コード例 #1
0
 def __load_defaults(self):
     c.available_plugins = [
         'kallithea.lib.auth_modules.auth_internal',
         'kallithea.lib.auth_modules.auth_container',
         'kallithea.lib.auth_modules.auth_ldap',
         'kallithea.lib.auth_modules.auth_crowd',
         'kallithea.lib.auth_modules.auth_pam'
     ]
     c.enabled_plugins = Setting.get_auth_plugins()
コード例 #2
0
 def __load_defaults(self):
     c.available_plugins = [
         'kallithea.lib.auth_modules.auth_internal',
         'kallithea.lib.auth_modules.auth_container',
         'kallithea.lib.auth_modules.auth_ldap',
         'kallithea.lib.auth_modules.auth_crowd',
         'kallithea.lib.auth_modules.auth_pam'
     ]
     c.enabled_plugins = Setting.get_auth_plugins()
コード例 #3
0
def get_managed_fields(user):
    """return list of fields that are managed by the user's auth source, usually some of
    'username', 'firstname', 'lastname', 'email', 'active', 'password'
    """
    auth_plugins = Setting.get_auth_plugins()
    for module in auth_plugins:
        log.debug('testing %s (%s) with auth plugin %s', user, user.extern_type, module)
        plugin = loadplugin(module)
        if plugin.name == user.extern_type:
            return plugin.get_managed_fields()
    log.error('no auth plugin %s found for %s', user.extern_type, user)
    return [] # TODO: Fail badly instead of allowing everything to be edited?
コード例 #4
0
    def _determine_auth_user(api_key, session_authuser):
        """
        Create an `AuthUser` object given the API key (if any) and the
        value of the authuser session cookie.
        """

        # Authenticate by API key
        if api_key:
            # when using API_KEY we are sure user exists.
            return AuthUser(dbuser=User.get_by_api_key(api_key),
                            is_external_auth=True)

        # Authenticate by session cookie
        # In ancient login sessions, 'authuser' may not be a dict.
        # In that case, the user will have to log in again.
        # v0.3 and earlier included an 'is_authenticated' key; if present,
        # this must be True.
        if isinstance(session_authuser, dict) and session_authuser.get('is_authenticated', True):
            try:
                return AuthUser.from_cookie(session_authuser)
            except UserCreationError as e:
                # container auth or other auth functions that create users on
                # the fly can throw UserCreationError to signal issues with
                # user creation. Explanation should be provided in the
                # exception object.
                from kallithea.lib import helpers as h
                h.flash(e, 'error', logf=log.error)

        # Authenticate by auth_container plugin (if enabled)
        if any(
            auth_modules.importplugin(name).is_container_auth
            for name in Setting.get_auth_plugins()
        ):
            try:
                user_info = auth_modules.authenticate('', '', request.environ)
            except UserCreationError as e:
                from kallithea.lib import helpers as h
                h.flash(e, 'error', logf=log.error)
            else:
                if user_info is not None:
                    username = user_info['username']
                    user = User.get_by_username(username, case_insensitive=True)
                    return log_in_user(user, remember=False,
                                       is_external_auth=True)

        # User is anonymous
        return AuthUser()
コード例 #5
0
def authenticate(username, password, environ=None):
    """
    Authentication function used for access control,
    It tries to authenticate based on enabled authentication modules.

    :param username: username can be empty for container auth
    :param password: password can be empty for container auth
    :param environ: environ headers passed for container auth
    :returns: None if auth failed, plugin_user dict if auth is correct
    """

    auth_plugins = Setting.get_auth_plugins()
    log.debug('Authentication against %s plugins' % (auth_plugins, ))
    for module in auth_plugins:
        try:
            plugin = loadplugin(module)
        except (ImportError, AttributeError, TypeError), e:
            raise ImportError('Failed to load authentication module %s : %s' %
                              (module, str(e)))
        log.debug('Trying authentication using ** %s **' % (module, ))
        # load plugin settings from Kallithea database
        plugin_name = plugin.name
        plugin_settings = {}
        for v in plugin.plugin_settings():
            conf_key = "auth_%s_%s" % (plugin_name, v["name"])
            setting = Setting.get_by_name(conf_key)
            plugin_settings[
                v["name"]] = setting.app_settings_value if setting else None
        log.debug('Plugin settings \n%s' % formatted_json(plugin_settings))

        if not str2bool(plugin_settings["enabled"]):
            log.info("Authentication plugin %s is disabled, skipping for %s" %
                     (module, username))
            continue

        # use plugin's method of user extraction.
        user = plugin.get_user(username,
                               environ=environ,
                               settings=plugin_settings)
        log.debug('Plugin %s extracted user is `%s`' % (module, user))
        if not plugin.accepts(user):
            log.debug(
                'Plugin %s does not accept user `%s` for authentication' %
                (module, user))
            continue
        else:
            log.debug('Plugin %s accepted user `%s` for authentication' %
                      (module, user))

        log.info('Authenticating user using %s plugin' % plugin.__module__)
        # _authenticate is a wrapper for .auth() method of plugin.
        # it checks if .auth() sends proper data. For KallitheaExternalAuthPlugin
        # it also maps users to Database and maps the attributes returned
        # from .auth() to Kallithea database. If this function returns data
        # then auth is correct.
        plugin_user = plugin._authenticate(user,
                                           username,
                                           password,
                                           plugin_settings,
                                           environ=environ or {})
        log.debug('PLUGIN USER DATA: %s' % plugin_user)

        if plugin_user:
            log.debug('Plugin returned proper authentication data')
            return plugin_user

        # we failed to Auth because .auth() method didn't return proper the user
        if username:
            log.warning("User `%s` failed to authenticate against %s" %
                        (username, plugin.__module__))
コード例 #6
0
ファイル: login.py プロジェクト: msabramo/kallithea
                return htmlfill.render(
                    render('/login.html'),
                    defaults=errors.value,
                    errors=errors.error_dict or {},
                    prefix_error=False,
                    encoding="UTF-8",
                    force_defaults=False)
            except UserCreationError, e:
                # container auth or other auth functions that create users on
                # the fly can throw this exception signaling that there's issue
                # with user creation, explanation should be provided in
                # Exception itself
                h.flash(e, 'error')

        # check if we use container plugin, and try to login using it.
        auth_plugins = Setting.get_auth_plugins()
        if any((importplugin(name).is_container_auth for name in auth_plugins)):
            from kallithea.lib import auth_modules
            try:
                auth_info = auth_modules.authenticate('', '', request.environ)
            except UserCreationError, e:
                log.error(e)
                h.flash(e, 'error')
                # render login, with flash message about limit
                return render('/login.html')

            if auth_info:
                headers = self._store_user_in_session(auth_info.get('username'))
                raise HTTPFound(location=c.came_from, headers=headers)
        return render('/login.html')
コード例 #7
0
def authenticate(username, password, environ=None):
    """
    Authentication function used for access control,
    It tries to authenticate based on enabled authentication modules.

    :param username: username can be empty for container auth
    :param password: password can be empty for container auth
    :param environ: environ headers passed for container auth
    :returns: None if auth failed, user_data dict if auth is correct
    """

    auth_plugins = Setting.get_auth_plugins()
    log.debug('Authentication against %s plugins', auth_plugins)
    for module in auth_plugins:
        try:
            plugin = loadplugin(module)
        except (ImportError, AttributeError, TypeError) as e:
            raise ImportError('Failed to load authentication module %s : %s'
                              % (module, str(e)))
        log.debug('Trying authentication using ** %s **', module)
        # load plugin settings from Kallithea database
        plugin_name = plugin.name
        plugin_settings = {}
        for v in plugin.plugin_settings():
            conf_key = "auth_%s_%s" % (plugin_name, v["name"])
            setting = Setting.get_by_name(conf_key)
            plugin_settings[v["name"]] = setting.app_settings_value if setting else None
        log.debug('Plugin settings \n%s', formatted_json(plugin_settings))

        if not str2bool(plugin_settings["enabled"]):
            log.info("Authentication plugin %s is disabled, skipping for %s",
                     module, username)
            continue

        # use plugin's method of user extraction.
        user = plugin.get_user(username, environ=environ,
                               settings=plugin_settings)
        log.debug('Plugin %s extracted user is `%s`', module, user)
        if not plugin.accepts(user):
            log.debug('Plugin %s does not accept user `%s` for authentication',
                      module, user)
            continue
        else:
            log.debug('Plugin %s accepted user `%s` for authentication',
                      module, user)
            # The user might have tried to authenticate using their email address,
            # then the username variable wouldn't contain a valid username.
            # But as the plugin has accepted the user, .username field should
            # have a valid username, so use it for authentication purposes.
            if user is not None:
                username = user.username

        log.info('Authenticating user using %s plugin', plugin.__module__)

        # _authenticate is a wrapper for .auth() method of plugin.
        # it checks if .auth() sends proper data. For KallitheaExternalAuthPlugin
        # it also maps users to Database and maps the attributes returned
        # from .auth() to Kallithea database. If this function returns data
        # then auth is correct.
        user_data = plugin._authenticate(user, username, password,
                                           plugin_settings,
                                           environ=environ or {})
        log.debug('PLUGIN USER DATA: %s', user_data)

        if user_data is not None:
            log.debug('Plugin returned proper authentication data')
            return user_data

        # we failed to Auth because .auth() method didn't return the user
        if username:
            log.warning("User `%s` failed to authenticate against %s",
                        username, plugin.__module__)
    return None
コード例 #8
0
                del defaults['password']
                return htmlfill.render(render('/login.html'),
                                       defaults=errors.value,
                                       errors=errors.error_dict or {},
                                       prefix_error=False,
                                       encoding="UTF-8",
                                       force_defaults=False)
            except UserCreationError, e:
                # container auth or other auth functions that create users on
                # the fly can throw this exception signaling that there's issue
                # with user creation, explanation should be provided in
                # Exception itself
                h.flash(e, 'error')

        # check if we use container plugin, and try to login using it.
        auth_plugins = Setting.get_auth_plugins()
        if any(
            (importplugin(name).is_container_auth for name in auth_plugins)):
            from kallithea.lib import auth_modules
            try:
                auth_info = auth_modules.authenticate('', '', request.environ)
            except UserCreationError, e:
                log.error(e)
                h.flash(e, 'error')
                # render login, with flash message about limit
                return render('/login.html')

            if auth_info:
                headers = self._store_user_in_session(
                    auth_info.get('username'))
                raise HTTPFound(location=c.came_from, headers=headers)