Show More
| @@ -1,125 +1,131 b'' | |||||
| 1 | # -*- coding: utf-8 -*- |
|
1 | # -*- coding: utf-8 -*- | |
| 2 |
|
2 | |||
| 3 | # Copyright (C) 2012-2018 RhodeCode GmbH |
|
3 | # Copyright (C) 2012-2018 RhodeCode GmbH | |
| 4 | # |
|
4 | # | |
| 5 | # This program is free software: you can redistribute it and/or modify |
|
5 | # This program is free software: you can redistribute it and/or modify | |
| 6 | # it under the terms of the GNU Affero General Public License, version 3 |
|
6 | # it under the terms of the GNU Affero General Public License, version 3 | |
| 7 | # (only), as published by the Free Software Foundation. |
|
7 | # (only), as published by the Free Software Foundation. | |
| 8 | # |
|
8 | # | |
| 9 | # This program is distributed in the hope that it will be useful, |
|
9 | # This program is distributed in the hope that it will be useful, | |
| 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 12 | # GNU General Public License for more details. |
|
12 | # GNU General Public License for more details. | |
| 13 | # |
|
13 | # | |
| 14 | # You should have received a copy of the GNU Affero General Public License |
|
14 | # You should have received a copy of the GNU Affero General Public License | |
| 15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
| 16 | # |
|
16 | # | |
| 17 | # This program is dual-licensed. If you wish to learn more about the |
|
17 | # This program is dual-licensed. If you wish to learn more about the | |
| 18 | # RhodeCode Enterprise Edition, including its added features, Support services, |
|
18 | # RhodeCode Enterprise Edition, including its added features, Support services, | |
| 19 | # and proprietary license terms, please see https://rhodecode.com/licenses/ |
|
19 | # and proprietary license terms, please see https://rhodecode.com/licenses/ | |
| 20 |
|
20 | |||
|
|
21 | import os | |||
| 21 | import logging |
|
22 | import logging | |
| 22 | import importlib |
|
23 | import importlib | |
| 23 |
|
24 | |||
| 24 | from pkg_resources import iter_entry_points |
|
25 | from pkg_resources import iter_entry_points | |
| 25 | from pyramid.authentication import SessionAuthenticationPolicy |
|
26 | from pyramid.authentication import SessionAuthenticationPolicy | |
| 26 |
|
27 | |||
| 27 | from rhodecode.authentication.registry import AuthenticationPluginRegistry |
|
28 | from rhodecode.authentication.registry import AuthenticationPluginRegistry | |
| 28 | from rhodecode.authentication.routes import root_factory |
|
29 | from rhodecode.authentication.routes import root_factory | |
| 29 | from rhodecode.authentication.routes import AuthnRootResource |
|
30 | from rhodecode.authentication.routes import AuthnRootResource | |
| 30 | from rhodecode.apps._base import ADMIN_PREFIX |
|
31 | from rhodecode.apps._base import ADMIN_PREFIX | |
| 31 | from rhodecode.model.settings import SettingsModel |
|
32 | from rhodecode.model.settings import SettingsModel | |
| 32 |
|
33 | |||
| 33 |
|
34 | |||
| 34 | log = logging.getLogger(__name__) |
|
35 | log = logging.getLogger(__name__) | |
| 35 |
|
36 | |||
| 36 | # Plugin ID prefixes to distinct between normal and legacy plugins. |
|
37 | # Plugin ID prefixes to distinct between normal and legacy plugins. | |
| 37 | plugin_prefix = 'egg:' |
|
38 | plugin_prefix = 'egg:' | |
| 38 | legacy_plugin_prefix = 'py:' |
|
39 | legacy_plugin_prefix = 'py:' | |
| 39 |
|
40 | |||
| 40 |
|
41 | |||
| 41 | # TODO: Currently this is only used to discover the authentication plugins. |
|
42 | # TODO: Currently this is only used to discover the authentication plugins. | |
| 42 | # Later on this may be used in a generic way to look up and include all kinds |
|
43 | # Later on this may be used in a generic way to look up and include all kinds | |
| 43 | # of supported enterprise plugins. Therefore this has to be moved and |
|
44 | # of supported enterprise plugins. Therefore this has to be moved and | |
| 44 | # refactored to a real 'plugin look up' machinery. |
|
45 | # refactored to a real 'plugin look up' machinery. | |
| 45 | # TODO: When refactoring this think about splitting it up into distinct |
|
46 | # TODO: When refactoring this think about splitting it up into distinct | |
| 46 | # discover, load and include phases. |
|
47 | # discover, load and include phases. | |
| 47 | def _discover_plugins(config, entry_point='enterprise.plugins1'): |
|
48 | def _discover_plugins(config, entry_point='enterprise.plugins1'): | |
| 48 | for ep in iter_entry_points(entry_point): |
|
49 | for ep in iter_entry_points(entry_point): | |
| 49 | plugin_id = '{}{}#{}'.format( |
|
50 | plugin_id = '{}{}#{}'.format( | |
| 50 | plugin_prefix, ep.dist.project_name, ep.name) |
|
51 | plugin_prefix, ep.dist.project_name, ep.name) | |
| 51 | log.debug('Plugin discovered: "%s"', plugin_id) |
|
52 | log.debug('Plugin discovered: "%s"', plugin_id) | |
| 52 | try: |
|
53 | try: | |
| 53 | module = ep.load() |
|
54 | module = ep.load() | |
| 54 | plugin = module(plugin_id=plugin_id) |
|
55 | plugin = module(plugin_id=plugin_id) | |
| 55 | config.include(plugin.includeme) |
|
56 | config.include(plugin.includeme) | |
| 56 | except Exception as e: |
|
57 | except Exception as e: | |
| 57 | log.exception( |
|
58 | log.exception( | |
| 58 | 'Exception while loading authentication plugin ' |
|
59 | 'Exception while loading authentication plugin ' | |
| 59 | '"{}": {}'.format(plugin_id, e.message)) |
|
60 | '"{}": {}'.format(plugin_id, e.message)) | |
| 60 |
|
61 | |||
| 61 |
|
62 | |||
| 62 | def _import_legacy_plugin(plugin_id): |
|
63 | def _import_legacy_plugin(plugin_id): | |
| 63 | module_name = plugin_id.split(legacy_plugin_prefix, 1)[-1] |
|
64 | module_name = plugin_id.split(legacy_plugin_prefix, 1)[-1] | |
| 64 | module = importlib.import_module(module_name) |
|
65 | module = importlib.import_module(module_name) | |
| 65 | return module.plugin_factory(plugin_id=plugin_id) |
|
66 | return module.plugin_factory(plugin_id=plugin_id) | |
| 66 |
|
67 | |||
| 67 |
|
68 | |||
| 68 | def _discover_legacy_plugins(config, prefix=legacy_plugin_prefix): |
|
69 | def _discover_legacy_plugins(config, prefix=legacy_plugin_prefix): | |
| 69 | """ |
|
70 | """ | |
| 70 | Function that imports the legacy plugins stored in the 'auth_plugins' |
|
71 | Function that imports the legacy plugins stored in the 'auth_plugins' | |
| 71 | setting in database which are using the specified prefix. Normally 'py:' is |
|
72 | setting in database which are using the specified prefix. Normally 'py:' is | |
| 72 | used for the legacy plugins. |
|
73 | used for the legacy plugins. | |
| 73 | """ |
|
74 | """ | |
| 74 | try: |
|
75 | try: | |
| 75 | auth_plugins = SettingsModel().get_setting_by_name('auth_plugins') |
|
76 | auth_plugins = SettingsModel().get_setting_by_name('auth_plugins') | |
| 76 | enabled_plugins = auth_plugins.app_settings_value |
|
77 | enabled_plugins = auth_plugins.app_settings_value | |
| 77 | legacy_plugins = [id_ for id_ in enabled_plugins if id_.startswith(prefix)] |
|
78 | legacy_plugins = [id_ for id_ in enabled_plugins if id_.startswith(prefix)] | |
| 78 | except Exception: |
|
79 | except Exception: | |
| 79 | legacy_plugins = [] |
|
80 | legacy_plugins = [] | |
| 80 |
|
81 | |||
| 81 | for plugin_id in legacy_plugins: |
|
82 | for plugin_id in legacy_plugins: | |
| 82 | log.debug('Legacy plugin discovered: "%s"', plugin_id) |
|
83 | log.debug('Legacy plugin discovered: "%s"', plugin_id) | |
| 83 | try: |
|
84 | try: | |
| 84 | plugin = _import_legacy_plugin(plugin_id) |
|
85 | plugin = _import_legacy_plugin(plugin_id) | |
| 85 | config.include(plugin.includeme) |
|
86 | config.include(plugin.includeme) | |
