Changeset - d052078e0a16
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Søren Løvborg - 10 years ago 2015-07-14 13:59:59
kwi@kwi.dk
BaseController: refactor API key authentication

Untangle API key authentication. Creating an AuthUser from an API key
can leave the AuthUser authenticated or not, depending on key validity
and Kallithea configuration; but either way, _determine_auth_user will
not change this fact, and we can return early.
1 file changed with 5 insertions and 3 deletions:
kallithea/lib/base.py
5
3
0 comments (0 inline, 0 general)
kallithea/lib/base.py
Show inline comments
 
@@ -301,101 +301,103 @@ class BaseController(WSGIController):
 
        c.visual.show_version = str2bool(rc_config.get('show_version'))
 
        c.visual.use_gravatar = str2bool(rc_config.get('use_gravatar'))
 
        c.visual.gravatar_url = rc_config.get('gravatar_url')
 

			




	
	
	
		
 
        c.ga_code = rc_config.get('ga_code')

			




	
	
	
		
 
        # TODO: replace undocumented backwards compatibility hack with db upgrade and rename ga_code

			




	
	
	
		
 
        if c.ga_code and '<' not in c.ga_code:

			




	
	
	
		
 
            c.ga_code = '''<script type="text/javascript">

			




	
	
	
		
 
                var _gaq = _gaq || [];

			




	
	
	
		
 
                _gaq.push(['_setAccount', '%s']);

			




	
	
	
		
 
                _gaq.push(['_trackPageview']);

			




	
	
	
		
 

			




	
	
	
		
 
                (function() {

			




	
	
	
		
 
                    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;

			




	
	
	
		
 
                    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';

			




	
	
	
		
 
                    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);

			




	
	
	
		
 
                    })();

			




	
	
	
		
 
            </script>''' % c.ga_code

			




	
	
	
		
 
        c.site_name = rc_config.get('title')

			




	
	
	
		
 
        c.clone_uri_tmpl = rc_config.get('clone_uri_tmpl')

			




	
	
	
		
 

			




	
	
	
		
 
        ## INI stored

			




	
	
	
		
 
        c.visual.allow_repo_location_change = str2bool(config.get('allow_repo_location_change', True))

			




	
	
	
		
 
        c.visual.allow_custom_hooks_settings = str2bool(config.get('allow_custom_hooks_settings', True))

			




	
	
	
		
 

			




	
	
	
		
 
        c.instance_id = config.get('instance_id')

			




	
	
	
		
 
        c.issues_url = config.get('bugtracker', url('issues_url'))

			




	
	
	
		
 
        # END CONFIG VARS

			




	
	
	
		
 

			




	
	
	
		
 
        c.repo_name = get_repo_slug(request)  # can be empty

			




	
	
	
		
 
        c.backends = BACKENDS.keys()

			




	
	
	
		
 
        c.unread_notifications = NotificationModel()\

			




	
	
	
		
 
                        .get_unread_cnt_for_user(c.authuser.user_id)

			




	
	
	
		
 

			




	
	
	
		
 
        self.cut_off_limit = safe_int(config.get('cut_off_limit'))

			




	
	
	
		
 

			




	
	
	
		
 
        c.my_pr_count = PullRequestModel().get_pullrequest_cnt_for_user(c.authuser.user_id)

			




	
	
	
		
 

			




	
	
	
		
 
        self.sa = meta.Session

			




	
	
	
		
 
        self.scm_model = ScmModel(self.sa)

			




	
	
	
		
 

			




	
	
	
		
 
    @staticmethod

			




	
	
	
		
 
    def _determine_auth_user(api_key, session_authuser):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Create an `AuthUser` object given the IP address of the request, the

			




	
	
	
		
 
        API key (if any), and the authuser from the session.

			




	
	
	
		
 
        """

			




	
	
	
		
 

			




	
	
	
		
 
        # Authenticate by API key

			




	
	
	
		
 
        if api_key:

			




	
	
	
		
 
            # when using API_KEY we are sure user exists.

			




	
	
	
		
 
            auth_user = AuthUser(api_key=api_key)

			




	
	
	
		
 
            authenticated = False

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            return AuthUser(api_key=api_key)

			




	
	
	
		
 

			




	
	
	
		
 
        # Authenticate by session cookie

			




	
	
	
		
 
        if True:

			




	
	
	
		
 
            cookie_store = CookieStoreWrapper(session_authuser)

			




	
	
	
		
 
            user_id = cookie_store.get('user_id')

			




	
	
	
		
 
            try:

			




	
	
	
		
 
                auth_user = AuthUser(user_id=user_id)

			




	
	
	
		
 
            except UserCreationError as e:

			




	
	
	
		
 
                # container auth or other auth functions that create users on

			




	
	
	
		
 
                # the fly can throw UserCreationError to signal issues with

			




	
	
	
		
 
                # user creation. Explanation should be provided in the

			




	
	
	
		
 
                # exception object.

			




	
	
	
		
 
                from kallithea.lib import helpers as h

			




	
	
	
		
 
                h.flash(e, 'error')

			




	
	
	
		
 
                auth_user = AuthUser()

			




	
	
	
		
 

			




	
	
	
		
 
            authenticated = cookie_store.get('is_authenticated')

			




	
	
	
		
 

			




	
	
	
		
 
        if not auth_user.is_authenticated and auth_user.user_id is not None:

			




	
	
	
		
 
            # user is not authenticated and not empty

			




	
	
	
		
 
            auth_user.set_authenticated(authenticated)

			




	
	
	
		
 

			




	
	
	
		
 
        return auth_user

			




	
	
	
		
 

			




	
	
	
		
 
    def __call__(self, environ, start_response):

			




	
	
	
		
 
        """Invoke the Controller"""

			




	
	
	
		
 

			




	
	
	
		
 
        # WSGIController.__call__ dispatches to the Controller method

			




	
	
	
		
 
        # the request is routed to. This routing information is

			




	
	
	
		
 
        # available in environ['pylons.routes_dict']

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            self.ip_addr = _get_ip_addr(environ)

			




	
	
	
		
 
            # make sure that we update permissions each time we call controller

			




	
	
	
		
 

			




	
	
	
		
 
            #set globals for auth user

			




	
	
	
		
 
            self.authuser = c.authuser = request.user = self._determine_auth_user(

			




	
	
	
		
 
                request.GET.get('api_key'),

			




	
	
	
		
 
                session.get('authuser'),

			




	
	
	
		
 
            )

			




	
	
	
		
 

			




	
	
	
		
 
            log.info('IP: %s User: %s accessed %s',

			




	
	
	
		
 
                self.ip_addr, self.authuser,

			




	
	
	
		
 
                safe_unicode(_get_access_path(environ)),

			




	
	
	
		
 
            )

			




	
	
	
		
 
            return WSGIController.__call__(self, environ, start_response)

			




	
	
	
		
 
        finally:

			




	
	
	
		
 
            meta.Session.remove()

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class BaseRepoController(BaseController):

			




	
	
	
		
 
    """

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.