__init__.py
131 lines
| 5.2 KiB
| text/x-python
|
PythonLexer
r1 | # -*- coding: utf-8 -*- | |||
r2487 | # Copyright (C) 2012-2018 RhodeCode GmbH | |||
r1 | # | |||
# This program is free software: you can redistribute it and/or modify | ||||
# it under the terms of the GNU Affero General Public License, version 3 | ||||
# (only), as published by the Free Software Foundation. | ||||
# | ||||
# This program is distributed in the hope that it will be useful, | ||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
# GNU General Public License for more details. | ||||
# | ||||
# You should have received a copy of the GNU Affero General Public License | ||||
# along with this program. If not, see <http://www.gnu.org/licenses/>. | ||||
# | ||||
# This program is dual-licensed. If you wish to learn more about the | ||||
# RhodeCode Enterprise Edition, including its added features, Support services, | ||||
# and proprietary license terms, please see https://rhodecode.com/licenses/ | ||||
r2652 | import os | |||
r1 | import logging | |||
r130 | import importlib | |||
r1 | ||||
from pkg_resources import iter_entry_points | ||||
from pyramid.authentication import SessionAuthenticationPolicy | ||||
from rhodecode.authentication.registry import AuthenticationPluginRegistry | ||||
from rhodecode.authentication.routes import root_factory | ||||
from rhodecode.authentication.routes import AuthnRootResource | ||||
r2309 | from rhodecode.apps._base import ADMIN_PREFIX | |||
r129 | from rhodecode.model.settings import SettingsModel | |||
r1 | ||||
r132 | ||||
r1 | log = logging.getLogger(__name__) | |||
r135 | # Plugin ID prefixes to distinct between normal and legacy plugins. | |||
plugin_prefix = 'egg:' | ||||
r132 | legacy_plugin_prefix = 'py:' | |||
r1 | ||||
# TODO: Currently this is only used to discover the authentication plugins. | ||||
# Later on this may be used in a generic way to look up and include all kinds | ||||
# of supported enterprise plugins. Therefore this has to be moved and | ||||
# refactored to a real 'plugin look up' machinery. | ||||
# TODO: When refactoring this think about splitting it up into distinct | ||||
# discover, load and include phases. | ||||
def _discover_plugins(config, entry_point='enterprise.plugins1'): | ||||
for ep in iter_entry_points(entry_point): | ||||
r138 | plugin_id = '{}{}#{}'.format( | |||
r135 | plugin_prefix, ep.dist.project_name, ep.name) | |||
r1 | log.debug('Plugin discovered: "%s"', plugin_id) | |||
r135 | try: | |||
module = ep.load() | ||||
plugin = module(plugin_id=plugin_id) | ||||
config.include(plugin.includeme) | ||||
except Exception as e: | ||||
log.exception( | ||||
'Exception while loading authentication plugin ' | ||||
'"{}": {}'.format(plugin_id, e.message)) | ||||
r1 | ||||
r135 | ||||
def _import_legacy_plugin(plugin_id): | ||||
module_name = plugin_id.split(legacy_plugin_prefix, 1)[-1] | ||||
module = importlib.import_module(module_name) | ||||
return module.plugin_factory(plugin_id=plugin_id) | ||||
r1 | ||||
r132 | def _discover_legacy_plugins(config, prefix=legacy_plugin_prefix): | |||
r131 | """ | |||
Function that imports the legacy plugins stored in the 'auth_plugins' | ||||
setting in database which are using the specified prefix. Normally 'py:' is | ||||
used for the legacy plugins. | ||||
""" | ||||
r2649 | try: | |||
auth_plugins = SettingsModel().get_setting_by_name('auth_plugins') | ||||
enabled_plugins = auth_plugins.app_settings_value | ||||
legacy_plugins = [id_ for id_ in enabled_plugins if id_.startswith(prefix)] | ||||
except Exception: | ||||
legacy_plugins = [] | ||||
r129 | ||||
r130 | for plugin_id in legacy_plugins: | |||
r135 | log.debug('Legacy plugin discovered: "%s"', plugin_id) | |||
r130 | try: | |||
r135 | plugin = _import_legacy_plugin(plugin_id) | |||
r130 | config.include(plugin.includeme) | |||
r134 | except Exception as e: | |||
r135 | log.exception( | |||
'Exception while loading legacy authentication plugin ' | ||||
r130 | '"{}": {}'.format(plugin_id, e.message)) | |||
r129 | ||||
r1 | def includeme(config): | |||
# Set authentication policy. | ||||
authn_policy = SessionAuthenticationPolicy() | ||||
config.set_authentication_policy(authn_policy) | ||||
# Create authentication plugin registry and add it to the pyramid registry. | ||||
r52 | authn_registry = AuthenticationPluginRegistry(config.get_settings()) | |||
r1 | config.add_directive('add_authn_plugin', authn_registry.add_authn_plugin) | |||
config.registry.registerUtility(authn_registry) | ||||
# Create authentication traversal root resource. | ||||
authn_root_resource = root_factory() | ||||
config.add_directive('add_authn_resource', | ||||
authn_root_resource.add_authn_resource) | ||||
# Add the authentication traversal route. | ||||
config.add_route('auth_home', | ||||
ADMIN_PREFIX + '/auth*traverse', | ||||
factory=root_factory) | ||||
# Add the authentication settings root views. | ||||
config.add_view('rhodecode.authentication.views.AuthSettingsView', | ||||
attr='index', | ||||
request_method='GET', | ||||
route_name='auth_home', | ||||
context=AuthnRootResource) | ||||
config.add_view('rhodecode.authentication.views.AuthSettingsView', | ||||
attr='auth_settings', | ||||
request_method='POST', | ||||
route_name='auth_home', | ||||
context=AuthnRootResource) | ||||
r2652 | for key in ['RC_CMD_SETUP_RC', 'RC_CMD_UPGRADE_DB', 'RC_CMD_SSH_WRAPPER']: | |||
if os.environ.get(key): | ||||
# skip this heavy step below on certain CLI commands | ||||
return | ||||
r1 | # Auto discover authentication plugins and include their configuration. | |||
_discover_plugins(config) | ||||
r129 | _discover_legacy_plugins(config) | |||