# HG changeset patch # User Søren Løvborg # Date 1436875217 -7200 # Node ID f103b1a2383bc4fba5d28f9732ba832025e3bf00 # Parent 8394211b1c32649b9861ad19dcc14eda9fe9e469 BaseController: hide "Log out" link for external login sessions If user is authorized by external means (API key or container auth), Kallithea is not actually able to log the user out and should not show the "Log out" link. diff -r 8394211b1c32 -r f103b1a2383b kallithea/controllers/login.py --- a/kallithea/controllers/login.py Tue Jul 14 14:00:15 2015 +0200 +++ b/kallithea/controllers/login.py Tue Jul 14 14:00:17 2015 +0200 @@ -116,7 +116,8 @@ # Exception itself h.flash(e, 'error') else: - log_in_user(user, c.form_result['remember']) + log_in_user(user, c.form_result['remember'], + is_external_auth=False) return self._redirect_to_origin(c.came_from) return render('/login.html') diff -r 8394211b1c32 -r f103b1a2383b kallithea/lib/auth.py --- a/kallithea/lib/auth.py Tue Jul 14 14:00:15 2015 +0200 +++ b/kallithea/lib/auth.py Tue Jul 14 14:00:17 2015 +0200 @@ -476,7 +476,8 @@ so, set `is_authenticated` to True. """ - def __init__(self, user_id=None, api_key=None, username=None): + def __init__(self, user_id=None, api_key=None, username=None, + is_external_auth=False): self.user_id = user_id self._api_key = api_key @@ -489,6 +490,7 @@ self.is_authenticated = False self.admin = False self.inherit_default_permissions = False + self.is_external_auth = is_external_auth self.propagate_data() self._instance = None @@ -633,6 +635,7 @@ 'user_id': self.user_id, 'username': self.username, 'is_authenticated': self.is_authenticated, + 'is_external_auth': self.is_external_auth, } @staticmethod @@ -644,6 +647,7 @@ au = AuthUser( user_id=cookie.get('user_id'), username=cookie.get('username'), + is_external_auth=cookie.get('is_external_auth', False), ) if not au.is_authenticated and au.user_id is not None: # user is not authenticated and not empty diff -r 8394211b1c32 -r f103b1a2383b kallithea/lib/base.py --- a/kallithea/lib/base.py Tue Jul 14 14:00:15 2015 +0200 +++ b/kallithea/lib/base.py Tue Jul 14 14:00:17 2015 +0200 @@ -104,7 +104,7 @@ return path -def log_in_user(user, remember): +def log_in_user(user, remember, is_external_auth): """ Log a `User` in and update session and cookies. If `remember` is True, the session cookie is set to expire in a year; otherwise, it expires at @@ -115,7 +115,8 @@ user.update_lastlogin() meta.Session().commit() - auth_user = AuthUser(user_id=user.user_id) + auth_user = AuthUser(user_id=user.user_id, + is_external_auth=is_external_auth) auth_user.set_authenticated() # Start new session to prevent session fixation attacks. @@ -384,7 +385,7 @@ # Authenticate by API key if api_key: # when using API_KEY we are sure user exists. - return AuthUser(api_key=api_key) + return AuthUser(api_key=api_key, is_external_auth=True) # Authenticate by session cookie cookie = session.get('authuser') @@ -415,7 +416,8 @@ if auth_info: username = auth_info['username'] user = User.get_by_username(username, case_insensitive=True) - return log_in_user(user, remember=False) + return log_in_user(user, remember=False, + is_external_auth=True) # User is anonymous return AuthUser() diff -r 8394211b1c32 -r f103b1a2383b kallithea/templates/base/base.html --- a/kallithea/templates/base/base.html Tue Jul 14 14:00:15 2015 +0200 +++ b/kallithea/templates/base/base.html Tue Jul 14 14:00:17 2015 +0200 @@ -348,7 +348,10 @@
  1. ${_('Notifications')}: ${c.unread_notifications}
  2. ${h.link_to(_(u'My Account'),h.url('my_account'))}
    3. -
  3. ${h.link_to(_(u'Log Out'),h.url('logout_home'))}
    4. + %if not c.authuser.is_external_auth: + ## Cannot log out if using external (container) authentication. +
  4. ${h.link_to(_(u'Log Out'), h.url('logout_home'))}
    5. + %endif
%endif diff -r 8394211b1c32 -r f103b1a2383b kallithea/tests/functional/test_admin_auth_settings.py --- a/kallithea/tests/functional/test_admin_auth_settings.py Tue Jul 14 14:00:15 2015 +0200 +++ b/kallithea/tests/functional/test_admin_auth_settings.py Tue Jul 14 14:00:17 2015 +0200 @@ -175,3 +175,15 @@ extra_environ={'REMOTE_USER': r'example\jane'}, resulting_username=r'jane', ) + + def test_container_auth_no_logout(self): + self._container_auth_setup( + auth_container_header='REMOTE_USER', + auth_container_fallback_header='', + auth_container_clean_username='True', + ) + response = self.app.get( + url=url(controller='admin/my_account', action='my_account'), + extra_environ={'REMOTE_USER': 'john'}, + ) + self.assertNotIn('Log Out', response.normal_body)