kallithea Changeset - 6cab36e31f09

Changeset - 6cab36e31f09

Parent rev.

Child rev.

[Not reviewed]

beta

0 4 0

Liad Shani - 14 years ago 2011-09-27 21:20:24
liadff@gmail.com

Added container-based authentication support

4 files changed with 43 insertions and 16 deletions:

rhodecode/config/deployment.ini_tmpl

rhodecode/lib/auth.py

rhodecode/lib/base.py

rhodecode/lib/middleware/simplehg.py

0 comments (0 inline, 0 general)

rhodecode/config/deployment.ini_tmpl

➞

Show inline comments

@@ @@ -42,24 +42,25 @@ port = 5000 @@
 [app:main]
 use = egg:rhodecode
 full_stack = true
 static_files = true
 lang=en
 cache_dir = %(here)s/data
 index_dir = %(here)s/data/index
 app_instance_uuid = ${app_instance_uuid}
 cut_off_limit = 256000
 force_https = false
 commit_parse_limit = 50
 use_gravatar = true
 container_auth_enabled = false
 ####################################
 ###        CELERY CONFIG        ####
 ####################################
 use_celery = false
 broker.host = localhost
 broker.vhost = rabbitmqhost
 broker.port = 5672
 broker.user = rabbitmq
 broker.password = qweqwe
 celery.imports = rhodecode.lib.celerylib.tasks

rhodecode/lib/auth.py

➞

Show inline comments

@@ @@ -226,59 +226,73 @@ def authenticate(username, password): @@
 class  AuthUser(object):
     """
     A simple object that handles all attributes of user in RhodeCode
     It does lookup based on API key,given user, or user present in session
     Then it fills all required information for such user. It also checks if
     anonymous access is enabled and if so, it returns default user as logged
     in
     """
     def __init__(self, user_id=None, api_key=None):
+    def __init__(self, user_id=None, api_key=None, username=None):
         self.user_id = user_id
         self.api_key = None
         self.username = 'None'
+        self.username = 'None' if username is None else username
         self.name = ''
         self.lastname = ''
         self.email = ''
         self.is_authenticated = False
         self.admin = False
         self.permissions = {}
         self._api_key = api_key
         self.propagate_data()
     def propagate_data(self):
         user_model = UserModel()
         self.anonymous_user = user_model.get_by_username('default', cache=True)
         is_user_loaded = False
         if self._api_key and self._api_key != self.anonymous_user.api_key:
             #try go get user by api key
             log.debug('Auth User lookup by API KEY %s', self._api_key)
             user_model.fill_data(self, api_key=self._api_key)
         else:
             is_user_loaded = True
         elif self.user_id is not None \
             and self.user_id != self.anonymous_user.user_id:
             log.debug('Auth User lookup by USER ID %s', self.user_id)
             if self.user_id is not None \
                 and self.user_id != self.anonymous_user.user_id:
                 user_model.fill_data(self, user_id=self.user_id)
             user_model.fill_data(self, user_id=self.user_id)
             is_user_loaded = True
         elif self.username != 'None':
             #Removing realm from username
             self.username = self.username.partition('@')[0]
             log.debug('Auth User lookup by USER NAME %s', self.username)
             dbuser = user_model.get_by_username(self.username)
             if dbuser is not None and dbuser.active:
                 for k, v in dbuser.get_dict().items():
                     setattr(self, k, v)
                 self.set_authenticated()
                 is_user_loaded = True
         if not is_user_loaded:
             if self.anonymous_user.active is True:
                 user_model.fill_data(self,
                                      user_id=self.anonymous_user.user_id)
                 #then we set this user is logged in
                 self.is_authenticated = True
             else:
                 if self.anonymous_user.active is True:
                     user_model.fill_data(self,
                                          user_id=self.anonymous_user.user_id)
                     #then we set this user is logged in
                     self.is_authenticated = True
                 else:
                     self.is_authenticated = False
                 self.is_authenticated = False
         log.debug('Auth User is now %s', self)
         user_model.fill_perms(self)
     @property
     def is_admin(self):
         return self.admin
     @property
     def full_contact(self):
         return '%s %s <%s>' % (self.name, self.lastname, self.email)

rhodecode/lib/base.py

➞

Show inline comments

 """The base Controller API
 Provides the BaseController class for subclassing.
 """
 import logging
 from pylons import config, tmpl_context as c, request, session, url
 from pylons.controllers import WSGIController
 from pylons.controllers.util import redirect
 from pylons.templating import render_mako as render
 from paste.deploy.converters import asbool
 from paste.httpheaders import REMOTE_USER
 from rhodecode import __version__
 from rhodecode.lib.auth import AuthUser
 from rhodecode.lib.utils import get_repo_slug
 from rhodecode.model import meta
 from rhodecode.model.scm import ScmModel
 from rhodecode import BACKENDS
 from rhodecode.model.db import Repository
 log = logging.getLogger(__name__)
 class BaseController(WSGIController):
@@ @@ -34,26 +37,32 @@ class BaseController(WSGIController): @@
         #c.unread_journal = scm_model.get_unread_journal()
     def __call__(self, environ, start_response):
         """Invoke the Controller"""
         # WSGIController.__call__ dispatches to the Controller method
         # the request is routed to. This routing information is
         # available in environ['pylons.routes_dict']
         try:
             # putting this here makes sure that we update permissions each time
             api_key = request.GET.get('api_key')
             user_id = getattr(session.get('rhodecode_user'), 'user_id', None)
             self.rhodecode_user = c.rhodecode_user = AuthUser(user_id, api_key)
             self.rhodecode_user.set_authenticated(
             if asbool(config.get('container_auth_enabled', False)):
                 username = REMOTE_USER(environ)
             else:
                 username = None
             self.rhodecode_user = c.rhodecode_user = AuthUser(user_id, api_key, username)
             if not self.rhodecode_user.is_authenticated:
                 self.rhodecode_user.set_authenticated(
                                         getattr(session.get('rhodecode_user'),
                                        'is_authenticated', False))
             session['rhodecode_user'] = self.rhodecode_user
             session.save()
             return WSGIController.__call__(self, environ, start_response)
         finally:
             meta.Session.remove()
 class BaseRepoController(BaseController):
     """
     Base class for controllers responsible for loading all needed data

rhodecode/lib/middleware/simplehg.py

➞

Show inline comments

@@ @@ -119,27 +119,30 @@ class SimpleHg(object): @@
                     if isinstance(result, str):
                         AUTH_TYPE.update(environ, 'basic')
                         REMOTE_USER.update(environ, result)
                     else:
                         return result.wsgi_application(environ, start_response)
                 #==============================================================
                 # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM
                 # BASIC AUTH
                 #==============================================================
                 if self.action in ['pull', 'push']:
                     username = REMOTE_USER(environ)
                     #Removing realm from username
                     username = REMOTE_USER(environ).partition('@')[0]
                     try:
                         user = self.__get_user(username)
                         if user is None:
                             return HTTPForbidden()(environ, start_response)
                         self.username = user.username
                     except:
                         log.error(traceback.format_exc())
                         return HTTPInternalServerError()(environ,
                                                          start_response)
                     #check permissions for this repository
                     perm = self.__check_permission(self.action, user,
                                                    self.repo_name)
                     if perm is not True:
                         return HTTPForbidden()(environ, start_response)

0 comments (0 inline, 0 general)