Show More
@@ -1,121 +1,121 b'' | |||
|
1 | 1 | # -*- coding: utf-8 -*- |
|
2 | 2 | |
|
3 | 3 | # Copyright (C) 2012-2020 RhodeCode GmbH |
|
4 | 4 | # |
|
5 | 5 | # This program is free software: you can redistribute it and/or modify |
|
6 | 6 | # it under the terms of the GNU Affero General Public License, version 3 |
|
7 | 7 | # (only), as published by the Free Software Foundation. |
|
8 | 8 | # |
|
9 | 9 | # This program is distributed in the hope that it will be useful, |
|
10 | 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
11 | 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
12 | 12 | # GNU General Public License for more details. |
|
13 | 13 | # |
|
14 | 14 | # You should have received a copy of the GNU Affero General Public License |
|
15 | 15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
16 | 16 | # |
|
17 | 17 | # This program is dual-licensed. If you wish to learn more about the |
|
18 | 18 | # RhodeCode Enterprise Edition, including its added features, Support services, |
|
19 | 19 | # and proprietary license terms, please see https://rhodecode.com/licenses/ |
|
20 | 20 | |
|
21 | 21 | import time |
|
22 | 22 | import logging |
|
23 | 23 | |
|
24 | 24 | from pyramid.exceptions import ConfigurationError |
|
25 | 25 | from zope.interface import implementer |
|
26 | 26 | |
|
27 | 27 | from rhodecode.authentication.interface import IAuthnPluginRegistry |
|
28 | 28 | from rhodecode.model.settings import SettingsModel |
|
29 | 29 | from rhodecode.lib.utils2 import safe_str |
|
30 | 30 | from rhodecode.lib.statsd_client import StatsdClient |
|
31 | 31 | from rhodecode.lib import rc_cache |
|
32 | 32 | |
|
33 | 33 | log = logging.getLogger(__name__) |
|
34 | 34 | |
|
35 | 35 | |
|
36 | 36 | @implementer(IAuthnPluginRegistry) |
|
37 | 37 | class AuthenticationPluginRegistry(object): |
|
38 | 38 | |
|
39 | 39 | # INI settings key to set a fallback authentication plugin. |
|
40 | 40 | fallback_plugin_key = 'rhodecode.auth_plugin_fallback' |
|
41 | 41 | |
|
42 | 42 | def __init__(self, settings): |
|
43 | 43 | self._plugins = {} |
|
44 | 44 | self._fallback_plugin = settings.get(self.fallback_plugin_key, None) |
|
45 | 45 | |
|
46 | 46 | def add_authn_plugin(self, config, plugin): |
|
47 | 47 | plugin_id = plugin.get_id() |
|
48 | 48 | if plugin_id in self._plugins.keys(): |
|
49 | 49 | raise ConfigurationError( |
|
50 | 50 | 'Cannot register authentication plugin twice: "%s"', plugin_id) |
|
51 | 51 | else: |
|
52 | 52 | log.debug('Register authentication plugin: "%s"', plugin_id) |
|
53 | 53 | self._plugins[plugin_id] = plugin |
|
54 | 54 | |
|
55 | 55 | def get_plugins(self): |
|
56 | 56 | def sort_key(plugin): |
|
57 | 57 | return str.lower(safe_str(plugin.get_display_name())) |
|
58 | 58 | |
|
59 | 59 | return sorted(self._plugins.values(), key=sort_key) |
|
60 | 60 | |
|
61 | 61 | def get_plugin(self, plugin_id): |
|
62 | 62 | return self._plugins.get(plugin_id, None) |
|
63 | 63 | |
|
64 | 64 | def get_plugin_by_uid(self, plugin_uid): |
|
65 | 65 | for plugin in self._plugins.values(): |
|
66 | 66 | if plugin.uid == plugin_uid: |
|
67 | 67 | return plugin |
|
68 | 68 | |
|
69 | 69 | def get_plugins_for_authentication(self, cache=True): |
|
70 | 70 | """ |
|
71 | 71 | Returns a list of plugins which should be consulted when authenticating |
|
72 | 72 | a user. It only returns plugins which are enabled and active. |
|
73 | 73 | Additionally it includes the fallback plugin from the INI file, if |
|
74 | 74 | `rhodecode.auth_plugin_fallback` is set to a plugin ID. |
|
75 | 75 | """ |
|
76 | 76 | |
|
77 | 77 | cache_namespace_uid = 'cache_auth_plugins' |
|
78 | 78 | region = rc_cache.get_or_create_region('cache_general', cache_namespace_uid) |
|
79 | 79 | |
|
80 | 80 | @region.conditional_cache_on_arguments(condition=cache) |
|
81 | 81 | def _get_auth_plugins(name, key, fallback_plugin): |
|
82 | 82 | plugins = [] |
|
83 | 83 | |
|
84 | 84 | # Add all enabled and active plugins to the list. We iterate over the |
|
85 | 85 | # auth_plugins setting from DB because it also represents the ordering. |
|
86 | 86 | enabled_plugins = SettingsModel().get_auth_plugins() |
|
