예제 #1
0
    def __init__(self,
                 openid_provider,
                 check_certificate=True,
                 **kwargs):
        unknown = []
        self.permissions = {}
        for group in kwargs:
            self.permissions[group] = []
            for perm in kwargs[group]:
                if perm in Authz.knownActions:
                    self.permissions[group].append(perm)
                else:
                    unknown.append(perm)

        self.openid_provider = openid_provider
        self.sessions = SessionManager()
        self.init_childs = False
        if not check_certificate:
            setDefaultFetcher(Urllib2Fetcher())
        # This makes us get self.master as per baseweb.py:472
        self.auth = self
        # This makes the login form be a link
        self.useHttpHeader = True
        self.httpLoginUrl = '/_openid_start/'

        if unknown != []:
            raise ValueError('Unknown authorization action(s) ' +
                             ', '.join(unknown))
예제 #2
0
    def __init__(self, url, client_id, client_secret, root_uri, **kwargs):
        unknown = []
        self.permissions = {}
        for group in kwargs:
            self.permissions[group] = []
            for perm in kwargs[group]:
                if perm in Authz.knownActions:
                    self.permissions[group].append(perm)
                else:
                    unknown.append(perm)

        self.url = url
        self.client_id = client_id
        self.client_secret = client_secret
        self.root_uri = root_uri
        self.sessions = SessionManager()
        self.init_childs = False
        # This makes us get self.master as per baseweb.py:472
        self.auth = self
        # This makes the login form be a link
        self.useHttpHeader = True
        self.httpLoginUrl = '/_github_oauth2_handler'

        if unknown != []:
            raise ValueError('Unknown authorization action(s) ' +
                             ', '.join(unknown))
예제 #3
0
    def __init__(self,
                 default_action=False,
                 auth=None,
                 useHttpHeader=False,
                 httpLoginUrl=False,
                 view=True,
                 **kwargs):
        self.auth = auth
        if auth:
            assert IAuth.providedBy(auth)

        self.useHttpHeader = useHttpHeader
        self.httpLoginUrl = httpLoginUrl

        self.config = dict((a, default_action) for a in self.knownActions)
        self.config['view'] = view
        for act in self.knownActions:
            if act in kwargs:
                self.config[act] = kwargs[act]
                del kwargs[act]

        self.sessions = SessionManager()
        if kwargs:
            raise ValueError("unknown authorization action(s) " +
                             ", ".join(kwargs.keys()))
예제 #4
0
    def __init__(self, url, client_id, client_secret, root_uri, **kwargs):
        unknown = []
        self.permissions = {}
        for group in kwargs:
            self.permissions[group] = []
            for perm in kwargs[group]:
                if perm in Authz.knownActions:
                    self.permissions[group].append(perm)
                else:
                    unknown.append(perm)

        self.url = url
        self.client_id = client_id
        self.client_secret = client_secret
        self.root_uri = root_uri
        self.sessions = SessionManager()
        self.init_childs = False
        # This makes us get self.master as per baseweb.py:472
        self.auth = self
        # This makes the login form be a link
        self.useHttpHeader = True
        self.httpLoginUrl = "/_google_oauth2_handler"

        if unknown != []:
            raise ValueError("Unknown authorization action(s) " + ", ".join(unknown))
예제 #5
0
파일: authz.py 프로젝트: jimbru/buildbot
    def __init__(self,
            default_action=False,
            auth=None,
            useHttpHeader=False,
            httpLoginUrl=False,
            **kwargs):
        self.auth = auth
        if auth:
            assert IAuth.providedBy(auth)

        self.useHttpHeader = useHttpHeader
        if httpLoginUrl:
            self.httpLoginUrl = httpLoginUrl
        elif auth is not None:
            self.httpLoginUrl = auth.getLoginUrl()
        else:
            self.httpLoginUrl = None

        self.config = dict( (a, default_action) for a in self.knownActions )
        for act in self.knownActions:
            if act in kwargs:
                self.config[act] = kwargs[act]
                del kwargs[act]

