# HG changeset patch # User Martin Bornhold # Date 2016-08-08 06:29:10 # Node ID bc63cba1c6dcf4f11624592f65a2195cc05b3550 # Parent cb08eb7bfec5e217c9ea67ef60c4d6cf14e5795d vcs: Pass registry to vcs for user authentication. Explicit pass the registry insted of indirectly using it via pyramids thread locals. diff --git a/rhodecode/authentication/base.py b/rhodecode/authentication/base.py --- a/rhodecode/authentication/base.py +++ b/rhodecode/authentication/base.py @@ -509,7 +509,7 @@ def get_auth_cache_manager(custom_ttl=No def authenticate(username, password, environ=None, auth_type=None, - skip_missing=False): + skip_missing=False, registry=None): """ Authentication function used for access control, It tries to authenticate based on enabled authentication modules. @@ -526,7 +526,7 @@ def authenticate(username, password, env % auth_type) headers_only = environ and not (username and password) - authn_registry = get_authn_registry() + authn_registry = get_authn_registry(registry) for plugin in authn_registry.get_plugins_for_authentication(): plugin.set_auth_type(auth_type) user = plugin.get_user(username) diff --git a/rhodecode/lib/base.py b/rhodecode/lib/base.py --- a/rhodecode/lib/base.py +++ b/rhodecode/lib/base.py @@ -205,11 +205,12 @@ def vcs_operation_context( class BasicAuth(AuthBasicAuthenticator): - def __init__(self, realm, authfunc, auth_http_code=None, + def __init__(self, realm, authfunc, registry, auth_http_code=None, initial_call_detection=False): self.realm = realm self.initial_call = initial_call_detection self.authfunc = authfunc + self.registry = registry self._rc_auth_http_code = auth_http_code def _get_response_from_code(self, http_code): @@ -242,7 +243,8 @@ class BasicAuth(AuthBasicAuthenticator): if len(_parts) == 2: username, password = _parts if self.authfunc( - username, password, environ, VCS_TYPE): + username, password, environ, VCS_TYPE, + registry=self.registry): return username if username and password: # we mark that we actually executed authentication once, at diff --git a/rhodecode/lib/middleware/simplevcs.py b/rhodecode/lib/middleware/simplevcs.py --- a/rhodecode/lib/middleware/simplevcs.py +++ b/rhodecode/lib/middleware/simplevcs.py @@ -82,7 +82,8 @@ class SimpleVCS(object): SCM = 'unknown' - def __init__(self, application, config): + def __init__(self, application, config, registry): + self.registry = registry self.application = application self.config = config # base path of repo locations @@ -90,9 +91,9 @@ class SimpleVCS(object): # authenticate this VCS request using authfunc auth_ret_code_detection = \ str2bool(self.config.get('auth_ret_code_detection', False)) - self.authenticate = BasicAuth('', authenticate, - config.get('auth_ret_code'), - auth_ret_code_detection) + self.authenticate = BasicAuth( + '', authenticate, registry, config.get('auth_ret_code'), + auth_ret_code_detection) self.ip_addr = '0.0.0.0' @property @@ -284,7 +285,8 @@ class SimpleVCS(object): # try to auth based on environ, container auth methods log.debug('Running PRE-AUTH for container based authentication') - pre_auth = authenticate('', '', environ,VCS_TYPE) + pre_auth = authenticate( + '', '', environ, VCS_TYPE, registry=self.registry) if pre_auth and pre_auth.get('username'): username = pre_auth['username'] log.debug('PRE-AUTH got %s as username', username) diff --git a/rhodecode/lib/middleware/vcs.py b/rhodecode/lib/middleware/vcs.py --- a/rhodecode/lib/middleware/vcs.py +++ b/rhodecode/lib/middleware/vcs.py @@ -126,23 +126,24 @@ class GunzipMiddleware(object): class VCSMiddleware(object): - def __init__(self, app, config, appenlight_client): + def __init__(self, app, config, appenlight_client, registry): self.application = app self.config = config self.appenlight_client = appenlight_client + self.registry = registry def _get_handler_app(self, environ): app = None if is_hg(environ): - app = SimpleHg(self.application, self.config) + app = SimpleHg(self.application, self.config, self.registry) if is_git(environ): - app = SimpleGit(self.application, self.config) + app = SimpleGit(self.application, self.config, self.registry) proxy_svn = rhodecode.CONFIG.get( 'rhodecode_proxy_subversion_http_requests', False) if proxy_svn and is_svn(environ): - app = SimpleSvn(self.application, self.config) + app = SimpleSvn(self.application, self.config, self.registry) if app: app = GunzipMiddleware(app)