def unauthenticated_userid(self, request): # If we're calling into this API on a request, then we want to register # a callback which will ensure that the response varies based on the # Cookie header. request.add_response_callback(add_vary_callback("Cookie")) # Dispatch to the real SessionAuthenticationPolicy return super().unauthenticated_userid(request)
def wrapper_view(context, request): try: cacher = request.find_service(IOriginCache) except LookupError: pass else: request.add_response_callback( functools.partial(cacher.cache, ["all-html", renderer.name])) # This is a custom header set in our VCL based on the _LOCALE_ # cookie value request.add_response_callback(add_vary_callback("PyPI-Locale")) return view(context, request)
def unauthenticated_userid(self, request): # If we're calling into this API on a request, then we want to register # a callback which will ensure that the response varies based on the # Authorization header. request.add_response_callback(add_vary_callback("Authorization")) # Dispatch to the real basic authentication policy username = super().unauthenticated_userid(request) # Assuming we got a username from the basic authentication policy, we # want to locate the userid from the IUserService. if username is not None: login_service = request.find_service(IUserService, context=None) return str(login_service.find_userid(username))
def unauthenticated_userid(self, request): # If we're calling into this API on a request, then we want to register # a callback which will ensure that the response varies based on the # Authorization header. request.add_response_callback(add_vary_callback("Authorization")) # We need to extract our Macaroon from the request. macaroon = _extract_http_macaroon(request) if macaroon is None: return None # Check to see if our Macaroon exists in the database, and if so # fetch the user that is associated with it. macaroon_service = request.find_service(IMacaroonService, context=None) return str(macaroon_service.find_userid(macaroon))
def identity(self, request): # If we're calling into this API on a request, then we want to register # a callback which will ensure that the response varies based on the # Authorization header. request.add_response_callback(add_vary_callback("Authorization")) request.authentication_method = AuthenticationMethod.BASIC_AUTH credentials = extract_http_basic_credentials(request) if credentials is None: return None username, password = credentials if not _basic_auth_check(username, password, request): return None # Like sessions; basic auth can only authenticate users. login_service = request.find_service(IUserService, context=None) return login_service.get_user_by_username(username)
def esi_include(ctx, path, cookies=False): request = ctx.get("request") or get_current_request() if request.registry.settings.get("warehouse.prevent_esi", False): return "" try: cacher = request.find_service(IOriginCache) except ValueError: subreq = Request.blank(path) if cookies: subreq.cookies.update(request.cookies) request.add_response_callback(add_vary_callback("Cookie")) resp = request.invoke_subrequest(subreq, use_tweens=True) include = resp.body.decode(resp.charset) else: include = cacher.esi_include(request, path, cookies=cookies) return jinja2.Markup(include)
def identity(self, request): # If we're calling into this API on a request, then we want to register # a callback which will ensure that the response varies based on the # Cookie header. request.add_response_callback(add_vary_callback("Cookie")) request.authentication_method = AuthenticationMethod.SESSION # A route must be matched if not request.matched_route: return None # Session authentication cannot be used for uploading if request.matched_route.name == "forklift.legacy.file_upload": return None userid = self._session_helper.authenticated_userid(request) if userid is None: return None login_service = request.find_service(IUserService, context=None) # A user might delete their account and immediately issue a request # while the deletion is processing, causing the session check # (via authenticated_userid above) to pass despite the user no longer # existing. We catch that here to avoid raising during the password # staleness check immediately below. user = login_service.get_user(userid) if user is None: return None # Our session might be "valid" despite predating a password change. if request.session.password_outdated( login_service.get_password_timestamp(userid)): request.session.invalidate() request.session.flash("Session invalidated by password change", queue="error") return None # Sessions can only authenticate users, not any other type of identity. return user