Show More
| @@ -31,6 +31,7 b' from pyramid.response import Response' | |||||
| 31 | from rhodecode import events |
|
31 | from rhodecode import events | |
| 32 | from rhodecode.apps._base import BaseAppView, DataGridAppView, UserAppView |
|
32 | from rhodecode.apps._base import BaseAppView, DataGridAppView, UserAppView | |
| 33 | from rhodecode.apps.ssh_support import SshKeyFileChangeEvent |
|
33 | from rhodecode.apps.ssh_support import SshKeyFileChangeEvent | |
|
|
34 | from rhodecode.authentication.base import get_authn_registry, RhodeCodeExternalAuthPlugin | |||
| 34 | from rhodecode.authentication.plugins import auth_rhodecode |
|
35 | from rhodecode.authentication.plugins import auth_rhodecode | |
| 35 | from rhodecode.events import trigger |
|
36 | from rhodecode.events import trigger | |
| 36 | from rhodecode.model.db import true |
|
37 | from rhodecode.model.db import true | |
| @@ -249,7 +250,32 b' class UsersView(UserAppView):' | |||||
| 249 | in there as well. |
|
250 | in there as well. | |
| 250 | """ |
|
251 | """ | |
| 251 |
|
252 | |||
|
|
253 | def get_auth_plugins(self): | |||
|
|
254 | valid_plugins = [] | |||
|
|
255 | authn_registry = get_authn_registry(self.request.registry) | |||
|
|
256 | for plugin in authn_registry.get_plugins_for_authentication(): | |||
|
|
257 | if isinstance(plugin, RhodeCodeExternalAuthPlugin): | |||
|
|
258 | valid_plugins.append(plugin) | |||
|
|
259 | elif plugin.name == 'rhodecode': | |||
|
|
260 | valid_plugins.append(plugin) | |||
|
|
261 | ||||
|
|
262 | # extend our choices if user has set a bound plugin which isn't enabled at the | |||
|
|
263 | # moment | |||
|
|
264 | extern_type = self.db_user.extern_type | |||
|
|
265 | if extern_type not in [x.uid for x in valid_plugins]: | |||
|
|
266 | try: | |||
|
|
267 | plugin = authn_registry.get_plugin_by_uid(extern_type) | |||
|
|
268 | if plugin: | |||
|
|
269 | valid_plugins.append(plugin) | |||
|
|
270 | ||||
|
|
271 | except Exception: | |||
|
|
272 | log.exception( | |||
|
|
273 | 'Could not extend user plugins with `{}`'.format(extern_type)) | |||
|
|
274 | return valid_plugins | |||
|
|
275 | ||||
| 252 | def load_default_context(self): |
|
276 | def load_default_context(self): | |
|
|
277 | req = self.request | |||
|
|
278 | ||||
| 253 | c = self._get_local_tmpl_context() |
|
279 | c = self._get_local_tmpl_context() | |
| 254 | c.allow_scoped_tokens = self.ALLOW_SCOPED_TOKENS |
|
280 | c.allow_scoped_tokens = self.ALLOW_SCOPED_TOKENS | |
| 255 | c.allowed_languages = [ |
|
281 | c.allowed_languages = [ | |
| @@ -263,7 +289,10 b' class UsersView(UserAppView):' | |||||
| 263 | ('ru', 'Russian (ru)'), |
|
289 | ('ru', 'Russian (ru)'), | |
| 264 | ('zh', 'Chinese (zh)'), |
|
290 | ('zh', 'Chinese (zh)'), | |
| 265 | ] |
|
291 | ] | |
| 266 | req = self.request |
|
292 | ||
|
|
293 | c.allowed_extern_types = [ | |||
|
|
294 | (x.uid, x.get_display_name()) for x in self.get_auth_plugins() | |||
|
|
295 | ] | |||
| 267 |
|
296 | |||
| 268 | c.available_permissions = req.registry.settings['available_permissions'] |
|
297 | c.available_permissions = req.registry.settings['available_permissions'] | |
| 269 | PermissionModel().set_global_permission_choices( |
|
298 | PermissionModel().set_global_permission_choices( | |
| @@ -297,7 +326,7 b' class UsersView(UserAppView):' | |||||
| 297 | old_values = c.user.get_api_data() |
|
326 | old_values = c.user.get_api_data() | |
| 298 | try: |
|
327 | try: | |
| 299 | form_result = _form.to_python(dict(self.request.POST)) |
|
328 | form_result = _form.to_python(dict(self.request.POST)) | |
| 300 |
skip_attrs = [' |
|
329 | skip_attrs = ['extern_name'] | |
| 301 | # TODO: plugin should define if username can be updated |
|
330 | # TODO: plugin should define if username can be updated | |
| 302 | if c.extern_type != "rhodecode": |
|
331 | if c.extern_type != "rhodecode": | |
| 303 | # forbid updating username for external accounts |
|
332 | # forbid updating username for external accounts | |
| @@ -76,6 +76,7 b' class HeadersSettingsSchema(AuthnPluginS' | |||||
| 76 |
|
76 | |||
| 77 | class RhodeCodeAuthPlugin(RhodeCodeExternalAuthPlugin): |
|
77 | class RhodeCodeAuthPlugin(RhodeCodeExternalAuthPlugin): | |
| 78 | uid = 'headers' |
|
78 | uid = 'headers' | |
|
|
79 | ||||
| 79 | def includeme(self, config): |
|
80 | def includeme(self, config): | |
| 80 | config.add_authn_plugin(self) |
|
81 | config.add_authn_plugin(self) | |
| 81 | config.add_authn_resource(self.get_id(), HeadersAuthnResource(self)) |
|
82 | config.add_authn_resource(self.get_id(), HeadersAuthnResource(self)) | |
| @@ -58,6 +58,11 b' class AuthenticationPluginRegistry(objec' | |||||
| 58 | def get_plugin(self, plugin_id): |
|
58 | def get_plugin(self, plugin_id): | |
| 59 | return self._plugins.get(plugin_id, None) |
|
59 | return self._plugins.get(plugin_id, None) | |
| 60 |
|
60 | |||
|
|
61 | def get_plugin_by_uid(self, plugin_uid): | |||
|
|
62 | for plugin in self._plugins.values(): | |||
|
|
63 | if plugin.uid == plugin_uid: | |||
|
|
64 | return plugin | |||
|
|
65 | ||||
| 61 | def get_plugins_for_authentication(self): |
|
66 | def get_plugins_for_authentication(self): | |
| 62 | """ |
|
67 | """ | |
| 63 | Returns a list of plugins which should be consulted when authenticating |
|
68 | Returns a list of plugins which should be consulted when authenticating | |
| @@ -12,10 +12,8 b'' | |||||
| 12 | %if c.extern_type != 'rhodecode': |
|
12 | %if c.extern_type != 'rhodecode': | |
| 13 | <% readonly = "readonly" %> |
|
13 | <% readonly = "readonly" %> | |
| 14 | <% disabled = " disabled" %> |
|
14 | <% disabled = " disabled" %> | |
| 15 | <div class="infoform"> |
|
15 | <div class="alert-warning" style="margin:0px 0px 20px 0px; padding: 10px"> | |
| 16 | <div class="fields"> |
|
16 | <strong>${_('This user was created from external source (%s). Editing some of the settings is limited.' % c.extern_type)}</strong> | |
| 17 | <p>${_('This user was created from external source (%s). Editing some of the settings is limited.' % c.extern_type)}</p> |
|
|||
| 18 | </div> |
|
|||
| 19 | </div> |
|
17 | </div> | |
| 20 | %endif |
|
18 | %endif | |
| 21 | <div class="form"> |
|
19 | <div class="form"> | |
| @@ -105,9 +103,8 b'' | |||||
| 105 | ${_('Authentication type')}: |
|
103 | ${_('Authentication type')}: | |
| 106 | </div> |
|
104 | </div> | |
| 107 | <div class="input"> |
|
105 | <div class="input"> | |
| 108 | <p>${c.extern_type}</p> |
|
106 | ${h.select('extern_type', c.extern_type, c.allowed_extern_types)} | |
| 109 | ${h.hidden('extern_type', readonly="readonly")} |
|
107 | <p class="help-block">${_('When user was created using an external source. He is bound to authentication using this method.')}</p> | |
| 110 | <p class="help-block">${_('User was created using an external source. He is bound to authentication using this method.')}</p> |
|
|||
| 111 | </div> |
|
108 | </div> | |
| 112 | </div> |
|
109 | </div> | |
| 113 | <div class="field"> |
|
110 | <div class="field"> | |
General Comments 0
You need to be logged in to leave comments.
Login now