##// END OF EJS Templates
feat(2fa): added 2fa for more auth plugins and moved 2fa forced functionality to ee edition. Fixes: RCCE-68
ilin.s -
r5397:46138ab9 default
parent child Browse files
Show More
@@ -176,9 +176,6 b' class BaseAppView(object):'
176 if not user_obj:
176 if not user_obj:
177 return
177 return
178
178
179 if user_obj.has_forced_2fa and user_obj.extern_type != 'rhodecode':
180 return
181
182 if user_obj.needs_2fa_configure and view_name != self.SETUP_2FA_VIEW:
179 if user_obj.needs_2fa_configure and view_name != self.SETUP_2FA_VIEW:
183 h.flash(
180 h.flash(
184 "You are required to configure 2FA",
181 "You are required to configure 2FA",
@@ -31,7 +31,7 b' import urllib.parse'
31 from rhodecode.translation import _
31 from rhodecode.translation import _
32 from rhodecode.authentication.base import (
32 from rhodecode.authentication.base import (
33 RhodeCodeExternalAuthPlugin, hybrid_property)
33 RhodeCodeExternalAuthPlugin, hybrid_property)
34 from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
34 from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase, TwoFactorAuthnPluginSettingsSchemaMixin
35 from rhodecode.authentication.routes import AuthnPluginResourceBase
35 from rhodecode.authentication.routes import AuthnPluginResourceBase
36 from rhodecode.lib.colander_utils import strip_whitespace
36 from rhodecode.lib.colander_utils import strip_whitespace
37 from rhodecode.lib.ext_json import json, formatted_json
37 from rhodecode.lib.ext_json import json, formatted_json
@@ -53,7 +53,7 b' class CrowdAuthnResource(AuthnPluginReso'
53 pass
53 pass
54
54
55
55
56 class CrowdSettingsSchema(AuthnPluginSettingsSchemaBase):
56 class CrowdSettingsSchema(TwoFactorAuthnPluginSettingsSchemaMixin, AuthnPluginSettingsSchemaBase):
57 host = colander.SchemaNode(
57 host = colander.SchemaNode(
58 colander.String(),
58 colander.String(),
59 default='127.0.0.1',
59 default='127.0.0.1',
@@ -33,7 +33,7 b' import urllib.error'
33 from rhodecode.translation import _
33 from rhodecode.translation import _
34 from rhodecode.authentication.base import (
34 from rhodecode.authentication.base import (
35 RhodeCodeExternalAuthPlugin, hybrid_property)
35 RhodeCodeExternalAuthPlugin, hybrid_property)
36 from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
36 from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase, TwoFactorAuthnPluginSettingsSchemaMixin
37 from rhodecode.authentication.routes import AuthnPluginResourceBase
37 from rhodecode.authentication.routes import AuthnPluginResourceBase
38 from rhodecode.lib.colander_utils import strip_whitespace
38 from rhodecode.lib.colander_utils import strip_whitespace
39 from rhodecode.model.db import User
39 from rhodecode.model.db import User
@@ -55,7 +55,7 b' class JasigCasAuthnResource(AuthnPluginR'
55 pass
55 pass
56
56
57
57
58 class JasigCasSettingsSchema(AuthnPluginSettingsSchemaBase):
58 class JasigCasSettingsSchema(TwoFactorAuthnPluginSettingsSchemaMixin, AuthnPluginSettingsSchemaBase):
59 service_url = colander.SchemaNode(
59 service_url = colander.SchemaNode(
60 colander.String(),
60 colander.String(),
61 default='https://domain.com/cas/v1/tickets',
61 default='https://domain.com/cas/v1/tickets',
@@ -27,7 +27,7 b' import colander'
27 from rhodecode.translation import _
27 from rhodecode.translation import _
28 from rhodecode.authentication.base import (
28 from rhodecode.authentication.base import (
29 RhodeCodeExternalAuthPlugin, AuthLdapBase, hybrid_property)
29 RhodeCodeExternalAuthPlugin, AuthLdapBase, hybrid_property)
30 from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
30 from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase, TwoFactorAuthnPluginSettingsSchemaMixin
31 from rhodecode.authentication.routes import AuthnPluginResourceBase
31 from rhodecode.authentication.routes import AuthnPluginResourceBase
32 from rhodecode.lib.colander_utils import strip_whitespace
