kallithea Changeset - f103b1a2383b

Changeset - f103b1a2383b

Parent rev.

Child rev.

[Not reviewed]

default

0 5 0

Søren Løvborg - 10 years ago 2015-07-14 14:00:17
kwi@kwi.dk

BaseController: hide "Log out" link for external login sessions

If user is authorized by external means (API key or container auth),
Kallithea is not actually able to log the user out and should not show
the "Log out" link.

5 files changed with 29 insertions and 7 deletions:

kallithea/controllers/login.py

kallithea/lib/auth.py

kallithea/lib/base.py

kallithea/templates/base/base.html

kallithea/tests/functional/test_admin_auth_settings.py

0 comments (0 inline, 0 general)

kallithea/controllers/login.py

➞

Show inline comments

@@ @@ -116,7 +116,8 @@ class LoginController(BaseController): @@
                 # Exception itself
                 h.flash(e, 'error')
             else:
                 log_in_user(user, c.form_result['remember'])
                 log_in_user(user, c.form_result['remember'],
                     is_external_auth=False)
                 return self._redirect_to_origin(c.came_from)
         return render('/login.html')

kallithea/lib/auth.py

➞

Show inline comments

@@ @@ -476,7 +476,8 @@ class AuthUser(object): @@
     so, set `is_authenticated` to True.
     """
     def __init__(self, user_id=None, api_key=None, username=None):
     def __init__(self, user_id=None, api_key=None, username=None,
             is_external_auth=False):
         self.user_id = user_id
         self._api_key = api_key
@@ @@ -489,6 +490,7 @@ class AuthUser(object): @@
         self.is_authenticated = False
         self.admin = False
         self.inherit_default_permissions = False
         self.is_external_auth = is_external_auth
         self.propagate_data()
         self._instance = None
@@ @@ -633,6 +635,7 @@ class AuthUser(object): @@
             'user_id': self.user_id,
             'username': self.username,
             'is_authenticated': self.is_authenticated,
             'is_external_auth': self.is_external_auth,
+        }
     @staticmethod
@@ @@ -644,6 +647,7 @@ class AuthUser(object): @@
         au = AuthUser(
             user_id=cookie.get('user_id'),
             username=cookie.get('username'),
             is_external_auth=cookie.get('is_external_auth', False),
+        )
         if not au.is_authenticated and au.user_id is not None:
             # user is not authenticated and not empty

kallithea/lib/base.py

➞

Show inline comments

@@ @@ -104,7 +104,7 @@ def _get_access_path(environ): @@
     return path
 def log_in_user(user, remember):
+def log_in_user(user, remember, is_external_auth):
     """
     Log a `User` in and update session and cookies. If `remember` is True,
     the session cookie is set to expire in a year; otherwise, it expires at
@@ @@ -115,7 +115,8 @@ def log_in_user(user, remember): @@
     user.update_lastlogin()
     meta.Session().commit()
     auth_user = AuthUser(user_id=user.user_id)
     auth_user = AuthUser(user_id=user.user_id,
                          is_external_auth=is_external_auth)
     auth_user.set_authenticated()
     # Start new session to prevent session fixation attacks.
@@ @@ -384,7 +385,7 @@ class BaseController(WSGIController): @@
         # Authenticate by API key
         if api_key:
             # when using API_KEY we are sure user exists.
             return AuthUser(api_key=api_key)
+            return AuthUser(api_key=api_key, is_external_auth=True)
         # Authenticate by session cookie
         cookie = session.get('authuser')
@@ @@ -415,7 +416,8 @@ class BaseController(WSGIController): @@
                 if auth_info:
                     username = auth_info['username']
                     user = User.get_by_username(username, case_insensitive=True)
                     return log_in_user(user, remember=False)
                     return log_in_user(user, remember=False,
                                        is_external_auth=True)
         # User is anonymous
         return AuthUser()

kallithea/templates/base/base.html

➞

Show inline comments

@@ @@ -348,7 +348,10 @@ @@
             <ol class="links">
               <li><a href="${h.url('notifications')}">${_('Notifications')}: ${c.unread_notifications}</a></li>
               <li>${h.link_to(_(u'My Account'),h.url('my_account'))}</li>
               <li class="logout">${h.link_to(_(u'Log Out'),h.url('logout_home'))}</li>
               %if not c.authuser.is_external_auth:
                 ## Cannot log out if using external (container) authentication.
                 <li class="logout">${h.link_to(_(u'Log Out'), h.url('logout_home'))}</li>
               %endif
             </ol>
             </div>
           %endif

kallithea/tests/functional/test_admin_auth_settings.py

➞

Show inline comments

@@ @@ -175,3 +175,15 @@ class TestAuthSettingsController(TestCon @@
             extra_environ={'REMOTE_USER': r'example\jane'},
             resulting_username=r'jane',
+        )
     def test_container_auth_no_logout(self):
         self._container_auth_setup(
             auth_container_header='REMOTE_USER',
             auth_container_fallback_header='',
             auth_container_clean_username='True',
+        )
         response = self.app.get(
             url=url(controller='admin/my_account', action='my_account'),
             extra_environ={'REMOTE_USER': 'john'},
+        )
         self.assertNotIn('Log Out', response.normal_body)

0 comments (0 inline, 0 general)