u/pc/rhodecode-enterprise-ce-fork-pc Files · rhodecode/authentication/plugins/auth_jasig_cas.py

vcs: Minimal change to expose the shadow repository...

vcs: Minimal change to expose the shadow repository Based on my original research, this was the "minimal" starting point. It shows that three concepts are needed for the "repo_name": * From the security standpoint we think of the shadow repository having the same ACL as the target repository of the pull request. This is because the pull request itself is considered to be a part of the target repository. Out of this thought, the variable "acl_repo_name" is used whenever we want to check permissions or when we need the database configuration of the repository. An alternative name would have been "db_repo_name", but the usage for ACL checking is the most important one. * From the web interaction perspective, we need the URL which was originally used to get to the repository. This is because based on this base URL commands can be identified. Especially for Git this is important, so that the commands are correctly recognized. Since the URL is in the focus, this is called "url_repo_name". * Finally we have to deal with the repository on the file system. This is what the VCS layer deal with normally, so this name is called "vcs_repo_name". The original repository interaction is a special case where all three names are the same. When interacting with a pull request, these three names are typically all different. This change is minimal in a sense that it just makes the interaction with a shadow repository barely work, without checking any special constraints yet. This was the starting point for further work on this topic.

johbo - - Load All Authors

File last commit:

r108:15a894ab default


                r887:175782be

default

Download file

             auth_jasig_cas.py
        
                    167 lines
            
             | 5.8 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / rhodecode / authentication / plugins / auth_jasig_cas.py
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        marcink
    
project: added all source files and assets

              r1
            
      # -*- coding: utf-8 -*-

      # Copyright (C) 2012-2016  RhodeCode GmbH

      #

      # This program is free software: you can redistribute it and/or modify

      # it under the terms of the GNU Affero General Public License, version 3

      # (only), as published by the Free Software Foundation.

      #

      # This program is distributed in the hope that it will be useful,

      # but WITHOUT ANY WARRANTY; without even the implied warranty of

      # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

      # GNU General Public License for more details.

      #

      # You should have received a copy of the GNU Affero General Public License

      # along with this program.  If not, see <http://www.gnu.org/licenses/>.

      #

      # This program is dual-licensed. If you wish to learn more about the

      # RhodeCode Enterprise Edition, including its added features, Support services,

      # and proprietary license terms, please see https://rhodecode.com/licenses/

      """

      RhodeCode authentication plugin for Jasig CAS

      http://www.jasig.org/cas

      """

      import colander

      import logging

      import rhodecode

      import urllib

      import urllib2

      from pylons.i18n.translation import lazy_ugettext as _

      from sqlalchemy.ext.hybrid import hybrid_property

      from rhodecode.authentication.base import RhodeCodeExternalAuthPlugin

      from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase

      from rhodecode.authentication.routes import AuthnPluginResourceBase

        johbo
    
authn: Add whitespace stripping to authentication plugin settings.

              r55
            
      from rhodecode.lib.colander_utils import strip_whitespace

        marcink
    
project: added all source files and assets

              r1
            
      from rhodecode.lib.utils2 import safe_unicode

      from rhodecode.model.db import User

      log = logging.getLogger(__name__)

      def plugin_factory(plugin_id, *args, **kwds):

          """

          Factory function that is called during plugin discovery.

          It returns the plugin instance.

          """

          plugin = RhodeCodeAuthPlugin(plugin_id)

          return plugin

      class JasigCasAuthnResource(AuthnPluginResourceBase):

          pass

      class JasigCasSettingsSchema(AuthnPluginSettingsSchemaBase):

          service_url = colander.SchemaNode(

              colander.String(),

              default='https://domain.com/cas/v1/tickets',

              description=_('The url of the Jasig CAS REST service'),

        johbo
    
authn: Add whitespace stripping to authentication plugin settings.

              r55
            
              preparer=strip_whitespace,

        marcink
    
project: added all source files and assets

              r1
            
              title=_('URL'),

              widget='string')

      class RhodeCodeAuthPlugin(RhodeCodeExternalAuthPlugin):

          def includeme(self, config):

              config.add_authn_plugin(self)

              config.add_authn_resource(self.get_id(), JasigCasAuthnResource(self))

              config.add_view(

                  'rhodecode.authentication.views.AuthnPluginViewBase',

                  attr='settings_get',

        johbo
    
authn: Set the renderer attribute when registering settings view.

              r87
            
                  renderer='rhodecode:templates/admin/auth/plugin_settings.html',

        marcink
    
project: added all source files and assets

              r1
            
                  request_method='GET',

                  route_name='auth_home',

                  context=JasigCasAuthnResource)

              config.add_view(

                  'rhodecode.authentication.views.AuthnPluginViewBase',

                  attr='settings_post',

        johbo
    
authn: Set the renderer attribute when registering settings view.

