auth_rhodecode.py
97 lines
| 3.4 KiB
| text/x-python
|
PythonLexer
Bradley M. Kuhn
|
r4116 | # -*- coding: utf-8 -*- | ||
| # This program is free software: you can redistribute it and/or modify | ||||
| # it under the terms of the GNU General Public License as published by | ||||
| # the Free Software Foundation, either version 3 of the License, or | ||||
| # (at your option) any later version. | ||||
| # | ||||
| # This program is distributed in the hope that it will be useful, | ||||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
| # GNU General Public License for more details. | ||||
| # | ||||
| # You should have received a copy of the GNU General Public License | ||||
| # along with this program. If not, see <http://www.gnu.org/licenses/>. | ||||
| """ | ||||
| rhodecode.lib.auth_modules.auth_rhodecode | ||||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||||
| RhodeCode authentication plugin for built in internal auth | ||||
| :created_on: Created on Nov 17, 2012 | ||||
| :author: marcink | ||||
| :copyright: (c) 2013 RhodeCode GmbH. | ||||
| :license: GPLv3, see LICENSE for more details. | ||||
| """ | ||||
| import logging | ||||
| from rhodecode.lib import auth_modules | ||||
| from rhodecode.lib.compat import formatted_json, hybrid_property | ||||
| from rhodecode.model.db import User | ||||
| log = logging.getLogger(__name__) | ||||
| class RhodeCodeAuthPlugin(auth_modules.RhodeCodeAuthPluginBase): | ||||
| def __init__(self): | ||||
| pass | ||||
| @hybrid_property | ||||
| def name(self): | ||||
| return "rhodecode" | ||||
| def settings(self): | ||||
| return [] | ||||
| def user_activation_state(self): | ||||
| def_user_perms = User.get_default_user().AuthUser.permissions['global'] | ||||
| return 'hg.register.auto_activate' in def_user_perms | ||||
| def accepts(self, user, accepts_empty=True): | ||||
| """ | ||||
| Custom accepts for this auth that doesn't accept empty users. We | ||||
| know that user exisits in database. | ||||
| """ | ||||
| return super(RhodeCodeAuthPlugin, self).accepts(user, | ||||
| accepts_empty=False) | ||||
| def auth(self, userobj, username, password, settings, **kwargs): | ||||
| if not userobj: | ||||
| log.debug('userobj was:%s skipping' % (userobj, )) | ||||
| return None | ||||
| if userobj.extern_type != self.name: | ||||
| log.warn("userobj:%s extern_type mismatch got:`%s` expected:`%s`" | ||||
| % (userobj, userobj.extern_type, self.name)) | ||||
| return None | ||||
| user_attrs = { | ||||
| "username": userobj.username, | ||||
| "firstname": userobj.firstname, | ||||
| "lastname": userobj.lastname, | ||||
| "groups": [], | ||||
| "email": userobj.email, | ||||
| "admin": userobj.admin, | ||||
| "active": userobj.active, | ||||
| "active_from_extern": userobj.active, | ||||
| "extern_name": userobj.user_id, | ||||
| 'extern_type': userobj.extern_type, | ||||
| } | ||||
| log.debug(formatted_json(user_attrs)) | ||||
| if userobj.active: | ||||
| from rhodecode.lib import auth | ||||
| password_match = auth.RhodeCodeCrypto.hash_check(password, userobj.password) | ||||
| if userobj.username == User.DEFAULT_USER and userobj.active: | ||||
| log.info('user %s authenticated correctly as anonymous user' % | ||||
| username) | ||||
| return user_attrs | ||||
| elif userobj.username == username and password_match: | ||||
| log.info('user %s authenticated correctly' % user_attrs['username']) | ||||
| return user_attrs | ||||
| log.error("user %s had a bad password" % username) | ||||
| return None | ||||
| else: | ||||
| log.warning('user %s tried auth but is disabled' % username) | ||||
| return None | ||||