Show More
@@ -144,21 +144,6 b' def check_password(password, hashed):' | |||||
144 | return KallitheaCrypto.hash_check(password, hashed) |
|
144 | return KallitheaCrypto.hash_check(password, hashed) | |
145 |
|
145 | |||
146 |
|
146 | |||
147 | class CookieStoreWrapper(object): |
|
|||
148 |
|
||||
149 | def __init__(self, cookie_store): |
|
|||
150 | self.cookie_store = cookie_store |
|
|||
151 |
|
||||
152 | def __repr__(self): |
|
|||
153 | return 'CookieStore<%s>' % (self.cookie_store) |
|
|||
154 |
|
||||
155 | def get(self, key, other=None): |
|
|||
156 | if isinstance(self.cookie_store, dict): |
|
|||
157 | return self.cookie_store.get(key, other) |
|
|||
158 | elif isinstance(self.cookie_store, AuthUser): |
|
|||
159 | return self.cookie_store.__dict__.get(key, other) |
|
|||
160 |
|
||||
161 |
|
||||
162 |
|
147 | |||
163 | def _cached_perms_data(user_id, user_is_admin, user_inherit_default_permissions, |
|
148 | def _cached_perms_data(user_id, user_is_admin, user_inherit_default_permissions, | |
164 | explicit, algo): |
|
149 | explicit, algo): | |
@@ -642,23 +627,28 b' class AuthUser(object):' | |||||
642 | if self.user_id != self.anonymous_user.user_id: |
|
627 | if self.user_id != self.anonymous_user.user_id: | |
643 | self.is_authenticated = authenticated |
|
628 | self.is_authenticated = authenticated | |
644 |
|
629 | |||
645 |
def |
|
630 | def to_cookie(self): | |
646 | return {'username': self.username, |
|
631 | """ Serializes this login session to a cookie `dict`. """ | |
647 | 'user_id': self.user_id, |
|
632 | return { | |
648 | 'is_authenticated': self.is_authenticated} |
|
633 | 'user_id': self.user_id, | |
|
634 | 'username': self.username, | |||
|
635 | 'is_authenticated': self.is_authenticated, | |||
|
636 | } | |||
649 |
|
637 | |||
650 |
@c |
|
638 | @staticmethod | |
651 |
def from_cookie |
|
639 | def from_cookie(cookie): | |
652 | """ |
|
640 | """ | |
653 |
|
|
641 | Deserializes an `AuthUser` from a cookie `dict`. | |
654 |
|
||||
655 | :param cls: |
|
|||
656 | :param cookie_store: |
|
|||
657 | """ |
|
642 | """ | |
658 | user_id = cookie_store.get('user_id') |
|
643 | ||
659 | username = cookie_store.get('username') |
|
644 | au = AuthUser( | |
660 | api_key = cookie_store.get('api_key') |
|
645 | user_id=cookie.get('user_id'), | |
661 | return AuthUser(user_id, api_key, username) |
|
646 | username=cookie.get('username'), | |
|
647 | ) | |||
|
648 | if not au.is_authenticated and au.user_id is not None: | |||
|
649 | # user is not authenticated and not empty | |||
|
650 | au.set_authenticated(cookie.get('is_authenticated')) | |||
|
651 | return au | |||
662 |
|
652 | |||
663 | @classmethod |
|
653 | @classmethod | |
664 | def get_allowed_ips(cls, user_id, cache=False, inherit_from_default=False): |
|
654 | def get_allowed_ips(cls, user_id, cache=False, inherit_from_default=False): |
@@ -49,7 +49,7 b' from kallithea import __version__, BACKE' | |||||
49 | from kallithea.lib.utils2 import str2bool, safe_unicode, AttributeDict,\ |
|
49 | from kallithea.lib.utils2 import str2bool, safe_unicode, AttributeDict,\ | |
50 | safe_str, safe_int |
|
50 | safe_str, safe_int | |
51 | from kallithea.lib import auth_modules |
|
51 | from kallithea.lib import auth_modules | |
52 |
from kallithea.lib.auth import AuthUser, HasPermissionAnyMiddleware |
|
52 | from kallithea.lib.auth import AuthUser, HasPermissionAnyMiddleware | |
53 | from kallithea.lib.utils import get_repo_slug |
|
53 | from kallithea.lib.utils import get_repo_slug | |
