rhodecode-enterprise-ce Commit - r2098:02199562

1

# -*- coding: utf-8 -*-

1

# -*- coding: utf-8 -*-

2

3

4

#

4

#

5

# This program is free software: you can redistribute it and/or modify

5

# This program is free software: you can redistribute it and/or modify

6

# it under the terms of the GNU Affero General Public License, version 3

6

# it under the terms of the GNU Affero General Public License, version 3

7

# (only), as published by the Free Software Foundation.

7

# (only), as published by the Free Software Foundation.

8

#

8

#

9

# This program is distributed in the hope that it will be useful,

9

# This program is distributed in the hope that it will be useful,

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

12

# GNU General Public License for more details.

12

# GNU General Public License for more details.

13

#

13

#

14

# You should have received a copy of the GNU Affero General Public License

14

# You should have received a copy of the GNU Affero General Public License

15

# along with this program. If not, see <http://www.gnu.org/licenses/>.

15

# along with this program. If not, see <http://www.gnu.org/licenses/>.

16

#

16

#

17

# This program is dual-licensed. If you wish to learn more about the

17

# This program is dual-licensed. If you wish to learn more about the

18

# RhodeCode Enterprise Edition, including its added features, Support services,

18

# RhodeCode Enterprise Edition, including its added features, Support services,

19

# and proprietary license terms, please see https://rhodecode.com/licenses/

19

# and proprietary license terms, please see https://rhodecode.com/licenses/

20

21

"""

21

"""

22

RhodeCode authentication plugin for built in internal auth

22

RhodeCode authentication plugin for built in internal auth

23

"""

23

"""

24

25

import logging

25

import logging

26

27

from ~~pylons.i18n~~.translation import ~~lazy_ugettext~~ as _

27

from rhodecode.translation import _

28

29

from rhodecode.authentication.base import RhodeCodeAuthPluginBase, hybrid_property

29

from rhodecode.authentication.base import RhodeCodeAuthPluginBase, hybrid_property

30

from rhodecode.authentication.routes import AuthnPluginResourceBase

30

from rhodecode.authentication.routes import AuthnPluginResourceBase

31

from rhodecode.lib.utils2 import safe_str

31

from rhodecode.lib.utils2 import safe_str

32

from rhodecode.model.db import User

32

from rhodecode.model.db import User

33

34

log = logging.getLogger(__name__)

34

log = logging.getLogger(__name__)

35

36

37

def plugin_factory(plugin_id, *args, **kwds):

37

def plugin_factory(plugin_id, *args, **kwds):

38

plugin = RhodeCodeAuthPlugin(plugin_id)

38

plugin = RhodeCodeAuthPlugin(plugin_id)

39

return plugin

39

return plugin

40

41

42

class RhodecodeAuthnResource(AuthnPluginResourceBase):

42

class RhodecodeAuthnResource(AuthnPluginResourceBase):

43

pass

43

pass

44

45

46

class RhodeCodeAuthPlugin(RhodeCodeAuthPluginBase):

46

class RhodeCodeAuthPlugin(RhodeCodeAuthPluginBase):

47

48

def includeme(self, config):

48

def includeme(self, config):

49

config.add_authn_plugin(self)

49

config.add_authn_plugin(self)

50

config.add_authn_resource(self.get_id(), RhodecodeAuthnResource(self))

50

config.add_authn_resource(self.get_id(), RhodecodeAuthnResource(self))

51

config.add_view(

51

config.add_view(

52

'rhodecode.authentication.views.AuthnPluginViewBase',

52

'rhodecode.authentication.views.AuthnPluginViewBase',

53

attr='settings_get',

53

attr='settings_get',

54

renderer='rhodecode:templates/admin/auth/plugin_settings.mako',

54

renderer='rhodecode:templates/admin/auth/plugin_settings.mako',

55

request_method='GET',

55

request_method='GET',

56

route_name='auth_home',

56

route_name='auth_home',

57

context=RhodecodeAuthnResource)

57

context=RhodecodeAuthnResource)

58

config.add_view(

58

config.add_view(

59

'rhodecode.authentication.views.AuthnPluginViewBase',

59

'rhodecode.authentication.views.AuthnPluginViewBase',

60

attr='settings_post',

60

attr='settings_post',

61

renderer='rhodecode:templates/admin/auth/plugin_settings.mako',

61

renderer='rhodecode:templates/admin/auth/plugin_settings.mako',

62

request_method='POST',

62

request_method='POST',

63

route_name='auth_home',

63

route_name='auth_home',

64

context=RhodecodeAuthnResource)

64

context=RhodecodeAuthnResource)

65

66

def get_display_name(self):

66

def get_display_name(self):

67

return _('Rhodecode')

67

return _('Rhodecode')

68

69

@hybrid_property

69

@hybrid_property

70

def name(self):

70

def name(self):

