Mercurial > kallithea

changeset 5266:f103b1a2383b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
BaseController: hide "Log out" link for external login sessions If user is authorized by external means (API key or container auth), Kallithea is not actually able to log the user out and should not show the "Log out" link.
author Søren Løvborg <kwi@kwi.dk>
date Tue, 14 Jul 2015 14:00:17 +0200
parents 8394211b1c32
children 743c288a2db0
files kallithea/controllers/login.py kallithea/lib/auth.py kallithea/lib/base.py kallithea/templates/base/base.html kallithea/tests/functional/test_admin_auth_settings.py
diffstat 5 files changed, 29 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/kallithea/controllers/login.py	Tue Jul 14 14:00:15 2015 +0200
+++ b/kallithea/controllers/login.py	Tue Jul 14 14:00:17 2015 +0200
@@ -116,7 +116,8 @@
                 # Exception itself
                 h.flash(e, 'error')
             else:
-                log_in_user(user, c.form_result['remember'])
+                log_in_user(user, c.form_result['remember'],
+                    is_external_auth=False)
                 return self._redirect_to_origin(c.came_from)
 
         return render('/login.html')
--- a/kallithea/lib/auth.py	Tue Jul 14 14:00:15 2015 +0200
+++ b/kallithea/lib/auth.py	Tue Jul 14 14:00:17 2015 +0200
@@ -476,7 +476,8 @@
     so, set `is_authenticated` to True.
     """
 
-    def __init__(self, user_id=None, api_key=None, username=None):
+    def __init__(self, user_id=None, api_key=None, username=None,
+            is_external_auth=False):
 
         self.user_id = user_id
         self._api_key = api_key
@@ -489,6 +490,7 @@
         self.is_authenticated = False
         self.admin = False
         self.inherit_default_permissions = False
+        self.is_external_auth = is_external_auth
 
         self.propagate_data()
         self._instance = None
@@ -633,6 +635,7 @@
             'user_id': self.user_id,
             'username': self.username,
             'is_authenticated': self.is_authenticated,
+            'is_external_auth': self.is_external_auth,
         }
 
     @staticmethod
@@ -644,6 +647,7 @@
         au = AuthUser(
             user_id=cookie.get('user_id'),
             username=cookie.get('username'),
+            is_external_auth=cookie.get('is_external_auth', False),
         )
         if not au.is_authenticated and au.user_id is not None:
             # user is not authenticated and not empty
--- a/kallithea/lib/base.py	Tue Jul 14 14:00:15 2015 +0200
+++ b/kallithea/lib/base.py	Tue Jul 14 14:00:17 2015 +0200
@@ -104,7 +104,7 @@
     return path
 
 
-def log_in_user(user, remember):
+def log_in_user(user, remember, is_external_auth):
     """
     Log a `User` in and update session and cookies. If `remember` is True,
     the session cookie is set to expire in a year; otherwise, it expires at
@@ -115,7 +115,8 @@
     user.update_lastlogin()
     meta.Session().commit()
 
-    auth_user = AuthUser(user_id=user.user_id)
+    auth_user = AuthUser(user_id=user.user_id,
+                         is_external_auth=is_external_auth)
     auth_user.set_authenticated()
 
     # Start new session to prevent session fixation attacks.
@@ -384,7 +385,7 @@
         # Authenticate by API key
         if api_key:
             # when using API_KEY we are sure user exists.
-            return AuthUser(api_key=api_key)
+            return AuthUser(api_key=api_key, is_external_auth=True)
 
         # Authenticate by session cookie
         cookie = session.get('authuser')
@@ -415,7 +416,8 @@
                 if auth_info:
                     username = auth_info['username']
                     user = User.get_by_username(username, case_insensitive=True)
-                    return log_in_user(user, remember=False)
+                    return log_in_user(user, remember=False,
+                                       is_external_auth=True)
 
         # User is anonymous
         return AuthUser()
--- a/kallithea/templates/base/base.html	Tue Jul 14 14:00:15 2015 +0200
+++ b/kallithea/templates/base/base.html	Tue Jul 14 14:00:17 2015 +0200
@@ -348,7 +348,10 @@
             <ol class="links">
               <li><a href="${h.url('notifications')}">${_('Notifications')}: ${c.unread_notifications}</a></li>
               <li>${h.link_to(_(u'My Account'),h.url('my_account'))}</li>
-              <li class="logout">${h.link_to(_(u'Log Out'),h.url('logout_home'))}</li>
+              %if not c.authuser.is_external_auth:
+                ## Cannot log out if using external (container) authentication.
+                <li class="logout">${h.link_to(_(u'Log Out'), h.url('logout_home'))}</li>
+              %endif
             </ol>
             </div>
           %endif
--- a/kallithea/tests/functional/test_admin_auth_settings.py	Tue Jul 14 14:00:15 2015 +0200
+++ b/kallithea/tests/functional/test_admin_auth_settings.py	Tue Jul 14 14:00:17 2015 +0200
@@ -175,3 +175,15 @@
             extra_environ={'REMOTE_USER': r'example\jane'},
             resulting_username=r'jane',
         )
+
+    def test_container_auth_no_logout(self):
+        self._container_auth_setup(
+            auth_container_header='REMOTE_USER',
+            auth_container_fallback_header='',
+            auth_container_clean_username='True',
+        )
+        response = self.app.get(
+            url=url(controller='admin/my_account', action='my_account'),
+            extra_environ={'REMOTE_USER': 'john'},
+        )
+        self.assertNotIn('Log Out', response.normal_body)