Show More
| @@ -1,143 +1,143 b'' | |||||
| 1 | # -*- coding: utf-8 -*- |
|
1 | # -*- coding: utf-8 -*- | |
| 2 |
|
2 | |||
| 3 | # Copyright (C) 2012-2018 RhodeCode GmbH |
|
3 | # Copyright (C) 2012-2018 RhodeCode GmbH | |
| 4 | # |
|
4 | # | |
| 5 | # This program is free software: you can redistribute it and/or modify |
|
5 | # This program is free software: you can redistribute it and/or modify | |
| 6 | # it under the terms of the GNU Affero General Public License, version 3 |
|
6 | # it under the terms of the GNU Affero General Public License, version 3 | |
| 7 | # (only), as published by the Free Software Foundation. |
|
7 | # (only), as published by the Free Software Foundation. | |
| 8 | # |
|
8 | # | |
| 9 | # This program is distributed in the hope that it will be useful, |
|
9 | # This program is distributed in the hope that it will be useful, | |
| 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 12 | # GNU General Public License for more details. |
|
12 | # GNU General Public License for more details. | |
| 13 | # |
|
13 | # | |
| 14 | # You should have received a copy of the GNU Affero General Public License |
|
14 | # You should have received a copy of the GNU Affero General Public License | |
| 15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
| 16 | # |
|
16 | # | |
| 17 | # This program is dual-licensed. If you wish to learn more about the |
|
17 | # This program is dual-licensed. If you wish to learn more about the | |
| 18 | # RhodeCode Enterprise Edition, including its added features, Support services, |
|
18 | # RhodeCode Enterprise Edition, including its added features, Support services, | |
| 19 | # and proprietary license terms, please see https://rhodecode.com/licenses/ |
|
19 | # and proprietary license terms, please see https://rhodecode.com/licenses/ | |
| 20 |
|
20 | |||
| 21 | """ |
|
21 | """ | |
| 22 | RhodeCode authentication plugin for built in internal auth |
|
22 | RhodeCode authentication plugin for built in internal auth | |
| 23 | """ |
|
23 | """ | |
| 24 |
|
24 | |||
| 25 | import logging |
|
25 | import logging | |
| 26 |
|
26 | |||
| 27 | from rhodecode.translation import _ |
|
27 | from rhodecode.translation import _ | |
| 28 |
|
28 | |||
| 29 | from rhodecode.authentication.base import RhodeCodeAuthPluginBase, hybrid_property |
|
29 | from rhodecode.authentication.base import RhodeCodeAuthPluginBase, hybrid_property | |
| 30 | from rhodecode.authentication.routes import AuthnPluginResourceBase |
|
30 | from rhodecode.authentication.routes import AuthnPluginResourceBase | |
| 31 | from rhodecode.lib.utils2 import safe_str |
|
31 | from rhodecode.lib.utils2 import safe_str | |
| 32 | from rhodecode.model.db import User |
|
32 | from rhodecode.model.db import User | |
| 33 |
|
33 | |||
| 34 | log = logging.getLogger(__name__) |
|
34 | log = logging.getLogger(__name__) | |
| 35 |
|
35 | |||
| 36 |
|
36 | |||
| 37 | def plugin_factory(plugin_id, *args, **kwds): |
|
37 | def plugin_factory(plugin_id, *args, **kwds): | |
| 38 | plugin = RhodeCodeAuthPlugin(plugin_id) |
|
38 | plugin = RhodeCodeAuthPlugin(plugin_id) | |
| 39 | return plugin |
|
39 | return plugin | |
| 40 |
|
40 | |||
| 41 |
|
41 | |||
| 42 | class RhodecodeAuthnResource(AuthnPluginResourceBase): |
|
42 | class RhodecodeAuthnResource(AuthnPluginResourceBase): | |
