##// END OF EJS Templates
u » ewong » rhodecode-enterprise-ce-fork
RSS

Fork of rhodecode-enterprise-ce

goto-switcher: optimized performance and query capabilities....
goto-switcher: optimized performance and query capabilities. - Previous implementation had on significant bug. The use of LIMIT 20 was limiting results BEFORE auth checks. In case of large ammount of similarly named repositories user didn't had access too, the result goto search was empty. This was becuase first 20 items fetched didn't pass permission checks and final auth list was empty. To fix this we now use proper filtering for auth using SQL. It means we first check user allowed repositories, and add this as a filter so end result from database is already to only the accessible repositories.
marcink - - Load All Authors

File last commit:

r1997:61825b68 default
r2038:2bdf9d4d default
Show More
auth_jasig_cas.py
166 lines | 5.8 KiB | text/x-python | PythonLexer
/ rhodecode / authentication / plugins / auth_jasig_cas.py
History | Annotation | Raw |Copy content |Copy permalink
# -*- coding: utf-8 -*-
# Copyright (C) 2012-2017 RhodeCode GmbH
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License, version 3
# (only), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# This program is dual-licensed. If you wish to learn more about the
# RhodeCode Enterprise Edition, including its added features, Support services,
# and proprietary license terms, please see https://rhodecode.com/licenses/
"""
RhodeCode authentication plugin for Jasig CAS
http://www.jasig.org/cas
"""
import colander
import logging
import rhodecode
import urllib
import urllib2
from rhodecode.translation import _
from rhodecode.authentication.base import (
RhodeCodeExternalAuthPlugin, hybrid_property)
from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
from rhodecode.authentication.routes import AuthnPluginResourceBase
from rhodecode.lib.colander_utils import strip_whitespace
from rhodecode.lib.utils2 import safe_unicode
from rhodecode.model.db import User
log = logging.getLogger(__name__)
def plugin_factory(plugin_id, *args, **kwds):
"""
Factory function that is called during plugin discovery.
It returns the plugin instance.
"""
plugin = RhodeCodeAuthPlugin(plugin_id)
return plugin
class JasigCasAuthnResource(AuthnPluginResourceBase):
pass
class JasigCasSettingsSchema(AuthnPluginSettingsSchemaBase):
service_url = colander.SchemaNode(
colander.String(),
default='https://domain.com/cas/v1/tickets',
description=_('The url of the Jasig CAS REST service'),
preparer=strip_whitespace,
title=_('URL'),
widget='string')
class RhodeCodeAuthPlugin(RhodeCodeExternalAuthPlugin):
def includeme(self, config):
config.add_authn_plugin(self)
config.add_authn_resource(self.get_id(), JasigCasAuthnResource(self))
config.add_view(
'rhodecode.authentication.views.AuthnPluginViewBase',
attr='settings_get',
renderer='rhodecode:templates/admin/auth/plugin_settings.mako',
request_method='GET',
route_name='auth_home',
context=JasigCasAuthnResource)
config.add_view(
'rhodecode.authentication.views.AuthnPluginViewBase',
attr='settings_post',
renderer='rhodecode:templates/admin/auth/plugin_settings.mako',
request_method='POST',
route_name='auth_home',
context=JasigCasAuthnResource)
def get_settings_schema(self):
return JasigCasSettingsSchema()
def get_display_name(self):
return _('Jasig-CAS')
@hybrid_property
def name(self):
return "jasig-cas"
@property
def is_headers_auth(self):
return True
def use_fake_password(self):
return True
def user_activation_state(self):
def_user_perms = User.get_default_user().AuthUser().permissions['global']
return 'hg.extern_activate.auto' in def_user_perms
def auth(self, userobj, username, password, settings, **kwargs):
"""
Given a user object (which may be null), username, a plaintext password,
and a settings object (containing all the keys needed as listed in settings()),
authenticate this user's login attempt.
Return None on failure. On success, return a dictionary of the form:
see: RhodeCodeAuthPluginBase.auth_func_attrs
This is later validated for correctness
"""
if not username or not password:
log.debug('Empty username or password skipping...')
return None
log.debug("Jasig CAS settings: %s", settings)
params = urllib.urlencode({'username': username, 'password': password})
headers = {"Content-type": "application/x-www-form-urlencoded",
"Accept": "text/plain",
"User-Agent": "RhodeCode-auth-%s" % rhodecode.__version__}
url = settings["service_url"]
log.debug("Sent Jasig CAS: \n%s",
{"url": url, "body": params, "headers": headers})
request = urllib2.Request(url, params, headers)
try:
response = urllib2.urlopen(request)
except urllib2.HTTPError as e:
log.debug("HTTPError when requesting Jasig CAS (status code: %d)" % e.code)
return None
except urllib2.URLError as e:
log.debug("URLError when requesting Jasig CAS url: %s " % url)
return None
# old attrs fetched from RhodeCode database
admin = getattr(userobj, 'admin', False)
active = getattr(userobj, 'active', True)
email = getattr(userobj, 'email', '')
username = getattr(userobj, 'username', username)
firstname = getattr(userobj, 'firstname', '')
lastname = getattr(userobj, 'lastname', '')
extern_type = getattr(userobj, 'extern_type', '')
user_attrs = {
'username': username,
'firstname': safe_unicode(firstname or username),
'lastname': safe_unicode(lastname or ''),
'groups': [],
'email': email or '',
'admin': admin or False,
'active': active,
'active_from_extern': True,
'extern_name': username,
'extern_type': extern_type,
}
log.info('user %s authenticated correctly' % user_attrs['username'])
return user_attrs