##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
auth-token: added missing renderers for token plugin
marcink -
r99:a4ca22e9 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,134 +1,136 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2016-2016 RhodeCode GmbH
3 # Copyright (C) 2016-2016 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 """
21 """
22 RhodeCode authentication token plugin for built in internal auth
22 RhodeCode authentication token plugin for built in internal auth
23 """
23 """
24
24
25 import logging
25 import logging
26
26
27 from sqlalchemy.ext.hybrid import hybrid_property
27 from sqlalchemy.ext.hybrid import hybrid_property
28
28
29 from rhodecode.translation import _
29 from rhodecode.translation import _
30 from rhodecode.authentication.base import RhodeCodeAuthPluginBase, VCS_TYPE
30 from rhodecode.authentication.base import RhodeCodeAuthPluginBase, VCS_TYPE
31 from rhodecode.authentication.routes import AuthnPluginResourceBase
31 from rhodecode.authentication.routes import AuthnPluginResourceBase
32 from rhodecode.model.db import User, UserApiKeys
32 from rhodecode.model.db import User, UserApiKeys
33
33
34
34
35 log = logging.getLogger(__name__)
35 log = logging.getLogger(__name__)
36
36
37
37
38 def plugin_factory(plugin_id, *args, **kwds):
38 def plugin_factory(plugin_id, *args, **kwds):
39 plugin = RhodeCodeAuthPlugin(plugin_id)
39 plugin = RhodeCodeAuthPlugin(plugin_id)
40 return plugin
40 return plugin
41
41
42
42
43 class RhodecodeAuthnResource(AuthnPluginResourceBase):
43 class RhodecodeAuthnResource(AuthnPluginResourceBase):
44 pass
44 pass
45
45
46
46
47 class RhodeCodeAuthPlugin(RhodeCodeAuthPluginBase):
47 class RhodeCodeAuthPlugin(RhodeCodeAuthPluginBase):
48 """
48 """
49 Enables usage of authentication tokens for vcs operations.
49 Enables usage of authentication tokens for vcs operations.
50 """
50 """
51
51
52 def includeme(self, config):
52 def includeme(self, config):
53 config.add_authn_plugin(self)
53 config.add_authn_plugin(self)
54 config.add_authn_resource(self.get_id(), RhodecodeAuthnResource(self))
54 config.add_authn_resource(self.get_id(), RhodecodeAuthnResource(self))
55 config.add_view(
55 config.add_view(
56 'rhodecode.authentication.views.AuthnPluginViewBase',
56 'rhodecode.authentication.views.AuthnPluginViewBase',
57 attr='settings_get',
57 attr='settings_get',
58 renderer='rhodecode:templates/admin/auth/plugin_settings.html',
58 request_method='GET',
59 request_method='GET',
59 route_name='auth_home',
60 route_name='auth_home',
60 context=RhodecodeAuthnResource)
61 context=RhodecodeAuthnResource)
61 config.add_view(
62 config.add_view(
62 'rhodecode.authentication.views.AuthnPluginViewBase',
63 'rhodecode.authentication.views.AuthnPluginViewBase',
63 attr='settings_post',
64 attr='settings_post',
65 renderer='rhodecode:templates/admin/auth/plugin_settings.html',
64 request_method='POST',
66 request_method='POST',
65 route_name='auth_home',
67 route_name='auth_home',
66 context=RhodecodeAuthnResource)
68 context=RhodecodeAuthnResource)
67
69
68 def get_display_name(self):
70 def get_display_name(self):
69 return _('Rhodecode Token Auth')
71 return _('Rhodecode Token Auth')
70
72
71 @hybrid_property
73 @hybrid_property
72 def name(self):
74 def name(self):
73 return "authtoken"
75 return "authtoken"
74
76
75 def user_activation_state(self):
77 def user_activation_state(self):
76 def_user_perms = User.get_default_user().AuthUser.permissions['global']
78 def_user_perms = User.get_default_user().AuthUser.permissions['global']
77 return 'hg.register.auto_activate' in def_user_perms
79 return 'hg.register.auto_activate' in def_user_perms
78
80
79 def allows_authentication_from(
81 def allows_authentication_from(
80 self, user, allows_non_existing_user=True,
82 self, user, allows_non_existing_user=True,