| 43 | pass |
|
43 | pass | |
| 44 |
|
44 | |||
| 45 |
|
45 | |||
| 46 | class RhodeCodeAuthPlugin(RhodeCodeAuthPluginBase): |
|
46 | class RhodeCodeAuthPlugin(RhodeCodeAuthPluginBase): | |
| 47 |
|
47 | |||
| 48 | def includeme(self, config): |
|
48 | def includeme(self, config): | |
| 49 | config.add_authn_plugin(self) |
|
49 | config.add_authn_plugin(self) | |
| 50 | config.add_authn_resource(self.get_id(), RhodecodeAuthnResource(self)) |
|
50 | config.add_authn_resource(self.get_id(), RhodecodeAuthnResource(self)) | |
| 51 | config.add_view( |
|
51 | config.add_view( | |
| 52 | 'rhodecode.authentication.views.AuthnPluginViewBase', |
|
52 | 'rhodecode.authentication.views.AuthnPluginViewBase', | |
| 53 | attr='settings_get', |
|
53 | attr='settings_get', | |
| 54 | renderer='rhodecode:templates/admin/auth/plugin_settings.mako', |
|
54 | renderer='rhodecode:templates/admin/auth/plugin_settings.mako', | |
| 55 | request_method='GET', |
|
55 | request_method='GET', | |
| 56 | route_name='auth_home', |
|
56 | route_name='auth_home', | |
| 57 | context=RhodecodeAuthnResource) |
|
57 | context=RhodecodeAuthnResource) | |
| 58 | config.add_view( |
|
58 | config.add_view( | |
| 59 | 'rhodecode.authentication.views.AuthnPluginViewBase', |
|
59 | 'rhodecode.authentication.views.AuthnPluginViewBase', | |
| 60 | attr='settings_post', |
|
60 | attr='settings_post', | |
| 61 | renderer='rhodecode:templates/admin/auth/plugin_settings.mako', |
|
61 | renderer='rhodecode:templates/admin/auth/plugin_settings.mako', | |
| 62 | request_method='POST', |
|
62 | request_method='POST', | |
| 63 | route_name='auth_home', |
|
63 | route_name='auth_home', | |
| 64 | context=RhodecodeAuthnResource) |
|
64 | context=RhodecodeAuthnResource) | |
| 65 |
|
65 | |||
| 66 | def get_display_name(self): |
|
66 | def get_display_name(self): | |
| 67 | return _('Rhodecode') |
|
67 | return _('Rhodecode') | |
| 68 |
|
68 | |||
| 69 | @hybrid_property |
|
69 | @hybrid_property | |
| 70 | def name(self): |
|
70 | def name(self): | |
| 71 | return "rhodecode" |
|
71 | return "rhodecode" | |
| 72 |
|
72 | |||
| 73 | def user_activation_state(self): |
|
73 | def user_activation_state(self): | |
| 74 | def_user_perms = User.get_default_user().AuthUser().permissions['global'] |
|
74 | def_user_perms = User.get_default_user().AuthUser().permissions['global'] | |
| 75 | return 'hg.register.auto_activate' in def_user_perms |
|
75 | return 'hg.register.auto_activate' in def_user_perms | |
| 76 |
|
76 | |||
| 77 | def allows_authentication_from( |
|
77 | def allows_authentication_from( | |
| 78 | self, user, allows_non_existing_user=True, |
|
78 | self, user, allows_non_existing_user=True, | |
| 79 | allowed_auth_plugins=None, allowed_auth_sources=None): |
|
79 | allowed_auth_plugins=None, allowed_auth_sources=None): | |
| 80 | """ |
|
80 | """ | |
| 81 | Custom method for this auth that doesn't accept non existing users. |
|
81 | Custom method for this auth that doesn't accept non existing users. | |
| 82 | We know that user exists in our database. |
|
82 | We know that user exists in our database. | |
| 83 | """ |
|
83 | """ | |
| 84 | allows_non_existing_user = False |
|
84 | allows_non_existing_user = False | |
| 85 | return super(RhodeCodeAuthPlugin, self).allows_authentication_from( |
|