87 | 87 | raw_settings = SettingsModel().get_all_settings(cache=False) |
|
88 | 88 | for plugin_id in enabled_plugins: |
|
89 | 89 | plugin = self.get_plugin(plugin_id) |
|
90 | 90 | if plugin is not None and plugin.is_active( |
|
91 | 91 | plugin_cached_settings=raw_settings): |
|
92 | 92 | |
|
93 | 93 | # inject settings into plugin, we can re-use the DB fetched settings here |
|
94 | 94 | plugin._settings = plugin._propagate_settings(raw_settings) |
|
95 | 95 | plugins.append(plugin) |
|
96 | 96 | |
|
97 | 97 | # Add the fallback plugin from ini file. |
|
98 | 98 | if fallback_plugin: |
|
99 | log.warn( | |
|
99 | log.warning( | |
|
100 | 100 | 'Using fallback authentication plugin from INI file: "%s"', |
|
101 | 101 | fallback_plugin) |
|
102 | 102 | plugin = self.get_plugin(fallback_plugin) |
|
103 | 103 | if plugin is not None and plugin not in plugins: |
|
104 | 104 | plugin._settings = plugin._propagate_settings(raw_settings) |
|
105 | 105 | plugins.append(plugin) |
|
106 | 106 | return plugins |
|
107 | 107 | |
|
108 | 108 | start = time.time() |
|
109 | 109 | plugins = _get_auth_plugins('rhodecode_auth_plugins', 'v1', self._fallback_plugin) |
|
110 | 110 | |
|
111 | 111 | compute_time = time.time() - start |
|
112 | 112 | log.debug('cached method:%s took %.4fs', _get_auth_plugins.__name__, compute_time) |
|
113 | 113 | |
|
114 | 114 | statsd = StatsdClient.statsd |
|
115 | 115 | if statsd: |
|
116 | 116 | elapsed_time_ms = round(1000.0 * compute_time) # use ms only |
|
117 | 117 | statsd.timing("rhodecode_auth_plugins_timing.histogram", elapsed_time_ms, |
|
118 | 118 | use_decimals=False) |
|
119 | 119 | |
|
120 | 120 | return plugins |
|
121 | 121 |
@@ -1,155 +1,155 b'' | |||
|
1 | 1 | # -*- coding: utf-8 -*- |
|
2 | 2 | |
|
3 | 3 | # Copyright (C) 2012-2020 RhodeCode GmbH |
|
4 | 4 | # |
|
5 | 5 | # This program is free software: you can redistribute it and/or modify |
|
6 | 6 | # it under the terms of the GNU Affero General Public License, version 3 |
|
7 | 7 | # (only), as published by the Free Software Foundation. |
|
8 | 8 | # |
|
9 | 9 | # This program is distributed in the hope that it will be useful, |
|
10 | 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
11 | 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
12 | 12 | # GNU General Public License for more details. |
|
13 | 13 | # |
|
14 | 14 | # You should have received a copy of the GNU Affero General Public License |
|
15 | 15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
16 | 16 | # |
|
17 | 17 | # This program is dual-licensed. If you wish to learn more about the |
|
18 | 18 | # RhodeCode Enterprise Edition, including its added features, Support services, |
|
19 | 19 | # and proprietary license terms, please see https://rhodecode.com/licenses/ |
|
20 | 20 | |
|
21 | 21 | import logging |
|
22 | 22 | import collections |
|
23 | 23 | |
|
24 | 24 | from pyramid.exceptions import ConfigurationError |
|
25 | 25 | |
|
26 | 26 | from rhodecode.lib.utils2 import safe_str |
|
27 | 27 | from rhodecode.model.settings import SettingsModel |
|
28 | 28 | from rhodecode.translation import _ |
|
29 | 29 | |
|
30 | 30 | |
|
31 | 31 | log = logging.getLogger(__name__) |
|
32 | 32 | |
|
33 | 33 | |
|
34 | 34 | class AuthnResourceBase(object): |
|
35 | 35 | __name__ = None |
|
36 | 36 | __parent__ = None |
|
37 | 37 | |
|
38 | 38 | def get_root(self): |
|
39 | 39 | current = self |
|
40 | 40 | while current.__parent__ is not None: |
|
41 | 41 | current = current.__parent__ |
|
42 | 42 | return current |
|
43 | 43 | |
|
44 | 44 | |
|
45 | 45 | class AuthnPluginResourceBase(AuthnResourceBase): |
|
46 | 46 | |
|
47 | 47 | def __init__(self, plugin): |
|
48 | 48 | self.plugin = plugin |
|
49 | 49 | self.__name__ = plugin.get_url_slug() |
|
50 | 50 | self.display_name = plugin.get_display_name() |
|
51 | 51 | |
|
52 | 52 | |
|
53 | 53 | class AuthnRootResource(AuthnResourceBase): |
|
54 | 54 | """ |
|
55 | 55 | This is the root traversal resource object for the authentication settings. |
|
56 | 56 | """ |
|
57 | 57 | |
|
58 | 58 | def __init__(self): |
|
59 | 59 | self._store = collections.OrderedDict() |
|
60 | 60 | self._resource_name_map = {} |
|
