rhodecode-enterprise-ce Commit - r5397:46138ab9

feat(2fa): added 2fa for more auth plugins and moved 2fa forced functionality to ee edition. Fixes:

ilin.s -

r5397:46138ab9 default

parent child

rhodecode/apps/_base/__init__.py

0 0 -3

                     if not user_obj:
                         return
-                    if user_obj.has_forced_2fa and user_obj.extern_type != 'rhodecode':
-                        return
                     if user_obj.needs_2fa_configure and view_name != self.SETUP_2FA_VIEW:
                         h.flash(
                             "You are required to configure 2FA",

rhodecode/authentication/plugins/auth_crowd.py

0 +2 -2

             from rhodecode.translation import _
             from rhodecode.authentication.base import (
                 RhodeCodeExternalAuthPlugin, hybrid_property)
-            from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
+            from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase, TwoFactorAuthnPluginSettingsSchemaMixin
             from rhodecode.authentication.routes import AuthnPluginResourceBase
             from rhodecode.lib.colander_utils import strip_whitespace
             from rhodecode.lib.ext_json import json, formatted_json
                 pass
-            class CrowdSettingsSchema(AuthnPluginSettingsSchemaBase):
+            class CrowdSettingsSchema(TwoFactorAuthnPluginSettingsSchemaMixin, AuthnPluginSettingsSchemaBase):
                 host = colander.SchemaNode(
                     colander.String(),
                     default='127.0.0.1',

rhodecode/authentication/plugins/auth_jasig_cas.py

0 +2 -2

             from rhodecode.translation import _
             from rhodecode.authentication.base import (
                 RhodeCodeExternalAuthPlugin, hybrid_property)
-            from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
+            from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase, TwoFactorAuthnPluginSettingsSchemaMixin
             from rhodecode.authentication.routes import AuthnPluginResourceBase
             from rhodecode.lib.colander_utils import strip_whitespace
             from rhodecode.model.db import User
                 pass
-            class JasigCasSettingsSchema(AuthnPluginSettingsSchemaBase):
+            class JasigCasSettingsSchema(TwoFactorAuthnPluginSettingsSchemaMixin, AuthnPluginSettingsSchemaBase):
                 service_url = colander.SchemaNode(
                     colander.String(),
                     default='https://domain.com/cas/v1/tickets',

rhodecode/authentication/plugins/auth_ldap.py

0 +2 -2

             from rhodecode.translation import _
             from rhodecode.authentication.base import (
                 RhodeCodeExternalAuthPlugin, AuthLdapBase, hybrid_property)
-            from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
+            from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase, TwoFactorAuthnPluginSettingsSchemaMixin
             from rhodecode.authentication.routes import AuthnPluginResourceBase
             from rhodecode.lib.colander_utils import strip_whitespace
             from rhodecode.lib.exceptions import (
                     return dn, user_attrs
-            class LdapSettingsSchema(AuthnPluginSettingsSchemaBase):
+            class LdapSettingsSchema(TwoFactorAuthnPluginSettingsSchemaMixin, AuthnPluginSettingsSchemaBase):
                 tls_kind_choices = ['PLAIN', 'LDAPS', 'START_TLS']
                 tls_reqcert_choices = ['NEVER', 'ALLOW', 'TRY', 'DEMAND', 'HARD']
                 search_scope_choices = ['BASE', 'ONELEVEL', 'SUBTREE']

rhodecode/authentication/plugins/auth_pam.py

0 +2 -2

             from rhodecode.translation import _
             from rhodecode.authentication.base import (
                 RhodeCodeExternalAuthPlugin, hybrid_property)
-            from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
+            from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase, TwoFactorAuthnPluginSettingsSchemaMixin
             from rhodecode.authentication.routes import AuthnPluginResourceBase
             from rhodecode.lib.colander_utils import strip_whitespace
                 pass
-            class PamSettingsSchema(AuthnPluginSettingsSchemaBase):
+            class PamSettingsSchema(TwoFactorAuthnPluginSettingsSchemaMixin, AuthnPluginSettingsSchemaBase):
                 service = colander.SchemaNode(
                     colander.String(),
                     default='login',

rhodecode/authentication/plugins/auth_rhodecode.py

0 +2 -11

             from rhodecode.translation import _
             from rhodecode.lib.utils2 import safe_bytes
             from rhodecode.model.db import User
-            from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
+            from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase, TwoFactorAuthnPluginSettingsSchemaMixin
             from rhodecode.authentication.base import (
                 RhodeCodeAuthPluginBase, hybrid_property, HTTP_TYPE, VCS_TYPE)
             from rhodecode.authentication.routes import AuthnPluginResourceBase
                         return None
-            class RhodeCodeSettingsSchema(AuthnPluginSettingsSchemaBase):
+            class RhodeCodeSettingsSchema(TwoFactorAuthnPluginSettingsSchemaMixin, AuthnPluginSettingsSchemaBase):
-                global_2fa = colander.SchemaNode(
-                    colander.Bool(),
-                    default=False,
-                    description=_('Force all users to use two factor authentication by enabling this.'),
-                    missing=False,
-                    title=_('Global 2FA'),
-                    widget='bool',
                 auth_restriction_choices = [
                     (RhodeCodeAuthPlugin.AUTH_RESTRICTION_NONE, 'All users'),
                     (RhodeCodeAuthPlugin.AUTH_RESTRICTION_SUPER_ADMIN, 'Super admins only'),

rhodecode/authentication/schema.py

0 +14 0

@@ -48,3 +48,17 b' class AuthnPluginSettingsSchemaBase(cola'
48	validator=colander.Range(min=0, max=None),	48	validator=colander.Range(min=0, max=None),
49	widget='int',	49	widget='int',
50	)	50	)
		51
		52
		53	class TwoFactorAuthnPluginSettingsSchemaMixin(colander.MappingSchema):
		54	"""
		55	Mixin for extending plugins with two-factor authentication option.
		56	"""
		57	global_2fa = colander.SchemaNode(
		58	colander.Bool(),
		59	default=False,
		60	description=_('Force all users to use two factor authentication with this plugin.'),
		61	missing=False,
		62	title=_('enforce 2FA for users'),
		63	widget='bool',
		64	)

rhodecode/model/db.py

0 +2 -3

                 @hybrid_property
                 def has_forced_2fa(self):
                     """
-                    Checks if 2fa was forced for ALL users (including current one)
+                    Checks if 2fa was forced for current user
                     """
                     from rhodecode.model.settings import SettingsModel
-                    # So now we're supporting only auth_rhodecode_global_2fa
+                    if value := SettingsModel().get_setting_by_name(f'{self.extern_type}_global_2fa'):
-                    if value := SettingsModel().get_setting_by_name('auth_rhodecode_global_2fa'):
                         return value.app_settings_value
                     return False

rhodecode/templates/admin/auth/plugin_settings.mako

0 +7 -2

                                     %elif node.widget == "password":
                                       ${h.password(node.name, defaults.get(node.name), class_="large")}
                                     %elif node.widget == "bool":
-                                      <div class="checkbox">${h.checkbox(node.name, True, checked=defaults.get(node.name))}</div>
+                                        %if node.name == "global_2fa" and c.rhodecode_edition_id != "EE":
+                                            <input type="checkbox" disabled/>
+                                            <%node.description = _('This feature is available in RhodeCode EE edition only. Contact {sales_email} to obtain a trial license.').format(sales_email='<a href="mailto:sales@rhodecode.com">sales@rhodecode.com</a>')%>
+                                        %else:
+                                            <div class="checkbox" >${h.checkbox(node.name, True, checked=defaults.get(node.name))}</div>
+                                        %endif
                                     %elif node.widget == "select":
                                       ${h.select(node.name, defaults.get(node.name), node.validator.choices, class_="select2AuthSetting")}
                                     %elif node.widget == "select_with_labels":
                                       <span class="error-message">${errors.get(node.name)}</span>
                                       <br />
                                     %endif
-                                    <p class="help-block pre-formatting">${node.description}</p>
+                                    <p class="help-block pre-formatting">${node.description | n}</p>
                                   </div>
                                 </div>
                               %endfor

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages