# HG changeset patch # User Liad Shani # Date 1317151224 -10800 # Node ID 6cab36e31f095e372572ffd0812e1e6869ee3b2d # Parent dc16211e7292f769a682b6ba994ab4ebbe1e05d1 Added container-based authentication support diff -r dc16211e7292 -r 6cab36e31f09 rhodecode/config/deployment.ini_tmpl --- a/rhodecode/config/deployment.ini_tmpl Sat Sep 24 22:21:43 2011 +0300 +++ b/rhodecode/config/deployment.ini_tmpl Tue Sep 27 22:20:24 2011 +0300 @@ -51,6 +51,7 @@ force_https = false commit_parse_limit = 50 use_gravatar = true +container_auth_enabled = false #################################### ### CELERY CONFIG #### diff -r dc16211e7292 -r 6cab36e31f09 rhodecode/lib/auth.py --- a/rhodecode/lib/auth.py Sat Sep 24 22:21:43 2011 +0300 +++ b/rhodecode/lib/auth.py Tue Sep 27 22:20:24 2011 +0300 @@ -235,12 +235,12 @@ in """ - def __init__(self, user_id=None, api_key=None): + def __init__(self, user_id=None, api_key=None, username=None): self.user_id = user_id self.api_key = None - self.username = 'None' + self.username = 'None' if username is None else username self.name = '' self.lastname = '' self.email = '' @@ -253,23 +253,37 @@ def propagate_data(self): user_model = UserModel() self.anonymous_user = user_model.get_by_username('default', cache=True) + is_user_loaded = False if self._api_key and self._api_key != self.anonymous_user.api_key: #try go get user by api key log.debug('Auth User lookup by API KEY %s', self._api_key) user_model.fill_data(self, api_key=self._api_key) - else: + is_user_loaded = True + elif self.user_id is not None \ + and self.user_id != self.anonymous_user.user_id: log.debug('Auth User lookup by USER ID %s', self.user_id) - if self.user_id is not None \ - and self.user_id != self.anonymous_user.user_id: - user_model.fill_data(self, user_id=self.user_id) + user_model.fill_data(self, user_id=self.user_id) + is_user_loaded = True + elif self.username != 'None': + #Removing realm from username + self.username = self.username.partition('@')[0] + + log.debug('Auth User lookup by USER NAME %s', self.username) + dbuser = user_model.get_by_username(self.username) + if dbuser is not None and dbuser.active: + for k, v in dbuser.get_dict().items(): + setattr(self, k, v) + self.set_authenticated() + is_user_loaded = True + + if not is_user_loaded: + if self.anonymous_user.active is True: + user_model.fill_data(self, + user_id=self.anonymous_user.user_id) + #then we set this user is logged in + self.is_authenticated = True else: - if self.anonymous_user.active is True: - user_model.fill_data(self, - user_id=self.anonymous_user.user_id) - #then we set this user is logged in - self.is_authenticated = True - else: - self.is_authenticated = False + self.is_authenticated = False log.debug('Auth User is now %s', self) user_model.fill_perms(self) diff -r dc16211e7292 -r 6cab36e31f09 rhodecode/lib/base.py --- a/rhodecode/lib/base.py Sat Sep 24 22:21:43 2011 +0300 +++ b/rhodecode/lib/base.py Tue Sep 27 22:20:24 2011 +0300 @@ -9,6 +9,9 @@ from pylons.controllers.util import redirect from pylons.templating import render_mako as render +from paste.deploy.converters import asbool +from paste.httpheaders import REMOTE_USER + from rhodecode import __version__ from rhodecode.lib.auth import AuthUser from rhodecode.lib.utils import get_repo_slug @@ -43,8 +46,14 @@ # putting this here makes sure that we update permissions each time api_key = request.GET.get('api_key') user_id = getattr(session.get('rhodecode_user'), 'user_id', None) - self.rhodecode_user = c.rhodecode_user = AuthUser(user_id, api_key) - self.rhodecode_user.set_authenticated( + if asbool(config.get('container_auth_enabled', False)): + username = REMOTE_USER(environ) + else: + username = None + + self.rhodecode_user = c.rhodecode_user = AuthUser(user_id, api_key, username) + if not self.rhodecode_user.is_authenticated: + self.rhodecode_user.set_authenticated( getattr(session.get('rhodecode_user'), 'is_authenticated', False)) session['rhodecode_user'] = self.rhodecode_user diff -r dc16211e7292 -r 6cab36e31f09 rhodecode/lib/middleware/simplehg.py --- a/rhodecode/lib/middleware/simplehg.py Sat Sep 24 22:21:43 2011 +0300 +++ b/rhodecode/lib/middleware/simplehg.py Tue Sep 27 22:20:24 2011 +0300 @@ -128,9 +128,12 @@ #============================================================== if self.action in ['pull', 'push']: - username = REMOTE_USER(environ) + #Removing realm from username + username = REMOTE_USER(environ).partition('@')[0] try: user = self.__get_user(username) + if user is None: + return HTTPForbidden()(environ, start_response) self.username = user.username except: log.error(traceback.format_exc())