kallithea Changeset - 6cab36e31f09

Changeset - 6cab36e31f09

Parent rev.

Child rev.

[Not reviewed]

beta

0 4 0

Liad Shani - 14 years ago 2011-09-27 21:20:24
liadff@gmail.com

Added container-based authentication support

4 files changed with 43 insertions and 16 deletions:

rhodecode/config/deployment.ini_tmpl

rhodecode/lib/auth.py

rhodecode/lib/base.py

rhodecode/lib/middleware/simplehg.py

0 comments (0 inline, 0 general)

rhodecode/config/deployment.ini_tmpl

➞

Show inline comments

@@ @@ -48,12 +48,13 @@ cache_dir = %(here)s/data @@
 index_dir = %(here)s/data/index
 app_instance_uuid = ${app_instance_uuid}
 cut_off_limit = 256000
 force_https = false
 commit_parse_limit = 50
 use_gravatar = true
 container_auth_enabled = false
 ####################################
 ###        CELERY CONFIG        ####
 ####################################
 use_celery = false
 broker.host = localhost

rhodecode/lib/auth.py

➞

Show inline comments

@@ @@ -232,47 +232,61 @@ class AuthUser(object): @@
     It does lookup based on API key,given user, or user present in session
     Then it fills all required information for such user. It also checks if
     anonymous access is enabled and if so, it returns default user as logged
     in
     """
     def __init__(self, user_id=None, api_key=None):
+    def __init__(self, user_id=None, api_key=None, username=None):
         self.user_id = user_id
         self.api_key = None
         self.username = 'None'
+        self.username = 'None' if username is None else username
         self.name = ''
         self.lastname = ''
         self.email = ''
         self.is_authenticated = False
         self.admin = False
         self.permissions = {}
         self._api_key = api_key
         self.propagate_data()
     def propagate_data(self):
         user_model = UserModel()
         self.anonymous_user = user_model.get_by_username('default', cache=True)
         is_user_loaded = False
         if self._api_key and self._api_key != self.anonymous_user.api_key:
             #try go get user by api key
             log.debug('Auth User lookup by API KEY %s', self._api_key)
             user_model.fill_data(self, api_key=self._api_key)
         else:
             is_user_loaded = True
         elif self.user_id is not None \
             and self.user_id != self.anonymous_user.user_id:
             log.debug('Auth User lookup by USER ID %s', self.user_id)
             if self.user_id is not None \
                 and self.user_id != self.anonymous_user.user_id:
                 user_model.fill_data(self, user_id=self.user_id)
             user_model.fill_data(self, user_id=self.user_id)
             is_user_loaded = True
         elif self.username != 'None':
             #Removing realm from username
             self.username = self.username.partition('@')[0]
             log.debug('Auth User lookup by USER NAME %s', self.username)
             dbuser = user_model.get_by_username(self.username)
             if dbuser is not None and dbuser.active:
                 for k, v in dbuser.get_dict().items():
                     setattr(self, k, v)
                 self.set_authenticated()
                 is_user_loaded = True
         if not is_user_loaded:
             if self.anonymous_user.active is True:
                 user_model.fill_data(self,
                                      user_id=self.anonymous_user.user_id)
                 #then we set this user is logged in
                 self.is_authenticated = True
             else:
                 if self.anonymous_user.active is True:
                     user_model.fill_data(self,
                                          user_id=self.anonymous_user.user_id)
                     #then we set this user is logged in
                     self.is_authenticated = True
                 else:
                     self.is_authenticated = False
                 self.is_authenticated = False
         log.debug('Auth User is now %s', self)
         user_model.fill_perms(self)
     @property
     def is_admin(self):

rhodecode/lib/base.py

➞

Show inline comments

@@ @@ -6,12 +6,15 @@ import logging @@
 from pylons import config, tmpl_context as c, request, session, url
 from pylons.controllers import WSGIController
 from pylons.controllers.util import redirect
 from pylons.templating import render_mako as render
 from paste.deploy.converters import asbool
 from paste.httpheaders import REMOTE_USER
 from rhodecode import __version__
 from rhodecode.lib.auth import AuthUser
 from rhodecode.lib.utils import get_repo_slug
 from rhodecode.model import meta
 from rhodecode.model.scm import ScmModel
 from rhodecode import BACKENDS
@@ @@ -40,14 +43,20 @@ class BaseController(WSGIController): @@
         # the request is routed to. This routing information is
         # available in environ['pylons.routes_dict']
         try:
             # putting this here makes sure that we update permissions each time
             api_key = request.GET.get('api_key')
             user_id = getattr(session.get('rhodecode_user'), 'user_id', None)
             self.rhodecode_user = c.rhodecode_user = AuthUser(user_id, api_key)
             self.rhodecode_user.set_authenticated(
             if asbool(config.get('container_auth_enabled', False)):
                 username = REMOTE_USER(environ)
             else:
                 username = None
             self.rhodecode_user = c.rhodecode_user = AuthUser(user_id, api_key, username)
             if not self.rhodecode_user.is_authenticated:
                 self.rhodecode_user.set_authenticated(
                                         getattr(session.get('rhodecode_user'),
                                        'is_authenticated', False))
             session['rhodecode_user'] = self.rhodecode_user
             session.save()
             return WSGIController.__call__(self, environ, start_response)
         finally:

rhodecode/lib/middleware/simplehg.py

➞

Show inline comments

@@ @@ -125,15 +125,18 @@ class SimpleHg(object): @@
                 #==============================================================
                 # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM
                 # BASIC AUTH
                 #==============================================================
                 if self.action in ['pull', 'push']:
                     username = REMOTE_USER(environ)
                     #Removing realm from username
                     username = REMOTE_USER(environ).partition('@')[0]
                     try:
                         user = self.__get_user(username)
                         if user is None:
                             return HTTPForbidden()(environ, start_response)
                         self.username = user.username
                     except:
                         log.error(traceback.format_exc())
                         return HTTPInternalServerError()(environ,
                                                          start_response)

0 comments (0 inline, 0 general)