Show More
| @@ -509,7 +509,7 b' def get_auth_cache_manager(custom_ttl=No' | |||
|
|
509 | 509 | |
|
|
510 | 510 | |
|
|
511 | 511 | def authenticate(username, password, environ=None, auth_type=None, |
|
|
512 | skip_missing=False): | |
|
|
512 | skip_missing=False, registry=None): | |
|
|
513 | 513 | """ |
|
|
514 | 514 | Authentication function used for access control, |
|
|
515 | 515 | It tries to authenticate based on enabled authentication modules. |
| @@ -526,7 +526,7 b' def authenticate(username, password, env' | |||
|
|
526 | 526 | % auth_type) |
|
|
527 | 527 | headers_only = environ and not (username and password) |
|
|
528 | 528 | |
|
|
529 | authn_registry = get_authn_registry() | |
|
|
529 | authn_registry = get_authn_registry(registry) | |
|
|
530 | 530 | for plugin in authn_registry.get_plugins_for_authentication(): |
|
|
531 | 531 | plugin.set_auth_type(auth_type) |
|
|
532 | 532 | user = plugin.get_user(username) |
| @@ -205,11 +205,12 b' def vcs_operation_context(' | |||
|
|
205 | 205 | |
|
|
206 | 206 | class BasicAuth(AuthBasicAuthenticator): |
|
|
207 | 207 | |
|
|
208 | def __init__(self, realm, authfunc, auth_http_code=None, | |
|
|
208 | def __init__(self, realm, authfunc, registry, auth_http_code=None, | |
|
|
209 | 209 | initial_call_detection=False): |
|
|
210 | 210 | self.realm = realm |
|
|
211 | 211 | self.initial_call = initial_call_detection |
|
|
212 | 212 | self.authfunc = authfunc |
|
|
213 | self.registry = registry | |
|
|
213 | 214 | self._rc_auth_http_code = auth_http_code |
|
|
214 | 215 | |
|
|
215 | 216 | def _get_response_from_code(self, http_code): |
| @@ -242,7 +243,8 b' class BasicAuth(AuthBasicAuthenticator):' | |||
|
|
242 | 243 | if len(_parts) == 2: |
|
|
243 | 244 | username, password = _parts |
|
|
244 | 245 | if self.authfunc( |
|
|
245 |
username, password, environ, VCS_TYPE |
|
|
|
246 | username, password, environ, VCS_TYPE, | |
|
|
247 | registry=self.registry): | |
|
|
246 | 248 | return username |
|
|
247 | 249 | if username and password: |
|
|
248 | 250 | # we mark that we actually executed authentication once, at |
| @@ -82,7 +82,8 b' class SimpleVCS(object):' | |||
|
|
82 | 82 | |
|
|
83 | 83 | SCM = 'unknown' |
|
|
84 | 84 | |
|
|
85 | def __init__(self, application, config): | |
|
|
85 | def __init__(self, application, config, registry): | |
|
|
86 | self.registry = registry | |
|
|
86 | 87 | self.application = application |
|
|
87 | 88 | self.config = config |
|
|
88 | 89 | # base path of repo locations |
| @@ -90,9 +91,9 b' class SimpleVCS(object):' | |||
|
|
90 | 91 | # authenticate this VCS request using authfunc |
|
|
91 | 92 | auth_ret_code_detection = \ |
|
|
92 | 93 | str2bool(self.config.get('auth_ret_code_detection', False)) |
|
|
93 |
self.authenticate = BasicAuth( |
|
|
|
94 |
|
|
|
|
95 |
|
|
|
|
94 | self.authenticate = BasicAuth( | |
|
|
95 | '', authenticate, registry, config.get('auth_ret_code'), | |
|
|
96 | auth_ret_code_detection) | |
|
|
96 | 97 | self.ip_addr = '0.0.0.0' |
|
|
97 | 98 | |
|
|
98 | 99 | @property |
| @@ -284,7 +285,8 b' class SimpleVCS(object):' | |||
|
|
284 | 285 | |
|
|
285 | 286 | # try to auth based on environ, container auth methods |
|
|
286 | 287 | log.debug('Running PRE-AUTH for container based authentication') |
|
|
287 |
pre_auth = authenticate( |
|
|
|
288 | pre_auth = authenticate( | |
|
|
289 | '', '', environ, VCS_TYPE, registry=self.registry) | |
|
|
288 | 290 | if pre_auth and pre_auth.get('username'): |
|
|
289 | 291 | username = pre_auth['username'] |
|
|
290 | 292 | log.debug('PRE-AUTH got %s as username', username) |
| @@ -126,23 +126,24 b' class GunzipMiddleware(object):' | |||
|
|
126 | 126 | |
|
|
127 | 127 | class VCSMiddleware(object): |
|
|
128 | 128 | |
|
|
129 | def __init__(self, app, config, appenlight_client): | |
|
|
129 | def __init__(self, app, config, appenlight_client, registry): | |
|
|
130 | 130 | self.application = app |
|
|
131 | 131 | self.config = config |
|
|
132 | 132 | self.appenlight_client = appenlight_client |
|
|
133 | self.registry = registry | |
|
|
133 | 134 | |
|
|
134 | 135 | def _get_handler_app(self, environ): |
|
|
135 | 136 | app = None |
|
|
136 | 137 | if is_hg(environ): |
|
|
137 | app = SimpleHg(self.application, self.config) | |
|
|
138 | app = SimpleHg(self.application, self.config, self.registry) | |
|
|
138 | 139 | |
|
|
139 | 140 | if is_git(environ): |
|
|
140 | app = SimpleGit(self.application, self.config) | |
|
|
141 | app = SimpleGit(self.application, self.config, self.registry) | |
|
|
141 | 142 | |
|
|
142 | 143 | proxy_svn = rhodecode.CONFIG.get( |
|
|
143 | 144 | 'rhodecode_proxy_subversion_http_requests', False) |
|
|
144 | 145 | if proxy_svn and is_svn(environ): |
|
|
145 | app = SimpleSvn(self.application, self.config) | |
|
|
146 | app = SimpleSvn(self.application, self.config, self.registry) | |
|
|
146 | 147 | |
|
|
147 | 148 | if app: |
|
|
148 | 149 | app = GunzipMiddleware(app) |
General Comments 0
You need to be logged in to leave comments.
Login now