##// END OF EJS Templates
u » pc » rhodecode-enterprise-ce-fork-pc
RSS

Fork of rhodecode-enterprise-ce

authentication: introduce a group sync flag for plugins....
authentication: introduce a group sync flag for plugins. - we'll skip any syncing on plugins which simply don't get any group information - we let plugins define if they wish to sync groups - prevent from odd cases in which someone sets user groups as syncing, and using regular plugin. In this case memebership of that group would be wiped, and it's generaly bad behaviour.
marcink - - Load All Authors

File last commit:

r2495:4f076134 default
r2495:4f076134 default
Show More
auth_jasig_cas.py
167 lines | 5.8 KiB | text/x-python | PythonLexer
/ rhodecode / authentication / plugins / auth_jasig_cas.py
History | Source | Raw |Copy content |Copy permalink
marcink
project: added all source files and assets
 r1 # -*- coding: utf-8 -*-
marcink
release: update copyright year to 2018
 r2487 # Copyright (C) 2012-2018 RhodeCode GmbH
marcink
project: added all source files and assets
 r1 #
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License, version 3
# (only), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# This program is dual-licensed. If you wish to learn more about the
# RhodeCode Enterprise Edition, including its added features, Support services,
# and proprietary license terms, please see https://rhodecode.com/licenses/
"""
RhodeCode authentication plugin for Jasig CAS
http://www.jasig.org/cas
"""
import colander
import logging
import rhodecode
import urllib
import urllib2
marcink
auth: refactor code and simplified instructions....
 r1454 from rhodecode.translation import _
from rhodecode.authentication.base import (
RhodeCodeExternalAuthPlugin, hybrid_property)
marcink
project: added all source files and assets
 r1 from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
from rhodecode.authentication.routes import AuthnPluginResourceBase
johbo
authn: Add whitespace stripping to authentication plugin settings.
 r55 from rhodecode.lib.colander_utils import strip_whitespace
marcink
project: added all source files and assets
 r1 from rhodecode.lib.utils2 import safe_unicode
from rhodecode.model.db import User
log = logging.getLogger(__name__)
def plugin_factory(plugin_id, *args, **kwds):
"""
Factory function that is called during plugin discovery.
It returns the plugin instance.
"""
plugin = RhodeCodeAuthPlugin(plugin_id)
return plugin
class JasigCasAuthnResource(AuthnPluginResourceBase):
pass
class JasigCasSettingsSchema(AuthnPluginSettingsSchemaBase):
service_url = colander.SchemaNode(
colander.String(),
default='https://domain.com/cas/v1/tickets',
description=_('The url of the Jasig CAS REST service'),
johbo
authn: Add whitespace stripping to authentication plugin settings.
 r55 preparer=strip_whitespace,
marcink
project: added all source files and assets
 r1 title=_('URL'),
widget='string')
class RhodeCodeAuthPlugin(RhodeCodeExternalAuthPlugin):
def includeme(self, config):
config.add_authn_plugin(self)
config.add_authn_resource(self.get_id(), JasigCasAuthnResource(self))
config.add_view(
'rhodecode.authentication.views.AuthnPluginViewBase',
attr='settings_get',
marcink
templating: use .mako as extensions for template files.
 r1282 renderer='rhodecode:templates/admin/auth/plugin_settings.mako',
marcink
project: added all source files and assets
 r1 request_method='GET',
route_name='auth_home',
context=JasigCasAuthnResource)
config.add_view(
'rhodecode.authentication.views.AuthnPluginViewBase',
attr='settings_post',
marcink
templating: use .mako as extensions for template files.
 r1282 renderer='rhodecode:templates/admin/auth/plugin_settings.mako',
marcink
project: added all source files and assets
 r1 request_method='POST',
route_name='auth_home',
context=JasigCasAuthnResource)
def get_settings_schema(self):
return JasigCasSettingsSchema()
def get_display_name(self):
return _('Jasig-CAS')
@hybrid_property
def name(self):
return "jasig-cas"
johbo
authn: Use new is_headers_auth function.
 r108 @property
def is_headers_auth(self):
marcink
project: added all source files and assets
 r1 return True
def use_fake_password(self):
return True
def user_activation_state(self):
marcink
users: make AuthUser propert a method, and allow override of params.
 r1997 def_user_perms = User.get_default_user().AuthUser().permissions['global']
marcink
project: added all source files and assets
 r1 return 'hg.extern_activate.auto' in def_user_perms
def auth(self, userobj, username, password, settings, **kwargs):
"""
Given a user object (which may be null), username, a plaintext password,
and a settings object (containing all the keys needed as listed in settings()),
authenticate this user's login attempt.
Return None on failure. On success, return a dictionary of the form:
see: RhodeCodeAuthPluginBase.auth_func_attrs
This is later validated for correctness
"""
if not username or not password:
log.debug('Empty username or password skipping...')
return None
marcink
authn: don't use formatted_json to log statements. It totally screws up...
 r12 log.debug("Jasig CAS settings: %s", settings)
marcink
project: added all source files and assets
 r1 params = urllib.urlencode({'username': username, 'password': password})
headers = {"Content-type": "application/x-www-form-urlencoded",
"Accept": "text/plain",
"User-Agent": "RhodeCode-auth-%s" % rhodecode.__version__}
url = settings["service_url"]
marcink
authn: don't use formatted_json to log statements. It totally screws up...
 r12 log.debug("Sent Jasig CAS: \n%s",
{"url": url, "body": params, "headers": headers})
marcink
project: added all source files and assets
 r1 request = urllib2.Request(url, params, headers)
try:
response = urllib2.urlopen(request)
except urllib2.HTTPError as e:
log.debug("HTTPError when requesting Jasig CAS (status code: %d)" % e.code)
return None
except urllib2.URLError as e:
log.debug("URLError when requesting Jasig CAS url: %s " % url)
return None
# old attrs fetched from RhodeCode database
admin = getattr(userobj, 'admin', False)
active = getattr(userobj, 'active', True)
email = getattr(userobj, 'email', '')
username = getattr(userobj, 'username', username)
firstname = getattr(userobj, 'firstname', '')
lastname = getattr(userobj, 'lastname', '')
extern_type = getattr(userobj, 'extern_type', '')
user_attrs = {
'username': username,
'firstname': safe_unicode(firstname or username),
'lastname': safe_unicode(lastname or ''),
'groups': [],
marcink
authentication: introduce a group sync flag for plugins....
 r2495 'user_group_sync': False,
marcink
project: added all source files and assets
 r1 'email': email or '',
'admin': admin or False,
'active': active,
'active_from_extern': True,
'extern_name': username,
'extern_type': extern_type,
}
log.info('user %s authenticated correctly' % user_attrs['username'])
return user_attrs