              r87
            
                  renderer='rhodecode:templates/admin/auth/plugin_settings.html',

        marcink
    
project: added all source files and assets

              r1
            
                  request_method='POST',

                  route_name='auth_home',

                  context=JasigCasAuthnResource)

          def get_settings_schema(self):

              return JasigCasSettingsSchema()

          def get_display_name(self):

              return _('Jasig-CAS')

          @hybrid_property

          def name(self):

              return "jasig-cas"

        johbo
    
authn: Use new is_headers_auth function.

              r108
            
          @property

          def is_headers_auth(self):

        marcink
    
project: added all source files and assets

              r1
            
              return True

          def use_fake_password(self):

              return True

          def user_activation_state(self):

              def_user_perms = User.get_default_user().AuthUser.permissions['global']

              return 'hg.extern_activate.auto' in def_user_perms

          def auth(self, userobj, username, password, settings, **kwargs):

              """

              Given a user object (which may be null), username, a plaintext password,

              and a settings object (containing all the keys needed as listed in settings()),

              authenticate this user's login attempt.

              Return None on failure. On success, return a dictionary of the form:

                  see: RhodeCodeAuthPluginBase.auth_func_attrs

              This is later validated for correctness

              """

              if not username or not password:

                  log.debug('Empty username or password skipping...')

                  return None

        marcink
    
authn: don't use formatted_json to log statements. It totally screws up...

              r12
            
              log.debug("Jasig CAS settings: %s", settings)

        marcink
    
project: added all source files and assets

              r1
            
              params = urllib.urlencode({'username': username, 'password': password})

              headers = {"Content-type": "application/x-www-form-urlencoded",

                         "Accept": "text/plain",

                         "User-Agent": "RhodeCode-auth-%s" % rhodecode.__version__}

              url = settings["service_url"]

        marcink
    
authn: don't use formatted_json to log statements. It totally screws up...

              r12
            
              log.debug("Sent Jasig CAS: \n%s",

                        {"url": url, "body": params, "headers": headers})

        marcink
    
project: added all source files and assets

              r1
            
              request = urllib2.Request(url, params, headers)

              try:

                  response = urllib2.urlopen(request)

              except urllib2.HTTPError as e:

                  log.debug("HTTPError when requesting Jasig CAS (status code: %d)" % e.code)

                  return None

              except urllib2.URLError as e:

                  log.debug("URLError when requesting Jasig CAS url: %s " % url)

                  return None

              # old attrs fetched from RhodeCode database

              admin = getattr(userobj, 'admin', False)

              active = getattr(userobj, 'active', True)

              email = getattr(userobj, 'email', '')

              username = getattr(userobj, 'username', username)

              firstname = getattr(userobj, 'firstname', '')

              lastname = getattr(userobj, 'lastname', '')

              extern_type = getattr(userobj, 'extern_type', '')

              user_attrs = {

                  'username': username,

                  'firstname': safe_unicode(firstname or username),

                  'lastname': safe_unicode(lastname or ''),

                  'groups': [],

                  'email': email or '',

                  'admin': admin or False,

                  'active': active,

                  'active_from_extern': True,

                  'extern_name': username,

                  'extern_type': extern_type,

              }

              log.info('user %s authenticated correctly' % user_attrs['username'])

              return user_attrs

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

marcink project: added all source files and assets	r1	# -- coding: utf-8 --

		# Copyright (C) 2012-2016 RhodeCode GmbH
		#
		# This program is free software: you can redistribute it and/or modify
		# it under the terms of the GNU Affero General Public License, version 3
		# (only), as published by the Free Software Foundation.
		#
		# This program is distributed in the hope that it will be useful,
		# but WITHOUT ANY WARRANTY; without even the implied warranty of
		# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		# GNU General Public License for more details.
		#
		# You should have received a copy of the GNU Affero General Public License
		# along with this program. If not, see <http://www.gnu.org/licenses/>.
		#
		# This program is dual-licensed. If you wish to learn more about the
		# RhodeCode Enterprise Edition, including its added features, Support services,
		# and proprietary license terms, please see https://rhodecode.com/licenses/

