# Copyright (C) 2012-2024 RhodeCode GmbH # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License, version 3 # (only), as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . # # This program is dual-licensed. If you wish to learn more about the # RhodeCode Enterprise Edition, including its added features, Support services, # and proprietary license terms, please see https://rhodecode.com/licenses/ import time import logging from pyramid.exceptions import ConfigurationError from zope.interface import implementer from rhodecode.authentication.interface import IAuthnPluginRegistry from rhodecode.model.settings import SettingsModel from rhodecode.lib.utils2 import safe_str from rhodecode.lib.statsd_client import StatsdClient from rhodecode.lib import rc_cache log = logging.getLogger(__name__) @implementer(IAuthnPluginRegistry) class AuthenticationPluginRegistry(object): # INI settings key to set a fallback authentication plugin. fallback_plugin_key = 'rhodecode.auth_plugin_fallback' def __init__(self, settings): self._plugins = {} self._fallback_plugin = settings.get(self.fallback_plugin_key, None) def add_authn_plugin(self, config, plugin): plugin_id = plugin.get_id() if plugin_id in self._plugins.keys(): raise ConfigurationError( 'Cannot register authentication plugin twice: "%s"', plugin_id) else: log.debug('Register authentication plugin: "%s"', plugin_id) self._plugins[plugin_id] = plugin def get_plugins(self): def sort_key(plugin): return str.lower(safe_str(plugin.get_display_name())) return sorted(self._plugins.values(), key=sort_key) def get_plugin(self, plugin_id): return self._plugins.get(plugin_id, None) def get_plugin_by_uid(self, plugin_uid): for plugin in self._plugins.values(): if plugin.uid == plugin_uid: return plugin def get_cache_call_method(self, cache=True): region, _ns = self.get_cache_region() @region.conditional_cache_on_arguments(condition=cache) def _get_auth_plugins(name: str, key: str, fallback_plugin): log.debug('auth-plugins: calculating plugins available for authentication') _plugins = [] # Add all enabled and active plugins to the list. We iterate over the # auth_plugins setting from DB because it also represents the ordering. enabled_plugins = SettingsModel().get_auth_plugins() raw_settings = SettingsModel().get_all_settings(cache=False) for plugin_id in enabled_plugins: plugin = self.get_plugin(plugin_id) if plugin is not None and plugin.is_active( plugin_cached_settings=raw_settings): # inject settings into plugin, we can re-use the DB fetched settings here plugin._settings = plugin._propagate_settings(raw_settings) _plugins.append(plugin) # Add the fallback plugin from ini file. if fallback_plugin: log.warning( 'Using fallback authentication plugin from INI file: "%s"', fallback_plugin) plugin = self.get_plugin(fallback_plugin) if plugin is not None and plugin not in _plugins: plugin._settings = plugin._propagate_settings(raw_settings) _plugins.append(plugin) return _plugins return _get_auth_plugins def get_plugins_for_authentication(self, cache=True): """ Returns a list of plugins which should be consulted when authenticating a user. It only returns plugins which are enabled and active. Additionally, it includes the fallback plugin from the INI file, if `rhodecode.auth_plugin_fallback` is set to a plugin ID. """ _get_auth_plugins = self.get_cache_call_method(cache=cache) start = time.time() plugins = _get_auth_plugins('rhodecode_auth_plugins', 'v1', self._fallback_plugin) compute_time = time.time() - start log.debug('cached method:%s took %.4fs', _get_auth_plugins.__name__, compute_time) statsd = StatsdClient.statsd if statsd: elapsed_time_ms = round(1000.0 * compute_time) # use ms only statsd.timing("rhodecode_auth_plugins_timing.histogram", elapsed_time_ms, use_decimals=False) return plugins @classmethod def get_cache_region(cls): cache_namespace_uid = 'auth_plugins.v1' region = rc_cache.get_or_create_region('cache_general', cache_namespace_uid) return region, cache_namespace_uid @classmethod def invalidate_auth_plugins_cache(cls, hard=True): region, namespace_key = cls.get_cache_region() log.debug('Invalidation cache [%s] region %s for cache_key: %s', 'invalidate_auth_plugins_cache', region, namespace_key) # we use hard cleanup if invalidation is sent rc_cache.clear_cache_namespace(region, namespace_key, method=rc_cache.CLEAR_DELETE)