81 allowed_auth_plugins=None, allowed_auth_sources=None):
83 allowed_auth_plugins=None, allowed_auth_sources=None):
82 """
84 """
83 Custom method for this auth that doesn't accept empty users. And also
85 Custom method for this auth that doesn't accept empty users. And also
84 allows rhodecode and authtoken extern_type to auth with this. But only
86 allows rhodecode and authtoken extern_type to auth with this. But only
85 via vcs mode
87 via vcs mode
86 """
88 """
87 # only this and rhodecode plugins can use this type
89 # only this and rhodecode plugins can use this type
88 from rhodecode.authentication.plugins import auth_rhodecode
90 from rhodecode.authentication.plugins import auth_rhodecode
89 allowed_auth_plugins = [
91 allowed_auth_plugins = [
90 self.name, auth_rhodecode.RhodeCodeAuthPlugin.name]
92 self.name, auth_rhodecode.RhodeCodeAuthPlugin.name]
91 # only for vcs operations
93 # only for vcs operations
92 allowed_auth_sources = [VCS_TYPE]
94 allowed_auth_sources = [VCS_TYPE]
93
95
94 return super(RhodeCodeAuthPlugin, self).allows_authentication_from(
96 return super(RhodeCodeAuthPlugin, self).allows_authentication_from(
95 user, allows_non_existing_user=False,
97 user, allows_non_existing_user=False,
96 allowed_auth_plugins=allowed_auth_plugins,
98 allowed_auth_plugins=allowed_auth_plugins,
97 allowed_auth_sources=allowed_auth_sources)
99 allowed_auth_sources=allowed_auth_sources)
98
100
99 def auth(self, userobj, username, password, settings, **kwargs):
101 def auth(self, userobj, username, password, settings, **kwargs):
100 if not userobj:
102 if not userobj:
101 log.debug('userobj was:%s skipping' % (userobj, ))
103 log.debug('userobj was:%s skipping' % (userobj, ))
102 return None
104 return None
103
105
104 user_attrs = {
106 user_attrs = {
105 "username": userobj.username,
107 "username": userobj.username,
106 "firstname": userobj.firstname,
108 "firstname": userobj.firstname,
107 "lastname": userobj.lastname,
109 "lastname": userobj.lastname,
108 "groups": [],
110 "groups": [],
109 "email": userobj.email,
111 "email": userobj.email,
110 "admin": userobj.admin,
112 "admin": userobj.admin,
111 "active": userobj.active,
113 "active": userobj.active,
112 "active_from_extern": userobj.active,
114 "active_from_extern": userobj.active,
113 "extern_name": userobj.user_id,
115 "extern_name": userobj.user_id,
114 "extern_type": userobj.extern_type,
116 "extern_type": userobj.extern_type,
115 }
117 }
116
118
117 log.debug('Authenticating user with args %s', user_attrs)
119 log.debug('Authenticating user with args %s', user_attrs)
118 if userobj.active:
120 if userobj.active:
119 role = UserApiKeys.ROLE_VCS
121 role = UserApiKeys.ROLE_VCS
120 active_tokens = [x.api_key for x in
122 active_tokens = [x.api_key for x in
121 User.extra_valid_auth_tokens(userobj, role=role)]
123 User.extra_valid_auth_tokens(userobj, role=role)]
122 if userobj.username == username and password in active_tokens:
124 if userobj.username == username and password in active_tokens:
123 log.info(
125 log.info(
124 'user `%s` successfully authenticated via %s',
126 'user `%s` successfully authenticated via %s',
125 user_attrs['username'], self.name)
127 user_attrs['username'], self.name)
126 return user_attrs
128 return user_attrs
127 log.error(
129 log.error(
128 'user `%s` failed to authenticate via %s, reason: bad or '
130 'user `%s` failed to authenticate via %s, reason: bad or '
129 'inactive token.', username, self.name)
131 'inactive token.', username, self.name)
130 else:
132 else:
131 log.warning(
133 log.warning(
132 'user `%s` failed to authenticate via %s, reason: account not '
134 'user `%s` failed to authenticate via %s, reason: account not '
133 'active.', username, self.name)
135 'active.', username, self.name)
134 return None
136 return None
General Comments 0
You need to be logged in to leave comments. Login now