54 | from kallithea.lib.exceptions import UserCreationError |
|
54 | from kallithea.lib.exceptions import UserCreationError | |
55 | from kallithea.lib.vcs.exceptions import RepositoryError, EmptyRepositoryError, ChangesetDoesNotExistError |
|
55 | from kallithea.lib.vcs.exceptions import RepositoryError, EmptyRepositoryError, ChangesetDoesNotExistError | |
@@ -120,8 +120,7 b' def log_in_user(user, remember):' | |||||
120 |
|
120 | |||
121 | # Start new session to prevent session fixation attacks. |
|
121 | # Start new session to prevent session fixation attacks. | |
122 | session.invalidate() |
|
122 | session.invalidate() | |
123 |
|
|
123 | session['authuser'] = cookie = auth_user.to_cookie() | |
124 | session['authuser'] = cs |
|
|||
125 |
|
124 | |||
126 | # If they want to be remembered, update the cookie |
|
125 | # If they want to be remembered, update the cookie | |
127 | if remember: |
|
126 | if remember: | |
@@ -131,7 +130,7 b' def log_in_user(user, remember):' | |||||
131 | session.save() |
|
130 | session.save() | |
132 |
|
131 | |||
133 | log.info('user %s is now authenticated and stored in ' |
|
132 | log.info('user %s is now authenticated and stored in ' | |
134 |
'session, session attrs %s', user.username, c |
|
133 | 'session, session attrs %s', user.username, cookie) | |
135 |
|
134 | |||
136 | # dumps session attrs back to cookie |
|
135 | # dumps session attrs back to cookie | |
137 | session._update_cookie_out() |
|
136 | session._update_cookie_out() | |
@@ -388,11 +387,12 b' class BaseController(WSGIController):' | |||||
388 | return AuthUser(api_key=api_key) |
|
387 | return AuthUser(api_key=api_key) | |
389 |
|
388 | |||
390 | # Authenticate by session cookie |
|
389 | # Authenticate by session cookie | |
391 |
cookie |
|
390 | cookie = session.get('authuser') | |
392 | user_id = cookie_store.get('user_id') |
|
391 | # In ancient login sessions, 'authuser' may not be a dict. | |
393 | if user_id is not None: |
|
392 | # In that case, the user will have to log in again. | |
|
393 | if isinstance(cookie, dict): | |||
394 | try: |
|
394 | try: | |
395 | auth_user = AuthUser(user_id=user_id) |
|
395 | return AuthUser.from_cookie(cookie) | |
396 | except UserCreationError as e: |
|
396 | except UserCreationError as e: | |
397 | # container auth or other auth functions that create users on |
|
397 | # container auth or other auth functions that create users on | |
398 | # the fly can throw UserCreationError to signal issues with |
|
398 | # the fly can throw UserCreationError to signal issues with | |
@@ -400,14 +400,6 b' class BaseController(WSGIController):' | |||||
400 | # exception object. |
|
400 | # exception object. | |
401 | from kallithea.lib import helpers as h |
|
401 | from kallithea.lib import helpers as h | |
402 | h.flash(e, 'error', logf=log.error) |
|
402 | h.flash(e, 'error', logf=log.error) | |
403 | else: |
|
|||
404 | authenticated = cookie_store.get('is_authenticated') |
|
|||
405 |
|
||||
406 | if not auth_user.is_authenticated and auth_user.user_id is not None: |
|
|||
407 | # user is not authenticated and not empty |
|
|||
408 | auth_user.set_authenticated(authenticated) |
|
|||
409 |
|
||||
410 | return auth_user |
|
|||
411 |
|
403 | |||
412 | # Authenticate by auth_container plugin (if enabled) |
|
404 | # Authenticate by auth_container plugin (if enabled) | |
413 | if any( |
|
405 | if any( |
General Comments 0
You need to be logged in to leave comments.
Login now