__init__.py
131 lines
| 5.2 KiB
| text/x-python
|
PythonLexer
| r1 | # -*- coding: utf-8 -*- | |||
| r2487 | # Copyright (C) 2012-2018 RhodeCode GmbH | |||
| r1 | # | |||
| # This program is free software: you can redistribute it and/or modify | ||||
| # it under the terms of the GNU Affero General Public License, version 3 | ||||
| # (only), as published by the Free Software Foundation. | ||||
| # | ||||
| # This program is distributed in the hope that it will be useful, | ||||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
| # GNU General Public License for more details. | ||||
| # | ||||
| # You should have received a copy of the GNU Affero General Public License | ||||
| # along with this program. If not, see <http://www.gnu.org/licenses/>. | ||||
| # | ||||
| # This program is dual-licensed. If you wish to learn more about the | ||||
| # RhodeCode Enterprise Edition, including its added features, Support services, | ||||
| # and proprietary license terms, please see https://rhodecode.com/licenses/ | ||||
| r2652 | import os | |||
| r1 | import logging | |||
| r130 | import importlib | |||
| r1 | ||||
| from pkg_resources import iter_entry_points | ||||
| from pyramid.authentication import SessionAuthenticationPolicy | ||||
| from rhodecode.authentication.registry import AuthenticationPluginRegistry | ||||
| from rhodecode.authentication.routes import root_factory | ||||
| from rhodecode.authentication.routes import AuthnRootResource | ||||
| r2309 | from rhodecode.apps._base import ADMIN_PREFIX | |||
| r129 | from rhodecode.model.settings import SettingsModel | |||
| r1 | ||||
| r132 | ||||
| r1 | log = logging.getLogger(__name__) | |||
| r135 | # Plugin ID prefixes to distinct between normal and legacy plugins. | |||
| plugin_prefix = 'egg:' | ||||
| r132 | legacy_plugin_prefix = 'py:' | |||
| r1 | ||||
| # TODO: Currently this is only used to discover the authentication plugins. | ||||
| # Later on this may be used in a generic way to look up and include all kinds | ||||
| # of supported enterprise plugins. Therefore this has to be moved and | ||||
| # refactored to a real 'plugin look up' machinery. | ||||
| # TODO: When refactoring this think about splitting it up into distinct | ||||
| # discover, load and include phases. | ||||
| def _discover_plugins(config, entry_point='enterprise.plugins1'): | ||||
| for ep in iter_entry_points(entry_point): | ||||
| r138 | plugin_id = '{}{}#{}'.format( | |||
| r135 | plugin_prefix, ep.dist.project_name, ep.name) | |||
| r1 | log.debug('Plugin discovered: "%s"', plugin_id) | |||
| r135 | try: | |||
| module = ep.load() | ||||
| plugin = module(plugin_id=plugin_id) | ||||
| config.include(plugin.includeme) | ||||
| except Exception as e: | ||||
| log.exception( | ||||
| 'Exception while loading authentication plugin ' | ||||
| '"{}": {}'.format(plugin_id, e.message)) | ||||
| r1 | ||||
| r135 | ||||
| def _import_legacy_plugin(plugin_id): | ||||
| module_name = plugin_id.split(legacy_plugin_prefix, 1)[-1] | ||||
| module = importlib.import_module(module_name) | ||||
| return module.plugin_factory(plugin_id=plugin_id) | ||||
| r1 | ||||
| r132 | def _discover_legacy_plugins(config, prefix=legacy_plugin_prefix): | |||
| r131 | """ | |||
| Function that imports the legacy plugins stored in the 'auth_plugins' | ||||
| setting in database which are using the specified prefix. Normally 'py:' is | ||||
| used for the legacy plugins. | ||||
| """ | ||||
| r2649 | try: | |||
| auth_plugins = SettingsModel().get_setting_by_name('auth_plugins') | ||||
| enabled_plugins = auth_plugins.app_settings_value | ||||
| legacy_plugins = [id_ for id_ in enabled_plugins if id_.startswith(prefix)] | ||||
| except Exception: | ||||
| legacy_plugins = [] | ||||
| r129 | ||||
| r130 | for plugin_id in legacy_plugins: | |||
| r135 | log.debug('Legacy plugin discovered: "%s"', plugin_id) | |||
| r130 | try: | |||
| r135 | plugin = _import_legacy_plugin(plugin_id) | |||
| r130 | config.include(plugin.includeme) | |||
| r134 | except Exception as e: | |||
| r135 | log.exception( | |||
| 'Exception while loading legacy authentication plugin ' | ||||
| r130 | '"{}": {}'.format(plugin_id, e.message)) | |||
| r129 | ||||
| r1 | def includeme(config): | |||
| # Set authentication policy. | ||||
| authn_policy = SessionAuthenticationPolicy() | ||||
| config.set_authentication_policy(authn_policy) | ||||
| # Create authentication plugin registry and add it to the pyramid registry. | ||||
| r52 | authn_registry = AuthenticationPluginRegistry(config.get_settings()) | |||
| r1 | config.add_directive('add_authn_plugin', authn_registry.add_authn_plugin) | |||
| config.registry.registerUtility(authn_registry) | ||||
| # Create authentication traversal root resource. | ||||
| authn_root_resource = root_factory() | ||||
| config.add_directive('add_authn_resource', | ||||
| authn_root_resource.add_authn_resource) | ||||
| # Add the authentication traversal route. | ||||
| config.add_route('auth_home', | ||||
| ADMIN_PREFIX + '/auth*traverse', | ||||
| factory=root_factory) | ||||
| # Add the authentication settings root views. | ||||
| config.add_view('rhodecode.authentication.views.AuthSettingsView', | ||||
| attr='index', | ||||
| request_method='GET', | ||||
| route_name='auth_home', | ||||
| context=AuthnRootResource) | ||||
| config.add_view('rhodecode.authentication.views.AuthSettingsView', | ||||
| attr='auth_settings', | ||||
| request_method='POST', | ||||
| route_name='auth_home', | ||||
| context=AuthnRootResource) | ||||
| r2652 | for key in ['RC_CMD_SETUP_RC', 'RC_CMD_UPGRADE_DB', 'RC_CMD_SSH_WRAPPER']: | |||
| if os.environ.get(key): | ||||
| # skip this heavy step below on certain CLI commands | ||||
| return | ||||
| r1 | # Auto discover authentication plugins and include their configuration. | |||
| _discover_plugins(config) | ||||
| r129 | _discover_legacy_plugins(config) | |||