85 | return super(RhodeCodeAuthPlugin, self).allows_authentication_from( | |
| 86 | user, allows_non_existing_user=allows_non_existing_user) |
|
86 | user, allows_non_existing_user=allows_non_existing_user) | |
| 87 |
|
87 | |||
| 88 | def auth(self, userobj, username, password, settings, **kwargs): |
|
88 | def auth(self, userobj, username, password, settings, **kwargs): | |
| 89 | if not userobj: |
|
89 | if not userobj: | |
| 90 | log.debug('userobj was:%s skipping' % (userobj, )) |
|
90 | log.debug('userobj was:%s skipping' % (userobj, )) | |
| 91 | return None |
|
91 | return None | |
| 92 | if userobj.extern_type != self.name: |
|
92 | if userobj.extern_type != self.name: | |
| 93 | log.warning( |
|
93 | log.warning( | |
| 94 | "userobj:%s extern_type mismatch got:`%s` expected:`%s`" % |
|
94 | "userobj:%s extern_type mismatch got:`%s` expected:`%s`" % | |
| 95 | (userobj, userobj.extern_type, self.name)) |
|
95 | (userobj, userobj.extern_type, self.name)) | |
| 96 | return None |
|
96 | return None | |
| 97 |
|
97 | |||
| 98 | user_attrs = { |
|
98 | user_attrs = { | |
| 99 | "username": userobj.username, |
|
99 | "username": userobj.username, | |
| 100 | "firstname": userobj.firstname, |
|
100 | "firstname": userobj.firstname, | |
| 101 | "lastname": userobj.lastname, |
|
101 | "lastname": userobj.lastname, | |
| 102 | "groups": [], |
|
102 | "groups": [], | |
| 103 | 'user_group_sync': False, |
|
103 | 'user_group_sync': False, | |
| 104 | "email": userobj.email, |
|
104 | "email": userobj.email, | |
| 105 | "admin": userobj.admin, |
|
105 | "admin": userobj.admin, | |
| 106 | "active": userobj.active, |
|
106 | "active": userobj.active, | |
| 107 | "active_from_extern": userobj.active, |
|
107 | "active_from_extern": userobj.active, | |
| 108 | "extern_name": userobj.user_id, |
|
108 | "extern_name": userobj.user_id, | |
| 109 | "extern_type": userobj.extern_type, |
|
109 | "extern_type": userobj.extern_type, | |
| 110 | } |
|
110 | } | |
| 111 |
|
111 | |||
| 112 | log.debug("User attributes:%s" % (user_attrs, )) |
|
112 | log.debug("User attributes:%s" % (user_attrs, )) | |
| 113 | if userobj.active: |
|
113 | if userobj.active: | |
| 114 | from rhodecode.lib import auth |
|
114 | from rhodecode.lib import auth | |
| 115 | crypto_backend = auth.crypto_backend() |
|
115 | crypto_backend = auth.crypto_backend() | |
| 116 | password_encoded = safe_str(password) |
|
116 | password_encoded = safe_str(password) | |
| 117 | password_match, new_hash = crypto_backend.hash_check_with_upgrade( |
|
117 | password_match, new_hash = crypto_backend.hash_check_with_upgrade( | |
| 118 | password_encoded, userobj.password or '') |
|
118 | password_encoded, userobj.password or '') | |
| 119 |
|
119 | |||
| 120 | if password_match and new_hash: |
|
120 | if password_match and new_hash: | |
| 121 | log.debug('user %s properly authenticated, but ' |
|
121 | log.debug('user %s properly authenticated, but ' | |
| 122 | 'requires hash change to bcrypt', userobj) |
|
122 | 'requires hash change to bcrypt', userobj) | |
| 123 | # if password match, and we use OLD deprecated hash, |
|
123 | # if password match, and we use OLD deprecated hash, | |
| 124 | # we should migrate this user hash password to the new hash |
|
124 | # we should migrate this user hash password to the new hash | |
