# HG changeset patch # User Mads Kiilerich # Date 2015-07-31 15:44:07 # Node ID dd87009b518b0f8e54e869e1b668db98c43305ac # Parent caaf0d07c16840dc3f1fe5d3743a5d0214868eb5 auth: various minor cleanup of general auth functionality diff --git a/kallithea/lib/auth_modules/__init__.py b/kallithea/lib/auth_modules/__init__.py --- a/kallithea/lib/auth_modules/__init__.py +++ b/kallithea/lib/auth_modules/__init__.py @@ -55,10 +55,10 @@ class KallitheaAuthPluginBase(object): "groups": '["list", "of", "groups"]', "extern_name": "name in external source of record", "extern_type": "type of external source of record", - "admin": 'True|False defines if user should be Kallithea super admin', - "active": 'True|False defines active state of user internally for Kallithea', - "active_from_extern": "True|False\None, active state from the external auth, " - "None means use definition from Kallithea extern_type active value" + "admin": 'True|False defines if user should be Kallithea admin', + "active": 'True|False defines active state of user in Kallithea', + "active_from_extern": "True|False|None, active state from the external auth, " + "None means use value from the auth plugin" } @property @@ -184,7 +184,7 @@ class KallitheaAuthPluginBase(object): def plugin_settings(self): """ This method is called by the authentication framework, not the .settings() - method. This method adds a few default settings (e.g., "active"), so that + method. This method adds a few default settings (e.g., "enabled"), so that plugin authors don't have to maintain a bunch of boilerplate. OVERRIDING THIS METHOD WILL CAUSE YOUR PLUGIN TO FAIL. @@ -211,14 +211,14 @@ class KallitheaAuthPluginBase(object): def auth(self, userobj, username, passwd, settings, **kwargs): """ - Given a user object (which may be null), username, a plaintext password, + Given a user object (which may be None), username, a plaintext password, and a settings object (containing all the keys needed as listed in settings()), authenticate this user's login attempt. - Return None on failure. On success, return a dictionary of the form: + Return None on failure. On success, return a dictionary with keys from + KallitheaAuthPluginBase.auth_func_attrs. - see: KallitheaAuthPluginBase.auth_func_attrs - This is later validated for correctness + This is later validated for correctness. """ raise NotImplementedError("not implemented in base class") @@ -232,9 +232,9 @@ class KallitheaAuthPluginBase(object): :param settings: plugin settings """ auth = self.auth(userobj, username, passwd, settings, **kwargs) - if auth: + if auth is not None: return self._validate_auth_return(auth) - return auth + return None def _validate_auth_return(self, ret): if not isinstance(ret, dict): @@ -259,7 +259,7 @@ class KallitheaExternalAuthPlugin(Kallit def _authenticate(self, userobj, username, passwd, settings, **kwargs): auth = super(KallitheaExternalAuthPlugin, self)._authenticate( userobj, username, passwd, settings, **kwargs) - if auth: + if auth is not None: # maybe plugin will clean the username ? # we should use the return value username = auth['username'] @@ -408,11 +408,11 @@ def authenticate(username, password, env environ=environ or {}) log.debug('PLUGIN USER DATA: %s' % plugin_user) - if plugin_user: + if plugin_user is not None: log.debug('Plugin returned proper authentication data') return plugin_user - # we failed to Auth because .auth() method didn't return proper the user + # we failed to Auth because .auth() method didn't return the user if username: log.warning("User `%s` failed to authenticate against %s" % (username, plugin.__module__)) diff --git a/kallithea/lib/base.py b/kallithea/lib/base.py --- a/kallithea/lib/base.py +++ b/kallithea/lib/base.py @@ -165,7 +165,7 @@ class BasicAuth(paste.auth.basic.AuthBas _parts = auth.split(':', 1) if len(_parts) == 2: username, password = _parts - if self.authfunc(username, password, environ): + if self.authfunc(username, password, environ) is not None: return username return self.build_authentication() @@ -179,7 +179,7 @@ class BaseVCSController(object): self.config = config # base path of repo locations self.basepath = self.config['base_path'] - #authenticate this VCS request using authfunc + # authenticate this VCS request using the authentication modules self.authenticate = BasicAuth('', auth_modules.authenticate, config.get('auth_ret_code')) self.ip_addr = '0.0.0.0' @@ -413,7 +413,7 @@ class BaseController(WSGIController): from kallithea.lib import helpers as h h.flash(e, 'error', logf=log.error) else: - if auth_info: + if auth_info is not None: username = auth_info['username'] user = User.get_by_username(username, case_insensitive=True) return log_in_user(user, remember=False, diff --git a/kallithea/lib/middleware/simplegit.py b/kallithea/lib/middleware/simplegit.py --- a/kallithea/lib/middleware/simplegit.py +++ b/kallithea/lib/middleware/simplegit.py @@ -124,7 +124,7 @@ class SimpleGit(BaseVCSController): # try to auth based on environ, container auth methods log.debug('Running PRE-AUTH for container based authentication') pre_auth = auth_modules.authenticate('', '', environ) - if pre_auth and pre_auth.get('username'): + if pre_auth is not None and pre_auth.get('username'): username = pre_auth['username'] log.debug('PRE-AUTH got %s as username' % username) diff --git a/kallithea/lib/middleware/simplehg.py b/kallithea/lib/middleware/simplehg.py --- a/kallithea/lib/middleware/simplehg.py +++ b/kallithea/lib/middleware/simplehg.py @@ -128,7 +128,7 @@ class SimpleHg(BaseVCSController): # try to auth based on environ, container auth methods log.debug('Running PRE-AUTH for container based authentication') pre_auth = auth_modules.authenticate('', '', environ) - if pre_auth and pre_auth.get('username'): + if pre_auth is not None and pre_auth.get('username'): username = pre_auth['username'] log.debug('PRE-AUTH got %s as username' % username) diff --git a/kallithea/model/validators.py b/kallithea/model/validators.py --- a/kallithea/model/validators.py +++ b/kallithea/model/validators.py @@ -272,7 +272,7 @@ def ValidOldPassword(username): def validate_python(self, value, state): from kallithea.lib import auth_modules - if not auth_modules.authenticate(username, value, ''): + if auth_modules.authenticate(username, value, '') is None: msg = M(self, 'invalid_password', state) raise formencode.Invalid(msg, value, state, error_dict=dict(current_password=msg) @@ -309,7 +309,9 @@ def ValidAuth(): password = value['password'] username = value['username'] - if not auth_modules.authenticate(username, password): + # authenticate returns unused dict but has called + # plugin._authenticate which has create_or_update'ed the username user in db + if auth_modules.authenticate(username, password) is None: user = User.get_by_username(username) if user and not user.active: log.warning('user %s is disabled' % username)