def get_managed_fields(self): fields = ['username', 'password'] if(Setting.get_by_name('auth_container_email_header').app_settings_value): fields.append('email') if(Setting.get_by_name('auth_container_firstname_header').app_settings_value): fields.append('firstname') if(Setting.get_by_name('auth_container_lastname_header').app_settings_value): fields.append('lastname') return fields
def test_passing_list_setting_value_results_in_string_valued_setting(): assert Setting.get_by_name(name) is None setting = Setting.create_or_update(name, ['spam', 'eggs']) Session().flush() # must flush so we can delete it below try: assert Setting.get_by_name(name) is not None # Quirk: list value is stringified. assert Setting.get_by_name(name).app_settings_value \ == "['spam', 'eggs']" assert Setting.get_by_name(name).app_settings_type == 'unicode' finally: Session().delete(setting)
def get_managed_fields(self): fields = ['username', 'password'] if (Setting.get_by_name( 'auth_container_email_header').app_settings_value): fields.append('email') if (Setting.get_by_name( 'auth_container_firstname_header').app_settings_value): fields.append('firstname') if (Setting.get_by_name( 'auth_container_lastname_header').app_settings_value): fields.append('lastname') return fields
def __render(self, defaults, errors): c.defaults = {} c.plugin_settings = {} c.plugin_shortnames = {} for plugin in self.enabled_plugins: module = plugin.__class__.__module__ c.plugin_shortnames[module] = plugin.name c.plugin_settings[module] = plugin.plugin_settings() for v in c.plugin_settings[module]: fullname = "auth_%s_%s" % (plugin.name, v["name"]) if "default" in v: c.defaults[fullname] = v["default"] # Current values will be the default on the form, if there are any setting = Setting.get_by_name(fullname) if setting is not None: c.defaults[fullname] = setting.app_settings_value # we want to show , separated list of enabled plugins c.defaults['auth_plugins'] = ','.join(c.enabled_plugin_names) if defaults: c.defaults.update(defaults) log.debug(formatted_json(defaults)) return formencode.htmlfill.render( render('admin/auth/auth_settings.html'), defaults=c.defaults, errors=errors, prefix_error=False, encoding="UTF-8", force_defaults=False)
def get_settings(self): """Get plugin settings values.""" plugin_settings = {} for v in self.plugin_settings(): conf_key = "auth_%s_%s" % (self.name, v["name"]) setting = Setting.get_by_name(conf_key) plugin_settings[v["name"]] = setting.app_settings_value if setting else None return plugin_settings
def test_list_valued_setting_creation_requires_manual_value_formatting(): assert Setting.get_by_name(name) is None # Quirk: need manual formatting of list setting value. setting = Setting.create_or_update(name, 'spam,eggs', type='list') Session().flush() # must flush so we can delete it below try: assert setting.app_settings_value == ['spam', 'eggs'] finally: Session().delete(setting)
def get_auth_plugins(): """Return a list of instances of plugins that are available and enabled""" auth_plugins = [] for plugin_name in Setting.get_by_name("auth_plugins").app_settings_value: try: plugin = loadplugin(plugin_name) except Exception: log.exception('Failed to load authentication module %s' % (plugin_name)) else: auth_plugins.append(plugin) return auth_plugins
def create_default_options(self, skip_existing=False): """Creates default settings""" for k, v, t in [('default_repo_enable_locking', False, 'bool'), ('default_repo_enable_downloads', False, 'bool'), ('default_repo_enable_statistics', False, 'bool'), ('default_repo_private', False, 'bool'), ('default_repo_type', 'hg', 'unicode')]: if skip_existing and Setting.get_by_name(k) is not None: log.debug('Skipping option %s', k) continue setting = Setting(k, v, t) self.sa.add(setting)
def test_list_valued_setting_update(): assert Setting.get_by_name(name) is None setting = Setting.create_or_update(name, 'spam', type='list') Session().flush() # must flush so we can delete it below try: assert setting.app_settings_value == ['spam'] # Assign back setting value. setting.app_settings_value = setting.app_settings_value # Quirk: value is stringified on write and listified on read. assert setting.app_settings_value == ["['spam']"] setting.app_settings_value = setting.app_settings_value assert setting.app_settings_value == ["[\"['spam']\"]"] finally: Session().delete(setting)
def create_auth_plugin_options(self, skip_existing=False): """ Create default auth plugin settings, and make it active :param skip_existing: """ for k, v, t in [('auth_plugins', 'kallithea.lib.auth_modules.auth_internal', 'list'), ('auth_internal_enabled', 'True', 'bool')]: if skip_existing and Setting.get_by_name(k) != None: log.debug('Skipping option %s' % k) continue setting = Setting(k, v, t) self.sa.add(setting)
def create_auth_plugin_options(self, skip_existing=False): """ Create default auth plugin settings, and make it active :param skip_existing: """ for k, v, t in [('auth_plugins', 'kallithea.lib.auth_modules.auth_internal', 'list'), ('auth_internal_enabled', 'True', 'bool')]: if skip_existing and Setting.get_by_name(k) is not None: log.debug('Skipping option %s', k) continue setting = Setting(k, v, t) self.sa.add(setting)
def create_default_options(self, skip_existing=False): """Creates default settings""" for k, v, t in [ ('default_repo_enable_locking', False, 'bool'), ('default_repo_enable_downloads', False, 'bool'), ('default_repo_enable_statistics', False, 'bool'), ('default_repo_private', False, 'bool'), ('default_repo_type', 'hg', 'unicode')]: if skip_existing and Setting.get_by_name(k) is not None: log.debug('Skipping option %s' % k) continue setting = Setting(k, v, t) self.sa.add(setting)
def index(self, defaults=None, errors=None, prefix_error=False): self.__load_defaults() _defaults = {} # default plugins loaded formglobals = { "auth_plugins": ["kallithea.lib.auth_modules.auth_internal"] } formglobals.update(Setting.get_auth_settings()) formglobals["plugin_settings"] = {} formglobals["auth_plugins_shortnames"] = {} _defaults["auth_plugins"] = formglobals["auth_plugins"] for module in formglobals["auth_plugins"]: plugin = auth_modules.loadplugin(module) plugin_name = plugin.name formglobals["auth_plugins_shortnames"][module] = plugin_name formglobals["plugin_settings"][module] = plugin.plugin_settings() for v in formglobals["plugin_settings"][module]: fullname = ("auth_" + plugin_name + "_" + v["name"]) if "default" in v: _defaults[fullname] = v["default"] # Current values will be the default on the form, if there are any setting = Setting.get_by_name(fullname) if setting: _defaults[fullname] = setting.app_settings_value # we want to show , separated list of enabled plugins _defaults['auth_plugins'] = ','.join(_defaults['auth_plugins']) if defaults: _defaults.update(defaults) formglobals["defaults"] = _defaults # set template context variables for k, v in formglobals.iteritems(): setattr(c, k, v) log.debug(pprint.pformat(formglobals, indent=4)) log.debug(formatted_json(defaults)) return formencode.htmlfill.render( render('admin/auth/auth_settings.html'), defaults=_defaults, errors=errors, prefix_error=prefix_error, encoding="UTF-8", force_defaults=False)
def authenticate(username, password, environ=None): """ Authentication function used for access control, It tries to authenticate based on enabled authentication modules. :param username: username can be empty for container auth :param password: password can be empty for container auth :param environ: environ headers passed for container auth :returns: None if auth failed, user_data dict if auth is correct """ auth_plugins = Setting.get_auth_plugins() log.debug('Authentication against %s plugins', auth_plugins) for module in auth_plugins: try: plugin = loadplugin(module) except (ImportError, AttributeError, TypeError) as e: raise ImportError('Failed to load authentication module %s : %s' % (module, str(e))) log.debug('Trying authentication using ** %s **', module) # load plugin settings from Kallithea database plugin_name = plugin.name plugin_settings = {} for v in plugin.plugin_settings(): conf_key = "auth_%s_%s" % (plugin_name, v["name"]) setting = Setting.get_by_name(conf_key) plugin_settings[v["name"]] = setting.app_settings_value if setting else None log.debug('Plugin settings \n%s', formatted_json(plugin_settings)) if not str2bool(plugin_settings["enabled"]): log.info("Authentication plugin %s is disabled, skipping for %s", module, username) continue # use plugin's method of user extraction. user = plugin.get_user(username, environ=environ, settings=plugin_settings) log.debug('Plugin %s extracted user is `%s`', module, user) if not plugin.accepts(user): log.debug('Plugin %s does not accept user `%s` for authentication', module, user) continue else: log.debug('Plugin %s accepted user `%s` for authentication', module, user) # The user might have tried to authenticate using their email address, # then the username variable wouldn't contain a valid username. # But as the plugin has accepted the user, .username field should # have a valid username, so use it for authentication purposes. if user is not None: username = user.username log.info('Authenticating user using %s plugin', plugin.__module__) # _authenticate is a wrapper for .auth() method of plugin. # it checks if .auth() sends proper data. For KallitheaExternalAuthPlugin # it also maps users to Database and maps the attributes returned # from .auth() to Kallithea database. If this function returns data # then auth is correct. user_data = plugin._authenticate(user, username, password, plugin_settings, environ=environ or {}) log.debug('PLUGIN USER DATA: %s', user_data) if user_data is not None: log.debug('Plugin returned proper authentication data') return user_data # we failed to Auth because .auth() method didn't return the user if username: log.warning("User `%s` failed to authenticate against %s", username, plugin.__module__) return None
def authenticate(username, password, environ=None): """ Authentication function used for access control, It tries to authenticate based on enabled authentication modules. :param username: username can be empty for container auth :param password: password can be empty for container auth :param environ: environ headers passed for container auth :returns: None if auth failed, plugin_user dict if auth is correct """ auth_plugins = Setting.get_auth_plugins() log.debug('Authentication against %s plugins' % (auth_plugins, )) for module in auth_plugins: try: plugin = loadplugin(module) except (ImportError, AttributeError, TypeError), e: raise ImportError('Failed to load authentication module %s : %s' % (module, str(e))) log.debug('Trying authentication using ** %s **' % (module, )) # load plugin settings from Kallithea database plugin_name = plugin.name plugin_settings = {} for v in plugin.plugin_settings(): conf_key = "auth_%s_%s" % (plugin_name, v["name"]) setting = Setting.get_by_name(conf_key) plugin_settings[ v["name"]] = setting.app_settings_value if setting else None log.debug('Plugin settings \n%s' % formatted_json(plugin_settings)) if not str2bool(plugin_settings["enabled"]): log.info("Authentication plugin %s is disabled, skipping for %s" % (module, username)) continue # use plugin's method of user extraction. user = plugin.get_user(username, environ=environ, settings=plugin_settings) log.debug('Plugin %s extracted user is `%s`' % (module, user)) if not plugin.accepts(user): log.debug( 'Plugin %s does not accept user `%s` for authentication' % (module, user)) continue else: log.debug('Plugin %s accepted user `%s` for authentication' % (module, user)) log.info('Authenticating user using %s plugin' % plugin.__module__) # _authenticate is a wrapper for .auth() method of plugin. # it checks if .auth() sends proper data. For KallitheaExternalAuthPlugin # it also maps users to Database and maps the attributes returned # from .auth() to Kallithea database. If this function returns data # then auth is correct. plugin_user = plugin._authenticate(user, username, password, plugin_settings, environ=environ or {}) log.debug('PLUGIN USER DATA: %s' % plugin_user) if plugin_user: log.debug('Plugin returned proper authentication data') return plugin_user # we failed to Auth because .auth() method didn't return proper the user if username: log.warning("User `%s` failed to authenticate against %s" % (username, plugin.__module__))
def authenticate(username, password, environ=None): """ Authentication function used for access control, It tries to authenticate based on enabled authentication modules. :param username: username can be empty for container auth :param password: password can be empty for container auth :param environ: environ headers passed for container auth :returns: None if auth failed, user_data dict if auth is correct """ auth_plugins = get_auth_plugins() for plugin in auth_plugins: module = plugin.__class__.__module__ log.debug('Trying authentication using %s', module) # load plugin settings from Kallithea database plugin_name = plugin.name plugin_settings = {} for v in plugin.plugin_settings(): conf_key = "auth_%s_%s" % (plugin_name, v["name"]) setting = Setting.get_by_name(conf_key) plugin_settings[ v["name"]] = setting.app_settings_value if setting else None log.debug('Settings for auth plugin %s:\n%s', plugin_name, formatted_json(plugin_settings)) if not str2bool(plugin_settings["enabled"]): log.info("Authentication plugin %s is disabled, skipping for %s", module, username) continue # use plugin's method of user extraction. user = plugin.get_user(username, environ=environ, settings=plugin_settings) log.debug('Plugin %s extracted user `%s`', module, user) if not plugin.accepts(user): log.debug('Plugin %s does not accept user `%s` for authentication', module, user) continue else: log.debug('Plugin %s accepted user `%s` for authentication', module, user) # The user might have tried to authenticate using their email address, # then the username variable wouldn't contain a valid username. # But as the plugin has accepted the user, .username field should # have a valid username, so use it for authentication purposes. if user is not None: username = user.username log.info('Authenticating user using %s plugin', module) # _authenticate is a wrapper for .auth() method of plugin. # it checks if .auth() sends proper data. For KallitheaExternalAuthPlugin # it also maps users to Database and maps the attributes returned # from .auth() to Kallithea database. If this function returns data # then auth is correct. user_data = plugin._authenticate(user, username, password, plugin_settings, environ=environ or {}) log.debug('Plugin user data: %s', user_data) if user_data is not None: log.debug('Plugin returned proper authentication data') return user_data # we failed to Auth because .auth() method didn't return the user if username: log.warning("User `%s` failed to authenticate against %s", username, module) return None