Mercurial > kallithea
changeset 5337:dd87009b518b
auth: various minor cleanup of general auth functionality
author | Mads Kiilerich <madski@unity3d.com> |
---|---|
date | Fri, 31 Jul 2015 15:44:07 +0200 |
parents | caaf0d07c168 |
children | 03afa7766ac7 |
files | kallithea/lib/auth_modules/__init__.py kallithea/lib/base.py kallithea/lib/middleware/simplegit.py kallithea/lib/middleware/simplehg.py kallithea/model/validators.py |
diffstat | 5 files changed, 23 insertions(+), 21 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/lib/auth_modules/__init__.py Fri Jul 31 15:44:07 2015 +0200 +++ b/kallithea/lib/auth_modules/__init__.py Fri Jul 31 15:44:07 2015 +0200 @@ -55,10 +55,10 @@ "groups": '["list", "of", "groups"]', "extern_name": "name in external source of record", "extern_type": "type of external source of record", - "admin": 'True|False defines if user should be Kallithea super admin', - "active": 'True|False defines active state of user internally for Kallithea', - "active_from_extern": "True|False\None, active state from the external auth, " - "None means use definition from Kallithea extern_type active value" + "admin": 'True|False defines if user should be Kallithea admin', + "active": 'True|False defines active state of user in Kallithea', + "active_from_extern": "True|False|None, active state from the external auth, " + "None means use value from the auth plugin" } @property @@ -184,7 +184,7 @@ def plugin_settings(self): """ This method is called by the authentication framework, not the .settings() - method. This method adds a few default settings (e.g., "active"), so that + method. This method adds a few default settings (e.g., "enabled"), so that plugin authors don't have to maintain a bunch of boilerplate. OVERRIDING THIS METHOD WILL CAUSE YOUR PLUGIN TO FAIL. @@ -211,14 +211,14 @@ def auth(self, userobj, username, passwd, settings, **kwargs): """ - Given a user object (which may be null), username, a plaintext password, + Given a user object (which may be None), username, a plaintext password, and a settings object (containing all the keys needed as listed in settings()), authenticate this user's login attempt. - Return None on failure. On success, return a dictionary of the form: + Return None on failure. On success, return a dictionary with keys from + KallitheaAuthPluginBase.auth_func_attrs. - see: KallitheaAuthPluginBase.auth_func_attrs - This is later validated for correctness + This is later validated for correctness. """ raise NotImplementedError("not implemented in base class") @@ -232,9 +232,9 @@ :param settings: plugin settings """ auth = self.auth(userobj, username, passwd, settings, **kwargs) - if auth: + if auth is not None: return self._validate_auth_return(auth) - return auth + return None def _validate_auth_return(self, ret): if not isinstance(ret, dict): @@ -259,7 +259,7 @@ def _authenticate(self, userobj, username, passwd, settings, **kwargs): auth = super(KallitheaExternalAuthPlugin, self)._authenticate( userobj, username, passwd, settings, **kwargs) - if auth: + if auth is not None: # maybe plugin will clean the username ? # we should use the return value username = auth['username'] @@ -408,11 +408,11 @@ environ=environ or {}) log.debug('PLUGIN USER DATA: %s' % plugin_user) - if plugin_user: + if plugin_user is not None: log.debug('Plugin returned proper authentication data') return plugin_user - # we failed to Auth because .auth() method didn't return proper the user + # we failed to Auth because .auth() method didn't return the user if username: log.warning("User `%s` failed to authenticate against %s" % (username, plugin.__module__))
--- a/kallithea/lib/base.py Fri Jul 31 15:44:07 2015 +0200 +++ b/kallithea/lib/base.py Fri Jul 31 15:44:07 2015 +0200 @@ -165,7 +165,7 @@ _parts = auth.split(':', 1) if len(_parts) == 2: username, password = _parts - if self.authfunc(username, password, environ): + if self.authfunc(username, password, environ) is not None: return username return self.build_authentication() @@ -179,7 +179,7 @@ self.config = config # base path of repo locations self.basepath = self.config['base_path'] - #authenticate this VCS request using authfunc + # authenticate this VCS request using the authentication modules self.authenticate = BasicAuth('', auth_modules.authenticate, config.get('auth_ret_code')) self.ip_addr = '0.0.0.0' @@ -413,7 +413,7 @@ from kallithea.lib import helpers as h h.flash(e, 'error', logf=log.error) else: - if auth_info: + if auth_info is not None: username = auth_info['username'] user = User.get_by_username(username, case_insensitive=True) return log_in_user(user, remember=False,
--- a/kallithea/lib/middleware/simplegit.py Fri Jul 31 15:44:07 2015 +0200 +++ b/kallithea/lib/middleware/simplegit.py Fri Jul 31 15:44:07 2015 +0200 @@ -124,7 +124,7 @@ # try to auth based on environ, container auth methods log.debug('Running PRE-AUTH for container based authentication') pre_auth = auth_modules.authenticate('', '', environ) - if pre_auth and pre_auth.get('username'): + if pre_auth is not None and pre_auth.get('username'): username = pre_auth['username'] log.debug('PRE-AUTH got %s as username' % username)
--- a/kallithea/lib/middleware/simplehg.py Fri Jul 31 15:44:07 2015 +0200 +++ b/kallithea/lib/middleware/simplehg.py Fri Jul 31 15:44:07 2015 +0200 @@ -128,7 +128,7 @@ # try to auth based on environ, container auth methods log.debug('Running PRE-AUTH for container based authentication') pre_auth = auth_modules.authenticate('', '', environ) - if pre_auth and pre_auth.get('username'): + if pre_auth is not None and pre_auth.get('username'): username = pre_auth['username'] log.debug('PRE-AUTH got %s as username' % username)
--- a/kallithea/model/validators.py Fri Jul 31 15:44:07 2015 +0200 +++ b/kallithea/model/validators.py Fri Jul 31 15:44:07 2015 +0200 @@ -272,7 +272,7 @@ def validate_python(self, value, state): from kallithea.lib import auth_modules - if not auth_modules.authenticate(username, value, ''): + if auth_modules.authenticate(username, value, '') is None: msg = M(self, 'invalid_password', state) raise formencode.Invalid(msg, value, state, error_dict=dict(current_password=msg) @@ -309,7 +309,9 @@ password = value['password'] username = value['username'] - if not auth_modules.authenticate(username, password): + # authenticate returns unused dict but has called + # plugin._authenticate which has create_or_update'ed the username user in db + if auth_modules.authenticate(username, password) is None: user = User.get_by_username(username) if user and not user.active: log.warning('user %s is disabled' % username)