Mercurial > kallithea
diff rhodecode/lib/auth.py @ 1617:cf128ced8c85 beta
Improved container-based auth implementation and added support for a reverse-proxy setup (using the X-Forwarded-User header)
author | Liad Shani <liadff@gmail.com> |
---|---|
date | Wed, 26 Oct 2011 21:59:22 +0200 |
parents | 59ae82850e76 |
children | 9353189b7675 |
line wrap: on
line diff
--- a/rhodecode/lib/auth.py Tue Oct 25 21:17:29 2011 +0200 +++ b/rhodecode/lib/auth.py Wed Oct 26 21:59:22 2011 +0200 @@ -223,6 +223,21 @@ pass return False +def get_container_username(environ, cfg=config): + from paste.httpheaders import REMOTE_USER + from paste.deploy.converters import asbool + username = REMOTE_USER(environ) + + if not username and asbool(cfg.get('proxypass_auth_enabled', False)): + username = environ.get('HTTP_X_FORWARDED_USER') + + if username: + #Removing realm and domain from username + username = username.partition('@')[0] + username = username.rpartition('\\')[2] + log.debug('Received username %s from container', username) + + return username class AuthUser(object): """ @@ -238,8 +253,8 @@ self.user_id = user_id self.api_key = None - - self.username = 'None' if username is None else username + self.username = username + self.name = '' self.lastname = '' self.email = '' @@ -263,10 +278,7 @@ log.debug('Auth User lookup by USER ID %s', self.user_id) user_model.fill_data(self, user_id=self.user_id) is_user_loaded = True - elif self.username != 'None': - #Removing realm from username - self.username = self.username.partition('@')[0] - + elif self.username: log.debug('Auth User lookup by USER NAME %s', self.username) dbuser = User.get_by_username(self.username) if dbuser is not None and dbuser.active: @@ -274,6 +286,8 @@ setattr(self, k, v) self.set_authenticated() is_user_loaded = True + log.debug('User %s is now logged in', self.username) + dbuser.update_lastlogin() if not is_user_loaded: if self.anonymous_user.active is True: @@ -284,6 +298,9 @@ else: self.is_authenticated = False + if not self.username: + self.username = 'None' + log.debug('Auth User is now %s', self) user_model.fill_perms(self)