##// END OF EJS Templates
authn: Add rhodecode token auth plugin.
johbo -
r79:bfb1a9cf default
parent child Browse files
Show More
@@ -0,0 +1,134 b''
1 # -*- coding: utf-8 -*-
2
3 # Copyright (C) 2016-2016 RhodeCode GmbH
4 #
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
21 """
22 RhodeCode authentication token plugin for built in internal auth
23 """
24
25 import logging
26
27 from sqlalchemy.ext.hybrid import hybrid_property
28
29 from rhodecode.translation import _
30 from rhodecode.authentication.base import RhodeCodeAuthPluginBase, VCS_TYPE
31 from rhodecode.authentication.routes import AuthnPluginResourceBase
32 from rhodecode.model.db import User, UserApiKeys
33
34
35 log = logging.getLogger(__name__)
36
37
38 def plugin_factory(plugin_id, *args, **kwds):
39 plugin = RhodeCodeAuthPlugin(plugin_id)
40 return plugin
41
42
43 class RhodecodeAuthnResource(AuthnPluginResourceBase):
44 pass
45
46
47 class RhodeCodeAuthPlugin(RhodeCodeAuthPluginBase):
48 """
49 Enables usage of authentication tokens for vcs operations.
50 """
51
52 def includeme(self, config):
53 config.add_authn_plugin(self)
54 config.add_authn_resource(self.get_id(), RhodecodeAuthnResource(self))
55 config.add_view(
56 'rhodecode.authentication.views.AuthnPluginViewBase',
57 attr='settings_get',
58 request_method='GET',
59 route_name='auth_home',
60 context=RhodecodeAuthnResource)
61 config.add_view(
62 'rhodecode.authentication.views.AuthnPluginViewBase',
63 attr='settings_post',
64 request_method='POST',
65 route_name='auth_home',
66 context=RhodecodeAuthnResource)
67
68 def get_display_name(self):
69 return _('Rhodecode Token Auth')
70
71 @hybrid_property
72 def name(self):
73 return "authtoken"
74
75 def user_activation_state(self):
76 def_user_perms = User.get_default_user().AuthUser.permissions['global']
77 return 'hg.register.auto_activate' in def_user_perms
78
79 def allows_authentication_from(
80 self, user, allows_non_existing_user=True,
81 allowed_auth_plugins=None, allowed_auth_sources=None):
82 """
83 Custom method for this auth that doesn't accept empty users. And also
84 allows rhodecode and authtoken extern_type to auth with this. But only
85 via vcs mode
86 """
87 # only this and rhodecode plugins can use this type
88 from rhodecode.authentication.plugins import auth_rhodecode
89 allowed_auth_plugins = [
90 self.name, auth_rhodecode.RhodeCodeAuthPlugin.name]
91 # only for vcs operations
92 allowed_auth_sources = [VCS_TYPE]
93
94 return super(RhodeCodeAuthPlugin, self).allows_authentication_from(
95 user, allows_non_existing_user=False,
96 allowed_auth_plugins=allowed_auth_plugins,
97 allowed_auth_sources=allowed_auth_sources)
98
99 def auth(self, userobj, username, password, settings, **kwargs):
100 if not userobj:
101 log.debug('userobj was:%s skipping' % (userobj, ))
102 return None
103
104 user_attrs = {
105 "username": userobj.username,
106 "firstname": userobj.firstname,
107 "lastname": userobj.lastname,
108 "groups": [],
109 "email": userobj.email,
110 "admin": userobj.admin,
111 "active": userobj.active,
112 "active_from_extern": userobj.active,
113 "extern_name": userobj.user_id,
114 "extern_type": userobj.extern_type,
115 }
116
117 log.debug('Authenticating user with args %s', user_attrs)
118 if userobj.active:
119 role = UserApiKeys.ROLE_VCS
120 active_tokens = [x.api_key for x in
121 User.extra_valid_auth_tokens(userobj, role=role)]
122 if userobj.username == username and password in active_tokens:
123 log.info(
124 'user `%s` successfully authenticated via %s',
125 user_attrs['username'], self.name)
126 return user_attrs
127 log.error(
128 'user `%s` failed to authenticate via %s, reason: bad or '
129 'inactive token.', username, self.name)
130 else:
131 log.warning(
132 'user `%s` failed to authenticate via %s, reason: account not '
133 'active.', username, self.name)
134 return None
@@ -190,8 +190,8 b' class RhodeCodeAuthPlugin(RhodeCodeExter'
190 190 username = getattr(userobj, 'username')
191 191
192 192 if not username:
193 # we don't have any objects in DB user doesn't exist extrac username
194 # from environ based on the settings
193 # we don't have any objects in DB user doesn't exist extract
194 # username from environ based on the settings
195 195 username = self._get_username(environ, settings)
196 196
197 197 # if cannot fetch username, it's a no-go for this plugin to proceed
General Comments 0
You need to be logged in to leave comments. Login now