| 125 | # we store the new returned by hash_check_with_upgrade function |
|
125 | # we store the new returned by hash_check_with_upgrade function | |
| 126 | user_attrs['_hash_migrate'] = new_hash |
|
126 | user_attrs['_hash_migrate'] = new_hash | |
| 127 |
|
127 | |||
| 128 | if userobj.username == User.DEFAULT_USER and userobj.active: |
|
128 | if userobj.username == User.DEFAULT_USER and userobj.active: | |
| 129 | log.info( |
|
129 | log.info( | |
| 130 | 'user `%s` authenticated correctly as anonymous user', userobj) |
|
130 | 'user `%s` authenticated correctly as anonymous user', userobj.username) | |
| 131 | return user_attrs |
|
131 | return user_attrs | |
| 132 |
|
132 | |||
| 133 | elif userobj.username == username and password_match: |
|
133 | elif userobj.username == username and password_match: | |
| 134 | log.info('user `%s` authenticated correctly', userobj) |
|
134 | log.info('user `%s` authenticated correctly', userobj.username) | |
| 135 | return user_attrs |
|
135 | return user_attrs | |
| 136 |
log. |
|
136 | log.warn("user `%s` used a wrong password when " | |
| 137 | "authenticating on this plugin", userobj) |
|
137 | "authenticating on this plugin", userobj.username) | |
| 138 | return None |
|
138 | return None | |
| 139 | else: |
|
139 | else: | |
| 140 | log.warning( |
|
140 | log.warning( | |
| 141 | 'user `%s` failed to authenticate via %s, reason: account not ' |
|
141 | 'user `%s` failed to authenticate via %s, reason: account not ' | |
| 142 | 'active.', username, self.name) |
|
142 | 'active.', username, self.name) | |
| 143 | return None |
|
143 | return None | |
| @@ -1,147 +1,147 b'' | |||||
| 1 | # -*- coding: utf-8 -*- |
|
1 | # -*- coding: utf-8 -*- | |
| 2 |
|
2 | |||
| 3 | # Copyright (C) 2016-2018 RhodeCode GmbH |
|
3 | # Copyright (C) 2016-2018 RhodeCode GmbH | |
| 4 | # |
|
4 | # | |
| 5 | # This program is free software: you can redistribute it and/or modify |
|
5 | # This program is free software: you can redistribute it and/or modify | |
| 6 | # it under the terms of the GNU Affero General Public License, version 3 |
|
6 | # it under the terms of the GNU Affero General Public License, version 3 | |
| 7 | # (only), as published by the Free Software Foundation. |
|
7 | # (only), as published by the Free Software Foundation. | |
| 8 | # |
|
8 | # | |
| 9 | # This program is distributed in the hope that it will be useful, |
|
9 | # This program is distributed in the hope that it will be useful, | |
| 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 12 | # GNU General Public License for more details. |
|
12 | # GNU General Public License for more details. | |
| 13 | # |
|
13 | # | |
| 14 | # You should have received a copy of the GNU Affero General Public License |
|
14 | # You should have received a copy of the GNU Affero General Public License | |
| 15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
| 16 | # |
|
16 | # | |
| 17 | # This program is dual-licensed. If you wish to learn more about the |
|
17 | # This program is dual-licensed. If you wish to learn more about the | |
| 18 | # RhodeCode Enterprise Edition, including its added features, Support services, |
|
18 | # RhodeCode Enterprise Edition, including its added features, Support services, | |
| 19 | # and proprietary license terms, please see https://rhodecode.com/licenses/ |
|
