u/pc/rhodecode-enterprise-ce-fork-pc Files · rhodecode/authentication/plugins/auth_token.py

pull-requests: increase stability of concurrent pull requests creation by flushing prematurly the statuses of commits....

pull-requests: increase stability of concurrent pull requests creation by flushing prematurly the statuses of commits. This is required to increase the versions on each concurrent call. Otherwise we could get into an integrity errors of commitsha+version+repo

marcink - - Load All Authors

File last commit:

r3363:f08e98b1 default


                r3368:a4f559a8

default

Download file

             auth_token.py
        
                    157 lines
            
             | 5.6 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / rhodecode / authentication / plugins / auth_token.py
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        johbo
    
authn: Add rhodecode token auth plugin.

              r79
            
      # -*- coding: utf-8 -*-

        marcink
    
docs: updated copyrights to 2019

              r3363
            
      # Copyright (C) 2016-2019 RhodeCode GmbH

        johbo
    
authn: Add rhodecode token auth plugin.

              r79
            
      #

      # This program is free software: you can redistribute it and/or modify

      # it under the terms of the GNU Affero General Public License, version 3

      # (only), as published by the Free Software Foundation.

      #

      # This program is distributed in the hope that it will be useful,

      # but WITHOUT ANY WARRANTY; without even the implied warranty of

      # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

      # GNU General Public License for more details.

      #

      # You should have received a copy of the GNU Affero General Public License

      # along with this program.  If not, see <http://www.gnu.org/licenses/>.

      #

      # This program is dual-licensed. If you wish to learn more about the

      # RhodeCode Enterprise Edition, including its added features, Support services,

      # and proprietary license terms, please see https://rhodecode.com/licenses/

      """

      RhodeCode authentication token plugin for built in internal auth

      """

      import logging

      from rhodecode.translation import _

        marcink
    
auth: refactor code and simplified instructions....

              r1454
            
      from rhodecode.authentication.base import (

          RhodeCodeAuthPluginBase, VCS_TYPE, hybrid_property)

        johbo
    
authn: Add rhodecode token auth plugin.

              r79
            
      from rhodecode.authentication.routes import AuthnPluginResourceBase

        marcink
    
authentication: enabled authentication with auth_token and repository scope....

              r1510
            
      from rhodecode.model.db import User, UserApiKeys, Repository

        johbo
    
authn: Add rhodecode token auth plugin.

              r79
            
      log = logging.getLogger(__name__)

        marcink
    
auth-plugins: some code cleanup + added docs for main plugin.

              r3253
            
      def plugin_factory(plugin_id, *args, **kwargs):

        johbo
    
authn: Add rhodecode token auth plugin.

              r79
            
          plugin = RhodeCodeAuthPlugin(plugin_id)

          return plugin

      class RhodecodeAuthnResource(AuthnPluginResourceBase):

          pass

      class RhodeCodeAuthPlugin(RhodeCodeAuthPluginBase):

          """

          Enables usage of authentication tokens for vcs operations.

          """

        marcink
    
authentication: use registerd UID for plugin definition for more consistent loading of auth plugins.

              r3246
            
          uid = 'token'

        johbo
    
authn: Add rhodecode token auth plugin.

              r79
            
          def includeme(self, config):

              config.add_authn_plugin(self)

              config.add_authn_resource(self.get_id(), RhodecodeAuthnResource(self))

              config.add_view(

                  'rhodecode.authentication.views.AuthnPluginViewBase',

                  attr='settings_get',

        marcink
    
templating: use .mako as extensions for template files.

              r1282
            
                  renderer='rhodecode:templates/admin/auth/plugin_settings.mako',

        johbo
    
authn: Add rhodecode token auth plugin.

              r79
            
                  request_method='GET',

                  route_name='auth_home',

                  context=RhodecodeAuthnResource)

              config.add_view(

                  'rhodecode.authentication.views.AuthnPluginViewBase',

                  attr='settings_post',

        marcink
    
templating: use .mako as extensions for template files.

              r1282
            
                  renderer='rhodecode:templates/admin/auth/plugin_settings.mako',

        johbo
    
authn: Add rhodecode token auth plugin.

              r79
            
                  request_method='POST',

                  route_name='auth_home',

                  context=RhodecodeAuthnResource)

          def get_display_name(self):

        marcink
    
auth-plugins: updated display names of plugins, and root resource.

              r3234
            
              return _('Rhodecode Token')

        johbo
    
authn: Add rhodecode token auth plugin.

              r79
            
        marcink
    
auth-plugins: expose docs and icon methods for authentication.

              r3232
            
          @classmethod

          def docs(cls):

              return "https://docs.rhodecode.com/RhodeCode-Enterprise/auth/auth-token.html"

        johbo
    
authn: Add rhodecode token auth plugin.

              r79
            
          @hybrid_property

          def name(self):

        marcink
    
auth-plugins: updated some code for better unicode compat.

              r3256
            
              return u"authtoken"

        johbo
    
authn: Add rhodecode token auth plugin.

              r79
            
          def user_activation_state(self):

        marcink
    
users: make AuthUser propert a method, and allow override of params.

              r1997
            
              def_user_perms = User.get_default_user().AuthUser().permissions['global']

        johbo
    
authn: Add rhodecode token auth plugin.

              r79
            
              return 'hg.register.auto_activate' in def_user_perms

          def allows_authentication_from(

                  self, user, allows_non_existing_user=True,

                  allowed_auth_plugins=None, allowed_auth_sources=None):

              """

              Custom method for this auth that doesn't accept empty users. And also

        marcink
    
auth-token: allow other authentication types to use auth-token....

              r440
            
              allows users from all other active plugins to use it and also

              authenticate against it. But only via vcs mode

        johbo
    
authn: Add rhodecode token auth plugin.

              r79
            
              """

        marcink
    
auth-token: allow other authentication types to use auth-token....

              r440
            
              from rhodecode.authentication.base import get_authn_registry

              authn_registry = get_authn_registry()

              active_plugins = set(

                  [x.name for x in authn_registry.get_plugins_for_authentication()])

              active_plugins.discard(self.name)

              allowed_auth_plugins = [self.name] + list(active_plugins)

        johbo
    
authn: Add rhodecode token auth plugin.

              r79
            
              # only for vcs operations

              allowed_auth_sources = [VCS_TYPE]

              return super(RhodeCodeAuthPlugin, self).allows_authentication_from(

                  user, allows_non_existing_user=False,

                  allowed_auth_plugins=allowed_auth_plugins,

                  allowed_auth_sources=allowed_auth_sources)

          def auth(self, userobj, username, password, settings, **kwargs):

              if not userobj:

        marcink
    
logging: use lazy parameter evaluation in log calls.

              r3061
            
                  log.debug('userobj was:%s skipping', userobj)

        johbo
    
authn: Add rhodecode token auth plugin.

              r79
            
                  return None

              user_attrs = {

                  "username": userobj.username,

                  "firstname": userobj.firstname,

                  "lastname": userobj.lastname,

                  "groups": [],

        marcink
    
authentication: introduce a group sync flag for plugins....

              r2495
            
                  'user_group_sync': False,

        johbo
    
authn: Add rhodecode token auth plugin.

              r79
            
                  "email": userobj.email,

                  "admin": userobj.admin,

                  "active": userobj.active,

                  "active_from_extern": userobj.active,

                  "extern_name": userobj.user_id,

                  "extern_type": userobj.extern_type,

              }

              log.debug('Authenticating user with args %s', user_attrs)

              if userobj.active:

        marcink
    
authentication: enabled authentication with auth_token and repository scope....

              r1510
            
                  # calling context repo for token scopes

                  scope_repo_id = None

                  if self.acl_repo_name:

                      repo = Repository.get_by_repo_name(self.acl_repo_name)

                      scope_repo_id = repo.repo_id if repo else None

        marcink
    
auth-tokens: updated logic of authentication to a common shared user method.

              r1421
            
                  token_match = userobj.authenticate_by_token(

        marcink
    
authentication: enabled authentication with auth_token and repository scope....

              r1510
            
                      password, roles=[UserApiKeys.ROLE_VCS],

                      scope_repo_id=scope_repo_id)

        marcink
    
auth-tokens: updated logic of authentication to a common shared user method.

              r1421
            
                  if userobj.username == username and token_match:

        johbo
    
authn: Add rhodecode token auth plugin.

              r79
            
                      log.info(

                          'user `%s` successfully authenticated via %s',

                          user_attrs['username'], self.name)

                      return user_attrs

        marcink
    
auth: use more consistent logging on failed logs....

              r2679
            
                  log.warn(

        johbo
    
authn: Add rhodecode token auth plugin.

              r79
            
                      'user `%s` failed to authenticate via %s, reason: bad or '

                      'inactive token.', username, self.name)

              else:

                  log.warning(

                      'user `%s` failed to authenticate via %s, reason: account not '

                      'active.', username, self.name)

              return None

        marcink
    
core: change from homebrew plugin system into pyramid machinery....

              r3240
            
      def includeme(config):

        marcink
    
authentication: use registerd UID for plugin definition for more consistent loading of auth plugins.

              r3246
            
          plugin_id = 'egg:rhodecode-enterprise-ce#{}'.format(RhodeCodeAuthPlugin.uid)

        marcink
    
core: change from homebrew plugin system into pyramid machinery....

              r3240
            
          plugin_factory(plugin_id).includeme(config)

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

johbo authn: Add rhodecode token auth plugin.	r79	# -- coding: utf-8 --

marcink docs: updated copyrights to 2019	r3363	# Copyright (C) 2016-2019 RhodeCode GmbH
johbo authn: Add rhodecode token auth plugin.	r79	#
		# This program is free software: you can redistribute it and/or modify
		# it under the terms of the GNU Affero General Public License, version 3
		# (only), as published by the Free Software Foundation.
		#
		# This program is distributed in the hope that it will be useful,
		# but WITHOUT ANY WARRANTY; without even the implied warranty of
		# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		# GNU General Public License for more details.
		#
		# You should have received a copy of the GNU Affero General Public License
		# along with this program. If not, see <http://www.gnu.org/licenses/>.
		#
		# This program is dual-licensed. If you wish to learn more about the
		# RhodeCode Enterprise Edition, including its added features, Support services,
		# and proprietary license terms, please see https://rhodecode.com/licenses/

		"""
		RhodeCode authentication token plugin for built in internal auth
		"""

		import logging

		from rhodecode.translation import _
marcink auth: refactor code and simplified instructions....	r1454	from rhodecode.authentication.base import (
		RhodeCodeAuthPluginBase, VCS_TYPE, hybrid_property)
johbo authn: Add rhodecode token auth plugin.	r79	from rhodecode.authentication.routes import AuthnPluginResourceBase
marcink authentication: enabled authentication with auth_token and repository scope....	r1510	from rhodecode.model.db import User, UserApiKeys, Repository
johbo authn: Add rhodecode token auth plugin.	r79

		log = logging.getLogger(__name__)


marcink auth-plugins: some code cleanup + added docs for main plugin.	r3253	def plugin_factory(plugin_id, args, *kwargs):
johbo authn: Add rhodecode token auth plugin.	r79	plugin = RhodeCodeAuthPlugin(plugin_id)
		return plugin


		class RhodecodeAuthnResource(AuthnPluginResourceBase):
		pass


		class RhodeCodeAuthPlugin(RhodeCodeAuthPluginBase):
		"""
		Enables usage of authentication tokens for vcs operations.
		"""
marcink authentication: use registerd UID for plugin definition for more consistent loading of auth plugins.	r3246	uid = 'token'
johbo authn: Add rhodecode token auth plugin.	r79
		def includeme(self, config):
		config.add_authn_plugin(self)
		config.add_authn_resource(self.get_id(), RhodecodeAuthnResource(self))
		config.add_view(
		'rhodecode.authentication.views.AuthnPluginViewBase',
		attr='settings_get',
marcink templating: use .mako as extensions for template files.	r1282	renderer='rhodecode:templates/admin/auth/plugin_settings.mako',
johbo authn: Add rhodecode token auth plugin.	r79	request_method='GET',
		route_name='auth_home',
		context=RhodecodeAuthnResource)
		config.add_view(
		'rhodecode.authentication.views.AuthnPluginViewBase',
		attr='settings_post',
marcink templating: use .mako as extensions for template files.	r1282	renderer='rhodecode:templates/admin/auth/plugin_settings.mako',
johbo authn: Add rhodecode token auth plugin.	r79	request_method='POST',
		route_name='auth_home',
		context=RhodecodeAuthnResource)

		def get_display_name(self):
marcink auth-plugins: updated display names of plugins, and root resource.	r3234	return _('Rhodecode Token')
johbo authn: Add rhodecode token auth plugin.	r79
marcink auth-plugins: expose docs and icon methods for authentication.	r3232	@classmethod
		def docs(cls):
		return "https://docs.rhodecode.com/RhodeCode-Enterprise/auth/auth-token.html"

