Show More
| @@ -144,21 +144,6 b' def check_password(password, hashed):' | |||||
| 144 | return KallitheaCrypto.hash_check(password, hashed) |
|
144 | return KallitheaCrypto.hash_check(password, hashed) | |
| 145 |
|
145 | |||
| 146 |
|
146 | |||
| 147 | class CookieStoreWrapper(object): |
|
|||
| 148 |
|
||||
| 149 | def __init__(self, cookie_store): |
|
|||
| 150 | self.cookie_store = cookie_store |
|
|||
| 151 |
|
||||
| 152 | def __repr__(self): |
|
|||
| 153 | return 'CookieStore<%s>' % (self.cookie_store) |
|
|||
| 154 |
|
||||
| 155 | def get(self, key, other=None): |
|
|||
| 156 | if isinstance(self.cookie_store, dict): |
|
|||
| 157 | return self.cookie_store.get(key, other) |
|
|||
| 158 | elif isinstance(self.cookie_store, AuthUser): |
|
|||
| 159 | return self.cookie_store.__dict__.get(key, other) |
|
|||
| 160 |
|
||||
| 161 |
|
||||
| 162 |
|
147 | |||
| 163 | def _cached_perms_data(user_id, user_is_admin, user_inherit_default_permissions, |
|
148 | def _cached_perms_data(user_id, user_is_admin, user_inherit_default_permissions, | |
| 164 | explicit, algo): |
|
149 | explicit, algo): | |
| @@ -642,23 +627,28 b' class AuthUser(object):' | |||||
| 642 | if self.user_id != self.anonymous_user.user_id: |
|
627 | if self.user_id != self.anonymous_user.user_id: | |
| 643 | self.is_authenticated = authenticated |
|
628 | self.is_authenticated = authenticated | |
| 644 |
|
629 | |||
| 645 |
def |
|
630 | def to_cookie(self): | |
| 646 | return {'username': self.username, |
|
631 | """ Serializes this login session to a cookie `dict`. """ | |
| 647 | 'user_id': self.user_id, |
|
632 | return { | |
| 648 | 'is_authenticated': self.is_authenticated} |
|
633 | 'user_id': self.user_id, | |
|
|
634 | 'username': self.username, | |||
|
|
635 | 'is_authenticated': self.is_authenticated, | |||
|
|
636 | } | |||
| 649 |
|
637 | |||
| 650 |
@c |
|
638 | @staticmethod | |
| 651 |
def from_cookie |
|
639 | def from_cookie(cookie): | |
| 652 | """ |
|
640 | """ | |
| 653 |
|
|
641 | Deserializes an `AuthUser` from a cookie `dict`. | |
| 654 |
|
||||
| 655 | :param cls: |
|
|||
| 656 | :param cookie_store: |
|
|||
| 657 | """ |
|
642 | """ | |
| 658 | user_id = cookie_store.get('user_id') |
|
643 | ||
| 659 | username = cookie_store.get('username') |
|
644 | au = AuthUser( | |
| 660 | api_key = cookie_store.get('api_key') |
|
645 | user_id=cookie.get('user_id'), | |
| 661 | return AuthUser(user_id, api_key, username) |
|
646 | username=cookie.get('username'), | |
|
|
647 | ) | |||
|
|
648 | if not au.is_authenticated and au.user_id is not None: | |||
|
|
649 | # user is not authenticated and not empty | |||
|
|
650 | au.set_authenticated(cookie.get('is_authenticated')) | |||
|
|
651 | return au | |||
| 662 |
|
652 | |||
| 663 | @classmethod |
|
653 | @classmethod | |
| 664 | def get_allowed_ips(cls, user_id, cache=False, inherit_from_default=False): |
|
654 | def get_allowed_ips(cls, user_id, cache=False, inherit_from_default=False): | |
| @@ -49,7 +49,7 b' from kallithea import __version__, BACKE' | |||||
| 49 | from kallithea.lib.utils2 import str2bool, safe_unicode, AttributeDict,\ |
|
49 | from kallithea.lib.utils2 import str2bool, safe_unicode, AttributeDict,\ | |
| 50 | safe_str, safe_int |
|
50 | safe_str, safe_int | |
| 51 | from kallithea.lib import auth_modules |
|
51 | from kallithea.lib import auth_modules | |
| 52 |
from kallithea.lib.auth import AuthUser, HasPermissionAnyMiddleware |
|
52 | from kallithea.lib.auth import AuthUser, HasPermissionAnyMiddleware | |
| 53 | from kallithea.lib.utils import get_repo_slug |
|
