##// END OF EJS Templates
authentication: allow super-admins to change bound authentication for users....
dan -
r3988:f04c4065 default
parent child Browse files
Show More
@@ -31,6 +31,7 b' from pyramid.response import Response'
31 from rhodecode import events
31 from rhodecode import events
32 from rhodecode.apps._base import BaseAppView, DataGridAppView, UserAppView
32 from rhodecode.apps._base import BaseAppView, DataGridAppView, UserAppView
33 from rhodecode.apps.ssh_support import SshKeyFileChangeEvent
33 from rhodecode.apps.ssh_support import SshKeyFileChangeEvent
34 from rhodecode.authentication.base import get_authn_registry, RhodeCodeExternalAuthPlugin
34 from rhodecode.authentication.plugins import auth_rhodecode
35 from rhodecode.authentication.plugins import auth_rhodecode
35 from rhodecode.events import trigger
36 from rhodecode.events import trigger
36 from rhodecode.model.db import true
37 from rhodecode.model.db import true
@@ -249,7 +250,32 b' class UsersView(UserAppView):'
249 in there as well.
250 in there as well.
250 """
251 """
251
252
253 def get_auth_plugins(self):
254 valid_plugins = []
255 authn_registry = get_authn_registry(self.request.registry)
256 for plugin in authn_registry.get_plugins_for_authentication():
257 if isinstance(plugin, RhodeCodeExternalAuthPlugin):
258 valid_plugins.append(plugin)
259 elif plugin.name == 'rhodecode':
260 valid_plugins.append(plugin)
261
262 # extend our choices if user has set a bound plugin which isn't enabled at the
263 # moment
264 extern_type = self.db_user.extern_type
265 if extern_type not in [x.uid for x in valid_plugins]:
266 try:
267 plugin = authn_registry.get_plugin_by_uid(extern_type)
268 if plugin:
269 valid_plugins.append(plugin)
270
271 except Exception:
272 log.exception(
273 'Could not extend user plugins with `{}`'.format(extern_type))
274 return valid_plugins
275
252 def load_default_context(self):
276 def load_default_context(self):
277 req = self.request
278
253 c = self._get_local_tmpl_context()
279 c = self._get_local_tmpl_context()
254 c.allow_scoped_tokens = self.ALLOW_SCOPED_TOKENS
280 c.allow_scoped_tokens = self.ALLOW_SCOPED_TOKENS
255 c.allowed_languages = [
281 c.allowed_languages = [
@@ -263,7 +289,10 b' class UsersView(UserAppView):'
263 ('ru', 'Russian (ru)'),
289 ('ru', 'Russian (ru)'),
264 ('zh', 'Chinese (zh)'),
290 ('zh', 'Chinese (zh)'),
265 ]
291 ]
266 req = self.request
292
293 c.allowed_extern_types = [
294 (x.uid, x.get_display_name()) for x in self.get_auth_plugins()
295 ]
267
296
268 c.available_permissions = req.registry.settings['available_permissions']
297 c.available_permissions = req.registry.settings['available_permissions']
269 PermissionModel().set_global_permission_choices(
298 PermissionModel().set_global_permission_choices(
@@ -297,7 +326,7 b' class UsersView(UserAppView):'
297 old_values = c.user.get_api_data()
326 old_values = c.user.get_api_data()
298 try:
327 try:
299 form_result = _form.to_python(dict(self.request.POST))
328 form_result = _form.to_python(dict(self.request.POST))
300 skip_attrs = ['extern_type', 'extern_name']
329 skip_attrs = ['extern_name']
301 # TODO: plugin should define if username can be updated
330 # TODO: plugin should define if username can be updated
302 if c.extern_type != "rhodecode":
331 if c.extern_type != "rhodecode":
303 # forbid updating username for external accounts
332 # forbid updating username for external accounts
@@ -76,6 +76,7 b' class HeadersSettingsSchema(AuthnPluginS'
76
76
77 class RhodeCodeAuthPlugin(RhodeCodeExternalAuthPlugin):
77 class RhodeCodeAuthPlugin(RhodeCodeExternalAuthPlugin):
78 uid = 'headers'
78 uid = 'headers'
79
79 def includeme(self, config):
80 def includeme(self, config):
80 config.add_authn_plugin(self)
81 config.add_authn_plugin(self)
81 config.add_authn_resource(self.get_id(), HeadersAuthnResource(self))
82 config.add_authn_resource(self.get_id(), HeadersAuthnResource(self))
@@ -58,6 +58,11 b' class AuthenticationPluginRegistry(objec'
58 def get_plugin(self, plugin_id):
58 def get_plugin(self, plugin_id):
59 return self._plugins.get(plugin_id, None)
59 return self._plugins.get(plugin_id, None)
60
60
61 def get_plugin_by_uid(self, plugin_uid):
62 for plugin in self._plugins.values():
63 if plugin.uid == plugin_uid:
64 return plugin
65
61 def get_plugins_for_authentication(self):
66 def get_plugins_for_authentication(self):
62 """
67 """
63 Returns a list of plugins which should be consulted when authenticating
68 Returns a list of plugins which should be consulted when authenticating
@@ -12,10 +12,8 b''
12 %if c.extern_type != 'rhodecode':
12 %if c.extern_type != 'rhodecode':
13 <% readonly = "readonly" %>
13 <% readonly = "readonly" %>
14 <% disabled = " disabled" %>
14 <% disabled = " disabled" %>
15 <div class="infoform">
15 <div class="alert-warning" style="margin:0px 0px 20px 0px; padding: 10px">
16 <div class="fields">
16 <strong>${_('This user was created from external source (%s). Editing some of the settings is limited.' % c.extern_type)}</strong>
17 <p>${_('This user was created from external source (%s). Editing some of the settings is limited.' % c.extern_type)}</p>
18 </div>
19 </div>
17 </div>
20 %endif
18 %endif
21 <div class="form">
19 <div class="form">
@@ -105,9 +103,8 b''
105 ${_('Authentication type')}:
103 ${_('Authentication type')}:
106 </div>
104 </div>
107 <div class="input">
105 <div class="input">
108 <p>${c.extern_type}</p>
106 ${h.select('extern_type', c.extern_type, c.allowed_extern_types)}
109 ${h.hidden('extern_type', readonly="readonly")}
107 <p class="help-block">${_('When user was created using an external source. He is bound to authentication using this method.')}</p>
110 <p class="help-block">${_('User was created using an external source. He is bound to authentication using this method.')}</p>
111 </div>
108 </div>
112 </div>
109 </div>
113 <div class="field">
110 <div class="field">
General Comments 0
You need to be logged in to leave comments. Login now