rhodecode-enterprise-ce Commit - r5057:c3d4b375

authentication: fixed for python3 migrations

super-admin -

r5057:c3d4b375 default

parent child

rhodecode/authentication/__init__.py

0 +2 -4

             import logging
             import importlib
-            from pyramid.authentication import SessionAuthenticationPolicy
+            from pyramid.authentication import SessionAuthenticationHelper
             from rhodecode.authentication.registry import AuthenticationPluginRegistry
             from rhodecode.authentication.routes import root_factory
             def includeme(config):
-                # Set authentication policy.
+                config.set_security_policy(SessionAuthenticationHelper())
-                authn_policy = SessionAuthenticationPolicy()
-                config.set_authentication_policy(authn_policy)
                 # Create authentication plugin registry and add it to the pyramid registry.
                 authn_registry = AuthenticationPluginRegistry(config.get_settings())

rhodecode/authentication/base.py

0 +17 -8

             from pyramid.threadlocal import get_current_registry
+            from rhodecode.authentication import AuthenticationPluginRegistry
             from rhodecode.authentication.interface import IAuthnPluginRegistry
             from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
             from rhodecode.lib import rc_cache
             from rhodecode.lib.statsd_client import StatsdClient
             from rhodecode.lib.auth import PasswordGenerator, _RhodeCodeCryptoBCrypt
+            from rhodecode.lib.str_utils import safe_bytes
             from rhodecode.lib.utils2 import safe_int, safe_str
             from rhodecode.lib.exceptions import (LdapConnectionError, LdapUsernameError, LdapPasswordError)
             from rhodecode.model.db import User
                 def get_user(self, username=None, **kwargs):
                     """
                     Helper method for user fetching in plugins, by default it's using
-                    simple fetch by username, but this method can be custimized in plugins
+                    simple fetch by username, but this method can be customized in plugins
                     eg. headers auth plugin to fetch user by environ params
                     :param username: username if given to fetch from database
                     :param kwargs: extra arguments needed for user fetching.
                     """
                     user = None
                     log.debug(
                         'Trying to fetch user `%s` from RhodeCode database', username)
                         # check if hash should be migrated ?
                         new_hash = auth.get('_hash_migrate')
                         if new_hash:
+                            # new_hash is a newly encrypted destination hash
                             self._migrate_hash_to_bcrypt(username, passwd, new_hash)
                         if 'user_group_sync' not in auth:
                             auth['user_group_sync'] = False
                 def _migrate_hash_to_bcrypt(self, username, password, new_hash):
                     new_hash_cypher = _RhodeCodeCryptoBCrypt()
                     # extra checks, so make sure new hash is correct.
-                    password_encoded = safe_str(password)
+                    password_as_bytes = safe_bytes(password)
-                    if new_hash and new_hash_cypher.hash_check(
-                            password_encoded, new_hash):
+                    if new_hash and new_hash_cypher.hash_check(password_as_bytes, new_hash):
                         cur_user = User.get_by_username(username)
                         cur_user.password = new_hash
                         Session().add(cur_user)
                 return plugin
-            def get_authn_registry(registry=None):
+            def get_authn_registry(registry=None) -> AuthenticationPluginRegistry:
                 registry = registry or get_current_registry()
                 authn_registry = registry.queryUtility(IAuthnPluginRegistry)
                 return authn_registry
                 :param environ: environ headers passed for headers auth
                 :param auth_type: type of authentication, either `HTTP_TYPE` or `VCS_TYPE`
                 :param skip_missing: ignores plugins that are in db but not in environment
+                :param registry: pyramid registry
+                :param acl_repo_name: name of repo for ACL checks
                 :returns: None if auth failed, plugin_user dict if auth is correct
                 """
                 if not auth_type or auth_type not in [HTTP_TYPE, VCS_TYPE]:
-                    raise ValueError('auth type must be on of http, vcs got "%s" instead'
+                    raise ValueError(f'auth type must be on of http, vcs got "{auth_type}" instead')
-                                     % auth_type)
-                headers_only = environ and not (username and password)
+                auth_credentials = (username and password)
+                headers_only = environ and not auth_credentials
                 authn_registry = get_authn_registry(registry)
                 plugins_to_check = authn_registry.get_plugins_for_authentication()
+                log.debug('authentication: headers=%s, username_and_passwd=%s', headers_only, bool(auth_credentials))
                 log.debug('Starting ordered authentication chain using %s plugins',
                           [x.name for x in plugins_to_check])
                 for plugin in plugins_to_check:
                     plugin.set_auth_type(auth_type)
                     plugin.set_calling_scope_repo(acl_repo_name)

rhodecode/authentication/plugins/auth_crowd.py

0 +3 -1

             import colander
             import base64
             import logging
-            import urllib.request, urllib.error, urllib.parse
+            import urllib.request
+            import urllib.error
+            import urllib.parse
             from rhodecode.translation import _
             from rhodecode.authentication.base import (

rhodecode/authentication/plugins/auth_headers.py

0 +6 -5

             from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
             from rhodecode.authentication.routes import AuthnPluginResourceBase
             from rhodecode.lib.colander_utils import strip_whitespace
-            from rhodecode.lib.utils2 import str2bool, safe_unicode
+            from rhodecode.lib.str_utils import safe_str
+            from rhodecode.lib.utils2 import str2bool
             from rhodecode.model.db import User
                 def get_user(self, username=None, **kwargs):
                     """
                     Helper method for user fetching in plugins, by default it's using
-                    simple fetch by username, but this method can be custimized in plugins
+                    simple fetch by username, but this method can be customized in plugins
                     eg. headers auth plugin to fetch user by environ params
                     :param username: username if given to fetch
                     :param kwargs: extra arguments needed for user fetching.
                 def auth(self, userobj, username, password, settings, **kwargs):
                     """
-                    Get's the headers_auth username (or email). It tries to get username
+                    Gets the headers_auth username (or email). It tries to get username
                     from REMOTE_USER if this plugin is enabled, if that fails
                     it tries to get username from HTTP_X_FORWARDED_USER if fallback header
                     is set. clean_username extracts the username from this data if it's
                     user_attrs = {
                         'username': username,
-                        'firstname': safe_unicode(firstname or username),
+                        'firstname': safe_str(firstname or username),
-                        'lastname': safe_unicode(lastname or ''),
+                        'lastname': safe_str(lastname or ''),
                         'groups': [],
                         'user_group_sync': False,
                         'email': email or '',

rhodecode/authentication/plugins/auth_jasig_cas.py

0 +9 -7

             import colander
             import logging
             import rhodecode
-            import urllib.request, urllib.parse, urllib.error
+            import urllib.request
-            import urllib.request, urllib.error, urllib.parse
+            import urllib.parse
+            import urllib.error
             from rhodecode.translation import _
             from rhodecode.authentication.base import (
             from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
             from rhodecode.authentication.routes import AuthnPluginResourceBase
             from rhodecode.lib.colander_utils import strip_whitespace
-            from rhodecode.lib.utils2 import safe_unicode
             from rhodecode.model.db import User
+            from rhodecode.lib.str_utils import safe_str
             log = logging.getLogger(__name__)
                               {"url": url, "body": params, "headers": headers})
                     request = urllib.request.Request(url, params, headers)
                     try:
-                        response = urllib.request.urlopen(request)
+                        urllib.request.urlopen(request)
                     except urllib.error.HTTPError as e:
                         log.debug("HTTPError when requesting Jasig CAS (status code: %d)", e.code)
                         return None
                     except urllib.error.URLError as e:
-                        log.debug("URLError when requesting Jasig CAS url: %s ", url)
+                        log.debug("URLError when requesting Jasig CAS url: %s %s", url, e)
                         return None
                     # old attrs fetched from RhodeCode database
                     user_attrs = {
                         'username': username,
-                        'firstname': safe_unicode(firstname or username),
+                        'firstname': safe_str(firstname or username),
-                        'lastname': safe_unicode(lastname or ''),
+                        'lastname': safe_str(lastname or ''),
                         'groups': [],
                         'user_group_sync': False,
                         'email': email or '',

rhodecode/authentication/plugins/auth_ldap.py

0 +3 -3

             from rhodecode.lib.exceptions import (
                 LdapConnectionError, LdapUsernameError, LdapPasswordError, LdapImportError
             )
-            from rhodecode.lib.utils2 import safe_unicode, safe_str
+            from rhodecode.lib.str_utils import safe_str
             from rhodecode.model.db import User
             from rhodecode.model.validators import Missing
                         user_attrs = {
                             'username': username,
-                            'firstname': safe_unicode(get_ldap_attr('attr_firstname') or firstname),
+                            'firstname': safe_str(get_ldap_attr('attr_firstname') or firstname),
-                            'lastname': safe_unicode(get_ldap_attr('attr_lastname') or lastname),
+                            'lastname': safe_str(get_ldap_attr('attr_lastname') or lastname),
                             'groups': groups,
                             'user_group_sync': False,
                             'email': get_ldap_attr('attr_email') or email,

rhodecode/authentication/plugins/auth_rhodecode.py

0 +2 -2

             import colander
             from rhodecode.translation import _
-            from rhodecode.lib.utils2 import safe_str
+            from rhodecode.lib.utils2 import safe_bytes
             from rhodecode.model.db import User
             from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
             from rhodecode.authentication.base import (
                     if userobj.active:
                         from rhodecode.lib import auth
                         crypto_backend = auth.crypto_backend()
-                        password_encoded = safe_str(password)
+                        password_encoded = safe_bytes(password)
                         password_match, new_hash = crypto_backend.hash_check_with_upgrade(
                             password_encoded, userobj.password or '')

