Mercurial > kallithea
changeset 1630:25d8e4836bc2 beta
Improved container-based auth support for middleware
author | Liad Shani <liadff@gmail.com> |
---|---|
date | Tue, 01 Nov 2011 01:31:24 +0200 |
parents | 2196aa27954b |
children | 5cacb51f25f1 |
files | rhodecode/lib/auth.py rhodecode/lib/base.py rhodecode/lib/middleware/simplegit.py rhodecode/lib/middleware/simplehg.py |
diffstat | 4 files changed, 24 insertions(+), 21 deletions(-) [+] |
line wrap: on
line diff
--- a/rhodecode/lib/auth.py Mon Oct 31 23:10:11 2011 +0200 +++ b/rhodecode/lib/auth.py Tue Nov 01 01:31:24 2011 +0200 @@ -253,17 +253,17 @@ user.username) return user -def get_container_username(environ, cfg): - from paste.httpheaders import REMOTE_USER - from paste.deploy.converters import asbool +def get_container_username(environ, config): + username = None - proxy_pass_enabled = asbool(cfg.get('proxypass_auth_enabled', False)) - username = REMOTE_USER(environ) - - if not username and proxy_pass_enabled: + if str2bool(config.get('container_auth_enabled', False)): + from paste.httpheaders import REMOTE_USER + username = REMOTE_USER(environ) + + if not username and str2bool(config.get('proxypass_auth_enabled', False)): username = environ.get('HTTP_X_FORWARDED_USER') - if username and proxy_pass_enabled: + if username: # Removing realm and domain from username username = username.partition('@')[0] username = username.rpartition('\\')[2]
--- a/rhodecode/lib/base.py Mon Oct 31 23:10:11 2011 +0200 +++ b/rhodecode/lib/base.py Tue Nov 01 01:31:24 2011 +0200 @@ -8,7 +8,6 @@ from pylons.controllers import WSGIController from pylons.controllers.util import redirect from pylons.templating import render_mako as render -from paste.deploy.converters import asbool from rhodecode import __version__ from rhodecode.lib import str2bool @@ -45,10 +44,8 @@ # make sure that we update permissions each time we call controller api_key = request.GET.get('api_key') user_id = getattr(session.get('rhodecode_user'), 'user_id', None) - if asbool(config.get('container_auth_enabled', False)): - username = get_container_username(environ) - else: - username = None + username = get_container_username(environ, config) + auth_user = AuthUser(user_id, api_key, username) self.rhodecode_user = c.rhodecode_user = auth_user if not self.rhodecode_user.is_authenticated and \
--- a/rhodecode/lib/middleware/simplegit.py Mon Oct 31 23:10:11 2011 +0200 +++ b/rhodecode/lib/middleware/simplegit.py Tue Nov 01 01:31:24 2011 +0200 @@ -148,23 +148,26 @@ # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS #============================================================== - if not get_container_username(environ, self.config): + # Attempting to retrieve username from the container + username = get_container_username(environ, self.config) + + # If not authenticated by the container, running basic auth + if not username: self.authenticate.realm = \ safe_str(self.config['rhodecode_realm']) result = self.authenticate(environ) if isinstance(result, str): AUTH_TYPE.update(environ, 'basic') REMOTE_USER.update(environ, result) + username = result else: return result.wsgi_application(environ, start_response) #============================================================== - # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM - # BASIC AUTH + # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME #============================================================== if action in ['pull', 'push']: - username = get_container_username(environ, self.config) try: user = self.__get_user(username) if user is None or not user.active:
--- a/rhodecode/lib/middleware/simplehg.py Mon Oct 31 23:10:11 2011 +0200 +++ b/rhodecode/lib/middleware/simplehg.py Tue Nov 01 01:31:24 2011 +0200 @@ -114,23 +114,26 @@ # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS #============================================================== - if not get_container_username(environ, self.config): + # Attempting to retrieve username from the container + username = get_container_username(environ, self.config) + + # If not authenticated by the container, running basic auth + if not username: self.authenticate.realm = \ safe_str(self.config['rhodecode_realm']) result = self.authenticate(environ) if isinstance(result, str): AUTH_TYPE.update(environ, 'basic') REMOTE_USER.update(environ, result) + username = result else: return result.wsgi_application(environ, start_response) #============================================================== - # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM - # BASIC AUTH + # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME #============================================================== if action in ['pull', 'push']: - username = get_container_username(environ, self.config) try: user = self.__get_user(username) if user is None or not user.active: