##// END OF EJS Templates
auth: made the message about not-active user consisten with token plugin
marcink -
r441:d8a74f85 default
parent child Browse files
Show More
@@ -1,141 +1,143 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2012-2016 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 """
22 22 RhodeCode authentication plugin for built in internal auth
23 23 """
24 24
25 25 import logging
26 26
27 27 from pylons.i18n.translation import lazy_ugettext as _
28 28 from sqlalchemy.ext.hybrid import hybrid_property
29 29
30 30 from rhodecode.authentication.base import RhodeCodeAuthPluginBase
31 31 from rhodecode.authentication.routes import AuthnPluginResourceBase
32 32 from rhodecode.lib.utils2 import safe_str
33 33 from rhodecode.model.db import User
34 34
35 35 log = logging.getLogger(__name__)
36 36
37 37
38 38 def plugin_factory(plugin_id, *args, **kwds):
39 39 plugin = RhodeCodeAuthPlugin(plugin_id)
40 40 return plugin
41 41
42 42
43 43 class RhodecodeAuthnResource(AuthnPluginResourceBase):
44 44 pass
45 45
46 46
47 47 class RhodeCodeAuthPlugin(RhodeCodeAuthPluginBase):
48 48
49 49 def includeme(self, config):
50 50 config.add_authn_plugin(self)
51 51 config.add_authn_resource(self.get_id(), RhodecodeAuthnResource(self))
52 52 config.add_view(
53 53 'rhodecode.authentication.views.AuthnPluginViewBase',
54 54 attr='settings_get',
55 55 renderer='rhodecode:templates/admin/auth/plugin_settings.html',
56 56 request_method='GET',
57 57 route_name='auth_home',
58 58 context=RhodecodeAuthnResource)
59 59 config.add_view(
60 60 'rhodecode.authentication.views.AuthnPluginViewBase',
61 61 attr='settings_post',
62 62 renderer='rhodecode:templates/admin/auth/plugin_settings.html',
63 63 request_method='POST',
64 64 route_name='auth_home',
65 65 context=RhodecodeAuthnResource)
66 66
67 67 def get_display_name(self):
68 68 return _('Rhodecode')
69 69
70 70 @hybrid_property
71 71 def name(self):
72 72 return "rhodecode"
73 73
74 74 def user_activation_state(self):
75 75 def_user_perms = User.get_default_user().AuthUser.permissions['global']
76 76 return 'hg.register.auto_activate' in def_user_perms
77 77
78 78 def allows_authentication_from(
79 79 self, user, allows_non_existing_user=True,
80 80 allowed_auth_plugins=None, allowed_auth_sources=None):
81 81 """
82 82 Custom method for this auth that doesn't accept non existing users.
83 83 We know that user exists in our database.
84 84 """
85 85 allows_non_existing_user = False
86 86 return super(RhodeCodeAuthPlugin, self).allows_authentication_from(
87 87 user, allows_non_existing_user=allows_non_existing_user)
88 88
89 89 def auth(self, userobj, username, password, settings, **kwargs):
90 90 if not userobj:
91 91 log.debug('userobj was:%s skipping' % (userobj, ))
92 92 return None
93 93 if userobj.extern_type != self.name:
94 94 log.warning(
95 95 "userobj:%s extern_type mismatch got:`%s` expected:`%s`" %
96 96 (userobj, userobj.extern_type, self.name))
97 97 return None
98 98
99 99 user_attrs = {
100 100 "username": userobj.username,
101 101 "firstname": userobj.firstname,
102 102 "lastname": userobj.lastname,
103 103 "groups": [],
104 104 "email": userobj.email,
105 105 "admin": userobj.admin,
106 106 "active": userobj.active,
107 107 "active_from_extern": userobj.active,
108 108 "extern_name": userobj.user_id,
109 109 "extern_type": userobj.extern_type,
110 110 }
111 111
112 112 log.debug("User attributes:%s" % (user_attrs, ))
113 113 if userobj.active:
114 114 from rhodecode.lib import auth
115 115 crypto_backend = auth.crypto_backend()
116 116 password_encoded = safe_str(password)
117 117 password_match, new_hash = crypto_backend.hash_check_with_upgrade(
118 118 password_encoded, userobj.password)
119 119
120 120 if password_match and new_hash:
121 121 log.debug('user %s properly authenticated, but '
122 122 'requires hash change to bcrypt', userobj)
123 123 # if password match, and we use OLD deprecated hash,
124 124 # we should migrate this user hash password to the new hash
125 125 # we store the new returned by hash_check_with_upgrade function
126 126 user_attrs['_hash_migrate'] = new_hash
127 127
128 128 if userobj.username == User.DEFAULT_USER and userobj.active:
129 129 log.info(
130 130 'user %s authenticated correctly as anonymous user', userobj)
131 131 return user_attrs
132 132
133 133 elif userobj.username == username and password_match:
134 134 log.info('user %s authenticated correctly', userobj)
135 135 return user_attrs
136 136 log.info("user %s had a bad password when "
137 137 "authenticating on this plugin", userobj)
138 138 return None
139 139 else:
140 log.warning('user %s tried auth but is disabled', userobj)
140 log.warning(
141 'user `%s` failed to authenticate via %s, reason: account not '
142 'active.', username, self.name)
141 143 return None
General Comments 0
You need to be logged in to leave comments. Login now