Show More
@@ -0,0 +1,220 b'' | |||
|
1 | # -*- coding: utf-8 -*- | |
|
2 | ||
|
3 | # Copyright (C) 2012-2016 RhodeCode GmbH | |
|
4 | # | |
|
5 | # This program is free software: you can redistribute it and/or modify | |
|
6 | # it under the terms of the GNU Affero General Public License, version 3 | |
|
7 | # (only), as published by the Free Software Foundation. | |
|
8 | # | |
|
9 | # This program is distributed in the hope that it will be useful, | |
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
|
12 | # GNU General Public License for more details. | |
|
13 | # | |
|
14 | # You should have received a copy of the GNU Affero General Public License | |
|
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
|
16 | # | |
|
17 | # This program is dual-licensed. If you wish to learn more about the | |
|
18 | # RhodeCode Enterprise Edition, including its added features, Support services, | |
|
19 | # and proprietary license terms, please see https://rhodecode.com/licenses/ | |
|
20 | ||
|
21 | import colander | |
|
22 | import logging | |
|
23 | ||
|
24 | from sqlalchemy.ext.hybrid import hybrid_property | |
|
25 | ||
|
26 | from rhodecode.authentication.base import RhodeCodeExternalAuthPlugin | |
|
27 | from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase | |
|
28 | from rhodecode.authentication.routes import AuthnPluginResourceBase | |
|
29 | from rhodecode.lib.utils2 import str2bool, safe_unicode | |
|
30 | from rhodecode.model.db import User | |
|
31 | from rhodecode.translation import _ | |
|
32 | ||
|
33 | ||
|
34 | log = logging.getLogger(__name__) | |
|
35 | ||
|
36 | ||
|
37 | def plugin_factory(plugin_id, *args, **kwds): | |
|
38 | """ | |
|
39 | Factory function that is called during plugin discovery. | |
|
40 | It returns the plugin instance. | |
|
41 | """ | |
|
42 | plugin = RhodeCodeAuthPlugin(plugin_id) | |
|
43 | return plugin | |
|
44 | ||
|
45 | ||
|
46 | class ContainerAuthnResource(AuthnPluginResourceBase): | |
|
47 | pass | |
|
48 | ||
|
49 | ||
|
50 | class ContainerSettingsSchema(AuthnPluginSettingsSchemaBase): | |
|
51 | header = colander.SchemaNode( | |
|
52 | colander.String(), | |
|
53 | default='REMOTE_USER', | |
|
54 | description=_('Header to extract the user from'), | |
|
55 | title=_('Header'), | |
|
56 | widget='string') | |
|
57 | fallback_header = colander.SchemaNode( | |
|
58 | colander.String(), | |
|
59 | default='HTTP_X_FORWARDED_USER', | |
|
60 | description=_('Header to extract the user from when main one fails'), | |
|
61 | title=_('Fallback header'), | |
|
62 | widget='string') | |
|
63 | clean_username = colander.SchemaNode( | |
|
64 | colander.Boolean(), | |
|
65 | default=True, | |
|
66 | description=_('Perform cleaning of user, if passed user has @ in ' | |
|
67 | 'username then first part before @ is taken. ' | |
|
68 | 'If there\'s \\ in the username only the part after ' | |
|
69 | ' \\ is taken'), | |
|
70 | missing=False, | |
|
71 | title=_('Clean username'), | |
|
72 | widget='bool') | |
|
73 | ||
|
74 | ||
|
75 | class RhodeCodeAuthPlugin(RhodeCodeExternalAuthPlugin): | |
|
76 | ||
|
77 | def includeme(self, config): | |
|
78 | config.add_authn_plugin(self) | |
|
79 | config.add_authn_resource(self.get_id(), ContainerAuthnResource(self)) | |
|
80 | config.add_view( | |
|
81 | 'rhodecode.authentication.views.AuthnPluginViewBase', | |
|
82 | attr='settings_get', | |
|
83 | request_method='GET', | |
|
84 | route_name='auth_home', | |
|
85 | context=ContainerAuthnResource) | |
|
86 | config.add_view( | |
|
87 | 'rhodecode.authentication.views.AuthnPluginViewBase', | |
|
88 | attr='settings_post', | |
|
89 | request_method='POST', | |
|
90 | route_name='auth_home', | |
|
91 | context=ContainerAuthnResource) | |
|
92 | ||
|
93 | def get_display_name(self): | |
|
94 | return _('Container') | |
|
95 | ||
|
96 | def get_settings_schema(self): | |
|
97 | return ContainerSettingsSchema() | |
|
98 | ||
|
99 | @hybrid_property | |
|
100 | def name(self): | |
|
101 | return "container" | |
|
102 | ||
|
103 | @hybrid_property | |
|
104 | def is_container_auth(self): | |
|
105 | return True | |
|
106 | ||
|
107 | def use_fake_password(self): | |
|
108 | return True | |
|
109 | ||
|
110 | def user_activation_state(self): | |
|
111 | def_user_perms = User.get_default_user().AuthUser.permissions['global'] | |
|
112 | return 'hg.extern_activate.auto' in def_user_perms | |
|
113 | ||
|
114 | def _clean_username(self, username): | |
|
115 | # Removing realm and domain from username | |
|
116 | username = username.split('@')[0] | |
|
117 | username = username.rsplit('\\')[-1] | |
|
118 | return username | |
|
119 | ||
|
120 | def _get_username(self, environ, settings): | |
|
121 | username = None | |
|
122 | environ = environ or {} | |
|
123 | if not environ: | |
|
124 | log.debug('got empty environ: %s' % environ) | |
|
125 | ||
|
126 | settings = settings or {} | |
|
127 | if settings.get('header'): | |
|
128 | header = settings.get('header') | |
|
129 | username = environ.get(header) | |
|
130 | log.debug('extracted %s:%s' % (header, username)) | |
|
131 | ||
|
132 | # fallback mode | |
|
133 | if not username and settings.get('fallback_header'): | |
|
134 | header = settings.get('fallback_header') | |
|
135 | username = environ.get(header) | |
|
136 | log.debug('extracted %s:%s' % (header, username)) | |
|
137 | ||
|
138 | if username and str2bool(settings.get('clean_username')): | |
|
139 | log.debug('Received username `%s` from container' % username) | |
|
140 | username = self._clean_username(username) | |
|
141 | log.debug('New cleanup user is:%s' % username) | |
|
142 | return username | |
|
143 | ||
|
144 | def get_user(self, username=None, **kwargs): | |
|
145 | """ | |
|
146 | Helper method for user fetching in plugins, by default it's using | |
|
147 | simple fetch by username, but this method can be custimized in plugins | |
|
148 | eg. container auth plugin to fetch user by environ params | |
|
149 | :param username: username if given to fetch | |
|
150 | :param kwargs: extra arguments needed for user fetching. | |
|
151 | """ | |
|
152 | environ = kwargs.get('environ') or {} | |
|
153 | settings = kwargs.get('settings') or {} | |
|
154 | username = self._get_username(environ, settings) | |
|
155 | # we got the username, so use default method now | |
|
156 | return super(RhodeCodeAuthPlugin, self).get_user(username) | |
|
157 | ||
|
158 | def auth(self, userobj, username, password, settings, **kwargs): | |
|
159 | """ | |
|
160 | Get's the container_auth username (or email). It tries to get username | |
|
161 | from REMOTE_USER if this plugin is enabled, if that fails | |
|
162 | it tries to get username from HTTP_X_FORWARDED_USER if fallback header | |
|
163 | is set. clean_username extracts the username from this data if it's | |
|
164 | having @ in it. | |
|
165 | Return None on failure. On success, return a dictionary of the form: | |
|
166 | ||
|
167 | see: RhodeCodeAuthPluginBase.auth_func_attrs | |
|
168 | ||
|
169 | :param userobj: | |
|
170 | :param username: | |
|
171 | :param password: | |
|
172 | :param settings: | |
|
173 | :param kwargs: | |
|
174 | """ | |
|
175 | environ = kwargs.get('environ') | |
|
176 | if not environ: | |
|
177 | log.debug('Empty environ data skipping...') | |
|
178 | return None | |
|
179 | ||
|
180 | if not userobj: | |
|
181 | userobj = self.get_user('', environ=environ, settings=settings) | |
|
182 | ||
|
183 | # we don't care passed username/password for container auth plugins. | |
|
184 | # only way to log in is using environ | |
|
185 | username = None | |
|
186 | if userobj: | |
|
187 | username = getattr(userobj, 'username') | |
|
188 | ||
|
189 | if not username: | |
|
190 | # we don't have any objects in DB user doesn't exist extrac username | |
|
191 | # from environ based on the settings | |
|
192 | username = self._get_username(environ, settings) | |
|
193 | ||
|
194 | # if cannot fetch username, it's a no-go for this plugin to proceed | |
|
195 | if not username: | |
|
196 | return None | |
|
197 | ||
|
198 | # old attrs fetched from RhodeCode database | |
|
199 | admin = getattr(userobj, 'admin', False) | |
|
200 | active = getattr(userobj, 'active', True) | |
|
201 | email = getattr(userobj, 'email', '') | |
|
202 | firstname = getattr(userobj, 'firstname', '') | |
|
203 | lastname = getattr(userobj, 'lastname', '') | |
|
204 | extern_type = getattr(userobj, 'extern_type', '') | |
|
205 | ||
|
206 | user_attrs = { | |
|
207 | 'username': username, | |
|
208 | 'firstname': safe_unicode(firstname or username), | |
|
209 | 'lastname': safe_unicode(lastname or ''), | |
|
210 | 'groups': [], | |
|
211 | 'email': email or '', | |
|
212 | 'admin': admin or False, | |
|
213 | 'active': active, | |
|
214 | 'active_from_extern': True, | |
|
215 | 'extern_name': username, | |
|
216 | 'extern_type': extern_type, | |
|
217 | } | |
|
218 | ||
|
219 | log.info('user `%s` authenticated correctly' % user_attrs['username']) | |
|
220 | return user_attrs |
@@ -1,243 +1,244 b'' | |||
|
1 | 1 | # -*- coding: utf-8 -*- |
|
2 | 2 | |
|
3 | 3 | # Import early to make sure things are patched up properly |
|
4 | 4 | from setuptools import setup, find_packages |
|
5 | 5 | |
|
6 | 6 | import os |
|
7 | 7 | import sys |
|
8 | 8 | import platform |
|
9 | 9 | |
|
