Files @ 74e669d8a479
Branch filter:

Location: kallithea/kallithea/lib/auth_modules/auth_internal.py

74e669d8a479 3.8 KiB text/x-python Show Annotation Show as Raw Download as Raw
Mads Kiilerich
auth: fail pam and internal authentication attempts if no username is provided (Issue #180)

When the Mercurial client communicates with a server over HTTP, it will always
first try to perform operations unauthenticated before providing credentials.
Authentication attempts without credentials is usually pointless and will just
slow operations down.

Some authentication plugins (such as LDAP) already skipped these
unauthenticated requests. Now, do the same for other authentication plugions.

Other authentication plugins also skip if no password is provided ... but that
doesn't seem necessary.
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
# -*- coding: utf-8 -*-
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
"""
kallithea.lib.auth_modules.auth_internal
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Kallithea authentication plugin for built in internal auth

This file was forked by the Kallithea project in July 2014.
Original author and date, and relevant copyright and licensing information is below:
:created_on: Created on Nov 17, 2012
:author: marcink
:copyright: (c) 2013 RhodeCode GmbH, and others.
:license: GPLv3, see LICENSE.md for more details.
"""


import logging

from kallithea import EXTERN_TYPE_INTERNAL
from kallithea.lib import auth_modules
from kallithea.lib.compat import formatted_json, hybrid_property
from kallithea.model.db import User

log = logging.getLogger(__name__)


class KallitheaAuthPlugin(auth_modules.KallitheaAuthPluginBase):
    def __init__(self):
        pass

    @hybrid_property
    def name(self):
        return EXTERN_TYPE_INTERNAL

    def settings(self):
        return []

    def user_activation_state(self):
        def_user_perms = User.get_default_user().AuthUser.permissions['global']
        return 'hg.register.auto_activate' in def_user_perms

    def accepts(self, user, accepts_empty=True):
        """
        Custom accepts for this auth that doesn't accept empty users. We
        know that user exists in database.
        """
        return super(KallitheaAuthPlugin, self).accepts(user,
                                                        accepts_empty=False)

    def auth(self, userobj, username, password, settings, **kwargs):
        if not userobj:
            log.debug('userobj was:%s skipping', userobj)
            return None
        if userobj.extern_type != self.name:
            log.warning("userobj:%s extern_type mismatch got:`%s` expected:`%s`",
                     userobj, userobj.extern_type, self.name)
            return None
        if not username:
            log.debug('Empty username - skipping...')
            return None

        user_data = {
            "username": userobj.username,
            "firstname": userobj.firstname,
            "lastname": userobj.lastname,
            "groups": [],
            "email": userobj.email,
            "admin": userobj.admin,
            "active": userobj.active,
            "active_from_extern": userobj.active,
            "extern_name": userobj.user_id,
        }

        log.debug(formatted_json(user_data))
        if userobj.active:
            from kallithea.lib import auth
            password_match = auth.KallitheaCrypto.hash_check(password, userobj.password)
            if userobj.username == User.DEFAULT_USER and userobj.active:
                log.info('user %s authenticated correctly as anonymous user',
                         username)
                return user_data

            elif userobj.username == username and password_match:
                log.info('user %s authenticated correctly', user_data['username'])
                return user_data
            log.error("user %s had a bad password", username)
            return None
        else:
            log.warning('user %s tried auth but is disabled', username)
            return None

    def get_managed_fields(self):
        # Note: 'username' should only be editable (at least for user) if self registration is enabled
        return []
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.