Mercurial > kallithea
changeset 5266:f103b1a2383b
BaseController: hide "Log out" link for external login sessions
If user is authorized by external means (API key or container auth),
Kallithea is not actually able to log the user out and should not show
the "Log out" link.
author | Søren Løvborg <kwi@kwi.dk> |
---|---|
date | Tue, 14 Jul 2015 14:00:17 +0200 |
parents | 8394211b1c32 |
children | 743c288a2db0 |
files | kallithea/controllers/login.py kallithea/lib/auth.py kallithea/lib/base.py kallithea/templates/base/base.html kallithea/tests/functional/test_admin_auth_settings.py |
diffstat | 5 files changed, 29 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/controllers/login.py Tue Jul 14 14:00:15 2015 +0200 +++ b/kallithea/controllers/login.py Tue Jul 14 14:00:17 2015 +0200 @@ -116,7 +116,8 @@ # Exception itself h.flash(e, 'error') else: - log_in_user(user, c.form_result['remember']) + log_in_user(user, c.form_result['remember'], + is_external_auth=False) return self._redirect_to_origin(c.came_from) return render('/login.html')
--- a/kallithea/lib/auth.py Tue Jul 14 14:00:15 2015 +0200 +++ b/kallithea/lib/auth.py Tue Jul 14 14:00:17 2015 +0200 @@ -476,7 +476,8 @@ so, set `is_authenticated` to True. """ - def __init__(self, user_id=None, api_key=None, username=None): + def __init__(self, user_id=None, api_key=None, username=None, + is_external_auth=False): self.user_id = user_id self._api_key = api_key @@ -489,6 +490,7 @@ self.is_authenticated = False self.admin = False self.inherit_default_permissions = False + self.is_external_auth = is_external_auth self.propagate_data() self._instance = None @@ -633,6 +635,7 @@ 'user_id': self.user_id, 'username': self.username, 'is_authenticated': self.is_authenticated, + 'is_external_auth': self.is_external_auth, } @staticmethod @@ -644,6 +647,7 @@ au = AuthUser( user_id=cookie.get('user_id'), username=cookie.get('username'), + is_external_auth=cookie.get('is_external_auth', False), ) if not au.is_authenticated and au.user_id is not None: # user is not authenticated and not empty
--- a/kallithea/lib/base.py Tue Jul 14 14:00:15 2015 +0200 +++ b/kallithea/lib/base.py Tue Jul 14 14:00:17 2015 +0200 @@ -104,7 +104,7 @@ return path -def log_in_user(user, remember): +def log_in_user(user, remember, is_external_auth): """ Log a `User` in and update session and cookies. If `remember` is True, the session cookie is set to expire in a year; otherwise, it expires at @@ -115,7 +115,8 @@ user.update_lastlogin() meta.Session().commit() - auth_user = AuthUser(user_id=user.user_id) + auth_user = AuthUser(user_id=user.user_id, + is_external_auth=is_external_auth) auth_user.set_authenticated() # Start new session to prevent session fixation attacks. @@ -384,7 +385,7 @@ # Authenticate by API key if api_key: # when using API_KEY we are sure user exists. - return AuthUser(api_key=api_key) + return AuthUser(api_key=api_key, is_external_auth=True) # Authenticate by session cookie cookie = session.get('authuser') @@ -415,7 +416,8 @@ if auth_info: username = auth_info['username'] user = User.get_by_username(username, case_insensitive=True) - return log_in_user(user, remember=False) + return log_in_user(user, remember=False, + is_external_auth=True) # User is anonymous return AuthUser()
--- a/kallithea/templates/base/base.html Tue Jul 14 14:00:15 2015 +0200 +++ b/kallithea/templates/base/base.html Tue Jul 14 14:00:17 2015 +0200 @@ -348,7 +348,10 @@ <ol class="links"> <li><a href="${h.url('notifications')}">${_('Notifications')}: ${c.unread_notifications}</a></li> <li>${h.link_to(_(u'My Account'),h.url('my_account'))}</li> - <li class="logout">${h.link_to(_(u'Log Out'),h.url('logout_home'))}</li> + %if not c.authuser.is_external_auth: + ## Cannot log out if using external (container) authentication. + <li class="logout">${h.link_to(_(u'Log Out'), h.url('logout_home'))}</li> + %endif </ol> </div> %endif
--- a/kallithea/tests/functional/test_admin_auth_settings.py Tue Jul 14 14:00:15 2015 +0200 +++ b/kallithea/tests/functional/test_admin_auth_settings.py Tue Jul 14 14:00:17 2015 +0200 @@ -175,3 +175,15 @@ extra_environ={'REMOTE_USER': r'example\jane'}, resulting_username=r'jane', ) + + def test_container_auth_no_logout(self): + self._container_auth_setup( + auth_container_header='REMOTE_USER', + auth_container_fallback_header='', + auth_container_clean_username='True', + ) + response = self.app.get( + url=url(controller='admin/my_account', action='my_account'), + extra_environ={'REMOTE_USER': 'john'}, + ) + self.assertNotIn('Log Out', response.normal_body)