10 | 10 | if sys.version_info < (2, 7): |
|
11 | 11 | raise Exception('RhodeCode requires Python 2.7 or later') |
|
12 | 12 | |
|
13 | 13 | |
|
14 | 14 | here = os.path.abspath(os.path.dirname(__file__)) |
|
15 | 15 | |
|
16 | 16 | |
|
17 | 17 | def _get_meta_var(name, data, callback_handler=None): |
|
18 | 18 | import re |
|
19 | 19 | matches = re.compile(r'(?:%s)\s*=\s*(.*)' % name).search(data) |
|
20 | 20 | if matches: |
|
21 | 21 | if not callable(callback_handler): |
|
22 | 22 | callback_handler = lambda v: v |
|
23 | 23 | |
|
24 | 24 | return callback_handler(eval(matches.groups()[0])) |
|
25 | 25 | |
|
26 | 26 | _meta = open(os.path.join(here, 'rhodecode', '__init__.py'), 'rb') |
|
27 | 27 | _metadata = _meta.read() |
|
28 | 28 | _meta.close() |
|
29 | 29 | |
|
30 | 30 | callback = lambda V: ('.'.join(map(str, V[:3])) + '.'.join(V[3:])) |
|
31 | 31 | __version__ = open(os.path.join('rhodecode', 'VERSION')).read().strip() |
|
32 | 32 | __license__ = _get_meta_var('__license__', _metadata) |
|
33 | 33 | __author__ = _get_meta_var('__author__', _metadata) |
|
34 | 34 | __url__ = _get_meta_var('__url__', _metadata) |
|
35 | 35 | # defines current platform |
|
36 | 36 | __platform__ = platform.system() |
|
37 | 37 | |
|
38 | 38 | # Cygwin has different platform identifiers, but they all contain the |
|
39 | 39 | # term "CYGWIN" |
|
40 | 40 | is_windows = __platform__ == 'Windows' or 'CYGWIN' in __platform__ |
|
41 | 41 | |
|
42 | 42 | requirements = [ |
|
43 | 43 | 'Babel', |
|
44 | 44 | 'Beaker', |
|
45 | 45 | 'FormEncode', |
|
46 | 46 | 'Mako', |
|
47 | 47 | 'Markdown', |
|
48 | 48 | 'MarkupSafe', |
|
49 | 49 | 'MySQL-python', |
|
50 | 50 | 'Paste', |
|
51 | 51 | 'PasteDeploy', |
|
52 | 52 | 'PasteScript', |
|
53 | 53 | 'Pygments', |
|
54 | 54 | 'Pylons', |
|
55 | 55 | 'Pyro4', |
|
56 | 56 | 'Routes', |
|
57 | 57 | 'SQLAlchemy', |
|
58 | 58 | 'Tempita', |
|
59 | 59 | 'URLObject', |
|
60 | 60 | 'WebError', |
|
61 | 61 | 'WebHelpers', |
|
62 | 62 | 'WebHelpers2', |
|
63 | 63 | 'WebOb', |
|
64 | 64 | 'WebTest', |
|
65 | 65 | 'Whoosh', |
|
66 | 66 | 'alembic', |
|
67 | 67 | 'amqplib', |
|
68 | 68 | 'anyjson', |
|
69 | 69 | 'appenlight-client', |
|
70 | 70 | 'authomatic', |
|
71 | 71 | 'backport_ipaddress', |
|
72 | 72 | 'celery', |
|
73 | 73 | 'colander', |
|
74 | 74 | 'decorator', |
|
75 | 75 | 'docutils', |
|
76 | 76 | 'gunicorn', |
|
77 | 77 | 'infrae.cache', |
|
78 | 78 | 'ipython', |
|
79 | 79 | 'iso8601', |
|
80 | 80 | 'kombu', |
|
81 | 81 | 'msgpack-python', |
|
82 | 82 | 'packaging', |
|
83 | 83 | 'psycopg2', |
|
84 | 84 | 'pycrypto', |
|
85 | 85 | 'pycurl', |
|
86 | 86 | 'pyparsing', |
|
87 | 87 | 'pyramid', |
|
88 | 88 | 'pyramid-debugtoolbar', |
|
89 | 89 | 'pyramid-mako', |
|
90 | 90 | 'pyramid-beaker', |
|
91 | 91 | 'pysqlite', |
|
92 | 92 | 'python-dateutil', |
|
93 | 93 | 'python-ldap', |
|
94 | 94 | 'python-memcached', |
|
95 | 95 | 'python-pam', |
|
96 | 96 | 'recaptcha-client', |
|
97 | 97 | 'repoze.lru', |
|
98 | 98 | 'requests', |
|
99 | 99 | 'simplejson', |
|
100 | 100 | 'waitress', |
|
101 | 101 | 'zope.cachedescriptors', |
|
102 | 102 | ] |