19 | # and proprietary license terms, please see https://rhodecode.com/licenses/ | |
| 20 |
|
20 | |||
| 21 | """ |
|
21 | """ | |
| 22 | RhodeCode authentication token plugin for built in internal auth |
|
22 | RhodeCode authentication token plugin for built in internal auth | |
| 23 | """ |
|
23 | """ | |
| 24 |
|
24 | |||
| 25 | import logging |
|
25 | import logging | |
| 26 |
|
26 | |||
| 27 | from rhodecode.translation import _ |
|
27 | from rhodecode.translation import _ | |
| 28 | from rhodecode.authentication.base import ( |
|
28 | from rhodecode.authentication.base import ( | |
| 29 | RhodeCodeAuthPluginBase, VCS_TYPE, hybrid_property) |
|
29 | RhodeCodeAuthPluginBase, VCS_TYPE, hybrid_property) | |
| 30 | from rhodecode.authentication.routes import AuthnPluginResourceBase |
|
30 | from rhodecode.authentication.routes import AuthnPluginResourceBase | |
| 31 | from rhodecode.model.db import User, UserApiKeys, Repository |
|
31 | from rhodecode.model.db import User, UserApiKeys, Repository | |
| 32 |
|
32 | |||
| 33 |
|
33 | |||
| 34 | log = logging.getLogger(__name__) |
|
34 | log = logging.getLogger(__name__) | |
| 35 |
|
35 | |||
| 36 |
|
36 | |||
| 37 | def plugin_factory(plugin_id, *args, **kwds): |
|
37 | def plugin_factory(plugin_id, *args, **kwds): | |
| 38 | plugin = RhodeCodeAuthPlugin(plugin_id) |
|
38 | plugin = RhodeCodeAuthPlugin(plugin_id) | |
| 39 | return plugin |
|
39 | return plugin | |
| 40 |
|
40 | |||
| 41 |
|
41 | |||
| 42 | class RhodecodeAuthnResource(AuthnPluginResourceBase): |
|
42 | class RhodecodeAuthnResource(AuthnPluginResourceBase): | |
| 43 | pass |
|
43 | pass | |
| 44 |
|
44 | |||
| 45 |
|
45 | |||
| 46 | class RhodeCodeAuthPlugin(RhodeCodeAuthPluginBase): |
|
46 | class RhodeCodeAuthPlugin(RhodeCodeAuthPluginBase): | |
| 47 | """ |
|
47 | """ | |
| 48 | Enables usage of authentication tokens for vcs operations. |
|
48 | Enables usage of authentication tokens for vcs operations. | |
| 49 | """ |
|
49 | """ | |
| 50 |
|
50 | |||
| 51 | def includeme(self, config): |
|
51 | def includeme(self, config): | |
| 52 | config.add_authn_plugin(self) |
|
52 | config.add_authn_plugin(self) | |
| 53 | config.add_authn_resource(self.get_id(), RhodecodeAuthnResource(self)) |
|
53 | config.add_authn_resource(self.get_id(), RhodecodeAuthnResource(self)) | |
| 54 | config.add_view( |
|
54 | config.add_view( | |
| 55 | 'rhodecode.authentication.views.AuthnPluginViewBase', |
|
55 | 'rhodecode.authentication.views.AuthnPluginViewBase', | |
| 56 | attr='settings_get', |
|
56 | attr='settings_get', | |
| 57 | renderer='rhodecode:templates/admin/auth/plugin_settings.mako', |
|
57 | renderer='rhodecode:templates/admin/auth/plugin_settings.mako', | |
| 58 | request_method='GET', |
|
58 | request_method='GET', | |
| 59 | route_name='auth_home', |
|
59 | route_name='auth_home', | |
| 60 | context=RhodecodeAuthnResource) |
|
60 | context=RhodecodeAuthnResource) | |
| 61 | config.add_view( |
|
61 | config.add_view( | |
| 62 | 'rhodecode.authentication.views.AuthnPluginViewBase', |
|
62 | 'rhodecode.authentication.views.AuthnPluginViewBase', | |
| 63 | attr='settings_post', |
|
63 | attr='settings_post', | |
| 64 | renderer='rhodecode:templates/admin/auth/plugin_settings.mako', |
|
64 | renderer='rhodecode:templates/admin/auth/plugin_settings.mako', | |
| 65 | request_method='POST', |