53 | from kallithea.lib.utils import get_repo_slug | |
| 54 | from kallithea.lib.exceptions import UserCreationError |
|
54 | from kallithea.lib.exceptions import UserCreationError | |
| 55 | from kallithea.lib.vcs.exceptions import RepositoryError, EmptyRepositoryError, ChangesetDoesNotExistError |
|
55 | from kallithea.lib.vcs.exceptions import RepositoryError, EmptyRepositoryError, ChangesetDoesNotExistError | |
| @@ -120,8 +120,7 b' def log_in_user(user, remember):' | |||||
| 120 |
|
120 | |||
| 121 | # Start new session to prevent session fixation attacks. |
|
121 | # Start new session to prevent session fixation attacks. | |
| 122 | session.invalidate() |
|
122 | session.invalidate() | |
| 123 |
|
|
123 | session['authuser'] = cookie = auth_user.to_cookie() | |
| 124 | session['authuser'] = cs |
|
|||
| 125 |
|
124 | |||
| 126 | # If they want to be remembered, update the cookie |
|
125 | # If they want to be remembered, update the cookie | |
| 127 | if remember: |
|
126 | if remember: | |
| @@ -131,7 +130,7 b' def log_in_user(user, remember):' | |||||
| 131 | session.save() |
|
130 | session.save() | |
| 132 |
|
131 | |||
| 133 | log.info('user %s is now authenticated and stored in ' |
|
132 | log.info('user %s is now authenticated and stored in ' | |
| 134 |
'session, session attrs %s', user.username, c |
|
133 | 'session, session attrs %s', user.username, cookie) | |
| 135 |
|
134 | |||
| 136 | # dumps session attrs back to cookie |
|
135 | # dumps session attrs back to cookie | |
| 137 | session._update_cookie_out() |
|
136 | session._update_cookie_out() | |
| @@ -388,11 +387,12 b' class BaseController(WSGIController):' | |||||
| 388 | return AuthUser(api_key=api_key) |
|
387 | return AuthUser(api_key=api_key) | |
| 389 |
|
388 | |||
| 390 | # Authenticate by session cookie |
|
389 | # Authenticate by session cookie | |
| 391 |
cookie |
|
390 | cookie = session.get('authuser') | |
| 392 | user_id = cookie_store.get('user_id') |
|
391 | # In ancient login sessions, 'authuser' may not be a dict. | |
| 393 | if user_id is not None: |
|
392 | # In that case, the user will have to log in again. | |
|
|
393 | if isinstance(cookie, dict): | |||
| 394 | try: |
|
394 | try: | |
| 395 | auth_user = AuthUser(user_id=user_id) |
|
395 | return AuthUser.from_cookie(cookie) | |
| 396 | except UserCreationError as e: |
|
396 | except UserCreationError as e: | |
| 397 | # container auth or other auth functions that create users on |
|
397 | # container auth or other auth functions that create users on | |
| 398 | # the fly can throw UserCreationError to signal issues with |
|
398 | # the fly can throw UserCreationError to signal issues with | |
| @@ -400,14 +400,6 b' class BaseController(WSGIController):' | |||||
| 400 | # exception object. |
|
400 | # exception object. | |
| 401 | from kallithea.lib import helpers as h |
|
401 | from kallithea.lib import helpers as h | |
| 402 | h.flash(e, 'error', logf=log.error) |
|
402 | h.flash(e, 'error', logf=log.error) | |
| 403 | else: |
|
|||
| 404 | authenticated = cookie_store.get('is_authenticated') |
|
|||
| 405 |
|
||||
| 406 | if not auth_user.is_authenticated and auth_user.user_id is not None: |
|
|||
| 407 | # user is not authenticated and not empty |
|
|||
| 408 | auth_user.set_authenticated(authenticated) |
|
|||
| 409 |
|
||||
| 410 | return auth_user |
|
|||
| 411 |
|
403 | |||
| 412 | # Authenticate by auth_container plugin (if enabled) |
|
404 | # Authenticate by auth_container plugin (if enabled) | |
| 413 | if any( |
|
405 | if any( | |
General Comments 0
You need to be logged in to leave comments.
Login now