rhodecode-enterprise-ce Commit - r79:bfb1a9cf

authn: Add rhodecode token auth plugin.

johbo -

r79:bfb1a9cf default

parent child

rhodecode/authentication/plugins/auth_token.py

0 created 644 +134 0

@@ -0,0 +1,134 b''
	1	# -- coding: utf-8 --
	2
	3	# Copyright (C) 2016-2016 RhodeCode GmbH
	4	#
	5	# This program is free software: you can redistribute it and/or modify
	6	# it under the terms of the GNU Affero General Public License, version 3
	7	# (only), as published by the Free Software Foundation.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16	#
	17	# This program is dual-licensed. If you wish to learn more about the
	18	# RhodeCode Enterprise Edition, including its added features, Support services,
	19	# and proprietary license terms, please see https://rhodecode.com/licenses/
	20
	21	"""
	22	RhodeCode authentication token plugin for built in internal auth
	23	"""
	24
	25	import logging
	26
	27	from sqlalchemy.ext.hybrid import hybrid_property
	28
	29	from rhodecode.translation import _
	30	from rhodecode.authentication.base import RhodeCodeAuthPluginBase, VCS_TYPE
	31	from rhodecode.authentication.routes import AuthnPluginResourceBase
	32	from rhodecode.model.db import User, UserApiKeys
	33
	34
	35	log = logging.getLogger(__name__)
	36
	37
	38	def plugin_factory(plugin_id, args, *kwds):
	39	plugin = RhodeCodeAuthPlugin(plugin_id)
	40	return plugin
	41
	42
	43	class RhodecodeAuthnResource(AuthnPluginResourceBase):
	44	pass
	45
	46
	47	class RhodeCodeAuthPlugin(RhodeCodeAuthPluginBase):
	48	"""
	49	Enables usage of authentication tokens for vcs operations.
	50	"""
	51
	52	def includeme(self, config):
	53	config.add_authn_plugin(self)
	54	config.add_authn_resource(self.get_id(), RhodecodeAuthnResource(self))
	55	config.add_view(
	56	'rhodecode.authentication.views.AuthnPluginViewBase',
	57	attr='settings_get',
	58	request_method='GET',
	59	route_name='auth_home',
	60	context=RhodecodeAuthnResource)
	61	config.add_view(
	62	'rhodecode.authentication.views.AuthnPluginViewBase',
	63	attr='settings_post',
	64	request_method='POST',
	65	route_name='auth_home',
	66	context=RhodecodeAuthnResource)
	67
	68	def get_display_name(self):
	69	return _('Rhodecode Token Auth')
	70
	71	@hybrid_property
	72	def name(self):
	73	return "authtoken"
	74
	75	def user_activation_state(self):
	76	def_user_perms = User.get_default_user().AuthUser.permissions['global']
	77	return 'hg.register.auto_activate' in def_user_perms
	78
	79	def allows_authentication_from(
	80	self, user, allows_non_existing_user=True,
	81	allowed_auth_plugins=None, allowed_auth_sources=None):
	82	"""
	83	Custom method for this auth that doesn't accept empty users. And also
	84	allows rhodecode and authtoken extern_type to auth with this. But only
	85	via vcs mode
	86	"""
	87	# only this and rhodecode plugins can use this type
	88	from rhodecode.authentication.plugins import auth_rhodecode
	89	allowed_auth_plugins = [
	90	self.name, auth_rhodecode.RhodeCodeAuthPlugin.name]
	91	# only for vcs operations
	92	allowed_auth_sources = [VCS_TYPE]
	93
	94	return super(RhodeCodeAuthPlugin, self).allows_authentication_from(
	95	user, allows_non_existing_user=False,
	96	allowed_auth_plugins=allowed_auth_plugins,
	97	allowed_auth_sources=allowed_auth_sources)
	98
	99	def auth(self, userobj, username, password, settings, **kwargs):
	100	if not userobj:
	101	log.debug('userobj was:%s skipping' % (userobj, ))
	102	return None
	103
	104	user_attrs = {
	105	"username": userobj.username,
	106	"firstname": userobj.firstname,
	107	"lastname": userobj.lastname,
	108	"groups": [],
	109	"email": userobj.email,
	110	"admin": userobj.admin,
	111	"active": userobj.active,
	112	"active_from_extern": userobj.active,
	113	"extern_name": userobj.user_id,
	114	"extern_type": userobj.extern_type,
	115	}
	116
	117	log.debug('Authenticating user with args %s', user_attrs)
	118	if userobj.active:
	119	role = UserApiKeys.ROLE_VCS
	120	active_tokens = [x.api_key for x in
	121	User.extra_valid_auth_tokens(userobj, role=role)]
	122	if userobj.username == username and password in active_tokens:
	123	log.info(
	124	'user `%s` successfully authenticated via %s',
	125	user_attrs['username'], self.name)
	126	return user_attrs
	127	log.error(
	128	'user `%s` failed to authenticate via %s, reason: bad or '
	129	'inactive token.', username, self.name)
	130	else:
	131	log.warning(
	132	'user `%s` failed to authenticate via %s, reason: account not '
	133	'active.', username, self.name)
	134	return None

rhodecode/authentication/plugins/auth_headers.py

0 +2 -2

                         username = getattr(userobj, 'username')
                     if not username:
-                        # we don't have any objects in DB user doesn't exist extrac username
+                        # we don't have any objects in DB user doesn't exist extract
-                        # from environ based on the settings
+                        # username from environ based on the settings
                         username = self._get_username(environ, settings)
                     # if cannot fetch username, it's a no-go for this plugin to proceed

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages