def ensure_logged_in(server_url): """Checks that user is logged in, asking to do it if not. Raises: ValueError if the server_url is not acceptable. """ # It's just a waste of time on a headless bot (it can't do interactive login). if tools.is_headless() or net.get_oauth_config().disabled: return None server_url = server_url.lower().rstrip('/') allowed = ( 'https://', 'http://localhost:', 'http://127.0.0.1:', 'http://::1:') if not server_url.startswith(allowed): raise ValueError('URL must start with https:// or be http:// to localhost') service = AuthService(server_url) try: service.login(False) except IOError: raise ValueError('Failed to contact %s' % server_url) try: identity = service.get_current_identity() except AuthServiceError: raise ValueError('Failed to fetch identify from %s' % server_url) if identity == 'anonymous:anonymous': raise ValueError( 'Please login to %s: \n' ' python auth.py login --service=%s' % (server_url, server_url)) email = identity.split(':')[1] logging.info('Logged in to %s: %s', server_url, email) return email
def ensure_logged_in(server_url): """Checks that user is logged in, asking to do it if not. Raises: ValueError if the server_url is not acceptable. """ # It's just a waste of time on a headless bot (it can't do interactive login). if tools.is_headless() or net.get_oauth_config().disabled: return None server_url = normalize_host_url(server_url) service = AuthService(server_url) try: service.login(False) except IOError: raise ValueError('Failed to contact %s' % server_url) try: identity = service.get_current_identity() except AuthServiceError: raise ValueError('Failed to fetch identify from %s' % server_url) if identity == 'anonymous:anonymous': raise ValueError('Please login to %s: \n' ' python auth.py login --service=%s' % (server_url, server_url)) email = identity.split(':')[1] logging.info('Logged in to %s: %s', server_url, email) return email
def ensure_logged_in(server_url): """Checks that user is logged in, asking to do it if not. Raises: ValueError if the server_url is not acceptable. """ # It's just a waste of time on a headless bot (it can't do interactive login). if tools.is_headless() or net.get_oauth_config().disabled: return None server_url = normalize_host_url(server_url) service = AuthService(server_url) try: service.login(False) except IOError: raise ValueError('Failed to contact %s' % server_url) try: identity = service.get_current_identity() except AuthServiceError: raise ValueError('Failed to fetch identify from %s' % server_url) if identity == 'anonymous:anonymous': raise ValueError( 'Please login to %s: \n' ' python auth.py login --service=%s' % (server_url, server_url)) email = identity.split(':')[1] logging.info('Logged in to %s: %s', server_url, email) return email
def add_auth_options(parser): """Adds command line options related to authentication.""" parser.auth_group = optparse.OptionGroup(parser, 'Authentication') parser.auth_group.add_option( '--auth-method', metavar='METHOD', default='bot' if tools.is_headless() else 'oauth', help='Authentication method to use: %s. [default: %%default]' % ', '.join(net.AUTH_METHODS)) parser.add_option_group(parser.auth_group) oauth.add_oauth_options(parser)
def get_default_auth_config(): """Returns auth configuration used by default if configure_auth is not called. If running in a headless mode on bots, will use 'bot' auth, otherwise 'oauth' with default oauth config. Returns pair (auth method name, auth method config). """ if tools.is_headless(): return 'bot', None else: return 'oauth', oauth.make_oauth_config()
def make_oauth_config( disabled=None, tokens_cache=None, no_local_webserver=None, webserver_port=None, service_account_json=None): """Returns new instance of OAuthConfig. If some config option is not provided or None, it will be set to a reasonable default value. This function also acts as an authoritative place for default values of corresponding command line options. Args: disabled: True to completely turn off OAuth authentication. tokens_cache: path to a file with cached OAuth2 credentials. no_local_webserver: if True, do not try to run local web server that handles redirects. Use copy-pasted verification code instead. webserver_port: port to run local webserver on. service_account_json: path to JSON file with service account credentials. """ if tokens_cache is None: tokens_cache = os.environ.get( 'SWARMING_AUTH_TOKENS_CACHE', DEFAULT_OAUTH_TOKENS_CACHE) if no_local_webserver is None: no_local_webserver = tools.get_bool_env_var( 'SWARMING_AUTH_NO_LOCAL_WEBSERVER') if webserver_port is None: webserver_port = 8090 if service_account_json is None: service_account_json = os.environ.get('SWARMING_AUTH_SERVICE_ACCOUNT_JSON') use_luci_context_auth = has_local_auth() if disabled is None: disabled = (tools.is_headless() and not service_account_json and not use_luci_context_auth) if disabled: service_account_json = None use_luci_context_auth = False elif service_account_json and use_luci_context_auth: raise ValueError('Cannot use both service account and LUCI_CONTEXT') return OAuthConfig( disabled, tokens_cache, no_local_webserver, webserver_port, service_account_json, use_luci_context_auth)
def make_oauth_config( disabled=None, tokens_cache=None, no_local_webserver=None, webserver_port=None, service_account_json=None): """Returns new instance of OAuthConfig. If some config option is not provided or None, it will be set to a reasonable default value. This function also acts as an authoritative place for default values of corresponding command line options. Args: disabled: True to completely turn off OAuth authentication. tokens_cache: path to a file with cached OAuth2 credentials. no_local_webserver: if True, do not try to run local web server that handles redirects. Use copy-pasted verification code instead. webserver_port: port to run local webserver on. service_account_json: path to JSON file with service account credentials. """ if tokens_cache is None: tokens_cache = os.environ.get( 'SWARMING_AUTH_TOKENS_CACHE', DEFAULT_OAUTH_TOKENS_CACHE) if no_local_webserver is None: no_local_webserver = tools.get_bool_env_var( 'SWARMING_AUTH_NO_LOCAL_WEBSERVER') if webserver_port is None: webserver_port = 8090 if service_account_json is None: service_account_json = os.environ.get('SWARMING_AUTH_SERVICE_ACCOUNT_JSON') if disabled is None: disabled = tools.is_headless() and not service_account_json return OAuthConfig( disabled, tokens_cache, no_local_webserver, webserver_port, service_account_json)