def _determine_auth_user(api_key, bearer_token, session_authuser): """ Create an `AuthUser` object given the API key/bearer token (if any) and the value of the authuser session cookie. """ # Authenticate by bearer token if bearer_token is not None: api_key = bearer_token # Authenticate by API key if api_key is not None: au = AuthUser(dbuser=User.get_by_api_key(api_key), authenticating_api_key=api_key, is_external_auth=True) if au.is_anonymous: log.warning('API key ****%s is NOT valid', api_key[-4:]) raise webob.exc.HTTPForbidden(_('Invalid API key')) return au # Authenticate by session cookie # In ancient login sessions, 'authuser' may not be a dict. # In that case, the user will have to log in again. # v0.3 and earlier included an 'is_authenticated' key; if present, # this must be True. if isinstance(session_authuser, dict) and session_authuser.get('is_authenticated', True): try: return AuthUser.from_cookie(session_authuser) except UserCreationError as e: # container auth or other auth functions that create users on # the fly can throw UserCreationError to signal issues with # user creation. Explanation should be provided in the # exception object. from kallithea.lib import helpers as h h.flash(e, 'error', logf=log.error) # Authenticate by auth_container plugin (if enabled) if any( plugin.is_container_auth for plugin in auth_modules.get_auth_plugins() ): try: user_info = auth_modules.authenticate('', '', request.environ) except UserCreationError as e: from kallithea.lib import helpers as h h.flash(e, 'error', logf=log.error) else: if user_info is not None: username = user_info['username'] user = User.get_by_username(username, case_insensitive=True) return log_in_user(user, remember=False, is_external_auth=True) # User is anonymous return AuthUser()
def _determine_auth_user(api_key, session_authuser): """ Create an `AuthUser` object given the API key (if any) and the value of the authuser session cookie. """ # Authenticate by API key if api_key: # when using API_KEY we are sure user exists. return AuthUser(dbuser=User.get_by_api_key(api_key), is_external_auth=True) # Authenticate by session cookie # In ancient login sessions, 'authuser' may not be a dict. # In that case, the user will have to log in again. # v0.3 and earlier included an 'is_authenticated' key; if present, # this must be True. if isinstance(session_authuser, dict) and session_authuser.get('is_authenticated', True): try: return AuthUser.from_cookie(session_authuser) except UserCreationError as e: # container auth or other auth functions that create users on # the fly can throw UserCreationError to signal issues with # user creation. Explanation should be provided in the # exception object. from kallithea.lib import helpers as h h.flash(e, 'error', logf=log.error) # Authenticate by auth_container plugin (if enabled) if any( auth_modules.importplugin(name).is_container_auth for name in Setting.get_auth_plugins() ): try: user_info = auth_modules.authenticate('', '', request.environ) except UserCreationError as e: from kallithea.lib import helpers as h h.flash(e, 'error', logf=log.error) else: if user_info is not None: username = user_info['username'] user = User.get_by_username(username, case_insensitive=True) return log_in_user(user, remember=False, is_external_auth=True) # User is anonymous return AuthUser()
def _determine_auth_user(session_authuser, ip_addr): """ Create an `AuthUser` object given the API key/bearer token (if any) and the value of the authuser session cookie. Returns None if no valid user is found (like not active or no access for IP). """ # Authenticate by session cookie # In ancient login sessions, 'authuser' may not be a dict. # In that case, the user will have to log in again. # v0.3 and earlier included an 'is_authenticated' key; if present, # this must be True. if isinstance(session_authuser, dict) and session_authuser.get( 'is_authenticated', True): return AuthUser.from_cookie(session_authuser, ip_addr=ip_addr) # Authenticate by auth_container plugin (if enabled) if any(plugin.is_container_auth for plugin in auth_modules.get_auth_plugins()): try: user_info = auth_modules.authenticate('', '', request.environ) except UserCreationError as e: from kallithea.lib import helpers as h h.flash(e, 'error', logf=log.error) else: if user_info is not None: username = user_info['username'] user = User.get_by_username(username, case_insensitive=True) return log_in_user(user, remember=False, is_external_auth=True, ip_addr=ip_addr) # User is default user (if active) or anonymous default_user = User.get_default_user() authuser = AuthUser.make(dbuser=default_user, ip_addr=ip_addr) if authuser is None: # fall back to anonymous authuser = AuthUser( dbuser=default_user) # TODO: somehow use .make? return authuser