32 from rhodecode.lib.colander_utils import strip_whitespace
33 from rhodecode.lib.exceptions import (
33 from rhodecode.lib.exceptions import (
@@ -245,7 +245,7 b' class AuthLdap(AuthLdapBase):'
245 return dn, user_attrs
245 return dn, user_attrs
246
246
247
247
248 class LdapSettingsSchema(AuthnPluginSettingsSchemaBase):
248 class LdapSettingsSchema(TwoFactorAuthnPluginSettingsSchemaMixin, AuthnPluginSettingsSchemaBase):
249 tls_kind_choices = ['PLAIN', 'LDAPS', 'START_TLS']
249 tls_kind_choices = ['PLAIN', 'LDAPS', 'START_TLS']
250 tls_reqcert_choices = ['NEVER', 'ALLOW', 'TRY', 'DEMAND', 'HARD']
250 tls_reqcert_choices = ['NEVER', 'ALLOW', 'TRY', 'DEMAND', 'HARD']
251 search_scope_choices = ['BASE', 'ONELEVEL', 'SUBTREE']
251 search_scope_choices = ['BASE', 'ONELEVEL', 'SUBTREE']
@@ -31,7 +31,7 b' import socket'
31 from rhodecode.translation import _
31 from rhodecode.translation import _
32 from rhodecode.authentication.base import (
32 from rhodecode.authentication.base import (
33 RhodeCodeExternalAuthPlugin, hybrid_property)
33 RhodeCodeExternalAuthPlugin, hybrid_property)
34 from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
34 from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase, TwoFactorAuthnPluginSettingsSchemaMixin
35 from rhodecode.authentication.routes import AuthnPluginResourceBase
35 from rhodecode.authentication.routes import AuthnPluginResourceBase
36 from rhodecode.lib.colander_utils import strip_whitespace
36 from rhodecode.lib.colander_utils import strip_whitespace
37
37
@@ -51,7 +51,7 b' class PamAuthnResource(AuthnPluginResour'
51 pass
51 pass
52
52
53
53
54 class PamSettingsSchema(AuthnPluginSettingsSchemaBase):
54 class PamSettingsSchema(TwoFactorAuthnPluginSettingsSchemaMixin, AuthnPluginSettingsSchemaBase):
55 service = colander.SchemaNode(
55 service = colander.SchemaNode(
56 colander.String(),
56 colander.String(),
57 default='login',
57 default='login',
@@ -27,7 +27,7 b' import colander'
27 from rhodecode.translation import _
27 from rhodecode.translation import _
28 from rhodecode.lib.utils2 import safe_bytes
28 from rhodecode.lib.utils2 import safe_bytes
29 from rhodecode.model.db import User
29 from rhodecode.model.db import User
30 from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
30 from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase, TwoFactorAuthnPluginSettingsSchemaMixin
31 from rhodecode.authentication.base import (
31 from rhodecode.authentication.base import (
32 RhodeCodeAuthPluginBase, hybrid_property, HTTP_TYPE, VCS_TYPE)
32 RhodeCodeAuthPluginBase, hybrid_property, HTTP_TYPE, VCS_TYPE)
33 from rhodecode.authentication.routes import AuthnPluginResourceBase
33 from rhodecode.authentication.routes import AuthnPluginResourceBase
@@ -182,16 +182,7 b' class RhodeCodeAuthPlugin(RhodeCodeAuthP'
182 return None
182 return None
183
183
184
184
185 class RhodeCodeSettingsSchema(AuthnPluginSettingsSchemaBase):
185 class RhodeCodeSettingsSchema(TwoFactorAuthnPluginSettingsSchemaMixin, AuthnPluginSettingsSchemaBase):
186 global_2fa = colander.SchemaNode(
187 colander.Bool(),
188 default=False,
189 description=_('Force all users to use two factor authentication by enabling this.'),
190 missing=False,
191 title=_('Global 2FA'),
192 widget='bool',
193 )
194
195 auth_restriction_choices = [
186 auth_restriction_choices = [
196 (RhodeCodeAuthPlugin.AUTH_RESTRICTION_NONE, 'All users'),
187 (RhodeCodeAuthPlugin.AUTH_RESTRICTION_NONE, 'All users'),
197 (RhodeCodeAuthPlugin.AUTH_RESTRICTION_SUPER_ADMIN, 'Super admins only'),
188 (RhodeCodeAuthPlugin.AUTH_RESTRICTION_SUPER_ADMIN, 'Super admins only'),
@@ -48,3 +48,17 b' class AuthnPluginSettingsSchemaBase(cola'
48 validator=colander.Range(min=0, max=None),
48 validator=colander.Range(min=0, max=None),
49 widget='int',
49 widget='int',
50 )
50 )
51
52
53 class TwoFactorAuthnPluginSettingsSchemaMixin(colander.MappingSchema):
54 """
