def _determine_auth_user(api_key, bearer_token, session_authuser):
"""
Create an `AuthUser` object given the API key/bearer token
(if any) and the value of the authuser session cookie.
"""
# Authenticate by bearer token
if bearer_token is not None:
api_key = bearer_token
# Authenticate by API key
if api_key is not None:
au = AuthUser(dbuser=User.get_by_api_key(api_key),
authenticating_api_key=api_key, is_external_auth=True)
if au.is_anonymous:
log.warning('API key ****%s is NOT valid', api_key[-4:])
raise webob.exc.HTTPForbidden(_('Invalid API key'))
return au
# Authenticate by session cookie
# In ancient login sessions, 'authuser' may not be a dict.
# In that case, the user will have to log in again.
# v0.3 and earlier included an 'is_authenticated' key; if present,
# this must be True.
if isinstance(session_authuser, dict) and session_authuser.get('is_authenticated', True):
try:
return AuthUser.from_cookie(session_authuser)
except UserCreationError as e:
# container auth or other auth functions that create users on
# the fly can throw UserCreationError to signal issues with
# user creation. Explanation should be provided in the
# exception object.
from kallithea.lib import helpers as h
h.flash(e, 'error', logf=log.error)
# Authenticate by auth_container plugin (if enabled)
if any(
plugin.is_container_auth
for plugin in auth_modules.get_auth_plugins()
):
try:
user_info = auth_modules.authenticate('', '', request.environ)
except UserCreationError as e:
from kallithea.lib import helpers as h
h.flash(e, 'error', logf=log.error)
else:
if user_info is not None:
username = user_info['username']
user = User.get_by_username(username, case_insensitive=True)
return log_in_user(user, remember=False,
is_external_auth=True)
# User is anonymous
return AuthUser()
def _determine_auth_user(api_key, session_authuser):
"""
Create an `AuthUser` object given the API key (if any) and the
value of the authuser session cookie.
"""
# Authenticate by API key
if api_key:
# when using API_KEY we are sure user exists.
return AuthUser(dbuser=User.get_by_api_key(api_key),
is_external_auth=True)
# Authenticate by session cookie
# In ancient login sessions, 'authuser' may not be a dict.
# In that case, the user will have to log in again.
# v0.3 and earlier included an 'is_authenticated' key; if present,
# this must be True.
if isinstance(session_authuser, dict) and session_authuser.get('is_authenticated', True):
try:
return AuthUser.from_cookie(session_authuser)
except UserCreationError as e:
# container auth or other auth functions that create users on
# the fly can throw UserCreationError to signal issues with
# user creation. Explanation should be provided in the
# exception object.
from kallithea.lib import helpers as h
h.flash(e, 'error', logf=log.error)
# Authenticate by auth_container plugin (if enabled)
if any(
auth_modules.importplugin(name).is_container_auth
for name in Setting.get_auth_plugins()
):
try:
user_info = auth_modules.authenticate('', '', request.environ)
except UserCreationError as e:
from kallithea.lib import helpers as h
h.flash(e, 'error', logf=log.error)
else:
if user_info is not None:
username = user_info['username']
user = User.get_by_username(username, case_insensitive=True)
return log_in_user(user, remember=False,
is_external_auth=True)
# User is anonymous
return AuthUser()
def _determine_auth_user(session_authuser, ip_addr):
"""
Create an `AuthUser` object given the API key/bearer token
(if any) and the value of the authuser session cookie.
Returns None if no valid user is found (like not active or no access for IP).
"""
# Authenticate by session cookie
# In ancient login sessions, 'authuser' may not be a dict.
# In that case, the user will have to log in again.
# v0.3 and earlier included an 'is_authenticated' key; if present,
# this must be True.
if isinstance(session_authuser, dict) and session_authuser.get(
'is_authenticated', True):
return AuthUser.from_cookie(session_authuser, ip_addr=ip_addr)
# Authenticate by auth_container plugin (if enabled)
if any(plugin.is_container_auth
for plugin in auth_modules.get_auth_plugins()):
try:
user_info = auth_modules.authenticate('', '', request.environ)
except UserCreationError as e:
from kallithea.lib import helpers as h
h.flash(e, 'error', logf=log.error)
else:
if user_info is not None:
username = user_info['username']
user = User.get_by_username(username,
case_insensitive=True)
return log_in_user(user,
remember=False,
is_external_auth=True,
ip_addr=ip_addr)
# User is default user (if active) or anonymous
default_user = User.get_default_user()
authuser = AuthUser.make(dbuser=default_user, ip_addr=ip_addr)
if authuser is None: # fall back to anonymous
authuser = AuthUser(
dbuser=default_user) # TODO: somehow use .make?
return authuser