Show More
| @@ -223,9 +223,31 b' def authenticate(username, password):' | |||||
| 223 | pass |
|
223 | pass | |
| 224 | return False |
|
224 | return False | |
| 225 |
|
225 | |||
|
|
226 | def login_container_auth(username): | |||
|
|
227 | user = User.get_by_username(username) | |||
|
|
228 | if user is None: | |||
|
|
229 | user_model = UserModel() | |||
|
|
230 | user_attrs = { | |||
|
|
231 | 'name': username, | |||
|
|
232 | 'lastname': None, | |||
|
|
233 | 'email': None, | |||
|
|
234 | } | |||
|
|
235 | if not user_model.create_for_container_auth(username, user_attrs): | |||
|
|
236 | return None | |||
|
|
237 | user = User.get_by_username(username) | |||
|
|
238 | log.info('User %s was created by container authentication', username) | |||
|
|
239 | ||||
|
|
240 | if not user.active: | |||
|
|
241 | return None | |||
|
|
242 | ||||
|
|
243 | user.update_lastlogin() | |||
|
|
244 | log.debug('User %s is now logged in by container authentication', user.username) | |||
|
|
245 | return user | |||
|
|
246 | ||||
| 226 | def get_container_username(environ, cfg=config): |
|
247 | def get_container_username(environ, cfg=config): | |
| 227 | from paste.httpheaders import REMOTE_USER |
|
248 | from paste.httpheaders import REMOTE_USER | |
| 228 | from paste.deploy.converters import asbool |
|
249 | from paste.deploy.converters import asbool | |
|
|
250 | ||||
| 229 | username = REMOTE_USER(environ) |
|
251 | username = REMOTE_USER(environ) | |
| 230 |
|
252 | |||
| 231 | if not username and asbool(cfg.get('proxypass_auth_enabled', False)): |
|
253 | if not username and asbool(cfg.get('proxypass_auth_enabled', False)): | |
| @@ -278,14 +300,12 b' class AuthUser(object):' | |||||
| 278 | is_user_loaded = user_model.fill_data(self, user_id=self.user_id) |
|
300 | is_user_loaded = user_model.fill_data(self, user_id=self.user_id) | |
| 279 | elif self.username: |
|
301 | elif self.username: | |
| 280 | log.debug('Auth User lookup by USER NAME %s', self.username) |
|
302 | log.debug('Auth User lookup by USER NAME %s', self.username) | |
| 281 |
dbuser = |
|
303 | dbuser = login_container_auth(self.username) | |
| 282 |
if dbuser is not None |
|
304 | if dbuser is not None: | |
| 283 | for k, v in dbuser.get_dict().items(): |
|
305 | for k, v in dbuser.get_dict().items(): | |
| 284 | setattr(self, k, v) |
|
306 | setattr(self, k, v) | |
| 285 | self.set_authenticated() |
|
307 | self.set_authenticated() | |
| 286 | is_user_loaded = True |
|
308 | is_user_loaded = True | |
| 287 | log.debug('User %s is now logged in', self.username) |
|
|||
| 288 | dbuser.update_lastlogin() |
|
|||
| 289 |
|
309 | |||
| 290 | if not is_user_loaded: |
|
310 | if not is_user_loaded: | |
| 291 | if self.anonymous_user.active is True: |
|
311 | if self.anonymous_user.active is True: | |
| @@ -455,7 +455,8 b' HasRepoPermissionAny, HasRepoPermissionA' | |||||
| 455 |
|
455 | |||
| 456 | def gravatar_url(email_address, size=30): |
|
456 | def gravatar_url(email_address, size=30): | |
| 457 | if not str2bool(config['app_conf'].get('use_gravatar')) or \ |
|
457 | if not str2bool(config['app_conf'].get('use_gravatar')) or \ | |
| 458 | email_address == 'anonymous@rhodecode.org': |
|
458 | not email_address or \ | |
|
|
459 | email_address == 'anonymous@rhodecode.org': | |||
| 459 | return url("/images/user%s.png" % size) |
|
460 | return url("/images/user%s.png" % size) | |
| 460 |
|
461 | |||
| 461 | ssl_enabled = 'https' == request.environ.get('wsgi.url_scheme') |
|
462 | ssl_enabled = 'https' == request.environ.get('wsgi.url_scheme') | |
| @@ -92,6 +92,35 b' class UserModel(BaseModel):' | |||||
| 92 | self.sa.rollback() |
|
92 | self.sa.rollback() | |
| 93 | raise |
|
93 | raise | |
| 94 |
|
94 | |||
|
|
95 | def create_for_container_auth(self, username, attrs): | |||
|
|
96 | """ | |||
|
|
97 | Creates the given user if it's not already in the database | |||
|
|
98 | ||||
|
|
99 | :param username: | |||
|
|
100 | :param attrs: | |||
|
|
101 | """ | |||
|
|
102 | if self.get_by_username(username, case_insensitive=True) is None: | |||
|
|
103 | try: | |||
|
|
104 | new_user = User() | |||
|
|
105 | new_user.username = username | |||
|
|
106 | new_user.password = None | |||
|
|
107 | new_user.api_key = generate_api_key(username) | |||
|
|
108 | new_user.email = attrs['email'] | |||
|
|
109 | new_user.active = True | |||
|
|
110 | new_user.name = attrs['name'] | |||
|
|
111 | new_user.lastname = attrs['lastname'] | |||
|
|
112 | ||||
|
|
113 | self.sa.add(new_user) | |||
|
|
114 | self.sa.commit() | |||
|
|
115 | return True | |||
|
|
116 | except (DatabaseError,): | |||
|
|
117 | log.error(traceback.format_exc()) | |||
|
|
118 | self.sa.rollback() | |||
|
|
119 | raise | |||
|
|
120 | log.debug('User %s already exists. Skipping creation of account for container auth.', | |||
|
|
121 | username) | |||
|
|
122 | return False | |||
|
|
123 | ||||
| 95 | def create_ldap(self, username, password, user_dn, attrs): |
|
124 | def create_ldap(self, username, password, user_dn, attrs): | |
| 96 | """ |
|
125 | """ | |
| 97 | Checks if user is in database, if not creates this user marked |
|
126 | Checks if user is in database, if not creates this user marked | |
General Comments 0
You need to be logged in to leave comments.
Login now