        self.sessions = SessionManager()
        if kwargs:
            raise ValueError("unknown authorization action(s) " + ", ".join(kwargs.keys()))
예제 #6
0
    def __init__(self,
                 openid_provider,
                 check_certificate=True,
                 **kwargs):
        unknown = []
        self.permissions = {}
        for group in kwargs:
            # Work around the limitations of python identifiers:
            # python identifiers don't support dashes, while unix group names do
            # This is admittedly a hack, but if you have a better way: a PR is welcome
            group = group.replace('_DASH_', '-')

            self.permissions[group] = []
            for perm in kwargs[group]:
                if perm in Authz.knownActions:
                    self.permissions[group].append(perm)
                else:
                    unknown.append(perm)

        self.openid_provider = openid_provider
        self.sessions = SessionManager()
        self.init_childs = False
        if not check_certificate:
            setDefaultFetcher(Urllib2Fetcher())
        # This makes us get self.master as per baseweb.py:472
        self.auth = self
        # This makes the login form be a link
        self.useHttpHeader = True

        if unknown != []:
            raise ValueError('Unknown authorization action(s) ' +
                             ', '.join(unknown))
예제 #7
0
class OpenIDHandle(object):
    def __init__(self, root_url):
        self.root_url = root_url
        self.isLeaf = True
        self.sessions = SessionManager()

    def flatten_args(self, request):
        # Flatten args (twisted returns arrays). Just always take first
        args = {}
        for arg in request.args:
            args[arg] = request.args.get(arg)[0]
        return args

    def render(self, request):
        session = {}
        return_to = self.root_url + '_openid_handle/'
        oidconsumer = consumer.Consumer(session, None)
        info = oidconsumer.complete(self.flatten_args(request), return_to)
        display_identifier = info.getDisplayIdentifier()

        if info.status == consumer.FAILURE and display_identifier:
            return 'OpenID Error: %s' % display_identifier
        elif info.status == consumer.CANCEL:
            return 'Cancelled'
        elif info.status == consumer.SUCCESS:
            # Success happened!
            sreg_resp = sreg.SRegResponse.fromSuccessResponse(info)
            teams_resp = teams.TeamsResponse.fromSuccessResponse(info)
            user = {'fullName': '', 'userName': '', 'email': '',
                    'groups': []}
            if not sreg_resp:
                return 'No sreg?'
            user['userName'] = sreg_resp.get('nickname')
            user['fullName'] = sreg_resp.get('fullname')
            user['email'] = sreg_resp.get('email')
            if teams_resp:
                user['groups'] = frozenset(teams_resp.teams)
            cookie, s = self.sessions.new(user['userName'], user)
            request.addCookie(COOKIE_KEY, cookie, expires=s.getExpiration(),
                              path="/")
            request.received_cookies = {COOKIE_KEY: cookie}
            request.redirect(self.root_url)
            return 'DONE'
        else:
            return 'Strange state: %s' % info.status

        try:
            request.finish()
        except RuntimeError:
            # this occurs when the client has already disconnected; ignore
            # it (see #2027)
            log.msg("http client disconnected before results were sent")
예제 #8
0
class OpenIDHandle(object):
    def __init__(self, root_url):
        self.root_url = root_url
        self.isLeaf = True
        self.sessions = SessionManager()

    def flatten_args(self, request):
        # Flatten args (twisted returns arrays). Just always take first
        args = {}
        for arg in request.args:
            args[arg] = request.args.get(arg)[0]
        return args

    def render(self, request):
        session = {}
        return_to = self.root_url + '_openid_handle/'
        oidconsumer = consumer.Consumer(session, None)
        info = oidconsumer.complete(self.flatten_args(request), return_to)
        display_identifier = info.getDisplayIdentifier()

        if info.status == consumer.FAILURE and display_identifier:
            return 'OpenID Error: %s' % display_identifier
        elif info.status == consumer.CANCEL:
            return 'Cancelled'
        elif info.status == consumer.SUCCESS:
            # Success happened!
            sreg_resp = sreg.SRegResponse.fromSuccessResponse(info)
            teams_resp = teams.TeamsResponse.fromSuccessResponse(info)
            user = {'fullName': '', 'userName': '', 'email': '',
                    'groups': []}
            if not sreg_resp:
                return 'No sreg?'
            user['userName'] = sreg_resp.get('nickname')
            user['fullName'] = sreg_resp.get('fullname')
            user['email'] = sreg_resp.get('email')
            if teams_resp:
                user['groups'] = frozenset(teams_resp.teams)
            cookie, s = self.sessions.new(user['userName'], user)
            request.addCookie(COOKIE_KEY, cookie, expires=s.getExpiration(),
                              path="/")
            request.received_cookies = {COOKIE_KEY: cookie}
            request.redirect(self.root_url)
            return 'DONE'
        else:
            return 'Strange state: %s' % info.status

        try:
            request.finish()
        except RuntimeError:
            # this occurs when the client has already disconnected; ignore
            # it (see #2027)
            log.msg("http client disconnected before results were sent")
예제 #9
0
class Authz(object):
    """Decide who can do what."""

    knownActions = [
    # If you add a new action here, be sure to also update the documentation
    # at docs/manual/cfg-statustargets.rst.
            'view',
            'gracefulShutdown',
            'forceBuild',
            'forceAllBuilds',
            'pingBuilder',
            'stopBuild',
            'stopAllBuilds',
            'cancelPendingBuild',
            'cancelAllPendingBuilds',
            'stopChange',
            'cleanShutdown',
            'showUsersPage',
            'pauseSlave',
    ]

    def __init__(self,
            default_action=False,
            auth=None,
            useHttpHeader=False,
            httpLoginUrl=False,
            view=True,
            **kwargs):
        self.auth = auth
        if auth:
            assert IAuth.providedBy(auth)

        self.useHttpHeader = useHttpHeader
        self.httpLoginUrl = httpLoginUrl

        self.config = dict( (a, default_action) for a in self.knownActions )
        self.config['view'] = view
        for act in self.knownActions:
            if act in kwargs:
                self.config[act] = kwargs[act]
                del kwargs[act]

        self.sessions = SessionManager()
        if kwargs:
            raise ValueError("unknown authorization action(s) " + ", ".join(kwargs.keys()))

    def session(self, request):
        if COOKIE_KEY in request.received_cookies:
            cookie = request.received_cookies[COOKIE_KEY]
            return self.sessions.get(cookie)
        return None
            
    def authenticated(self, request):
        if self.useHttpHeader:
            return request.getUser() != ''
        return self.session(request) != None

    def getUserInfo(self, user):
        if self.useHttpHeader:
            return dict(userName=user, fullName=user, email=user, groups=[ user ])
        s = self.sessions.getUser(user)
        if s:
            return s.infos

    def getUsername(self, request):
        """Get the userid of the user"""
        if self.useHttpHeader:
            return request.getUser()
        s = self.session(request)
        if s:
            return s.user
        return request.args.get("username", ["<unknown>"])[0]

    def getUsernameHTML(self, request):
        """Get the user formatted in html (with possible link to email)"""
        if self.useHttpHeader:
            return request.getUser()
        s = self.session(request)
        if s:
            return s.userInfosHTML()
        return "not authenticated?!"

    def getUsernameFull(self, request):
        """Get the full username as fullname <email>"""
        if self.useHttpHeader:
            return request.getUser()
        s = self.session(request)
        if s:
            return "%(fullName)s <%(email)s>" % (s.infos)
        else:
            return request.args.get("username", ["<unknown>"])[0]


    def getPassword(self, request):
        if self.useHttpHeader:
            return request.getPassword()
        return request.args.get("passwd", ["<no-password>"])[0]

    def advertiseAction(self, action, request):
        """Should the web interface even show the form for ACTION?"""
        if action not in self.knownActions:
            raise KeyError("unknown action")
        cfg = self.config.get(action, False)
        if cfg:
            if cfg == 'auth' or callable(cfg):
                return self.authenticated(request)
        return cfg

