rhodecode-enterprise-ce Commit - r5397:46138ab9

feat(2fa): added 2fa for more auth plugins and moved 2fa forced functionality to ee edition. Fixes:

ilin.s -

r5397:46138ab9 default

parent child

rhodecode/apps/_base/__init__.py

0 0 -3

                      if not user_obj:
                          return
-                     if user_obj.has_forced_2fa and user_obj.extern_type != 'rhodecode':
-                         return
                      if user_obj.needs_2fa_configure and view_name != self.SETUP_2FA_VIEW:
                          h.flash(
                              "You are required to configure 2FA",

rhodecode/authentication/plugins/auth_crowd.py

0 +2 -2

              from rhodecode.translation import _
              from rhodecode.authentication.base import (
                  RhodeCodeExternalAuthPlugin, hybrid_property)
-             from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
+             from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase, TwoFactorAuthnPluginSettingsSchemaMixin
              from rhodecode.authentication.routes import AuthnPluginResourceBase
              from rhodecode.lib.colander_utils import strip_whitespace
              from rhodecode.lib.ext_json import json, formatted_json
                  pass
-             class CrowdSettingsSchema(AuthnPluginSettingsSchemaBase):
+             class CrowdSettingsSchema(TwoFactorAuthnPluginSettingsSchemaMixin, AuthnPluginSettingsSchemaBase):
                  host = colander.SchemaNode(
                      colander.String(),
                      default='127.0.0.1',

rhodecode/authentication/plugins/auth_jasig_cas.py

0 +2 -2

              from rhodecode.translation import _
              from rhodecode.authentication.base import (
                  RhodeCodeExternalAuthPlugin, hybrid_property)
-             from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
+             from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase, TwoFactorAuthnPluginSettingsSchemaMixin
              from rhodecode.authentication.routes import AuthnPluginResourceBase
              from rhodecode.lib.colander_utils import strip_whitespace
              from rhodecode.model.db import User
                  pass
-             class JasigCasSettingsSchema(AuthnPluginSettingsSchemaBase):
+             class JasigCasSettingsSchema(TwoFactorAuthnPluginSettingsSchemaMixin, AuthnPluginSettingsSchemaBase):
                  service_url = colander.SchemaNode(
                      colander.String(),
                      default='https://domain.com/cas/v1/tickets',

rhodecode/authentication/plugins/auth_ldap.py

0 +2 -2

              from rhodecode.translation import _
              from rhodecode.authentication.base import (
                  RhodeCodeExternalAuthPlugin, AuthLdapBase, hybrid_property)
-             from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
+             from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase, TwoFactorAuthnPluginSettingsSchemaMixin
              from rhodecode.authentication.routes import AuthnPluginResourceBase
              from rhodecode.lib.colander_utils import strip_whitespace
              from rhodecode.lib.exceptions import (
                      return dn, user_attrs
-             class LdapSettingsSchema(AuthnPluginSettingsSchemaBase):
+             class LdapSettingsSchema(TwoFactorAuthnPluginSettingsSchemaMixin, AuthnPluginSettingsSchemaBase):
                  tls_kind_choices = ['PLAIN', 'LDAPS', 'START_TLS']
                  tls_reqcert_choices = ['NEVER', 'ALLOW', 'TRY', 'DEMAND', 'HARD']
                  search_scope_choices = ['BASE', 'ONELEVEL', 'SUBTREE']

rhodecode/authentication/plugins/auth_pam.py

0 +2 -2

              from rhodecode.translation import _
              from rhodecode.authentication.base import (
                  RhodeCodeExternalAuthPlugin, hybrid_property)
-             from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
+             from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase, TwoFactorAuthnPluginSettingsSchemaMixin
              from rhodecode.authentication.routes import AuthnPluginResourceBase
              from rhodecode.lib.colander_utils import strip_whitespace
                  pass
-             class PamSettingsSchema(AuthnPluginSettingsSchemaBase):
+             class PamSettingsSchema(TwoFactorAuthnPluginSettingsSchemaMixin, AuthnPluginSettingsSchemaBase):
                  service = colander.SchemaNode(
                      colander.String(),
                      default='login',