		"""
		RhodeCode authentication plugin for Jasig CAS
		http://www.jasig.org/cas
		"""


		import colander
		import logging
		import rhodecode
		import urllib
		import urllib2

		from pylons.i18n.translation import lazy_ugettext as _
		from sqlalchemy.ext.hybrid import hybrid_property

		from rhodecode.authentication.base import RhodeCodeExternalAuthPlugin
		from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
		from rhodecode.authentication.routes import AuthnPluginResourceBase
johbo authn: Add whitespace stripping to authentication plugin settings.	r55	from rhodecode.lib.colander_utils import strip_whitespace
marcink project: added all source files and assets	r1	from rhodecode.lib.utils2 import safe_unicode
		from rhodecode.model.db import User

		log = logging.getLogger(__name__)


		def plugin_factory(plugin_id, args, *kwds):
		"""
		Factory function that is called during plugin discovery.
		It returns the plugin instance.
		"""
		plugin = RhodeCodeAuthPlugin(plugin_id)
		return plugin


		class JasigCasAuthnResource(AuthnPluginResourceBase):
		pass


		class JasigCasSettingsSchema(AuthnPluginSettingsSchemaBase):
		service_url = colander.SchemaNode(
		colander.String(),
		default='https://domain.com/cas/v1/tickets',
		description=_('The url of the Jasig CAS REST service'),
johbo authn: Add whitespace stripping to authentication plugin settings.	r55	preparer=strip_whitespace,
marcink project: added all source files and assets	r1	title=_('URL'),
		widget='string')


		class RhodeCodeAuthPlugin(RhodeCodeExternalAuthPlugin):

		def includeme(self, config):
		config.add_authn_plugin(self)
		config.add_authn_resource(self.get_id(), JasigCasAuthnResource(self))
		config.add_view(
		'rhodecode.authentication.views.AuthnPluginViewBase',
		attr='settings_get',
johbo authn: Set the renderer attribute when registering settings view.	r87	renderer='rhodecode:templates/admin/auth/plugin_settings.html',
marcink project: added all source files and assets	r1	request_method='GET',
		route_name='auth_home',
		context=JasigCasAuthnResource)
		config.add_view(
		'rhodecode.authentication.views.AuthnPluginViewBase',
		attr='settings_post',
johbo authn: Set the renderer attribute when registering settings view.	r87	renderer='rhodecode:templates/admin/auth/plugin_settings.html',
marcink project: added all source files and assets	r1	request_method='POST',
		route_name='auth_home',
		context=JasigCasAuthnResource)

		def get_settings_schema(self):
		return JasigCasSettingsSchema()

		def get_display_name(self):
		return _('Jasig-CAS')

		@hybrid_property
		def name(self):
		return "jasig-cas"

johbo authn: Use new is_headers_auth function.	r108	@property
		def is_headers_auth(self):
marcink project: added all source files and assets	r1	return True

		def use_fake_password(self):
		return True

		def user_activation_state(self):
		def_user_perms = User.get_default_user().AuthUser.permissions['global']
		return 'hg.extern_activate.auto' in def_user_perms

		def auth(self, userobj, username, password, settings, **kwargs):
		"""
		Given a user object (which may be null), username, a plaintext password,
		and a settings object (containing all the keys needed as listed in settings()),
		authenticate this user's login attempt.

		Return None on failure. On success, return a dictionary of the form:

		see: RhodeCodeAuthPluginBase.auth_func_attrs
		This is later validated for correctness
		"""
		if not username or not password:
		log.debug('Empty username or password skipping...')
		return None

marcink authn: don't use formatted_json to log statements. It totally screws up...	r12	log.debug("Jasig CAS settings: %s", settings)
marcink project: added all source files and assets	r1	params = urllib.urlencode({'username': username, 'password': password})
		headers = {"Content-type": "application/x-www-form-urlencoded",
		"Accept": "text/plain",
		"User-Agent": "RhodeCode-auth-%s" % rhodecode.__version__}
		url = settings["service_url"]

marcink authn: don't use formatted_json to log statements. It totally screws up...	r12	log.debug("Sent Jasig CAS: \n%s",
		{"url": url, "body": params, "headers": headers})
marcink project: added all source files and assets	r1	request = urllib2.Request(url, params, headers)
		try:
		response = urllib2.urlopen(request)
		except urllib2.HTTPError as e:
		log.debug("HTTPError when requesting Jasig CAS (status code: %d)" % e.code)
		return None
		except urllib2.URLError as e:
		log.debug("URLError when requesting Jasig CAS url: %s " % url)
		return None

		# old attrs fetched from RhodeCode database
		admin = getattr(userobj, 'admin', False)
		active = getattr(userobj, 'active', True)
		email = getattr(userobj, 'email', '')
		username = getattr(userobj, 'username', username)
		firstname = getattr(userobj, 'firstname', '')
		lastname = getattr(userobj, 'lastname', '')
		extern_type = getattr(userobj, 'extern_type', '')

		user_attrs = {
		'username': username,
		'firstname': safe_unicode(firstname or username),
		'lastname': safe_unicode(lastname or ''),
		'groups': [],
		'email': email or '',
		'admin': admin or False,
		'active': active,
		'active_from_extern': True,
		'extern_name': username,
		'extern_type': extern_type,
		}

		log.info('user %s authenticated correctly' % user_attrs['username'])
		return user_attrs