Mercurial > kallithea

changeset 5337:dd87009b518b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
auth: various minor cleanup of general auth functionality
author Mads Kiilerich <madski@unity3d.com>
date Fri, 31 Jul 2015 15:44:07 +0200
parents caaf0d07c168
children 03afa7766ac7
files kallithea/lib/auth_modules/__init__.py kallithea/lib/base.py kallithea/lib/middleware/simplegit.py kallithea/lib/middleware/simplehg.py kallithea/model/validators.py
diffstat 5 files changed, 23 insertions(+), 21 deletions(-) [+]
line wrap: on
line diff
--- a/kallithea/lib/auth_modules/__init__.py	Fri Jul 31 15:44:07 2015 +0200
+++ b/kallithea/lib/auth_modules/__init__.py	Fri Jul 31 15:44:07 2015 +0200
@@ -55,10 +55,10 @@
         "groups": '["list", "of", "groups"]',
         "extern_name": "name in external source of record",
         "extern_type": "type of external source of record",
-        "admin": 'True|False defines if user should be Kallithea super admin',
-        "active": 'True|False defines active state of user internally for Kallithea',
-        "active_from_extern": "True|False\None, active state from the external auth, "
-                              "None means use definition from Kallithea extern_type active value"
+        "admin": 'True|False defines if user should be Kallithea admin',
+        "active": 'True|False defines active state of user in Kallithea',
+        "active_from_extern": "True|False|None, active state from the external auth, "
+                              "None means use value from the auth plugin"
     }
 
     @property
@@ -184,7 +184,7 @@
     def plugin_settings(self):
         """
         This method is called by the authentication framework, not the .settings()
-        method. This method adds a few default settings (e.g., "active"), so that
+        method. This method adds a few default settings (e.g., "enabled"), so that
         plugin authors don't have to maintain a bunch of boilerplate.
 
         OVERRIDING THIS METHOD WILL CAUSE YOUR PLUGIN TO FAIL.
@@ -211,14 +211,14 @@
 
     def auth(self, userobj, username, passwd, settings, **kwargs):
         """
-        Given a user object (which may be null), username, a plaintext password,
+        Given a user object (which may be None), username, a plaintext password,
         and a settings object (containing all the keys needed as listed in settings()),
         authenticate this user's login attempt.
 
-        Return None on failure. On success, return a dictionary of the form:
+        Return None on failure. On success, return a dictionary with keys from
+        KallitheaAuthPluginBase.auth_func_attrs.
 
-            see: KallitheaAuthPluginBase.auth_func_attrs
-        This is later validated for correctness
+        This is later validated for correctness.
         """
         raise NotImplementedError("not implemented in base class")
 
@@ -232,9 +232,9 @@
         :param settings: plugin settings
         """
         auth = self.auth(userobj, username, passwd, settings, **kwargs)
-        if auth:
+        if auth is not None:
             return self._validate_auth_return(auth)
-        return auth
+        return None
 
     def _validate_auth_return(self, ret):
         if not isinstance(ret, dict):
@@ -259,7 +259,7 @@
     def _authenticate(self, userobj, username, passwd, settings, **kwargs):
         auth = super(KallitheaExternalAuthPlugin, self)._authenticate(
             userobj, username, passwd, settings, **kwargs)
-        if auth:
+        if auth is not None:
             # maybe plugin will clean the username ?
             # we should use the return value
             username = auth['username']
@@ -408,11 +408,11 @@
                                            environ=environ or {})
         log.debug('PLUGIN USER DATA: %s' % plugin_user)
 
-        if plugin_user:
+        if plugin_user is not None:
             log.debug('Plugin returned proper authentication data')
             return plugin_user
 
-        # we failed to Auth because .auth() method didn't return proper the user
+        # we failed to Auth because .auth() method didn't return the user
         if username:
             log.warning("User `%s` failed to authenticate against %s"
                         % (username, plugin.__module__))
--- a/kallithea/lib/base.py	Fri Jul 31 15:44:07 2015 +0200
+++ b/kallithea/lib/base.py	Fri Jul 31 15:44:07 2015 +0200
@@ -165,7 +165,7 @@
         _parts = auth.split(':', 1)
         if len(_parts) == 2:
             username, password = _parts
-            if self.authfunc(username, password, environ):
+            if self.authfunc(username, password, environ) is not None:
                 return username
         return self.build_authentication()
 
@@ -179,7 +179,7 @@
         self.config = config
         # base path of repo locations
         self.basepath = self.config['base_path']
-        #authenticate this VCS request using authfunc
+        # authenticate this VCS request using the authentication modules
         self.authenticate = BasicAuth('', auth_modules.authenticate,
                                       config.get('auth_ret_code'))
         self.ip_addr = '0.0.0.0'
@@ -413,7 +413,7 @@
                 from kallithea.lib import helpers as h
                 h.flash(e, 'error', logf=log.error)
             else:
-                if auth_info:
+                if auth_info is not None:
                     username = auth_info['username']
                     user = User.get_by_username(username, case_insensitive=True)
                     return log_in_user(user, remember=False,
--- a/kallithea/lib/middleware/simplegit.py	Fri Jul 31 15:44:07 2015 +0200
+++ b/kallithea/lib/middleware/simplegit.py	Fri Jul 31 15:44:07 2015 +0200
@@ -124,7 +124,7 @@
                 # try to auth based on environ, container auth methods
                 log.debug('Running PRE-AUTH for container based authentication')
                 pre_auth = auth_modules.authenticate('', '', environ)
-                if pre_auth and pre_auth.get('username'):
+                if pre_auth is not None and pre_auth.get('username'):
                     username = pre_auth['username']
                 log.debug('PRE-AUTH got %s as username' % username)
 
--- a/kallithea/lib/middleware/simplehg.py	Fri Jul 31 15:44:07 2015 +0200
+++ b/kallithea/lib/middleware/simplehg.py	Fri Jul 31 15:44:07 2015 +0200
@@ -128,7 +128,7 @@
                 # try to auth based on environ, container auth methods
                 log.debug('Running PRE-AUTH for container based authentication')
                 pre_auth = auth_modules.authenticate('', '', environ)
-                if pre_auth and pre_auth.get('username'):
+                if pre_auth is not None and pre_auth.get('username'):
                     username = pre_auth['username']
                 log.debug('PRE-AUTH got %s as username' % username)
 
--- a/kallithea/model/validators.py	Fri Jul 31 15:44:07 2015 +0200
+++ b/kallithea/model/validators.py	Fri Jul 31 15:44:07 2015 +0200
@@ -272,7 +272,7 @@
 
         def validate_python(self, value, state):
             from kallithea.lib import auth_modules
-            if not auth_modules.authenticate(username, value, ''):
+            if auth_modules.authenticate(username, value, '') is None:
                 msg = M(self, 'invalid_password', state)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(current_password=msg)
@@ -309,7 +309,9 @@
             password = value['password']
             username = value['username']
 
-            if not auth_modules.authenticate(username, password):
+            # authenticate returns unused dict but has called
+            # plugin._authenticate which has create_or_update'ed the username user in db
+            if auth_modules.authenticate(username, password) is None:
                 user = User.get_by_username(username)
                 if user and not user.active:
                     log.warning('user %s is disabled' % username)