71

return "rhodecode"

71

return "rhodecode"

72

73

def user_activation_state(self):

73

def user_activation_state(self):

74

def_user_perms = User.get_default_user().AuthUser().permissions['global']

74

def_user_perms = User.get_default_user().AuthUser().permissions['global']

75

return 'hg.register.auto_activate' in def_user_perms

75

return 'hg.register.auto_activate' in def_user_perms

76

77

def allows_authentication_from(

77

def allows_authentication_from(

78

self, user, allows_non_existing_user=True,

78

self, user, allows_non_existing_user=True,

79

allowed_auth_plugins=None, allowed_auth_sources=None):

79

allowed_auth_plugins=None, allowed_auth_sources=None):

80

"""

80

"""

81

Custom method for this auth that doesn't accept non existing users.

81

Custom method for this auth that doesn't accept non existing users.

82

We know that user exists in our database.

82

We know that user exists in our database.

83

"""

83

"""

84

allows_non_existing_user = False

84

allows_non_existing_user = False

85

return super(RhodeCodeAuthPlugin, self).allows_authentication_from(

85

return super(RhodeCodeAuthPlugin, self).allows_authentication_from(

86

user, allows_non_existing_user=allows_non_existing_user)

86

user, allows_non_existing_user=allows_non_existing_user)

87

88

def auth(self, userobj, username, password, settings, **kwargs):

88

def auth(self, userobj, username, password, settings, **kwargs):

89

if not userobj:

89

if not userobj:

90

log.debug('userobj was:%s skipping' % (userobj, ))

90

log.debug('userobj was:%s skipping' % (userobj, ))

91

return None

91

return None

92

if userobj.extern_type != self.name:

92

if userobj.extern_type != self.name:

93

log.warning(

93

log.warning(

94

"userobj:%s extern_type mismatch got:`%s` expected:`%s`" %

94

"userobj:%s extern_type mismatch got:`%s` expected:`%s`" %

95

(userobj, userobj.extern_type, self.name))

95

(userobj, userobj.extern_type, self.name))

96

return None

96

return None

97

98

user_attrs = {

98

user_attrs = {

99

"username": userobj.username,

99

"username": userobj.username,

100

"firstname": userobj.firstname,

100

"firstname": userobj.firstname,

101

"lastname": userobj.lastname,

101

"lastname": userobj.lastname,

102

"groups": [],

102

"groups": [],

103

"email": userobj.email,

103

"email": userobj.email,

104

"admin": userobj.admin,

104

"admin": userobj.admin,

105

"active": userobj.active,

105

"active": userobj.active,

106

"active_from_extern": userobj.active,

106

"active_from_extern": userobj.active,

107

"extern_name": userobj.user_id,

107

"extern_name": userobj.user_id,

108

"extern_type": userobj.extern_type,

108

"extern_type": userobj.extern_type,

109

}

109

}

110

111

log.debug("User attributes:%s" % (user_attrs, ))

111

log.debug("User attributes:%s" % (user_attrs, ))

112

if userobj.active:

112

if userobj.active:

113

from rhodecode.lib import auth

113

from rhodecode.lib import auth

114

crypto_backend = auth.crypto_backend()

114

crypto_backend = auth.crypto_backend()

115

password_encoded = safe_str(password)

115

password_encoded = safe_str(password)

116

password_match, new_hash = crypto_backend.hash_check_with_upgrade(

116

password_match, new_hash = crypto_backend.hash_check_with_upgrade(

117

password_encoded, userobj.password)

117

password_encoded, userobj.password)

118

119

if password_match and new_hash:

119

if password_match and new_hash:

120

log.debug('user %s properly authenticated, but '

120

log.debug('user %s properly authenticated, but '

121

'requires hash change to bcrypt', userobj)

121

'requires hash change to bcrypt', userobj)

122

# if password match, and we use OLD deprecated hash,

122

# if password match, and we use OLD deprecated hash,

123

# we should migrate this user hash password to the new hash

123

# we should migrate this user hash password to the new hash

124

# we store the new returned by hash_check_with_upgrade function

124

# we store the new returned by hash_check_with_upgrade function

125

user_attrs['_hash_migrate'] = new_hash

125

user_attrs['_hash_migrate'] = new_hash

126

127

if userobj.username == User.DEFAULT_USER and userobj.active:

127

if userobj.username == User.DEFAULT_USER and userobj.active:

128

log.info(

128

log.info(

129

'user %s authenticated correctly as anonymous user', userobj)

129

'user %s authenticated correctly as anonymous user', userobj)

130

return user_attrs

130

return user_attrs

131

132

elif userobj.username == username and password_match:

132

elif userobj.username == username and password_match:

133

log.info('user %s authenticated correctly', userobj)

133

log.info('user %s authenticated correctly', userobj)

134

return user_attrs

134

return user_attrs

135

log.info("user %s had a bad password when "