|
65 | request_method='POST', | |
| 66 | route_name='auth_home', |
|
66 | route_name='auth_home', | |
| 67 | context=RhodecodeAuthnResource) |
|
67 | context=RhodecodeAuthnResource) | |
| 68 |
|
68 | |||
| 69 | def get_display_name(self): |
|
69 | def get_display_name(self): | |
| 70 | return _('Rhodecode Token Auth') |
|
70 | return _('Rhodecode Token Auth') | |
| 71 |
|
71 | |||
| 72 | @hybrid_property |
|
72 | @hybrid_property | |
| 73 | def name(self): |
|
73 | def name(self): | |
| 74 | return "authtoken" |
|
74 | return "authtoken" | |
| 75 |
|
75 | |||
| 76 | def user_activation_state(self): |
|
76 | def user_activation_state(self): | |
| 77 | def_user_perms = User.get_default_user().AuthUser().permissions['global'] |
|
77 | def_user_perms = User.get_default_user().AuthUser().permissions['global'] | |
| 78 | return 'hg.register.auto_activate' in def_user_perms |
|
78 | return 'hg.register.auto_activate' in def_user_perms | |
| 79 |
|
79 | |||
| 80 | def allows_authentication_from( |
|
80 | def allows_authentication_from( | |
| 81 | self, user, allows_non_existing_user=True, |
|
81 | self, user, allows_non_existing_user=True, | |
| 82 | allowed_auth_plugins=None, allowed_auth_sources=None): |
|
82 | allowed_auth_plugins=None, allowed_auth_sources=None): | |
| 83 | """ |
|
83 | """ | |
| 84 | Custom method for this auth that doesn't accept empty users. And also |
|
84 | Custom method for this auth that doesn't accept empty users. And also | |
| 85 | allows users from all other active plugins to use it and also |
|
85 | allows users from all other active plugins to use it and also | |
| 86 | authenticate against it. But only via vcs mode |
|
86 | authenticate against it. But only via vcs mode | |
| 87 | """ |
|
87 | """ | |
| 88 | from rhodecode.authentication.base import get_authn_registry |
|
88 | from rhodecode.authentication.base import get_authn_registry | |
| 89 | authn_registry = get_authn_registry() |
|
89 | authn_registry = get_authn_registry() | |
| 90 |
|
90 | |||
| 91 | active_plugins = set( |
|
91 | active_plugins = set( | |
| 92 | [x.name for x in authn_registry.get_plugins_for_authentication()]) |
|
92 | [x.name for x in authn_registry.get_plugins_for_authentication()]) | |
| 93 | active_plugins.discard(self.name) |
|
93 | active_plugins.discard(self.name) | |
| 94 |
|
94 | |||
| 95 | allowed_auth_plugins = [self.name] + list(active_plugins) |
|
95 | allowed_auth_plugins = [self.name] + list(active_plugins) | |
| 96 | # only for vcs operations |
|
96 | # only for vcs operations | |
| 97 | allowed_auth_sources = [VCS_TYPE] |
|
97 | allowed_auth_sources = [VCS_TYPE] | |
| 98 |
|
98 | |||
| 99 | return super(RhodeCodeAuthPlugin, self).allows_authentication_from( |
|
99 | return super(RhodeCodeAuthPlugin, self).allows_authentication_from( | |
| 100 | user, allows_non_existing_user=False, |
|
100 | user, allows_non_existing_user=False, | |
| 101 | allowed_auth_plugins=allowed_auth_plugins, |
|
101 | allowed_auth_plugins=allowed_auth_plugins, | |
| 102 | allowed_auth_sources=allowed_auth_sources) |
|
102 | allowed_auth_sources=allowed_auth_sources) | |
| 103 |
|
103 | |||
| 104 | def auth(self, userobj, username, password, settings, **kwargs): |
|
104 | def auth(self, userobj, username, password, settings, **kwargs): | |
| 105 | if not userobj: |
|
