def oidclogin(request):
middleware = 'kobo.django.auth.middleware.LimitedRemoteUserMiddleware'
if django_version_ge('1.10.0'):
middleware_setting = settings.MIDDLEWARE
else:
middleware_setting = settings.MIDDLEWARE_CLASSES
if middleware not in middleware_setting:
raise ImproperlyConfigured(
"oidclogin view requires '%s' middleware installed" % middleware)
return RedirectView.as_view(url=reverse("home/index"),
permanent=False)(request)
def login_password(request, username, password):
"""login_password(username, password): session_id"""
backend = ModelBackend()
if django_version_ge('1.11.0'):
user = backend.authenticate(None, username, password)
else:
user = backend.authenticate(username, password)
if user is None:
raise PermissionDenied("Invalid username or password.")
user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
django.contrib.auth.login(request, user)
return request.session.session_key
class MenuMiddleware(MiddlewareMixin if django_version_ge('1.10.0') else object
):
"""
@summary: Middleware for menu object.
"""
def process_request(self, request):
"""
@summary: Adds menu to request object
@param request: http request object
@type request: django.http.HttpRequest
"""
request.__class__.menu = LazyMenu()
class LimitedRemoteUserMiddleware(
RemoteUserMiddleware,
MiddlewareMixin if django_version_ge('1.10.0') else object):
'''
Same behaviour as RemoteUserMiddleware except that it doesn't logout user
if is already logged in.
Useful when you have just one authentication powered login page.
'''
def process_request(self, request):
if not hasattr(request, 'user') or not call_if_callable(
request.user.is_authenticated):
super(LimitedRemoteUserMiddleware, self).process_request(request)
class WorkerMiddleware(
MiddlewareMixin if django_version_ge('1.10.0') else object):
"""Sets a request.worker.
- Worker instance if username exists in database
- None otherwise
"""
def process_request(self, request):
assert hasattr(
request, "user"
), "Worker middleware requires authentication middleware to be installed. Also make sure the database is set and writable."
request.__class__.worker = LazyWorker()
return None
def test_login_worker_key_valid_worker_invalid_user(self):
Worker.objects.create(worker_key='key', name='name')
req = Mock(spec=['session'], session=Mock())
krb_mock = Mock(spec=['authenticate'], authenticate=Mock(return_value=None))
with patch('kobo.hub.xmlrpc.auth.Krb5RemoteUserBackend', return_value=krb_mock):
with self.assertRaises(PermissionDenied):
auth.login_worker_key(req, 'key')
if django_version_ge('1.11.0'):
krb_mock.authenticate.assert_called_once_with(None, 'worker/name')
else:
krb_mock.authenticate.assert_called_once_with('worker/name')
def krb5login(request, redirect_field_name=REDIRECT_FIELD_NAME):
#middleware = 'django.contrib.auth.middleware.RemoteUserMiddleware'
middleware = 'kobo.django.auth.middleware.LimitedRemoteUserMiddleware'
if django_version_ge('1.10.0'):
middleware_setting = settings.MIDDLEWARE
else:
middleware_setting = settings.MIDDLEWARE_CLASSES
if middleware not in middleware_setting:
raise ImproperlyConfigured(
"krb5login view requires '%s' middleware installed" % middleware)
redirect_to = request.POST.get(redirect_field_name, "")
if not redirect_to:
redirect_to = request.GET.get(redirect_field_name, "")
if not redirect_to:
redirect_to = reverse("home/index")
return RedirectView.as_view(url=redirect_to, permanent=True)(request)
def login_worker_key(request, worker_key):
"""login_worker_key(worker_key): session_key"""
try:
worker = Worker.objects.get(worker_key=worker_key)
except ObjectDoesNotExist:
raise PermissionDenied()
username = "******" % worker.name
backend = Krb5RemoteUserBackend()
if django_version_ge('1.11.0'):
user = backend.authenticate(None, username)
else:
user = backend.authenticate(username)
if user is None:
raise PermissionDenied()
