##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
auth-token: added missing renderers for token plugin
marcink -
r99:a4ca22e9 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,134 +1,136 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2016-2016 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 """
22 22 RhodeCode authentication token plugin for built in internal auth
23 23 """
24 24
25 25 import logging
26 26
27 27 from sqlalchemy.ext.hybrid import hybrid_property
28 28
29 29 from rhodecode.translation import _
30 30 from rhodecode.authentication.base import RhodeCodeAuthPluginBase, VCS_TYPE
31 31 from rhodecode.authentication.routes import AuthnPluginResourceBase
32 32 from rhodecode.model.db import User, UserApiKeys
33 33
34 34
35 35 log = logging.getLogger(__name__)
36 36
37 37
38 38 def plugin_factory(plugin_id, *args, **kwds):
39 39 plugin = RhodeCodeAuthPlugin(plugin_id)
40 40 return plugin
41 41
42 42
43 43 class RhodecodeAuthnResource(AuthnPluginResourceBase):
44 44 pass
45 45
46 46
47 47 class RhodeCodeAuthPlugin(RhodeCodeAuthPluginBase):
48 48 """
49 49 Enables usage of authentication tokens for vcs operations.
50 50 """
51 51
52 52 def includeme(self, config):
53 53 config.add_authn_plugin(self)
54 54 config.add_authn_resource(self.get_id(), RhodecodeAuthnResource(self))
55 55 config.add_view(
56 56 'rhodecode.authentication.views.AuthnPluginViewBase',
57 57 attr='settings_get',
58 renderer='rhodecode:templates/admin/auth/plugin_settings.html',
58 59 request_method='GET',
59 60 route_name='auth_home',
60 61 context=RhodecodeAuthnResource)
61 62 config.add_view(
62 63 'rhodecode.authentication.views.AuthnPluginViewBase',
63 64 attr='settings_post',
65 renderer='rhodecode:templates/admin/auth/plugin_settings.html',
64 66 request_method='POST',
65 67 route_name='auth_home',
66 68 context=RhodecodeAuthnResource)
67 69
68 70 def get_display_name(self):
69 71 return _('Rhodecode Token Auth')
70 72
71 73 @hybrid_property
72 74 def name(self):
73 75 return "authtoken"
74 76
75 77 def user_activation_state(self):
76 78 def_user_perms = User.get_default_user().AuthUser.permissions['global']
77 79 return 'hg.register.auto_activate' in def_user_perms
78 80
79 81 def allows_authentication_from(
80 82 self, user, allows_non_existing_user=True,
81 83 allowed_auth_plugins=None, allowed_auth_sources=None):
82 84 """
83 85 Custom method for this auth that doesn't accept empty users. And also
84 86 allows rhodecode and authtoken extern_type to auth with this. But only
85 87 via vcs mode
86 88 """
87 89 # only this and rhodecode plugins can use this type
88 90 from rhodecode.authentication.plugins import auth_rhodecode
89 91 allowed_auth_plugins = [
90 92 self.name, auth_rhodecode.RhodeCodeAuthPlugin.name]
91 93 # only for vcs operations
92 94 allowed_auth_sources = [VCS_TYPE]
93 95
94 96 return super(RhodeCodeAuthPlugin, self).allows_authentication_from(
95 97 user, allows_non_existing_user=False,
96 98 allowed_auth_plugins=allowed_auth_plugins,
97 99 allowed_auth_sources=allowed_auth_sources)
98 100
99 101 def auth(self, userobj, username, password, settings, **kwargs):
100 102 if not userobj:
101 103 log.debug('userobj was:%s skipping' % (userobj, ))
102 104 return None
103 105
104 106 user_attrs = {
105 107 "username": userobj.username,
106 108 "firstname": userobj.firstname,
107 109 "lastname": userobj.lastname,
108 110 "groups": [],
109 111 "email": userobj.email,
110 112 "admin": userobj.admin,
111 113 "active": userobj.active,
112 114 "active_from_extern": userobj.active,
113 115 "extern_name": userobj.user_id,
114 116 "extern_type": userobj.extern_type,
115 117 }
116 118
117 119 log.debug('Authenticating user with args %s', user_attrs)
118 120 if userobj.active:
119 121 role = UserApiKeys.ROLE_VCS
120 122 active_tokens = [x.api_key for x in
121 123 User.extra_valid_auth_tokens(userobj, role=role)]
122 124 if userobj.username == username and password in active_tokens:
123 125 log.info(
124 126 'user `%s` successfully authenticated via %s',
125 127 user_attrs['username'], self.name)
126 128 return user_attrs
127 129 log.error(
128 130 'user `%s` failed to authenticate via %s, reason: bad or '
129 131 'inactive token.', username, self.name)
130 132 else:
131 133 log.warning(
132 134 'user `%s` failed to authenticate via %s, reason: account not '
133 135 'active.', username, self.name)
134 136 return None
General Comments 0
You need to be logged in to leave comments. Login now