kallithea Changeset - 25d8e4836bc2

Changeset - 25d8e4836bc2

Parent rev.

Child rev.

[Not reviewed]

beta

0 4 0

Liad Shani - 14 years ago 2011-11-01 00:31:24
liadff@gmail.com

Improved container-based auth support for middleware

4 files changed with 24 insertions and 21 deletions:

rhodecode/lib/auth.py

rhodecode/lib/base.py

rhodecode/lib/middleware/simplegit.py

rhodecode/lib/middleware/simplehg.py

0 comments (0 inline, 0 general)

rhodecode/lib/auth.py

➞

Show inline comments

@@ @@ -250,23 +250,23 @@ def login_container_auth(username): @@
     user.update_lastlogin()
     log.debug('User %s is now logged in by container authentication',
               user.username)
     return user
 def get_container_username(environ, cfg):
     from paste.httpheaders import REMOTE_USER
     from paste.deploy.converters import asbool
 def get_container_username(environ, config):
     username = None
     proxy_pass_enabled = asbool(cfg.get('proxypass_auth_enabled', False))
     username = REMOTE_USER(environ)
     if not username and proxy_pass_enabled:
     if str2bool(config.get('container_auth_enabled', False)):
         from paste.httpheaders import REMOTE_USER
         username = REMOTE_USER(environ)
     if not username and str2bool(config.get('proxypass_auth_enabled', False)):
         username = environ.get('HTTP_X_FORWARDED_USER')
-    if username and proxy_pass_enabled:
     if username:
         # Removing realm and domain from username
         username = username.partition('@')[0]
         username = username.rpartition('\\')[2]
         log.debug('Received username %s from container', username)
     return username

rhodecode/lib/base.py

➞

Show inline comments

@@ @@ -5,13 +5,12 @@ Provides the BaseController class for su @@
 import logging
 import time
 from pylons import config, tmpl_context as c, request, session, url
 from pylons.controllers import WSGIController
 from pylons.controllers.util import redirect
 from pylons.templating import render_mako as render
 from paste.deploy.converters import asbool
 from rhodecode import __version__
 from rhodecode.lib import str2bool
 from rhodecode.lib.auth import AuthUser, get_container_username
 from rhodecode.lib.utils import get_repo_slug
 from rhodecode.model import meta
@@ @@ -42,16 +41,14 @@ class BaseController(WSGIController): @@
         # available in environ['pylons.routes_dict']
         start = time.time()
         try:
             # make sure that we update permissions each time we call controller
             api_key = request.GET.get('api_key')
             user_id = getattr(session.get('rhodecode_user'), 'user_id', None)
             if asbool(config.get('container_auth_enabled', False)):
                 username = get_container_username(environ)
             else:
                 username = None
             username = get_container_username(environ, config)
             auth_user = AuthUser(user_id, api_key, username)
             self.rhodecode_user = c.rhodecode_user = auth_user
             if not self.rhodecode_user.is_authenticated and \
                        self.rhodecode_user.user_id is not None:
                 self.rhodecode_user.set_authenticated(
                                         getattr(session.get('rhodecode_user'),

rhodecode/lib/middleware/simplegit.py

➞

Show inline comments

@@ @@ -145,29 +145,32 @@ class SimpleGit(object): @@
                               'authentication')
                 #==============================================================
                 # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
                 # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
                 #==============================================================
                 if not get_container_username(environ, self.config):
                 # Attempting to retrieve username from the container
                 username = get_container_username(environ, self.config)
                 # If not authenticated by the container, running basic auth
                 if not username:
                     self.authenticate.realm = \
                         safe_str(self.config['rhodecode_realm'])
                     result = self.authenticate(environ)
                     if isinstance(result, str):
                         AUTH_TYPE.update(environ, 'basic')
                         REMOTE_USER.update(environ, result)
                         username = result
                     else:
                         return result.wsgi_application(environ, start_response)
                 #==============================================================
                 # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM
                 # BASIC AUTH
                 # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME
                 #==============================================================
                 if action in ['pull', 'push']:
                     username = get_container_username(environ, self.config)
                     try:
                         user = self.__get_user(username)
                         if user is None or not user.active:
                             return HTTPForbidden()(environ, start_response)
                         username = user.username
                     except:

rhodecode/lib/middleware/simplehg.py

➞

Show inline comments

@@ @@ -111,29 +111,32 @@ class SimpleHg(object): @@
                               'authentication')
                 #==============================================================
                 # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
                 # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
                 #==============================================================
                 if not get_container_username(environ, self.config):
                 # Attempting to retrieve username from the container
                 username = get_container_username(environ, self.config)
                 # If not authenticated by the container, running basic auth
                 if not username:
                     self.authenticate.realm = \
                         safe_str(self.config['rhodecode_realm'])
                     result = self.authenticate(environ)
                     if isinstance(result, str):
                         AUTH_TYPE.update(environ, 'basic')
                         REMOTE_USER.update(environ, result)
                         username = result
                     else:
                         return result.wsgi_application(environ, start_response)
                 #==============================================================
                 # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM
                 # BASIC AUTH
                 # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME
                 #==============================================================
                 if action in ['pull', 'push']:
                     username = get_container_username(environ, self.config)
                     try:
                         user = self.__get_user(username)
                         if user is None or not user.active:
                             return HTTPForbidden()(environ, start_response)
                         username = user.username
                     except:

0 comments (0 inline, 0 general)