135

log.info("user %s had a bad password when "

136

"authenticating on this plugin", userobj)

136

"authenticating on this plugin", userobj)

137

return None

137

return None

138

else:

138

else:

139

log.warning(

139

log.warning(

140

'user `%s` failed to authenticate via %s, reason: account not '

140

'user `%s` failed to authenticate via %s, reason: account not '

141

'active.', username, self.name)

141

'active.', username, self.name)

142

return None

142

return None

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             # -*- coding: utf-8 -*-
             # Copyright (C) 2012-2017 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             RhodeCode authentication plugin for built in internal auth
             """
             import logging
-            from pylons.i18n.translation import lazy_ugettext as _
+            from rhodecode.translation import _
             from rhodecode.authentication.base import RhodeCodeAuthPluginBase, hybrid_property
             from rhodecode.authentication.routes import AuthnPluginResourceBase
             from rhodecode.lib.utils2 import safe_str
             from rhodecode.model.db import User
             log = logging.getLogger(__name__)
             def plugin_factory(plugin_id, *args, **kwds):
                 plugin = RhodeCodeAuthPlugin(plugin_id)
                 return plugin
             class RhodecodeAuthnResource(AuthnPluginResourceBase):
                 pass
             class RhodeCodeAuthPlugin(RhodeCodeAuthPluginBase):
                 def includeme(self, config):
                     config.add_authn_plugin(self)
                     config.add_authn_resource(self.get_id(), RhodecodeAuthnResource(self))
                     config.add_view(
                         'rhodecode.authentication.views.AuthnPluginViewBase',
                         attr='settings_get',
                         renderer='rhodecode:templates/admin/auth/plugin_settings.mako',
                         request_method='GET',
                         route_name='auth_home',
                         context=RhodecodeAuthnResource)
                     config.add_view(
                         'rhodecode.authentication.views.AuthnPluginViewBase',
                         attr='settings_post',
                         renderer='rhodecode:templates/admin/auth/plugin_settings.mako',
                         request_method='POST',
                         route_name='auth_home',
                         context=RhodecodeAuthnResource)
                 def get_display_name(self):
                     return _('Rhodecode')
                 @hybrid_property
                 def name(self):
                     return "rhodecode"
                 def user_activation_state(self):
                     def_user_perms = User.get_default_user().AuthUser().permissions['global']
                     return 'hg.register.auto_activate' in def_user_perms
                 def allows_authentication_from(
                         self, user, allows_non_existing_user=True,
                         allowed_auth_plugins=None, allowed_auth_sources=None):
                     """
                     Custom method for this auth that doesn't accept non existing users.
                     We know that user exists in our database.
                     """
                     allows_non_existing_user = False
                     return super(RhodeCodeAuthPlugin, self).allows_authentication_from(
                         user, allows_non_existing_user=allows_non_existing_user)
                 def auth(self, userobj, username, password, settings, **kwargs):
                     if not userobj:
                         log.debug('userobj was:%s skipping' % (userobj, ))
                         return None
                     if userobj.extern_type != self.name:
                         log.warning(
                             "userobj:%s extern_type mismatch got:`%s` expected:`%s`" %
                             (userobj, userobj.extern_type, self.name))
                         return None
                     user_attrs = {
                         "username": userobj.username,
                         "firstname": userobj.firstname,
                         "lastname": userobj.lastname,
                         "groups": [],
                         "email": userobj.email,
                         "admin": userobj.admin,
                         "active": userobj.active,
                         "active_from_extern": userobj.active,
                         "extern_name": userobj.user_id,
                         "extern_type": userobj.extern_type,
                     }
                     log.debug("User attributes:%s" % (user_attrs, ))
                     if userobj.active:
                         from rhodecode.lib import auth
                         crypto_backend = auth.crypto_backend()
                         password_encoded = safe_str(password)
                         password_match, new_hash = crypto_backend.hash_check_with_upgrade(
                             password_encoded, userobj.password)
                         if password_match and new_hash:
                             log.debug('user %s properly authenticated, but '
                                       'requires hash change to bcrypt', userobj)
                             # if password match, and we use OLD deprecated hash,
                             # we should migrate this user hash password to the new hash
                             # we store the new returned by hash_check_with_upgrade function
                             user_attrs['_hash_migrate'] = new_hash
                         if userobj.username == User.DEFAULT_USER and userobj.active:
                             log.info(
                                 'user %s authenticated correctly as anonymous user', userobj)
                             return user_attrs
                         elif userobj.username == username and password_match:
                             log.info('user %s authenticated correctly', userobj)
                             return user_attrs
                         log.info("user %s had a bad password when "
                                  "authenticating on this plugin", userobj)
                         return None
                     else:
                         log.warning(
                             'user `%s` failed to authenticate via %s, reason: account not '
                             'active.', username, self.name)
                         return None