johbo authn: Add rhodecode token auth plugin.	r79	@hybrid_property
		def name(self):
marcink auth-plugins: updated some code for better unicode compat.	r3256	return u"authtoken"
johbo authn: Add rhodecode token auth plugin.	r79
		def user_activation_state(self):
marcink users: make AuthUser propert a method, and allow override of params.	r1997	def_user_perms = User.get_default_user().AuthUser().permissions['global']
johbo authn: Add rhodecode token auth plugin.	r79	return 'hg.register.auto_activate' in def_user_perms

		def allows_authentication_from(
		self, user, allows_non_existing_user=True,
		allowed_auth_plugins=None, allowed_auth_sources=None):
		"""
		Custom method for this auth that doesn't accept empty users. And also
marcink auth-token: allow other authentication types to use auth-token....	r440	allows users from all other active plugins to use it and also
		authenticate against it. But only via vcs mode
johbo authn: Add rhodecode token auth plugin.	r79	"""
marcink auth-token: allow other authentication types to use auth-token....	r440	from rhodecode.authentication.base import get_authn_registry
		authn_registry = get_authn_registry()

		active_plugins = set(
		[x.name for x in authn_registry.get_plugins_for_authentication()])
		active_plugins.discard(self.name)

		allowed_auth_plugins = [self.name] + list(active_plugins)
johbo authn: Add rhodecode token auth plugin.	r79	# only for vcs operations
		allowed_auth_sources = [VCS_TYPE]

		return super(RhodeCodeAuthPlugin, self).allows_authentication_from(
		user, allows_non_existing_user=False,
		allowed_auth_plugins=allowed_auth_plugins,
		allowed_auth_sources=allowed_auth_sources)

		def auth(self, userobj, username, password, settings, **kwargs):
		if not userobj:
marcink logging: use lazy parameter evaluation in log calls.	r3061	log.debug('userobj was:%s skipping', userobj)
johbo authn: Add rhodecode token auth plugin.	r79	return None

		user_attrs = {
		"username": userobj.username,
		"firstname": userobj.firstname,
		"lastname": userobj.lastname,
		"groups": [],
marcink authentication: introduce a group sync flag for plugins....	r2495	'user_group_sync': False,
johbo authn: Add rhodecode token auth plugin.	r79	"email": userobj.email,
		"admin": userobj.admin,
		"active": userobj.active,
		"active_from_extern": userobj.active,
		"extern_name": userobj.user_id,
		"extern_type": userobj.extern_type,
		}

		log.debug('Authenticating user with args %s', user_attrs)
		if userobj.active:
marcink authentication: enabled authentication with auth_token and repository scope....	r1510	# calling context repo for token scopes
		scope_repo_id = None
		if self.acl_repo_name:
		repo = Repository.get_by_repo_name(self.acl_repo_name)
		scope_repo_id = repo.repo_id if repo else None

marcink auth-tokens: updated logic of authentication to a common shared user method.	r1421	token_match = userobj.authenticate_by_token(
marcink authentication: enabled authentication with auth_token and repository scope....	r1510	password, roles=[UserApiKeys.ROLE_VCS],
		scope_repo_id=scope_repo_id)
marcink auth-tokens: updated logic of authentication to a common shared user method.	r1421
		if userobj.username == username and token_match:
johbo authn: Add rhodecode token auth plugin.	r79	log.info(
		'user `%s` successfully authenticated via %s',
		user_attrs['username'], self.name)
		return user_attrs
marcink auth: use more consistent logging on failed logs....	r2679	log.warn(
johbo authn: Add rhodecode token auth plugin.	r79	'user `%s` failed to authenticate via %s, reason: bad or '
		'inactive token.', username, self.name)
		else:
		log.warning(
		'user `%s` failed to authenticate via %s, reason: account not '
		'active.', username, self.name)
		return None
marcink core: change from homebrew plugin system into pyramid machinery....	r3240

		def includeme(config):
marcink authentication: use registerd UID for plugin definition for more consistent loading of auth plugins.	r3246	plugin_id = 'egg:rhodecode-enterprise-ce#{}'.format(RhodeCodeAuthPlugin.uid)
marcink core: change from homebrew plugin system into pyramid machinery....	r3240	plugin_factory(plugin_id).includeme(config)