|
103 | 103 | |
|
104 | 104 | if is_windows: |
|
105 | 105 | pass |
|
106 | 106 | else: |
|
107 | 107 | requirements.append('psutil') |
|
108 | 108 | requirements.append('py-bcrypt') |
|
109 | 109 | |
|
110 | 110 | test_requirements = [ |
|
111 | 111 | 'WebTest', |
|
112 | 112 | 'configobj', |
|
113 | 113 | 'cssselect', |
|
114 | 114 | 'flake8', |
|
115 | 115 | 'lxml', |
|
116 | 116 | 'mock', |
|
117 | 117 | 'pytest', |
|
118 | 118 | 'pytest-cov', |
|
119 | 119 | 'pytest-runner', |
|
120 | 120 | ] |
|
121 | 121 | |
|
122 | 122 | setup_requirements = [ |
|
123 | 123 | 'PasteScript', |
|
124 | 124 | 'pytest-runner', |
|
125 | 125 | ] |
|
126 | 126 | |
|
127 | 127 | dependency_links = [ |
|
128 | 128 | ] |
|
129 | 129 | |
|
130 | 130 | classifiers = [ |
|
131 | 131 | 'Development Status :: 6 - Mature', |
|
132 | 132 | 'Environment :: Web Environment', |
|
133 | 133 | 'Framework :: Pylons', |
|
134 | 134 | 'Intended Audience :: Developers', |
|
135 | 135 | 'Operating System :: OS Independent', |
|
136 | 136 | 'Programming Language :: Python', |
|
137 | 137 | 'Programming Language :: Python :: 2.7', |
|
138 | 138 | ] |
|
139 | 139 | |
|
140 | 140 | |
|
141 | 141 | # additional files from project that goes somewhere in the filesystem |
|
142 | 142 | # relative to sys.prefix |
|
143 | 143 | data_files = [] |
|
144 | 144 | |
|
145 | 145 | # additional files that goes into package itself |
|
146 | 146 | package_data = {'rhodecode': ['i18n/*/LC_MESSAGES/*.mo', ], } |
|
147 | 147 | |
|
148 | 148 | description = ('RhodeCode is a fast and powerful management tool ' |
|
149 | 149 | 'for Mercurial and GIT with a built in push/pull server, ' |
|
150 | 150 | 'full text search and code-review.') |
|
151 | 151 | |
|
152 | 152 | keywords = ' '.join([ |
|
153 | 153 | 'rhodecode', 'rhodiumcode', 'mercurial', 'git', 'code review', |
|
154 | 154 | 'repo groups', 'ldap', 'repository management', 'hgweb replacement', |
|
155 | 155 | 'hgwebdir', 'gitweb replacement', 'serving hgweb', |
|
156 | 156 | ]) |
|
157 | 157 | |
|
158 | 158 | # long description |
|
159 | 159 | README_FILE = 'README.rst' |
|
160 | 160 | CHANGELOG_FILE = 'CHANGES.rst' |
|
161 | 161 | try: |
|
162 | 162 | long_description = open(README_FILE).read() + '\n\n' + \ |
|
163 | 163 | open(CHANGELOG_FILE).read() |
|
164 | 164 | |
|
165 | 165 | except IOError, err: |
|
166 | 166 | sys.stderr.write( |
|
167 | 167 | '[WARNING] Cannot find file specified as long_description (%s)\n or ' |
|
168 | 168 | 'changelog (%s) skipping that file' % (README_FILE, CHANGELOG_FILE) |
|
169 | 169 | ) |
|
170 | 170 | long_description = description |
|
171 | 171 | |
|
172 | 172 | # packages |
|
173 | 173 | packages = find_packages() |
|
174 | 174 | |
|
175 | 175 | paster_commands = [ |
|
176 | 176 | 'make-config=rhodecode.lib.paster_commands.make_config:Command', |
|
177 | 177 | 'setup-rhodecode=rhodecode.lib.paster_commands.setup_rhodecode:Command', |
|
178 | 178 | 'update-repoinfo=rhodecode.lib.paster_commands.update_repoinfo:Command', |
|
179 | 179 | 'cache-keys=rhodecode.lib.paster_commands.cache_keys:Command', |
|
180 | 180 | 'ishell=rhodecode.lib.paster_commands.ishell:Command', |
|
181 | 181 | 'upgrade-db=rhodecode.lib.dbmigrate:UpgradeDb', |
|
182 | 182 | 'celeryd=rhodecode.lib.celerypylons.commands:CeleryDaemonCommand', |
|
183 | 183 | ] |
|
184 | 184 | |
|
185 | 185 | setup( |
|
186 | 186 | name='rhodecode-enterprise-ce', |
|
187 | 187 | version=__version__, |
|
188 | 188 | description=description, |
|
189 | 189 | long_description=long_description, |
|
190 | 190 | keywords=keywords, |
|
191 | 191 | license=__license__, |
|
192 | 192 | author=__author__, |
|
193 | 193 | author_email='marcin@rhodecode.com', |
|
194 | 194 | dependency_links=dependency_links, |
|
195 | 195 | url=__url__, |
|
196 | 196 | install_requires=requirements, |
|
197 | 197 | tests_require=test_requirements, |
|
198 | 198 | classifiers=classifiers, |
|
199 | 199 | setup_requires=setup_requirements, |
|
200 | 200 | data_files=data_files, |
|
201 | 201 | packages=packages, |
|
202 | 202 | include_package_data=True, |
|
203 | 203 | package_data=package_data, |
|
204 | 204 | message_extractors={ |
|
205 | 205 | 'rhodecode': [ |
|
206 | 206 | ('**.py', 'python', None), |
|
207 | 207 | ('templates/**.mako', 'mako', {'input_encoding': 'utf-8'}), |
|
208 | 208 | ('templates/**.html', 'mako', {'input_encoding': 'utf-8'}), |
|
209 | 209 | ('public/**', 'ignore', None), |
|
210 | 210 | ] |
|
211 | 211 | }, |
|
212 | 212 | zip_safe=False, |
|
213 | 213 | paster_plugins=['PasteScript', 'Pylons'], |
|
214 | 214 | entry_points={ |
|
215 | 215 | 'enterprise.plugins1': [ |
|
216 | 'container=rhodecode.authentication.plugins.auth_container:plugin_factory', | |
|
216 | 217 | 'crowd=rhodecode.authentication.plugins.auth_crowd:plugin_factory', |
|
217 | 218 | 'jasig_cas=rhodecode.authentication.plugins.auth_jasig_cas:plugin_factory', |
|
218 | 219 | 'ldap=rhodecode.authentication.plugins.auth_ldap:plugin_factory', |
|
219 | 220 | 'pam=rhodecode.authentication.plugins.auth_pam:plugin_factory', |
|
220 | 221 | 'rhodecode=rhodecode.authentication.plugins.auth_rhodecode:plugin_factory', |
|
221 | 222 | ], |
|
222 | 223 | 'paste.app_factory': [ |
|
223 | 224 | 'main=rhodecode.config.middleware:make_pyramid_app', |
|
224 | 225 | 'pylons=rhodecode.config.middleware:make_app', |
|
225 | 226 | ], |
|
226 | 227 | 'paste.app_install': [ |
|
227 | 228 | 'main=pylons.util:PylonsInstaller', |
|
228 | 229 | 'pylons=pylons.util:PylonsInstaller', |
|
229 | 230 | ], |
|
230 | 231 | 'paste.global_paster_command': paster_commands, |
|
231 | 232 | 'pytest11': [ |
|
232 | 233 | 'pylons=rhodecode.tests.pylons_plugin', |
|
233 | 234 | 'enterprise=rhodecode.tests.plugin', |
|
234 | 235 | ], |
|
235 | 236 | 'console_scripts': [ |
|
236 | 237 | 'rcserver=rhodecode.rcserver:main', |
|
237 | 238 | ], |
|
238 | 239 | 'beaker.backends': [ |
|
239 | 240 | 'memorylru_base=rhodecode.lib.memory_lru_debug:MemoryLRUNamespaceManagerBase', |
|
240 | 241 | 'memorylru_debug=rhodecode.lib.memory_lru_debug:MemoryLRUNamespaceManagerDebug' |
|
241 | 242 | ] |
|
242 | 243 | }, |
|
243 | 244 | ) |
General Comments 0
You need to be logged in to leave comments.
Login now