| 86 | except Exception as e: |
|
87 | except Exception as e: | |
| 87 | log.exception( |
|
88 | log.exception( | |
| 88 | 'Exception while loading legacy authentication plugin ' |
|
89 | 'Exception while loading legacy authentication plugin ' | |
| 89 | '"{}": {}'.format(plugin_id, e.message)) |
|
90 | '"{}": {}'.format(plugin_id, e.message)) | |
| 90 |
|
91 | |||
| 91 |
|
92 | |||
| 92 | def includeme(config): |
|
93 | def includeme(config): | |
| 93 | # Set authentication policy. |
|
94 | # Set authentication policy. | |
| 94 | authn_policy = SessionAuthenticationPolicy() |
|
95 | authn_policy = SessionAuthenticationPolicy() | |
| 95 | config.set_authentication_policy(authn_policy) |
|
96 | config.set_authentication_policy(authn_policy) | |
| 96 |
|
97 | |||
| 97 | # Create authentication plugin registry and add it to the pyramid registry. |
|
98 | # Create authentication plugin registry and add it to the pyramid registry. | |
| 98 | authn_registry = AuthenticationPluginRegistry(config.get_settings()) |
|
99 | authn_registry = AuthenticationPluginRegistry(config.get_settings()) | |
| 99 | config.add_directive('add_authn_plugin', authn_registry.add_authn_plugin) |
|
100 | config.add_directive('add_authn_plugin', authn_registry.add_authn_plugin) | |
| 100 | config.registry.registerUtility(authn_registry) |
|
101 | config.registry.registerUtility(authn_registry) | |
| 101 |
|
102 | |||
| 102 | # Create authentication traversal root resource. |
|
103 | # Create authentication traversal root resource. | |
| 103 | authn_root_resource = root_factory() |
|
104 | authn_root_resource = root_factory() | |
| 104 | config.add_directive('add_authn_resource', |
|
105 | config.add_directive('add_authn_resource', | |
| 105 | authn_root_resource.add_authn_resource) |
|
106 | authn_root_resource.add_authn_resource) | |
| 106 |
|
107 | |||
| 107 | # Add the authentication traversal route. |
|
108 | # Add the authentication traversal route. | |
| 108 | config.add_route('auth_home', |
|
109 | config.add_route('auth_home', | |
| 109 | ADMIN_PREFIX + '/auth*traverse', |
|
110 | ADMIN_PREFIX + '/auth*traverse', | |
| 110 | factory=root_factory) |
|
111 | factory=root_factory) | |
| 111 | # Add the authentication settings root views. |
|
112 | # Add the authentication settings root views. | |
| 112 | config.add_view('rhodecode.authentication.views.AuthSettingsView', |
|
113 | config.add_view('rhodecode.authentication.views.AuthSettingsView', | |
| 113 | attr='index', |
|
114 | attr='index', | |
| 114 | request_method='GET', |
|
115 | request_method='GET', | |
| 115 | route_name='auth_home', |
|
116 | route_name='auth_home', | |
| 116 | context=AuthnRootResource) |
|
117 | context=AuthnRootResource) | |
| 117 | config.add_view('rhodecode.authentication.views.AuthSettingsView', |
|
118 | config.add_view('rhodecode.authentication.views.AuthSettingsView', | |
| 118 | attr='auth_settings', |
|
119 | attr='auth_settings', | |
| 119 | request_method='POST', |
|
120 | request_method='POST', | |
| 120 | route_name='auth_home', |
|
121 | route_name='auth_home', | |
| 121 | context=AuthnRootResource) |
|
122 | context=AuthnRootResource) | |
| 122 |
|
123 | |||
|
|
124 | for key in ['RC_CMD_SETUP_RC', 'RC_CMD_UPGRADE_DB', 'RC_CMD_SSH_WRAPPER']: | |||
|
|
125 | if os.environ.get(key): | |||
|
|
126 | # skip this heavy step below on certain CLI commands | |||
|
|
127 | return | |||
|
|
128 | ||||
| 123 | # Auto discover authentication plugins and include their configuration. |
|
129 | # Auto discover authentication plugins and include their configuration. | |
| 124 | _discover_plugins(config) |
|
130 | _discover_plugins(config) | |
| 125 | _discover_legacy_plugins(config) |
|
131 | _discover_legacy_plugins(config) | |
General Comments 0
You need to be logged in to leave comments.
Login now