kallithea Changeset - 9f5582151d53

Changeset - 9f5582151d53

Parent rev.

Child rev.

[Not reviewed]

beta

0 5 0

Marcin Kuzminski - 14 years ago 2012-03-16 22:58:05
marcin@python-works.com

Alternative HTTP response codes when client failed to Authenticate correctly

5 files changed with 37 insertions and 1 deletions:

development.ini

docs/changelog.rst

production.ini

rhodecode/config/deployment.ini_tmpl

rhodecode/lib/base.py

0 comments (0 inline, 0 general)

development.ini

➞

Show inline comments

@@ @@ -90,12 +90,17 @@ issue_prefix = # @@
 ## instance-id prefix
 ## a prefix key for this instance used for cache invalidation when running
 ## multiple instances of rhodecode, make sure it's globally unique for
 ## all running rhodecode instances. Leave empty if you don't use it
 instance_id =
 ## alternative return HTTP header for failed authentication. Default HTTP
 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
 ## handling that. Set this variable to 403 to return HTTPForbidden
 auth_ret_code =
 ####################################
 ###        CELERY CONFIG        ####
 ####################################
 use_celery = false
 broker.host = localhost
 broker.vhost = rabbitmqhost

docs/changelog.rst

➞

Show inline comments

@@ @@ -20,12 +20,14 @@ news @@
 - created rcextensions module with additional mappings (ref #322) and
   post push/pull/create repo hooks callbacks
 - implemented #377 Users view for his own permissions on account page
 - #399 added inheritance of permissions for users group on repos groups
 - #401 repository group is automatically pre-selected when adding repos
   inside a repository group
 - added alternative HTTP 403 response when client failed to authenticate. Helps
   solving issues with Mercurial and LDAP
 fixes
 +++++
 - fixed #390 cache invalidation problems on repos inside group
 - fixed #385 clone by ID url was loosing proxy prefix in URL

production.ini

➞

Show inline comments

@@ @@ -90,12 +90,17 @@ issue_prefix = # @@
 ## instance-id prefix
 ## a prefix key for this instance used for cache invalidation when running
 ## multiple instances of rhodecode, make sure it's globally unique for
 ## all running rhodecode instances. Leave empty if you don't use it
 instance_id =
 ## alternative return HTTP header for failed authentication. Default HTTP
 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
 ## handling that. Set this variable to 403 to return HTTPForbidden
 auth_ret_code =
 ####################################
 ###        CELERY CONFIG        ####
 ####################################
 use_celery = false
 broker.host = localhost
 broker.vhost = rabbitmqhost

rhodecode/config/deployment.ini_tmpl

➞

Show inline comments

@@ @@ -90,12 +90,17 @@ issue_prefix = # @@
 ## instance-id prefix
 ## a prefix key for this instance used for cache invalidation when running
 ## multiple instances of rhodecode, make sure it's globally unique for
 ## all running rhodecode instances. Leave empty if you don't use it
 instance_id =
 ## alternative return HTTP header for failed authentication. Default HTTP
 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
 ## handling that. Set this variable to 403 to return HTTPForbidden
 auth_ret_code =
 ####################################
 ###        CELERY CONFIG        ####
 ####################################
 use_celery = false
 broker.host = localhost
 broker.vhost = rabbitmqhost

rhodecode/lib/base.py

➞

Show inline comments

@@ @@ -4,12 +4,14 @@ Provides the BaseController class for su @@
 """
 import logging
 import time
 import traceback
 from paste.auth.basic import AuthBasicAuthenticator
 from paste.httpexceptions import HTTPUnauthorized, HTTPForbidden
 from paste.httpheaders import WWW_AUTHENTICATE
 from pylons import config, tmpl_context as c, request, session, url
 from pylons.controllers import WSGIController
 from pylons.controllers.util import redirect
 from pylons.templating import render_mako as render
@@ @@ -25,21 +27,38 @@ from rhodecode.model.db import Repositor @@
 from rhodecode.model.notification import NotificationModel
 from rhodecode.model.scm import ScmModel
 log = logging.getLogger(__name__)
 class BasicAuth(AuthBasicAuthenticator):
     def __init__(self, realm, authfunc, auth_http_code=None):
         self.realm = realm
         self.authfunc = authfunc
         self._rc_auth_http_code = auth_http_code
     def build_authentication(self):
         head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)
         if self._rc_auth_http_code and self._rc_auth_http_code == '403':
             # return 403 if alternative http return code is specified in
             # RhodeCode config
             return HTTPForbidden(headers=head)
         return HTTPUnauthorized(headers=head)
 class BaseVCSController(object):
     def __init__(self, application, config):
         self.application = application
         self.config = config
         # base path of repo locations
         self.basepath = self.config['base_path']
         #authenticate this mercurial request using authfunc
         self.authenticate = AuthBasicAuthenticator('', authfunc)
         self.authenticate = BasicAuth('', authfunc,
                                       config.get('auth_ret_code'))
         self.ipaddr = '0.0.0.0'
     def _handle_request(self, environ, start_response):
         raise NotImplementedError()
     def _get_by_id(self, repo_name):

0 comments (0 inline, 0 general)