105 | if not userobj: | |
| 106 | log.debug('userobj was:%s skipping' % (userobj, )) |
|
106 | log.debug('userobj was:%s skipping' % (userobj, )) | |
| 107 | return None |
|
107 | return None | |
| 108 |
|
108 | |||
| 109 | user_attrs = { |
|
109 | user_attrs = { | |
| 110 | "username": userobj.username, |
|
110 | "username": userobj.username, | |
| 111 | "firstname": userobj.firstname, |
|
111 | "firstname": userobj.firstname, | |
| 112 | "lastname": userobj.lastname, |
|
112 | "lastname": userobj.lastname, | |
| 113 | "groups": [], |
|
113 | "groups": [], | |
| 114 | 'user_group_sync': False, |
|
114 | 'user_group_sync': False, | |
| 115 | "email": userobj.email, |
|
115 | "email": userobj.email, | |
| 116 | "admin": userobj.admin, |
|
116 | "admin": userobj.admin, | |
| 117 | "active": userobj.active, |
|
117 | "active": userobj.active, | |
| 118 | "active_from_extern": userobj.active, |
|
118 | "active_from_extern": userobj.active, | |
| 119 | "extern_name": userobj.user_id, |
|
119 | "extern_name": userobj.user_id, | |
| 120 | "extern_type": userobj.extern_type, |
|
120 | "extern_type": userobj.extern_type, | |
| 121 | } |
|
121 | } | |
| 122 |
|
122 | |||
| 123 | log.debug('Authenticating user with args %s', user_attrs) |
|
123 | log.debug('Authenticating user with args %s', user_attrs) | |
| 124 | if userobj.active: |
|
124 | if userobj.active: | |
| 125 | # calling context repo for token scopes |
|
125 | # calling context repo for token scopes | |
| 126 | scope_repo_id = None |
|
126 | scope_repo_id = None | |
| 127 | if self.acl_repo_name: |
|
127 | if self.acl_repo_name: | |
| 128 | repo = Repository.get_by_repo_name(self.acl_repo_name) |
|
128 | repo = Repository.get_by_repo_name(self.acl_repo_name) | |
| 129 | scope_repo_id = repo.repo_id if repo else None |
|
129 | scope_repo_id = repo.repo_id if repo else None | |
| 130 |
|
130 | |||
| 131 | token_match = userobj.authenticate_by_token( |
|
131 | token_match = userobj.authenticate_by_token( | |
| 132 | password, roles=[UserApiKeys.ROLE_VCS], |
|
132 | password, roles=[UserApiKeys.ROLE_VCS], | |
| 133 | scope_repo_id=scope_repo_id) |
|
133 | scope_repo_id=scope_repo_id) | |
| 134 |
|
134 | |||
| 135 | if userobj.username == username and token_match: |
|
135 | if userobj.username == username and token_match: | |
| 136 | log.info( |
|
136 | log.info( | |
| 137 | 'user `%s` successfully authenticated via %s', |
|
137 | 'user `%s` successfully authenticated via %s', | |
| 138 | user_attrs['username'], self.name) |
|
138 | user_attrs['username'], self.name) | |
| 139 | return user_attrs |
|
139 | return user_attrs | |
| 140 |
log. |
|
140 | log.warn( | |
| 141 | 'user `%s` failed to authenticate via %s, reason: bad or ' |
|
141 | 'user `%s` failed to authenticate via %s, reason: bad or ' | |
| 142 | 'inactive token.', username, self.name) |
|
142 | 'inactive token.', username, self.name) | |
| 143 | else: |
|
143 | else: | |
| 144 | log.warning( |
|
144 | log.warning( | |
| 145 | 'user `%s` failed to authenticate via %s, reason: account not ' |
|
145 | 'user `%s` failed to authenticate via %s, reason: account not ' | |
| 146 | 'active.', username, self.name) |
|
146 | 'active.', username, self.name) | |
| 147 | return None |
|
147 | return None | |
General Comments 0
You need to be logged in to leave comments.
Login now