kallithea Changeset - 137ea21dfc10

Changeset - 137ea21dfc10

Parent rev.

Child rev.

[Not reviewed]

default

0 1 0

domruf - 9 years ago 2016-08-16 20:05:48
dominikruf@gmail.com

auth: when a auth plugin can't be imported try the next one instead of breaking completly

Some authentication modules depend on external services. This may cause the import
to fail.
Or another scenario is that a (third party) authentication module has been removed
and can't be imported anymore.

1 file changed with 2 insertions and 2 deletions:

kallithea/lib/auth_modules/__init__.py

0 comments (0 inline, 0 general)

kallithea/lib/auth_modules/__init__.py

➞

Show inline comments

@@ @@ -318,98 +318,98 @@ def importplugin(plugin): @@
         module = importlib.import_module(plugin)
     except (ImportError, TypeError):
         log.error(traceback.format_exc())
         # TODO: make this more error prone, if by some accident we screw up
         # the plugin name, the crash is pretty bad and hard to recover
         raise
     log.debug("Loaded auth plugin from %s (module:%s, file:%s)",
               plugin, module.__name__, module.__file__)
     pluginclass = getattr(module, PLUGIN_CLASS_NAME)
     if not issubclass(pluginclass, KallitheaAuthPluginBase):
         raise TypeError("Authentication class %s.KallitheaAuthPlugin is not "
                         "a subclass of %s" % (plugin, KallitheaAuthPluginBase))
     return pluginclass
 def loadplugin(plugin):
     """
     Loads and returns an instantiated authentication plugin.
         see: importplugin
     """
     plugin = importplugin(plugin)()
     if plugin.plugin_settings.im_func != KallitheaAuthPluginBase.plugin_settings.im_func:
         raise TypeError("Authentication class %s.KallitheaAuthPluginBase "
                         "has overridden the plugin_settings method, which is "
                         "forbidden." % plugin)
     return plugin
 def authenticate(username, password, environ=None):
     """
     Authentication function used for access control,
     It tries to authenticate based on enabled authentication modules.
     :param username: username can be empty for container auth
     :param password: password can be empty for container auth
     :param environ: environ headers passed for container auth
     :returns: None if auth failed, user_data dict if auth is correct
     """
     auth_plugins = Setting.get_auth_plugins()
     log.debug('Authentication against %s plugins', auth_plugins)
     for module in auth_plugins:
         try:
             plugin = loadplugin(module)
         except (ImportError, AttributeError, TypeError) as e:
             raise ImportError('Failed to load authentication module %s : %s'
                               % (module, str(e)))
             log.error('Failed to load authentication module %s : %s' % (module, str(e)))
             continue
         log.debug('Trying authentication using ** %s **', module)
         # load plugin settings from Kallithea database
         plugin_name = plugin.name
         plugin_settings = {}
         for v in plugin.plugin_settings():
             conf_key = "auth_%s_%s" % (plugin_name, v["name"])
             setting = Setting.get_by_name(conf_key)
             plugin_settings[v["name"]] = setting.app_settings_value if setting else None
         log.debug('Plugin settings \n%s', formatted_json(plugin_settings))
         if not str2bool(plugin_settings["enabled"]):
             log.info("Authentication plugin %s is disabled, skipping for %s",
                      module, username)
             continue
         # use plugin's method of user extraction.
         user = plugin.get_user(username, environ=environ,
                                settings=plugin_settings)
         log.debug('Plugin %s extracted user is `%s`', module, user)
         if not plugin.accepts(user):
             log.debug('Plugin %s does not accept user `%s` for authentication',
                       module, user)
             continue
         else:
             log.debug('Plugin %s accepted user `%s` for authentication',
                       module, user)
             # The user might have tried to authenticate using their email address,
             # then the username variable wouldn't contain a valid username.
             # But as the plugin has accepted the user, .username field should
             # have a valid username, so use it for authentication purposes.
             if user is not None:
                 username = user.username
         log.info('Authenticating user using %s plugin', plugin.__module__)
         # _authenticate is a wrapper for .auth() method of plugin.
         # it checks if .auth() sends proper data. For KallitheaExternalAuthPlugin
         # it also maps users to Database and maps the attributes returned
         # from .auth() to Kallithea database. If this function returns data
         # then auth is correct.
         user_data = plugin._authenticate(user, username, password,
                                            plugin_settings,
                                            environ=environ or {})
         log.debug('PLUGIN USER DATA: %s', user_data)
         if user_data is not None:
             log.debug('Plugin returned proper authentication data')
             return user_data

0 comments (0 inline, 0 general)