user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
user = django.contrib.auth.login(request, user)
return request.session.session_key
def test_login_worker_key_valid_worker_and_user(self):
def login(request, user):
request.session.session_key = '1234567890'
return user
Worker.objects.create(worker_key='key', name='name')
req = Mock(spec=['session'], session=Mock())
user = Mock()
krb_mock = Mock(spec=['authenticate'], authenticate=Mock(return_value=user))
with patch('kobo.hub.xmlrpc.auth.Krb5RemoteUserBackend', return_value=krb_mock):
with patch.object(auth.django.contrib.auth, 'login', side_effect=login) as login_mock:
session_key = auth.login_worker_key(req, 'key')
login_mock.assert_called_once_with(req, user)
if django_version_ge('1.11.0'):
krb_mock.authenticate.assert_called_once_with(None, 'worker/name')
else:
krb_mock.authenticate.assert_called_once_with('worker/name')
self.assertEqual(session_key, '1234567890')
def login_krbv(request, krb_request, proxy_user=None):
"""login_krbv(krb_request, proxy_user=None): session_key"""
import krbV
context = krbV.default_context()
server_principal = krbV.Principal(name=settings.KRB_AUTH_PRINCIPAL,
context=context)
server_keytab = krbV.Keytab(name=settings.KRB_AUTH_KEYTAB, context=context)
auth_context = krbV.AuthContext(context=context)
auth_context.flags = krbV.KRB5_AUTH_CONTEXT_DO_SEQUENCE | krbV.KRB5_AUTH_CONTEXT_DO_TIME
auth_context.addrs = (socket.gethostbyname(request.META["HTTP_HOST"]), 0,
request.META["REMOTE_ADDR"], 0)
# decode and read the authentication request
decode_func = base64.decodebytes if hasattr(
base64, "decodebytes") else base64.decodestring
decoded_request = decode_func(krb_request)
auth_context, opts, server_principal, cache_credentials = context.rd_req(
decoded_request,
server=server_principal,
keytab=server_keytab,
auth_context=auth_context,
options=krbV.AP_OPTS_MUTUAL_REQUIRED)
cprinc = cache_credentials[2]
# remove @REALM
username = cprinc.name.split("@")[0]
backend = Krb5RemoteUserBackend()
if django_version_ge('1.11.0'):
user = backend.authenticate(None, username)
else:
user = backend.authenticate(username)
if user is None:
raise PermissionDenied()
user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
django.contrib.auth.login(request, user)
return request.session.session_key
import os
import six
import locale
from kobo.django.django_version import django_version_ge
try:
import json
except ImportError:
import simplejson as json
import django.contrib.auth.views
from django.conf import settings
from django.contrib.auth import REDIRECT_FIELD_NAME, get_user_model
from django.core.exceptions import ImproperlyConfigured
from kobo.django.django_version import django_version_ge
if django_version_ge('1.10.0'):
from django.urls import reverse
else:
from django.core.urlresolvers import reverse
from django.http import HttpResponse, StreamingHttpResponse, HttpResponseForbidden
from django.shortcuts import render, get_object_or_404
from django.template import RequestContext
from django.views.generic import RedirectView
from kobo.hub.models import Arch, Channel, Task
from kobo.hub.forms import TaskSearchForm
from kobo.django.views.generic import ExtraDetailView, SearchView
from kobo.django.compat import gettext_lazy as _
# max log size returned in HTML-embedded view
HTML_LOG_MAX_SIZE = getattr(settings, "HTML_LOG_MAX_SIZE", (1024**2) * 2)
def value_to_string(self, obj):
if django_version_ge('2.0'):
value = self.value_from_object(obj)
else:
value = self._get_val_from_obj(obj)
return self.get_db_prep_value(value)
from django.contrib.auth.admin import *
import django.contrib.admin as admin
from kobo.django.django_version import django_version_ge
from kobo.django.auth.models import *
# users are not displayed on admin page since migrations were introduced
if django_version_ge("1.9.0"):
admin.site.register(User, UserAdmin)
