Esempio n. 1
0
def common_login(user_uuid, permanent_session=True):
    """
    Performs login of the given user, with optional non-permanence on the session.

    Returns a tuple with (success, headers to set on success).
    """
    user = model.get_user(user_uuid)
    if user is None:
        return (False, None)

    if login_user(LoginWrappedDBUser(user_uuid)):
        logger.debug("Successfully signed in as user %s with uuid %s",
                     user.username, user_uuid)
        new_identity = QuayDeferredPermissionUser.for_id(user_uuid)
        identity_changed.send(app, identity=new_identity)
        session["login_time"] = datetime.datetime.now()

        if permanent_session and features.PERMANENT_SESSIONS:
            session_timeout_str = app.config.get("SESSION_TIMEOUT", "31d")
            session.permanent = True
            session.permanent_session_lifetime = convert_to_timedelta(
                session_timeout_str)

        # Force a new CSRF token.
        headers = {}
        headers[QUAY_CSRF_UPDATED_HEADER_NAME] = generate_csrf_token(
            force=True)
        return (True, headers)

    logger.debug("User could not be logged in, inactive?")
    return (False, None)
Esempio n. 2
0
    def identity(self):
        """ Returns the identity for the auth context. """
        if self.oauthtoken:
            scope_set = scopes_from_scope_string(self.oauthtoken.scope)
            return QuayDeferredPermissionUser.for_user(self.oauthtoken.authorized_user, scope_set)

        if self.authed_user:
            return QuayDeferredPermissionUser.for_user(self.authed_user)

        if self.token:
            return Identity(self.token.get_code(), "token")

        if self.signed_data:
            identity = Identity(None, "signed_grant")
            identity.provides.update(self.signed_data["grants"])
            return identity

        return None
Esempio n. 3
0
def test_superuser_matrix(superuser, normie):
    test_cases = [
        (superuser, {scopes.SUPERUSER}, True),
        (superuser, {scopes.DIRECT_LOGIN}, True),
        (superuser, {scopes.READ_USER, scopes.SUPERUSER}, True),
        (superuser, {scopes.READ_USER}, False),
        (normie, {scopes.SUPERUSER}, False),
        (normie, {scopes.DIRECT_LOGIN}, False),
        (normie, {scopes.READ_USER, scopes.SUPERUSER}, False),
        (normie, {scopes.READ_USER}, False),
    ]

    for user_obj, scope_set, expected in test_cases:
        perm_user = QuayDeferredPermissionUser.for_user(user_obj, scope_set)
        has_su = perm_user.can(SuperUserPermission())
        assert has_su == expected
Esempio n. 4
0
def common_login(user_uuid, permanent_session=True):
    """ Performs login of the given user, with optional non-permanence on the session.
      Returns a tuple with (success, headers to set on success).
  """
    user = model.get_user(user_uuid)
    if user is None:
        return (False, None)

    if login_user(LoginWrappedDBUser(user_uuid)):
        logger.debug('Successfully signed in as user %s with uuid %s',
                     user.username, user_uuid)
        new_identity = QuayDeferredPermissionUser.for_id(user_uuid)
        identity_changed.send(app, identity=new_identity)
        session['login_time'] = datetime.datetime.now()

        if permanent_session and features.PERMANENT_SESSIONS:
            session_timeout_str = app.config.get('SESSION_TIMEOUT', '31d')
            session.permanent = True
            session.permanent_session_lifetime = convert_to_timedelta(
                session_timeout_str)

        # Inform our user analytics that we have a new "lead"
        create_lead_future = user_analytics.create_lead(
            user.email,
            user.username,
            user.given_name,
            user.family_name,
            user.company,
            user.location,
        )

        create_lead_future.add_done_callback(
            build_error_callback('Create lead failed'))

        # Force a new CSRF token.
        headers = {}
        headers[QUAY_CSRF_UPDATED_HEADER_NAME] = generate_csrf_token(
            force=True)
        return (True, headers)

    logger.debug('User could not be logged in, inactive?')
    return (False, None)