def common_login(user_uuid, permanent_session=True):
"""
Performs login of the given user, with optional non-permanence on the session.
Returns a tuple with (success, headers to set on success).
"""
user = model.get_user(user_uuid)
if user is None:
return (False, None)
if login_user(LoginWrappedDBUser(user_uuid)):
logger.debug("Successfully signed in as user %s with uuid %s",
user.username, user_uuid)
new_identity = QuayDeferredPermissionUser.for_id(user_uuid)
identity_changed.send(app, identity=new_identity)
session["login_time"] = datetime.datetime.now()
if permanent_session and features.PERMANENT_SESSIONS:
session_timeout_str = app.config.get("SESSION_TIMEOUT", "31d")
session.permanent = True
session.permanent_session_lifetime = convert_to_timedelta(
session_timeout_str)
# Force a new CSRF token.
headers = {}
headers[QUAY_CSRF_UPDATED_HEADER_NAME] = generate_csrf_token(
force=True)
return (True, headers)
logger.debug("User could not be logged in, inactive?")
return (False, None)
def identity(self):
""" Returns the identity for the auth context. """
if self.oauthtoken:
scope_set = scopes_from_scope_string(self.oauthtoken.scope)
return QuayDeferredPermissionUser.for_user(self.oauthtoken.authorized_user, scope_set)
if self.authed_user:
return QuayDeferredPermissionUser.for_user(self.authed_user)
if self.token:
return Identity(self.token.get_code(), "token")
if self.signed_data:
identity = Identity(None, "signed_grant")
identity.provides.update(self.signed_data["grants"])
return identity
return None
def test_superuser_matrix(superuser, normie):
test_cases = [
(superuser, {scopes.SUPERUSER}, True),
(superuser, {scopes.DIRECT_LOGIN}, True),
(superuser, {scopes.READ_USER, scopes.SUPERUSER}, True),
(superuser, {scopes.READ_USER}, False),
(normie, {scopes.SUPERUSER}, False),
(normie, {scopes.DIRECT_LOGIN}, False),
(normie, {scopes.READ_USER, scopes.SUPERUSER}, False),
(normie, {scopes.READ_USER}, False),
]
for user_obj, scope_set, expected in test_cases:
perm_user = QuayDeferredPermissionUser.for_user(user_obj, scope_set)
has_su = perm_user.can(SuperUserPermission())
assert has_su == expected
def common_login(user_uuid, permanent_session=True):
""" Performs login of the given user, with optional non-permanence on the session.
Returns a tuple with (success, headers to set on success).
"""
user = model.get_user(user_uuid)
if user is None:
return (False, None)
if login_user(LoginWrappedDBUser(user_uuid)):
logger.debug('Successfully signed in as user %s with uuid %s',
user.username, user_uuid)
new_identity = QuayDeferredPermissionUser.for_id(user_uuid)
identity_changed.send(app, identity=new_identity)
session['login_time'] = datetime.datetime.now()
if permanent_session and features.PERMANENT_SESSIONS:
session_timeout_str = app.config.get('SESSION_TIMEOUT', '31d')
session.permanent = True
session.permanent_session_lifetime = convert_to_timedelta(
session_timeout_str)
# Inform our user analytics that we have a new "lead"
create_lead_future = user_analytics.create_lead(
user.email,
user.username,
user.given_name,
user.family_name,
user.company,
user.location,
)
create_lead_future.add_done_callback(
build_error_callback('Create lead failed'))
# Force a new CSRF token.
headers = {}
headers[QUAY_CSRF_UPDATED_HEADER_NAME] = generate_csrf_token(
force=True)
return (True, headers)
logger.debug('User could not be logged in, inactive?')
return (False, None)