rhodecode/authentication/registry.py

0 +36 -16

@@ -66,25 +66,19 b' class AuthenticationPluginRegistry(objec'
66	if plugin.uid == plugin_uid:	66	if plugin.uid == plugin_uid:
67	return plugin	67	return plugin
68		68
69	def get_~~plugins_for_authentication~~(self, cache=True):	69	def get_cache_call_method(self, cache=True):
70	"""	70	region, _ns = self.get_cache_region()
71	Returns a list of plugins which should be consulted when authenticating
72	a user. It only returns plugins which are enabled and active.
73	Additionally it includes the fallback plugin from the INI file, if
74	`rhodecode.auth_plugin_fallback` is set to a plugin ID.
75	"""
76
77	cache_namespace_uid = 'cache_auth_plugins'
78	region = rc_cache.get_or_create_region('cache_general', cache_namespace_uid)
79		71
80	@region.conditional_cache_on_arguments(condition=cache)	72	@region.conditional_cache_on_arguments(condition=cache)
81	def _get_auth_plugins(name, key, fallback_plugin):	73	def _get_auth_plugins(name: str, key: str, fallback_plugin):
82	plugins = []	74	log.debug('auth-plugins: calculating plugins available for authentication')
83		75
		76	_plugins = []
84	# Add all enabled and active plugins to the list. We iterate over the	77	# Add all enabled and active plugins to the list. We iterate over the
85	# auth_plugins setting from DB because it also represents the ordering.	78	# auth_plugins setting from DB because it also represents the ordering.
86	enabled_plugins = SettingsModel().get_auth_plugins()	79	enabled_plugins = SettingsModel().get_auth_plugins()
87	raw_settings = SettingsModel().get_all_settings(cache=False)	80	raw_settings = SettingsModel().get_all_settings(cache=False)
		81
88	for plugin_id in enabled_plugins:	82	for plugin_id in enabled_plugins:
89	plugin = self.get_plugin(plugin_id)	83	plugin = self.get_plugin(plugin_id)
90	if plugin is not None and plugin.is_active(	84	if plugin is not None and plugin.is_active(
@@ -92,7 +86,7 b' class AuthenticationPluginRegistry(objec'
92		86
93	# inject settings into plugin, we can re-use the DB fetched settings here	87	# inject settings into plugin, we can re-use the DB fetched settings here
94	plugin._settings = plugin._propagate_settings(raw_settings)	88	plugin._settings = plugin._propagate_settings(raw_settings)
95	plugins.append(plugin)	89	_plugins.append(plugin)
96		90
97	# Add the fallback plugin from ini file.	91	# Add the fallback plugin from ini file.
98	if fallback_plugin:	92	if fallback_plugin:
@@ -100,10 +94,22 b' class AuthenticationPluginRegistry(objec'
100	'Using fallback authentication plugin from INI file: "%s"',	94	'Using fallback authentication plugin from INI file: "%s"',
101	fallback_plugin)	95	fallback_plugin)
102	plugin = self.get_plugin(fallback_plugin)	96	plugin = self.get_plugin(fallback_plugin)
103	if plugin is not None and plugin not in plugins:	97	if plugin is not None and plugin not in _plugins:
104	plugin._settings = plugin._propagate_settings(raw_settings)	98	plugin._settings = plugin._propagate_settings(raw_settings)
105	plugins.append(plugin)	99	_plugins.append(plugin)
106	return plugins	100	return _plugins
		101
		102	return _get_auth_plugins
		103
		104	def get_plugins_for_authentication(self, cache=True):
		105	"""
		106	Returns a list of plugins which should be consulted when authenticating
		107	a user. It only returns plugins which are enabled and active.
		108	Additionally, it includes the fallback plugin from the INI file, if
		109	`rhodecode.auth_plugin_fallback` is set to a plugin ID.
		110	"""
		111
		112	_get_auth_plugins = self.get_cache_call_method(cache=cache)
107		113
108	start = time.time()	114	start = time.time()
109	plugins = _get_auth_plugins('rhodecode_auth_plugins', 'v1', self._fallback_plugin)	115	plugins = _get_auth_plugins('rhodecode_auth_plugins', 'v1', self._fallback_plugin)
@@ -119,3 +125,17 b' class AuthenticationPluginRegistry(objec'
119		125
120	return plugins	126	return plugins
121		127
		128	@classmethod
		129	def get_cache_region(cls):
		130	cache_namespace_uid = 'auth_plugins'
		131	region = rc_cache.get_or_create_region('cache_general', cache_namespace_uid)
		132	return region, cache_namespace_uid
		133
		134	@classmethod
		135	def invalidate_auth_plugins_cache(cls, hard=True):
		136	region, namespace_key = cls.get_cache_region()
		137	log.debug('Invalidation cache [%s] region %s for cache_key: %s',
		138	'invalidate_auth_plugins_cache', region, namespace_key)
		139
		140	# we use hard cleanup if invalidation is sent
		141	rc_cache.clear_cache_namespace(region, namespace_key, method=rc_cache.CLEAR_DELETE)

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages