Show More
| @@ -253,17 +253,17 b' def login_container_auth(username):' | |||||
| 253 | user.username) |
|
253 | user.username) | |
| 254 | return user |
|
254 | return user | |
| 255 |
|
255 | |||
| 256 | def get_container_username(environ, cfg): |
|
256 | def get_container_username(environ, config): | |
| 257 | from paste.httpheaders import REMOTE_USER |
|
257 | username = None | |
| 258 | from paste.deploy.converters import asbool |
|
|||
| 259 |
|
258 | |||
| 260 |
|
|
259 | if str2bool(config.get('container_auth_enabled', False)): | |
| 261 | username = REMOTE_USER(environ) |
|
260 | from paste.httpheaders import REMOTE_USER | |
| 262 |
|
261 | username = REMOTE_USER(environ) | ||
| 263 | if not username and proxy_pass_enabled: |
|
262 | ||
|
|
263 | if not username and str2bool(config.get('proxypass_auth_enabled', False)): | |||
| 264 | username = environ.get('HTTP_X_FORWARDED_USER') |
|
264 | username = environ.get('HTTP_X_FORWARDED_USER') | |
| 265 |
|
265 | |||
| 266 | if username and proxy_pass_enabled: |
|
266 | if username: | |
| 267 | # Removing realm and domain from username |
|
267 | # Removing realm and domain from username | |
| 268 | username = username.partition('@')[0] |
|
268 | username = username.partition('@')[0] | |
| 269 | username = username.rpartition('\\')[2] |
|
269 | username = username.rpartition('\\')[2] | |
| @@ -8,7 +8,6 b' from pylons import config, tmpl_context ' | |||||
| 8 | from pylons.controllers import WSGIController |
|
8 | from pylons.controllers import WSGIController | |
| 9 | from pylons.controllers.util import redirect |
|
9 | from pylons.controllers.util import redirect | |
| 10 | from pylons.templating import render_mako as render |
|
10 | from pylons.templating import render_mako as render | |
| 11 | from paste.deploy.converters import asbool |
|
|||
| 12 |
|
11 | |||
| 13 | from rhodecode import __version__ |
|
12 | from rhodecode import __version__ | |
| 14 | from rhodecode.lib import str2bool |
|
13 | from rhodecode.lib import str2bool | |
| @@ -45,10 +44,8 b' class BaseController(WSGIController):' | |||||
| 45 | # make sure that we update permissions each time we call controller |
|
44 | # make sure that we update permissions each time we call controller | |
| 46 | api_key = request.GET.get('api_key') |
|
45 | api_key = request.GET.get('api_key') | |
| 47 | user_id = getattr(session.get('rhodecode_user'), 'user_id', None) |
|
46 | user_id = getattr(session.get('rhodecode_user'), 'user_id', None) | |
| 48 | if asbool(config.get('container_auth_enabled', False)): |
|
47 | username = get_container_username(environ, config) | |
| 49 | username = get_container_username(environ) |
|
48 | ||
| 50 | else: |
|
|||
| 51 | username = None |
|
|||
| 52 | auth_user = AuthUser(user_id, api_key, username) |
|
49 | auth_user = AuthUser(user_id, api_key, username) | |
| 53 | self.rhodecode_user = c.rhodecode_user = auth_user |
|
50 | self.rhodecode_user = c.rhodecode_user = auth_user | |
| 54 | if not self.rhodecode_user.is_authenticated and \ |
|
51 | if not self.rhodecode_user.is_authenticated and \ | |
| @@ -148,23 +148,26 b' class SimpleGit(object):' | |||||
| 148 | # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS |
|
148 | # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS | |
| 149 | #============================================================== |
|
149 | #============================================================== | |
| 150 |
|
150 | |||
| 151 | if not get_container_username(environ, self.config): |
|
151 | # Attempting to retrieve username from the container | |
|
|
152 | username = get_container_username(environ, self.config) | |||
|
|
153 | ||||
|
|
154 | # If not authenticated by the container, running basic auth | |||
|
|
155 | if not username: | |||
| 152 | self.authenticate.realm = \ |
|
156 | self.authenticate.realm = \ | |
| 153 | safe_str(self.config['rhodecode_realm']) |
|
157 | safe_str(self.config['rhodecode_realm']) | |
| 154 | result = self.authenticate(environ) |
|
158 | result = self.authenticate(environ) | |
| 155 | if isinstance(result, str): |
|
159 | if isinstance(result, str): | |
| 156 | AUTH_TYPE.update(environ, 'basic') |
|
160 | AUTH_TYPE.update(environ, 'basic') | |
| 157 | REMOTE_USER.update(environ, result) |
|
161 | REMOTE_USER.update(environ, result) | |
|
|
162 | username = result | |||
| 158 | else: |
|
163 | else: | |
| 159 | return result.wsgi_application(environ, start_response) |
|
164 | return result.wsgi_application(environ, start_response) | |
| 160 |
|
165 | |||
| 161 | #============================================================== |
|
166 | #============================================================== | |
| 162 |
# CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME |
|
167 | # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME | |
| 163 | # BASIC AUTH |
|
|||
| 164 | #============================================================== |
|
168 | #============================================================== | |
| 165 |
|
169 | |||
| 166 | if action in ['pull', 'push']: |
|
170 | if action in ['pull', 'push']: | |
| 167 | username = get_container_username(environ, self.config) |
|
|||
| 168 | try: |
|
171 | try: | |
| 169 | user = self.__get_user(username) |
|
172 | user = self.__get_user(username) | |
| 170 | if user is None or not user.active: |
|
173 | if user is None or not user.active: | |
| @@ -114,23 +114,26 b' class SimpleHg(object):' | |||||
| 114 | # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS |
|
114 | # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS | |
| 115 | #============================================================== |
|
115 | #============================================================== | |
| 116 |
|
116 | |||
| 117 | if not get_container_username(environ, self.config): |
|
117 | # Attempting to retrieve username from the container | |
|
|
118 | username = get_container_username(environ, self.config) | |||
|
|
119 | ||||
|
|
120 | # If not authenticated by the container, running basic auth | |||
|
|
121 | if not username: | |||
| 118 | self.authenticate.realm = \ |
|
122 | self.authenticate.realm = \ | |
| 119 | safe_str(self.config['rhodecode_realm']) |
|
123 | safe_str(self.config['rhodecode_realm']) | |
| 120 | result = self.authenticate(environ) |
|
124 | result = self.authenticate(environ) | |
| 121 | if isinstance(result, str): |
|
125 | if isinstance(result, str): | |
| 122 | AUTH_TYPE.update(environ, 'basic') |
|
126 | AUTH_TYPE.update(environ, 'basic') | |
| 123 | REMOTE_USER.update(environ, result) |
|
127 | REMOTE_USER.update(environ, result) | |
|
|
128 | username = result | |||
| 124 | else: |
|
129 | else: | |
| 125 | return result.wsgi_application(environ, start_response) |
|
130 | return result.wsgi_application(environ, start_response) | |
| 126 |
|
131 | |||
| 127 | #============================================================== |
|
132 | #============================================================== | |
| 128 |
# CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME |
|
133 | # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME | |
| 129 | # BASIC AUTH |
|
|||
| 130 | #============================================================== |
|
134 | #============================================================== | |
| 131 |
|
135 | |||
| 132 | if action in ['pull', 'push']: |
|
136 | if action in ['pull', 'push']: | |
| 133 | username = get_container_username(environ, self.config) |
|
|||
| 134 | try: |
|
137 | try: | |
| 135 | user = self.__get_user(username) |
|
138 | user = self.__get_user(username) | |
| 136 | if user is None or not user.active: |
|
139 | if user is None or not user.active: | |
General Comments 0
You need to be logged in to leave comments.
Login now