def create_or_login(resp):
flask.session["openid"] = resp.identity_url
fasusername = resp.identity_url.replace(
".id.fedoraproject.org/", "").replace("http://", "")
# kidding me.. or not
if fasusername and ((app.config["USE_ALLOWED_USERS"]
and fasusername in app.config["ALLOWED_USERS"])
or not app.config["USE_ALLOWED_USERS"]):
username = fed_raw_name(resp.identity_url)
user = models.User.query.filter(
models.User.username == username).first()
if not user: # create if not created already
user = create_user_wrapper(username, resp.email, resp.timezone)
else:
user.mail = resp.email
user.timezone = resp.timezone
db.session.add(user)
db.session.commit()
flask.flash(u"Welcome, {0}".format(user.name))
flask.g.user = user
if flask.request.url_root == oid.get_next_url():
return flask.redirect(flask.url_for("coprs_ns.coprs_by_owner",
username=user.name))
return flask.redirect(oid.get_next_url())
else:
flask.flash("User '{0}' is not allowed".format(user.name))
return flask.redirect(oid.get_next_url())
def create_or_login(resp):
flask.session["openid"] = resp.identity_url
fasusername = resp.identity_url.replace(".id.fedoraproject.org/",
"").replace("http://", "")
# kidding me.. or not
if fasusername and ((app.config["USE_ALLOWED_USERS"]
and fasusername in app.config["ALLOWED_USERS"])
or not app.config["USE_ALLOWED_USERS"]):
username = fed_raw_name(resp.identity_url)
user = models.User.query.filter(
models.User.username == username).first()
if not user: # create if not created already
user = create_user_wrapper(username, resp.email, resp.timezone)
else:
user.mail = resp.email
user.timezone = resp.timezone
db.session.add(user)
db.session.commit()
flask.flash(u"Welcome, {0}".format(user.name))
flask.g.user = user
if flask.request.url_root == oid.get_next_url():
return flask.redirect(
flask.url_for("coprs_ns.coprs_by_owner", username=user.name))
return flask.redirect(oid.get_next_url())
else:
flask.flash("User '{0}' is not allowed".format(user.name))
return flask.redirect(oid.get_next_url())
def create_or_login(resp):
flask.session["openid"] = resp.identity_url
fasusername = fed_raw_name(resp.identity_url)
# kidding me.. or not
if fasusername and ((app.config["USE_ALLOWED_USERS"]
and fasusername in app.config["ALLOWED_USERS"])
or not app.config["USE_ALLOWED_USERS"]):
username = fed_raw_name(resp.identity_url)
user = models.User.query.filter(
models.User.username == username).first()
if not user: # create if not created already
user = create_user_wrapper(username, resp.email, resp.timezone)
else:
user.mail = resp.email
user.timezone = resp.timezone
if "lp" in resp.extensions:
team_resp = resp.extensions[
'lp'] # name space for the teams extension
user.openid_groups = {"fas_groups": team_resp.teams}
db.session.add(user)
db.session.commit()
flask.flash(u"Welcome, {0}".format(user.name), "success")
flask.g.user = user
if flask.request.url_root == oid.get_next_url():
return flask.redirect(
flask.url_for("coprs_ns.coprs_by_user", username=user.name))
return flask.redirect(oid.get_next_url())
else:
flask.flash("User '{0}' is not allowed".format(fasusername))
return flask.redirect(oid.get_next_url())
def krb5_login(name):
"""
Handle the Kerberos authentication.
Note that if we are able to get here, either the user is authenticated
correctly, or apache is mis-configured and it does not perform KRB
authentication at all. Note also, even if that can be considered ugly, we
are reusing oid's get_next_url feature with kerberos login.
"""
# Already logged in?
if flask.g.user is not None:
return flask.redirect(oid.get_next_url())
krb_config = app.config['KRB5_LOGIN']
found = None
for key in krb_config.keys():
if krb_config[key]['URI'] == name:
found = key
break
if not found:
# no KRB5_LOGIN.<name> configured in copr.conf
return flask.render_template("404.html"), 404
if 'REMOTE_USER' not in flask.request.environ:
nocred = "Kerberos authentication failed (no credentials provided)"
return flask.render_template("403.html", message=nocred), 403
krb_username = flask.request.environ['REMOTE_USER']
username = krb_strip_realm(krb_username)
krb_login = (models.Krb5Login.query.filter(
models.Krb5Login.config_name == key).filter(
models.Krb5Login.primary == username).first())
if krb_login:
flask.g.user = krb_login.user
flask.session['krb5_login'] = krb_login.user.name
flask.flash(u"Welcome, {0}".format(flask.g.user.name))
return flask.redirect(oid.get_next_url())
# We need to create row in 'krb5_login' table
user = models.User.query.filter(models.User.username == username).first()
if not user:
# Even the item in 'user' table does not exist, create _now_
email = username + "@" + krb_config[key]['email_domain']
user = create_user_wrapper(username, email)
db.session.add(user)
krb_login = models.Krb5Login(user=user, primary=username, config_name=key)
db.session.add(krb_login)
db.session.commit()
flask.flash(u"Welcome, {0}".format(user.name))
flask.g.user = user
flask.session['krb5_login'] = user.name
return flask.redirect(oid.get_next_url())
def login():
if not app.config['FAS_LOGIN']:
if app.config['KRB5_LOGIN']:
return krb5_login_redirect(next=oid.get_next_url())
flask.flash("No auth method available", "error")
return flask.redirect(flask.url_for("coprs_ns.coprs_show"))
if flask.g.user is not None:
return flask.redirect(oid.get_next_url())
else:
# a bit of magic
team_req = TeamsRequest(["_FAS_ALL_GROUPS_"])
return oid.try_login(app.config["OPENID_PROVIDER_URL"],
ask_for=["email", "timezone"],
extensions=[team_req])
def login():
if flask.g.user is not None:
return flask.redirect(oid.get_next_url())
else:
# a bit of magic
team_req = TeamsRequest(["_FAS_ALL_GROUPS_"])
return oid.try_login("https://id.fedoraproject.org/",
ask_for=["email", "timezone"],
extensions=[team_req])
def login():
if flask.g.user is not None:
return flask.redirect(oid.get_next_url())
else:
# a bit of magic
team_req = TeamsRequest(["_FAS_ALL_GROUPS_"])
return oid.try_login("https://id.fedoraproject.org/",
ask_for=["email", "timezone"],
extensions=[team_req])
def logout():
flask.session.pop("openid", None)
flask.session.pop("krb5_login", None)
flask.flash(u"You were signed out")
return flask.redirect(oid.get_next_url())
def krb5_login(name):
"""
Handle the Kerberos authentication.
Note that if we are able to get here, either the user is authenticated
correctly, or apache is mis-configured and it does not perform KRB
authentication at all. Note also, even if that can be considered ugly, we
are reusing oid's get_next_url feature with kerberos login.
"""
# Already logged in?
if flask.g.user is not None:
return flask.redirect(oid.get_next_url())
krb_config = app.config['KRB5_LOGIN']
found = None
for key in krb_config.keys():
if krb_config[key]['URI'] == name:
found = key
break
if not found:
# no KRB5_LOGIN.<name> configured in copr.conf
return flask.render_template("404.html"), 404
if 'REMOTE_USER' not in flask.request.environ:
nocred = "Kerberos authentication failed (no credentials provided)"
return flask.render_template("403.html", message=nocred), 403
krb_username = flask.request.environ['REMOTE_USER']
username = krb_strip_realm(krb_username)
krb_login = (
models.Krb5Login.query
.filter(models.Krb5Login.config_name == key)
.filter(models.Krb5Login.primary == username)
.first()
)
if krb_login:
flask.g.user = krb_login.user
flask.session['krb5_login'] = krb_login.user.name
flask.flash(u"Welcome, {0}".format(flask.g.user.name))
return flask.redirect(oid.get_next_url())
# We need to create row in 'krb5_login' table
user = models.User.query.filter(models.User.username == username).first()
if not user:
# Even the item in 'user' table does not exist, create _now_
email = username + "@" + krb_config[key]['email_domain']
user = create_user_wrapper(username, email)
db.session.add(user)
krb_login = models.Krb5Login(user=user, primary=username, config_name=key)
db.session.add(krb_login)
db.session.commit()
flask.flash(u"Welcome, {0}".format(user.name))
flask.g.user = user
flask.session['krb5_login'] = user.name
return flask.redirect(oid.get_next_url())
def logout():
flask.session.pop("openid", None)
flask.session.pop("krb5_login", None)
flask.flash(u"You were signed out")
return flask.redirect(oid.get_next_url())
def login():
if flask.g.user is not None:
return flask.redirect(oid.get_next_url())
else:
return oid.try_login("https://id.fedoraproject.org/",
ask_for=["email", "timezone"])
def login():
if flask.g.user is not None:
return flask.redirect(oid.get_next_url())
else:
return oid.try_login("https://id.fedoraproject.org/",
ask_for=["email", "timezone"])