    def actionAllowed(self, action, request, *args):
        """Is this ACTION allowed, given this http REQUEST?"""
        if action not in self.knownActions:
            raise KeyError("unknown action")
        cfg = self.config.get(action, False)
        if cfg:
            if cfg == 'auth' or callable(cfg):
                if not self.auth:
                    return defer.succeed(False)
                def check_authenticate(res):
                    if callable(cfg) and not cfg(self.getUsername(request), *args):
                        return False
                    return True
                # retain old behaviour, if people have scripts
                # without cookie support
                passwd = self.getPassword(request)
                if self.authenticated(request):
                    return defer.succeed(check_authenticate(None))
                elif passwd != "<no-password>":
                    def check_login(cookie):
                        ret = False
                        if type(cookie) is str:
                            ret = check_authenticate(None)
                            self.sessions.remove(cookie)
                        return ret
                    d = self.login(request)
                    d.addBoth(check_login)
                    return d
                else:
                    return defer.succeed(False)
        return defer.succeed(cfg)

    def login(self, request):
        """Login one user, and return session cookie"""
        if self.authenticated(request):
            return defer.succeed(False)

        user = request.args.get("username", ["<unknown>"])[0]
        passwd = request.args.get("passwd", ["<no-password>"])[0]
        if user == "<unknown>" or passwd == "<no-password>":
            return defer.succeed(False)
        if not self.auth:
            return defer.succeed(False)
        d = defer.maybeDeferred(self.auth.authenticate, user, passwd)
        def check_authenticate(res):
            if res:
                cookie, s = self.sessions.new(user, self.auth.getUserInfo(user))
                request.addCookie(COOKIE_KEY, cookie, expires=s.getExpiration(),path="/")
                request.received_cookies = {COOKIE_KEY:cookie}
                return cookie
            else:
                return False
        d.addBoth(check_authenticate)
        return d

    def logout(self, request):
        if COOKIE_KEY in request.received_cookies:
            cookie = request.received_cookies[COOKIE_KEY]
            self.sessions.remove(cookie)
예제 #10
0
class GoogleOAuth2AuthZ(object):
    """Decide who can do what."""

    def __init__(self, url, client_id, client_secret, root_uri, **kwargs):
        unknown = []
        self.permissions = {}
        for group in kwargs:
            self.permissions[group] = []
            for perm in kwargs[group]:
                if perm in Authz.knownActions:
                    self.permissions[group].append(perm)
                else:
                    unknown.append(perm)

        self.url = url
        self.client_id = client_id
        self.client_secret = client_secret
        self.root_uri = root_uri
        self.sessions = SessionManager()
        self.init_childs = False
        # This makes us get self.master as per baseweb.py:472
        self.auth = self
        # This makes the login form be a link
        self.useHttpHeader = True
        self.httpLoginUrl = "/_google_oauth2_handler"

        if unknown != []:
            raise ValueError("Unknown authorization action(s) " + ", ".join(unknown))

    def session(self, request):
        if COOKIE_KEY in request.received_cookies:
            cookie = request.received_cookies[COOKIE_KEY]
            return self.sessions.get(cookie)
        return None

    def authenticated(self, request):
        return self.session(request) is not None

    def getUserInfo(self, user):
        s = self.sessions.getUser(user)
        if s:
            return s.infos
        return None

    def getUsername(self, request):
        """Get the userid of the user"""
        s = self.session(request)
        if s:
            return s.user
        return "<unknown>"

    def getUsernameHTML(self, request):
        """Get the user formatted in html (with possible link to email)"""
        s = self.session(request)
        if s:
            return s.userInfosHTML()
        return "not authenticated?!"

    def getUsernameFull(self, request):
        """Get the full username as fullname <email>"""
        s = self.session(request)
        if s:
            return "%(fullName)s <%(email)s>" % (s.infos)
        else:
            return request.args.get("username", ["<unknown>"])[0]

    def create_childs(self, request):
        # We need to create the childs with this workaround
        #  because we won't get the site information prior
        #  to handling the very first request
        if not self.init_childs:
            self.init_childs = True
            request.site.resource.putChild("_google_oauth2_handler", GoogleOAuth2Handler(self))

    def shouldAllowAction(self, action, request):
        self.create_childs(request)
        if action in self.permissions.get("all", []):
            return True

        s = self.getUsername(request)
        if s and not s == "<unknown>":
            if action in self.permissions.get("authenticated", []):
                return True
        return False

    def advertiseAction(self, action, request):
        """Should the web interface even show the form for ACTION?"""
        if action not in Authz.knownActions:
            raise KeyError("unknown action")
        return self.shouldAllowAction(action, request)

    def actionAllowed(self, action, request, *_):
        """Is this ACTION allowed, given this http REQUEST?"""
        if action not in Authz.knownActions:
            raise KeyError("unknown action")
        return defer.succeed(self.shouldAllowAction(action, request))

    def logout(self, request):
        if COOKIE_KEY in request.received_cookies:
            cookie = request.received_cookies[COOKIE_KEY]
            self.sessions.remove(cookie)

    def getLoginURL(self):
        oauth_params = {
            "redirect_uri": self.root_uri + "_google_oauth2_handler",
            "client_id": self.client_id,
            "response_type": "code",
            "scope": INFOSCOPE,
            "access_type": "offline",
        }

        return "%s?%s" % (AUTHURI, urlencode(oauth_params))
예제 #11
0
class GithubOAuth2AuthZ(object):
    """Decide who can do what."""
    def __init__(self, url, client_id, client_secret, root_uri, **kwargs):
        unknown = []
        self.permissions = {}
        for group in kwargs:
            self.permissions[group] = []
            for perm in kwargs[group]:
                if perm in Authz.knownActions:
                    self.permissions[group].append(perm)
                else:
                    unknown.append(perm)

        self.url = url
        self.client_id = client_id
        self.client_secret = client_secret
        self.root_uri = root_uri
        self.sessions = SessionManager()
        self.init_childs = False
        # This makes us get self.master as per baseweb.py:472
        self.auth = self
        # This makes the login form be a link
        self.useHttpHeader = True
        self.httpLoginUrl = '/_github_oauth2_handler'

        if unknown != []:
            raise ValueError('Unknown authorization action(s) ' +
                             ', '.join(unknown))

    def session(self, request):
        if COOKIE_KEY in request.received_cookies:
            cookie = request.received_cookies[COOKIE_KEY]
            return self.sessions.get(cookie)
        return None

    def authenticated(self, request):
        return self.session(request) is not None

    def getUserInfo(self, user):
        s = self.sessions.getUser(user)
        if s:
            return s.infos
        return None

    def getUsername(self, request):
        """Get the userid of the user"""
        s = self.session(request)
        if s:
            return s.user
        return '<unknown>'

    def getUsernameHTML(self, request):
        """Get the user formatted in html (with possible link to email)"""
        s = self.session(request)
        if s:
            return s.userInfosHTML()
        return "not authenticated?!"

    def getUsernameFull(self, request):
        """Get the full username as fullname <email>"""
        s = self.session(request)
        if s:
            return "%(fullName)s <%(email)s>" % (s.infos)
        else:
            return request.args.get("username", ["<unknown>"])[0]

    def create_childs(self, request):
        # We need to create the childs with this workaround
        #  because we won't get the site information prior
        #  to handling the very first request
        if not self.init_childs:
            self.init_childs = True
            request.site.resource.putChild('_github_oauth2_handler', GithubOAuth2Handler(self))

    def shouldAllowAction(self, action, request):
        self.create_childs(request)
        if action in self.permissions.get('all', []):
            return True

        s = self.getUsername(request)
        if s and not s == '<unknown>':
            if action in self.permissions.get('authenticated', []):
                return True
        return False

    def advertiseAction(self, action, request):
        """Should the web interface even show the form for ACTION?"""
        if action not in Authz.knownActions:
            raise KeyError("unknown action")
        return self.shouldAllowAction(action, request)

    def actionAllowed(self, action, request, *_):
        """Is this ACTION allowed, given this http REQUEST?"""
        if action not in Authz.knownActions:
            raise KeyError("unknown action")
        return defer.succeed(self.shouldAllowAction(action, request))

    def logout(self, request):
        if COOKIE_KEY in request.received_cookies:
            cookie = request.received_cookies[COOKIE_KEY]
            self.sessions.remove(cookie)

    def getLoginURL(self):
        oauth_params = {'redirect_uri': self.root_uri + '_github_oauth2_handler',
                        'client_id': self.client_id,
                        'response_type': 'code',
                        'access_type': 'offline'
                       }

        return "%s?%s" % (AUTHURI, urlencode(oauth_params))
예제 #12
0
class Authz(object):
    """Decide who can do what."""

    knownActions = [
        # If you add a new action here, be sure to also update the documentation
        # at docs/cfg-statustargets.texinfo
        'gracefulShutdown',
        'forceBuild',
        'forceAllBuilds',
        'pingBuilder',
        'stopBuild',
        'stopAllBuilds',
        'cancelPendingBuild',
        'stopChange',
        'cleanShutdown',
        'showUsersPage',
    ]

    def __init__(self,
                 default_action=False,
                 auth=None,
                 useHttpHeader=False,
                 httpLoginUrl=False,
                 **kwargs):
        self.auth = auth
        if auth:
            assert IAuth.providedBy(auth)

        self.useHttpHeader = useHttpHeader
        self.httpLoginUrl = httpLoginUrl

        self.config = dict((a, default_action) for a in self.knownActions)
        for act in self.knownActions:
            if act in kwargs:
                self.config[act] = kwargs[act]
                del kwargs[act]

        self.sessions = SessionManager()
        if kwargs:
            raise ValueError("unknown authorization action(s) " +
                             ", ".join(kwargs.keys()))

    def session(self, request):
        if COOKIE_KEY in request.received_cookies:
            cookie = request.received_cookies[COOKIE_KEY]
            return self.sessions.get(cookie)
        return None

    def authenticated(self, request):
        if self.useHttpHeader:
            return request.getUser() != ''
        return self.session(request) != None

    def getUserInfo(self, user):
        if self.useHttpHeader:
            return dict(userName=user,
                        fullName=user,
                        email=user,
                        groups=[user])
        s = self.sessions.getUser(user)
        if s:
            return s.infos

    def getUsername(self, request):
        """Get the userid of the user"""
        if self.useHttpHeader:
            return request.getUser()
        s = self.session(request)
        if s:
            return s.user
        return request.args.get("username", ["<unknown>"])[0]

    def getUsernameHTML(self, request):
        """Get the user formatated in html (with possible link to email)"""
        if self.useHttpHeader:
            return request.getUser()
        s = self.session(request)
        if s:
            return s.userInfosHTML()
        return "not authenticated?!"

    def getUsernameFull(self, request):
        """Get the full username as fullname <email>"""
        if self.useHttpHeader:
            return request.getUser()
        s = self.session(request)
        if s:
            return "%(fullName)s <%(email)s>" % (s.infos)
        else:
            return request.args.get("username", ["<unknown>"])[0]

    def getPassword(self, request):
        if self.useHttpHeader:
            return request.getPassword()
        return request.args.get("passwd", ["<no-password>"])[0]

    def advertiseAction(self, action, request):
        """Should the web interface even show the form for ACTION?"""
        if action not in self.knownActions:
            raise KeyError("unknown action")
        cfg = self.config.get(action, False)
        if cfg:
            if cfg == 'auth' or callable(cfg):
                return self.authenticated(request)
        return cfg

    def actionAllowed(self, action, request, *args):
        """Is this ACTION allowed, given this http REQUEST?"""
        if action not in self.knownActions:
            raise KeyError("unknown action")
        cfg = self.config.get(action, False)
        if cfg:
            if cfg == 'auth' or callable(cfg):
                if not self.auth:
                    return defer.succeed(False)

                def check_authenticate(res):
                    if callable(cfg) and not cfg(self.getUsername(request), *
                                                 args):
                        return False
                    return True

                # retain old behaviour, if people have scripts
                # without cookie support
                passwd = self.getPassword(request)
                if self.authenticated(request):
                    return defer.succeed(check_authenticate(None))
                elif passwd != "<no-password>":

                    def check_login(cookie):
                        ret = False
                        if type(cookie) is str:
                            ret = check_authenticate(None)
                            self.sessions.remove(cookie)
                        return ret

                    d = self.login(request)
                    d.addBoth(check_login)
                    return d
                else:
                    return defer.succeed(False)
        return defer.succeed(cfg)

    def login(self, request):
        """Login one user, and return session cookie"""
        if self.authenticated(request):
            return defer.succeed(False)

        user = request.args.get("username", ["<unknown>"])[0]
        passwd = request.args.get("passwd", ["<no-password>"])[0]
        if user == "<unknown>" or passwd == "<no-password>":
            return defer.succeed(False)
        if not self.auth:
            return defer.succeed(False)
        d = defer.maybeDeferred(self.auth.authenticate, user, passwd)

        def check_authenticate(res):
            if res:
                cookie, s = self.sessions.new(user,
                                              self.auth.getUserInfo(user))
                request.addCookie(COOKIE_KEY,
                                  cookie,
                                  s.getExpiration(),
                                  path="/")
                request.received_cookies = {COOKIE_KEY: cookie}
                return cookie
            else:
                return False

        d.addBoth(check_authenticate)
        return d

    def logout(self, request):
        if COOKIE_KEY in request.received_cookies:
            cookie = request.received_cookies[COOKIE_KEY]
            self.sessions.remove(cookie)
예제 #13
0
 def __init__(self, root_url):
     self.root_url = root_url
     self.isLeaf = True
     self.sessions = SessionManager()
예제 #14
0
class OpenIDAuthz(object):

    """Decide who can do what."""

    def __init__(self,
                 openid_provider,
                 check_certificate=True,
                 **kwargs):
        unknown = []
        self.permissions = {}
        for group in kwargs:
            # Work around the limitations of python identifiers:
            # python identifiers don't support dashes, while unix group names do
            # This is admittedly a hack, but if you have a better way: a PR is welcome
            group = group.replace('_DASH_', '-')

            self.permissions[group] = []
            for perm in kwargs[group]:
                if perm in Authz.knownActions:
                    self.permissions[group].append(perm)
                else:
                    unknown.append(perm)

        self.openid_provider = openid_provider
        self.sessions = SessionManager()
        self.init_childs = False
        if not check_certificate:
            setDefaultFetcher(Urllib2Fetcher())
        # This makes us get self.master as per baseweb.py:472
        self.auth = self
        # This makes the login form be a link
        self.useHttpHeader = True

        if unknown != []:
            raise ValueError('Unknown authorization action(s) ' +
                             ', '.join(unknown))

    def session(self, request):
        if COOKIE_KEY in request.received_cookies:
            cookie = request.received_cookies[COOKIE_KEY]
            return self.sessions.get(cookie)
        return None

    def authenticated(self, request):
        return self.session(request) is not None

    def getUserInfo(self, user):
        s = self.sessions.getUser(user)
        if s:
            return s.infos
        return None

    def getUsername(self, request):
        """Get the userid of the user"""
        s = self.session(request)
        if s:
            return s.user
        return '<unknown>'

    def getUsernameHTML(self, request):
        """Get the user formatted in html (with possible link to email)"""
        s = self.session(request)
        if s:
            return s.userInfosHTML().decode('UTF-8')
        return "not authenticated?!"

    def getUsernameFull(self, request):
        """Get the full username as fullname <email>"""
        s = self.session(request)
        if s:
            return "%(fullName)s <%(email)s>" % (s.infos)
        else:
            return request.args.get("username", ["<unknown>"])[0]

    def getPassword(self, request):
        return '<no-password>'

    def create_childs(self, request):
        # We need to create the childs with this workaround
        #  because we won't get the site information prior
        #  to handling the very first request
        if not self.init_childs:
            self.init_childs = True
            status = request.site.buildbot_service.master.status
            root = status.getBuildbotURL()
            self.httpLoginUrl = '%s/_openid_start/' % root
            request.site.resource.putChild('_openid_start',
                                           OpenIDStart(self.permissions.keys(),
                                                       self.openid_provider,
                                                       root))
            request.site.resource.putChild('_openid_handle',
                                           OpenIDHandle(root))

    def shouldAllowAction(self, action, request):
        self.create_childs(request)

        if action in self.permissions.get('_all_', []):
            return True
        s = self.sessions.getUser(request)
        if s:
            if action in self.permissions.get('_authenticated_', []):
                return True
            for group in s.infos['groups']:
                if action in self.permissions.get(group, []):
                    return True
        return False

    def advertiseAction(self, action, request):
        """Should the web interface even show the form for ACTION?"""
        if action not in Authz.knownActions:
            raise KeyError("unknown action")
        return self.shouldAllowAction(action, request)

    def actionAllowed(self, action, request, *args):
        """Is this ACTION allowed, given this http REQUEST?"""
        if action not in Authz.knownActions:
            raise KeyError("unknown action")
        return defer.succeed(self.shouldAllowAction(action, request))

    def logout(self, request):
        if COOKIE_KEY in request.received_cookies:
            cookie = request.received_cookies[COOKIE_KEY]
            self.sessions.remove(cookie)
예제 #15
0
 def __init__(self, root_url):
     self.root_url = root_url
     self.isLeaf = True
     self.sessions = SessionManager()
예제 #16
0
class OpenIDAuthz(object):

    """Decide who can do what."""

    def __init__(self,
                 openid_provider,
                 check_certificate=True,
                 **kwargs):
        unknown = []
        self.permissions = {}
        for group in kwargs:
            self.permissions[group] = []
            for perm in kwargs[group]:
                if perm in Authz.knownActions:
                    self.permissions[group].append(perm)
                else:
                    unknown.append(perm)

        self.openid_provider = openid_provider
        self.sessions = SessionManager()
        self.init_childs = False
        if not check_certificate:
            setDefaultFetcher(Urllib2Fetcher())
        # This makes us get self.master as per baseweb.py:472
        self.auth = self
        # This makes the login form be a link
        self.useHttpHeader = True
        self.httpLoginUrl = '/_openid_start/'

        if unknown != []:
            raise ValueError('Unknown authorization action(s) ' +
                             ', '.join(unknown))

    def session(self, request):
        if COOKIE_KEY in request.received_cookies:
            cookie = request.received_cookies[COOKIE_KEY]
            return self.sessions.get(cookie)
        return None

    def authenticated(self, request):
        return self.session(request) is not None

    def getUserInfo(self, user):
        s = self.sessions.getUser(user)
        if s:
            return s.infos
        return None

    def getUsername(self, request):
        """Get the userid of the user"""
        s = self.session(request)
        if s:
            return s.user
        return '<unknown>'

    def getUsernameHTML(self, request):
        """Get the user formatted in html (with possible link to email)"""
        s = self.session(request)
        if s:
            return s.userInfosHTML()
        return "not authenticated?!"

    def getUsernameFull(self, request):
        """Get the full username as fullname <email>"""
        s = self.session(request)
        if s:
            return "%(fullName)s <%(email)s>" % (s.infos)
        else:
            return request.args.get("username", ["<unknown>"])[0]

    def getPassword(self, request):
        return '<no-password>'

    def create_childs(self, request):
        # We need to create the childs with this workaround
        #  because we won't get the site information prior
        #  to handling the very first request
        if not self.init_childs:
            self.init_childs = True
            status = request.site.buildbot_service.master.status
            root = status.getBuildbotURL()
            request.site.resource.putChild('_openid_start',
                                           OpenIDStart(self.permissions.keys(),
                                                       self.openid_provider,
                                                       root))
            request.site.resource.putChild('_openid_handle',
                                           OpenIDHandle(root))

    def shouldAllowAction(self, action, request):
        self.create_childs(request)

        if action in self.permissions.get('_all_', []):
            return True
        s = self.sessions.getUser(request)
        if s:
            if action in self.permissions.get('_authenticated_', []):
                return True
            for group in s.infos['groups']:
                if action in self.permissions.get(group, []):
                    return True
        return False

    def advertiseAction(self, action, request):
        """Should the web interface even show the form for ACTION?"""
        if action not in Authz.knownActions:
            raise KeyError("unknown action")
        return self.shouldAllowAction(action, request)

    def actionAllowed(self, action, request, *args):
        """Is this ACTION allowed, given this http REQUEST?"""
        if action not in Authz.knownActions:
            raise KeyError("unknown action")
        return defer.succeed(self.shouldAllowAction(action, request))

    def logout(self, request):
        if COOKIE_KEY in request.received_cookies:
            cookie = request.received_cookies[COOKIE_KEY]
            self.sessions.remove(cookie)