Пример #1
0
class OpenIDHandle(object):
    def __init__(self, root_url):
        self.root_url = root_url
        self.isLeaf = True
        self.sessions = SessionManager()

    def flatten_args(self, request):
        # Flatten args (twisted returns arrays). Just always take first
        args = {}
        for arg in request.args:
            args[arg] = request.args.get(arg)[0]
        return args

    def render(self, request):
        session = {}
        return_to = self.root_url + '_openid_handle/'
        oidconsumer = consumer.Consumer(session, None)
        info = oidconsumer.complete(self.flatten_args(request), return_to)
        display_identifier = info.getDisplayIdentifier()

        if info.status == consumer.FAILURE and display_identifier:
            return 'OpenID Error: %s' % display_identifier
        elif info.status == consumer.CANCEL:
            return 'Cancelled'
        elif info.status == consumer.SUCCESS:
            # Success happened!
            sreg_resp = sreg.SRegResponse.fromSuccessResponse(info)
            teams_resp = teams.TeamsResponse.fromSuccessResponse(info)
            user = {'fullName': '', 'userName': '', 'email': '',
                    'groups': []}
            if not sreg_resp:
                return 'No sreg?'
            user['userName'] = sreg_resp.get('nickname')
            user['fullName'] = sreg_resp.get('fullname')
            user['email'] = sreg_resp.get('email')
            if teams_resp:
                user['groups'] = frozenset(teams_resp.teams)
            cookie, s = self.sessions.new(user['userName'], user)
            request.addCookie(COOKIE_KEY, cookie, expires=s.getExpiration(),
                              path="/")
            request.received_cookies = {COOKIE_KEY: cookie}
            request.redirect(self.root_url)
            return 'DONE'
        else:
            return 'Strange state: %s' % info.status

        try:
            request.finish()
        except RuntimeError:
            # this occurs when the client has already disconnected; ignore
            # it (see #2027)
            log.msg("http client disconnected before results were sent")
Пример #2
0
class OpenIDHandle(object):
    def __init__(self, root_url):
        self.root_url = root_url
        self.isLeaf = True
        self.sessions = SessionManager()

    def flatten_args(self, request):
        # Flatten args (twisted returns arrays). Just always take first
        args = {}
        for arg in request.args:
            args[arg] = request.args.get(arg)[0]
        return args

    def render(self, request):
        session = {}
        return_to = self.root_url + '_openid_handle/'
        oidconsumer = consumer.Consumer(session, None)
        info = oidconsumer.complete(self.flatten_args(request), return_to)
        display_identifier = info.getDisplayIdentifier()

        if info.status == consumer.FAILURE and display_identifier:
            return 'OpenID Error: %s' % display_identifier
        elif info.status == consumer.CANCEL:
            return 'Cancelled'
        elif info.status == consumer.SUCCESS:
            # Success happened!
            sreg_resp = sreg.SRegResponse.fromSuccessResponse(info)
            teams_resp = teams.TeamsResponse.fromSuccessResponse(info)
            user = {'fullName': '', 'userName': '', 'email': '',
                    'groups': []}
            if not sreg_resp:
                return 'No sreg?'
            user['userName'] = sreg_resp.get('nickname')
            user['fullName'] = sreg_resp.get('fullname')
            user['email'] = sreg_resp.get('email')
            if teams_resp:
                user['groups'] = frozenset(teams_resp.teams)
            cookie, s = self.sessions.new(user['userName'], user)
            request.addCookie(COOKIE_KEY, cookie, expires=s.getExpiration(),
                              path="/")
            request.received_cookies = {COOKIE_KEY: cookie}
            request.redirect(self.root_url)
            return 'DONE'
        else:
            return 'Strange state: %s' % info.status

        try:
            request.finish()
        except RuntimeError:
            # this occurs when the client has already disconnected; ignore
            # it (see #2027)
            log.msg("http client disconnected before results were sent")
Пример #3
0
class Authz(object):
    """Decide who can do what."""

    knownActions = [
    # If you add a new action here, be sure to also update the documentation
    # at docs/manual/cfg-statustargets.rst.
            'view',
            'gracefulShutdown',
            'forceBuild',
            'forceAllBuilds',
            'pingBuilder',
            'stopBuild',
            'stopAllBuilds',
            'cancelPendingBuild',
            'cancelAllPendingBuilds',
            'stopChange',
            'cleanShutdown',
            'showUsersPage',
            'pauseSlave',
    ]

    def __init__(self,
            default_action=False,
            auth=None,
            useHttpHeader=False,
            httpLoginUrl=False,
            view=True,
            **kwargs):
        self.auth = auth
        if auth:
            assert IAuth.providedBy(auth)

        self.useHttpHeader = useHttpHeader
        self.httpLoginUrl = httpLoginUrl

        self.config = dict( (a, default_action) for a in self.knownActions )
        self.config['view'] = view
        for act in self.knownActions:
            if act in kwargs:
                self.config[act] = kwargs[act]
                del kwargs[act]

        self.sessions = SessionManager()
        if kwargs:
            raise ValueError("unknown authorization action(s) " + ", ".join(kwargs.keys()))

    def session(self, request):
        if COOKIE_KEY in request.received_cookies:
            cookie = request.received_cookies[COOKIE_KEY]
            return self.sessions.get(cookie)
        return None
            
    def authenticated(self, request):
        if self.useHttpHeader:
            return request.getUser() != ''
        return self.session(request) != None

    def getUserInfo(self, user):
        if self.useHttpHeader:
            return dict(userName=user, fullName=user, email=user, groups=[ user ])
        s = self.sessions.getUser(user)
        if s:
            return s.infos

    def getUsername(self, request):
        """Get the userid of the user"""
        if self.useHttpHeader:
            return request.getUser()
        s = self.session(request)
        if s:
            return s.user
        return request.args.get("username", ["<unknown>"])[0]

    def getUsernameHTML(self, request):
        """Get the user formatted in html (with possible link to email)"""
        if self.useHttpHeader:
            return request.getUser()
        s = self.session(request)
        if s:
            return s.userInfosHTML()
        return "not authenticated?!"

    def getUsernameFull(self, request):
        """Get the full username as fullname <email>"""
        if self.useHttpHeader:
            return request.getUser()
        s = self.session(request)
        if s:
            return "%(fullName)s <%(email)s>" % (s.infos)
        else:
            return request.args.get("username", ["<unknown>"])[0]


    def getPassword(self, request):
        if self.useHttpHeader:
            return request.getPassword()
        return request.args.get("passwd", ["<no-password>"])[0]

    def advertiseAction(self, action, request):
        """Should the web interface even show the form for ACTION?"""
        if action not in self.knownActions:
            raise KeyError("unknown action")
        cfg = self.config.get(action, False)
        if cfg:
            if cfg == 'auth' or callable(cfg):
                return self.authenticated(request)
        return cfg

    def actionAllowed(self, action, request, *args):
        """Is this ACTION allowed, given this http REQUEST?"""
        if action not in self.knownActions:
            raise KeyError("unknown action")
        cfg = self.config.get(action, False)
        if cfg:
            if cfg == 'auth' or callable(cfg):
                if not self.auth:
                    return defer.succeed(False)
                def check_authenticate(res):
                    if callable(cfg) and not cfg(self.getUsername(request), *args):
                        return False
                    return True
                # retain old behaviour, if people have scripts
                # without cookie support
                passwd = self.getPassword(request)
                if self.authenticated(request):
                    return defer.succeed(check_authenticate(None))
                elif passwd != "<no-password>":
                    def check_login(cookie):
                        ret = False
                        if type(cookie) is str:
                            ret = check_authenticate(None)
                            self.sessions.remove(cookie)
                        return ret
                    d = self.login(request)
                    d.addBoth(check_login)
                    return d
                else:
                    return defer.succeed(False)
        return defer.succeed(cfg)

    def login(self, request):
        """Login one user, and return session cookie"""
        if self.authenticated(request):
            return defer.succeed(False)

        user = request.args.get("username", ["<unknown>"])[0]
        passwd = request.args.get("passwd", ["<no-password>"])[0]
        if user == "<unknown>" or passwd == "<no-password>":
            return defer.succeed(False)
        if not self.auth:
            return defer.succeed(False)
        d = defer.maybeDeferred(self.auth.authenticate, user, passwd)
        def check_authenticate(res):
            if res:
                cookie, s = self.sessions.new(user, self.auth.getUserInfo(user))
                request.addCookie(COOKIE_KEY, cookie, expires=s.getExpiration(),path="/")
                request.received_cookies = {COOKIE_KEY:cookie}
                return cookie
            else:
                return False
        d.addBoth(check_authenticate)
        return d

    def logout(self, request):
        if COOKIE_KEY in request.received_cookies:
            cookie = request.received_cookies[COOKIE_KEY]
            self.sessions.remove(cookie)
Пример #4
0
class Authz(object):
    """Decide who can do what."""

    knownActions = [
        # If you add a new action here, be sure to also update the documentation
        # at docs/cfg-statustargets.texinfo
        'gracefulShutdown',
        'forceBuild',
        'forceAllBuilds',
        'pingBuilder',
        'stopBuild',
        'stopAllBuilds',
        'cancelPendingBuild',
        'stopChange',
        'cleanShutdown',
        'showUsersPage',
    ]

    def __init__(self,
                 default_action=False,
                 auth=None,
                 useHttpHeader=False,
                 httpLoginUrl=False,
                 **kwargs):
        self.auth = auth
        if auth:
            assert IAuth.providedBy(auth)

        self.useHttpHeader = useHttpHeader
        self.httpLoginUrl = httpLoginUrl

        self.config = dict((a, default_action) for a in self.knownActions)
        for act in self.knownActions:
            if act in kwargs:
                self.config[act] = kwargs[act]
                del kwargs[act]

        self.sessions = SessionManager()
        if kwargs:
            raise ValueError("unknown authorization action(s) " +
                             ", ".join(kwargs.keys()))

    def session(self, request):
        if COOKIE_KEY in request.received_cookies:
            cookie = request.received_cookies[COOKIE_KEY]
            return self.sessions.get(cookie)
        return None

    def authenticated(self, request):
        if self.useHttpHeader:
            return request.getUser() != ''
        return self.session(request) != None

    def getUserInfo(self, user):
        if self.useHttpHeader:
            return dict(userName=user,
                        fullName=user,
                        email=user,
                        groups=[user])
        s = self.sessions.getUser(user)
        if s:
            return s.infos

    def getUsername(self, request):
        """Get the userid of the user"""
        if self.useHttpHeader:
            return request.getUser()
        s = self.session(request)
        if s:
            return s.user
        return request.args.get("username", ["<unknown>"])[0]

    def getUsernameHTML(self, request):
        """Get the user formatated in html (with possible link to email)"""
        if self.useHttpHeader:
            return request.getUser()
        s = self.session(request)
        if s:
            return s.userInfosHTML()
        return "not authenticated?!"

    def getUsernameFull(self, request):
        """Get the full username as fullname <email>"""
        if self.useHttpHeader:
            return request.getUser()
        s = self.session(request)
        if s:
            return "%(fullName)s <%(email)s>" % (s.infos)
        else:
            return request.args.get("username", ["<unknown>"])[0]

    def getPassword(self, request):
        if self.useHttpHeader:
            return request.getPassword()
        return request.args.get("passwd", ["<no-password>"])[0]

    def advertiseAction(self, action, request):
        """Should the web interface even show the form for ACTION?"""
        if action not in self.knownActions:
            raise KeyError("unknown action")
        cfg = self.config.get(action, False)
        if cfg:
            if cfg == 'auth' or callable(cfg):
                return self.authenticated(request)
        return cfg

    def actionAllowed(self, action, request, *args):
        """Is this ACTION allowed, given this http REQUEST?"""
        if action not in self.knownActions:
            raise KeyError("unknown action")
        cfg = self.config.get(action, False)
        if cfg:
            if cfg == 'auth' or callable(cfg):
                if not self.auth:
                    return defer.succeed(False)

                def check_authenticate(res):
                    if callable(cfg) and not cfg(self.getUsername(request), *
                                                 args):
                        return False
                    return True

                # retain old behaviour, if people have scripts
                # without cookie support
                passwd = self.getPassword(request)
                if self.authenticated(request):
                    return defer.succeed(check_authenticate(None))
                elif passwd != "<no-password>":

                    def check_login(cookie):
                        ret = False
                        if type(cookie) is str:
                            ret = check_authenticate(None)
                            self.sessions.remove(cookie)
                        return ret

                    d = self.login(request)
                    d.addBoth(check_login)
                    return d
                else:
                    return defer.succeed(False)
        return defer.succeed(cfg)

    def login(self, request):
        """Login one user, and return session cookie"""
        if self.authenticated(request):
            return defer.succeed(False)

        user = request.args.get("username", ["<unknown>"])[0]
        passwd = request.args.get("passwd", ["<no-password>"])[0]
        if user == "<unknown>" or passwd == "<no-password>":
            return defer.succeed(False)
        if not self.auth:
            return defer.succeed(False)
        d = defer.maybeDeferred(self.auth.authenticate, user, passwd)

        def check_authenticate(res):
            if res:
                cookie, s = self.sessions.new(user,
                                              self.auth.getUserInfo(user))
                request.addCookie(COOKIE_KEY,
                                  cookie,
                                  s.getExpiration(),
                                  path="/")
                request.received_cookies = {COOKIE_KEY: cookie}
                return cookie
            else:
                return False

        d.addBoth(check_authenticate)
        return d

    def logout(self, request):
        if COOKIE_KEY in request.received_cookies:
            cookie = request.received_cookies[COOKIE_KEY]
            self.sessions.remove(cookie)