61 | 61 | self.display_name = _('Authentication Plugins') |
|
62 | 62 | |
|
63 | 63 | def __getitem__(self, key): |
|
64 | 64 | """ |
|
65 | 65 | Customized get item function to return only items (plugins) that are |
|
66 | 66 | activated. |
|
67 | 67 | """ |
|
68 | 68 | if self._is_item_active(key): |
|
69 | 69 | return self._store[key] |
|
70 | 70 | else: |
|
71 | 71 | raise KeyError('Authentication plugin "{}" is not active.'.format( |
|
72 | 72 | key)) |
|
73 | 73 | |
|
74 | 74 | def __iter__(self): |
|
75 | 75 | for key in self._store.keys(): |
|
76 | 76 | if self._is_item_active(key): |
|
77 | 77 | yield self._store[key] |
|
78 | 78 | |
|
79 | 79 | def _is_item_active(self, key): |
|
80 | 80 | activated_plugins = SettingsModel().get_auth_plugins() |
|
81 | 81 | plugin_id = self.get_plugin_id(key) |
|
82 | 82 | return plugin_id in activated_plugins |
|
83 | 83 | |
|
84 | 84 | def get_plugin_id(self, resource_name): |
|
85 | 85 | """ |
|
86 | 86 | Return the plugin id for the given traversal resource name. |
|
87 | 87 | """ |
|
88 | 88 | # TODO: Store this info in the resource element. |
|
89 | 89 | return self._resource_name_map[resource_name] |
|
90 | 90 | |
|
91 | 91 | def get_sorted_list(self, sort_key=None): |
|
92 | 92 | """ |
|
93 | 93 | Returns a sorted list of sub resources for displaying purposes. |
|
94 | 94 | """ |
|
95 | 95 | def default_sort_key(resource): |
|
96 | 96 | return str.lower(safe_str(resource.display_name)) |
|
97 | 97 | |
|
98 | 98 | active = [item for item in self] |
|
99 | 99 | return sorted(active, key=sort_key or default_sort_key) |
|
100 | 100 | |
|
101 | 101 | def get_nav_list(self, sort=True): |
|
102 | 102 | """ |
|
103 | 103 | Returns a sorted list of resources for displaying the navigation. |
|
104 | 104 | """ |
|
105 | 105 | if sort: |
|
106 | 106 | nav_list = self.get_sorted_list() |
|
107 | 107 | else: |
|
108 | 108 | nav_list = [item for item in self] |
|
109 | 109 | |
|
110 | 110 | nav_list.insert(0, self) |
|
111 | 111 | return nav_list |
|
112 | 112 | |
|
113 | 113 | def add_authn_resource(self, config, plugin_id, resource): |
|
114 | 114 | """ |
|
115 | 115 | Register a traversal resource as a sub element to the authentication |
|
116 | 116 | settings. This method is registered as a directive on the pyramid |
|
117 | 117 | configurator object and called by plugins. |
|
118 | 118 | """ |
|
119 | 119 | |
|
120 | 120 | def _ensure_unique_name(name, limit=100): |
|
121 | 121 | counter = 1 |
|
122 | 122 | current = name |
|
123 | 123 | while current in self._store.keys(): |
|
124 | 124 | current = '{}{}'.format(name, counter) |
|
125 | 125 | counter += 1 |
|
126 | 126 | if counter > limit: |
|
127 | 127 | raise ConfigurationError( |
|
128 | 128 | 'Cannot build unique name for traversal resource "%s" ' |
|
129 | 129 | 'registered by plugin "%s"', name, plugin_id) |
|
130 | 130 | return current |
|
131 | 131 | |
|
132 | 132 | # Allow plugin resources with identical names by rename duplicates. |
|
133 | 133 | unique_name = _ensure_unique_name(resource.__name__) |
|
134 | 134 | if unique_name != resource.__name__: |
|
135 | log.warn('Name collision for traversal resource "%s" registered ' | |
|
136 | 'by authentication plugin "%s"', resource.__name__, | |
|
137 | plugin_id) | |
|
135 | log.warning('Name collision for traversal resource "%s" registered ' | |
|
136 | 'by authentication plugin "%s"', resource.__name__, | |
|
137 | plugin_id) | |
|
138 | 138 | resource.__name__ = unique_name |
|
139 | 139 | |
|
140 | 140 | log.debug('Register traversal resource "%s" for plugin "%s"', |
|
141 | 141 | unique_name, plugin_id) |
|
142 | 142 | self._resource_name_map[unique_name] = plugin_id |
|
143 | 143 | resource.__parent__ = self |
|
144 | 144 | self._store[unique_name] = resource |
|
145 | 145 | |
|
146 | 146 | |
|
147 | 147 | root = AuthnRootResource() |
|
148 | 148 | |
|
149 | 149 | |
|
150 | 150 | def root_factory(request=None): |
|
151 | 151 | """ |
|
152 | 152 | Returns the root traversal resource instance used for the authentication |
|
153 | 153 | settings route. |
|
154 | 154 | """ |
|
155 | 155 | return root |
General Comments 0
You need to be logged in to leave comments.
Login now