55 Mixin for extending plugins with two-factor authentication option.
56 """
57 global_2fa = colander.SchemaNode(
58 colander.Bool(),
59 default=False,
60 description=_('Force all users to use two factor authentication with this plugin.'),
61 missing=False,
62 title=_('enforce 2FA for users'),
63 widget='bool',
64 )
@@ -810,11 +810,10 b' class User(Base, BaseModel):'
810 @hybrid_property
810 @hybrid_property
811 def has_forced_2fa(self):
811 def has_forced_2fa(self):
812 """
812 """
813 Checks if 2fa was forced for ALL users (including current one)
813 Checks if 2fa was forced for current user
814 """
814 """
815 from rhodecode.model.settings import SettingsModel
815 from rhodecode.model.settings import SettingsModel
816 # So now we're supporting only auth_rhodecode_global_2fa
816 if value := SettingsModel().get_setting_by_name(f'{self.extern_type}_global_2fa'):
817 if value := SettingsModel().get_setting_by_name('auth_rhodecode_global_2fa'):
818 return value.app_settings_value
817 return value.app_settings_value
819 return False
818 return False
820
819
@@ -63,7 +63,12 b''
63 %elif node.widget == "password":
63 %elif node.widget == "password":
64 ${h.password(node.name, defaults.get(node.name), class_="large")}
64 ${h.password(node.name, defaults.get(node.name), class_="large")}
65 %elif node.widget == "bool":
65 %elif node.widget == "bool":
66 %if node.name == "global_2fa" and c.rhodecode_edition_id != "EE":
67 <input type="checkbox" disabled/>
68 <%node.description = _('This feature is available in RhodeCode EE edition only. Contact {sales_email} to obtain a trial license.').format(sales_email='<a href="mailto:sales@rhodecode.com">sales@rhodecode.com</a>')%>
69 %else:
66 <div class="checkbox">${h.checkbox(node.name, True, checked=defaults.get(node.name))}</div>
70 <div class="checkbox" >${h.checkbox(node.name, True, checked=defaults.get(node.name))}</div>
71 %endif
67 %elif node.widget == "select":
72 %elif node.widget == "select":
68 ${h.select(node.name, defaults.get(node.name), node.validator.choices, class_="select2AuthSetting")}
73 ${h.select(node.name, defaults.get(node.name), node.validator.choices, class_="select2AuthSetting")}
69 %elif node.widget == "select_with_labels":
74 %elif node.widget == "select_with_labels":
@@ -80,7 +85,7 b''
80 <span class="error-message">${errors.get(node.name)}</span>
85 <span class="error-message">${errors.get(node.name)}</span>
81 <br />
86 <br />
82 %endif
87 %endif
83 <p class="help-block pre-formatting">${node.description}</p>
88 <p class="help-block pre-formatting">${node.description | n}</p>
84 </div>
89 </div>
85 </div>
90 </div>
86 %endfor
91 %endfor
General Comments 0
You need to be logged in to leave comments. Login now