rhodecode/authentication/plugins/auth_rhodecode.py

0 +2 -11

              from rhodecode.translation import _
              from rhodecode.lib.utils2 import safe_bytes
              from rhodecode.model.db import User
-             from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
+             from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase, TwoFactorAuthnPluginSettingsSchemaMixin
              from rhodecode.authentication.base import (
                  RhodeCodeAuthPluginBase, hybrid_property, HTTP_TYPE, VCS_TYPE)
              from rhodecode.authentication.routes import AuthnPluginResourceBase
                          return None
-             class RhodeCodeSettingsSchema(AuthnPluginSettingsSchemaBase):
-                 global_2fa = colander.SchemaNode(
-                     colander.Bool(),
-                     default=False,
-                     description=_('Force all users to use two factor authentication by enabling this.'),
-                     missing=False,
-                     title=_('Global 2FA'),
-                     widget='bool',
+                 )
+             class RhodeCodeSettingsSchema(TwoFactorAuthnPluginSettingsSchemaMixin, AuthnPluginSettingsSchemaBase):
                  auth_restriction_choices = [
                      (RhodeCodeAuthPlugin.AUTH_RESTRICTION_NONE, 'All users'),
                      (RhodeCodeAuthPlugin.AUTH_RESTRICTION_SUPER_ADMIN, 'Super admins only'),

rhodecode/authentication/schema.py

0 +14 0

		@@ -48,3 +48,17 b' class AuthnPluginSettingsSchemaBase(cola'
48	48	validator=colander.Range(min=0, max=None),
49	49	widget='int',
50	50	)
	51
	52
	53	class TwoFactorAuthnPluginSettingsSchemaMixin(colander.MappingSchema):
	54	"""
	55	Mixin for extending plugins with two-factor authentication option.
	56	"""
	57	global_2fa = colander.SchemaNode(
	58	colander.Bool(),
	59	default=False,
	60	description=_('Force all users to use two factor authentication with this plugin.'),
	61	missing=False,
	62	title=_('enforce 2FA for users'),
	63	widget='bool',
	64	)

rhodecode/model/db.py

0 +2 -3

                  @hybrid_property
                  def has_forced_2fa(self):
                      """
-                     Checks if 2fa was forced for ALL users (including current one)
+                     Checks if 2fa was forced for current user
                      """
                      from rhodecode.model.settings import SettingsModel
-                     # So now we're supporting only auth_rhodecode_global_2fa
-                     if value := SettingsModel().get_setting_by_name('auth_rhodecode_global_2fa'):
+                     if value := SettingsModel().get_setting_by_name(f'{self.extern_type}_global_2fa'):
                          return value.app_settings_value
                      return False

rhodecode/templates/admin/auth/plugin_settings.mako

0 +6 -1

                                      %elif node.widget == "password":
                                        ${h.password(node.name, defaults.get(node.name), class_="large")}
                                      %elif node.widget == "bool":
+                                         %if node.name == "global_2fa" and c.rhodecode_edition_id != "EE":
+                                             <input type="checkbox" disabled/>
+                                             <%node.description = _('This feature is available in RhodeCode EE edition only. Contact {sales_email} to obtain a trial license.').format(sales_email='<a href="mailto:sales@rhodecode.com">sales@rhodecode.com</a>')%>
+                                         %else:
                                        <div class="checkbox">${h.checkbox(node.name, True, checked=defaults.get(node.name))}</div>
+                                         %endif
                                      %elif node.widget == "select":
                                        ${h.select(node.name, defaults.get(node.name), node.validator.choices, class_="select2AuthSetting")}
                                      %elif node.widget == "select_with_labels":
                                        <span class="error-message">${errors.get(node.name)}</span>
                                        <br />
                                      %endif
-                                     <p class="help-block pre-formatting">${node.description}</p>
+                                     <p class="help-block pre-formatting">${node.description | n}</p>
                                    </div>
                                  </div>
                                %endfor

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages