def common_login(user_uuid, permanent_session=True): """ Performs login of the given user, with optional non-permanence on the session. Returns a tuple with (success, headers to set on success). """ user = model.get_user(user_uuid) if user is None: return (False, None) if login_user(LoginWrappedDBUser(user_uuid)): logger.debug("Successfully signed in as user %s with uuid %s", user.username, user_uuid) new_identity = QuayDeferredPermissionUser.for_id(user_uuid) identity_changed.send(app, identity=new_identity) session["login_time"] = datetime.datetime.now() if permanent_session and features.PERMANENT_SESSIONS: session_timeout_str = app.config.get("SESSION_TIMEOUT", "31d") session.permanent = True session.permanent_session_lifetime = convert_to_timedelta( session_timeout_str) # Force a new CSRF token. headers = {} headers[QUAY_CSRF_UPDATED_HEADER_NAME] = generate_csrf_token( force=True) return (True, headers) logger.debug("User could not be logged in, inactive?") return (False, None)
def identity(self): """ Returns the identity for the auth context. """ if self.oauthtoken: scope_set = scopes_from_scope_string(self.oauthtoken.scope) return QuayDeferredPermissionUser.for_user(self.oauthtoken.authorized_user, scope_set) if self.authed_user: return QuayDeferredPermissionUser.for_user(self.authed_user) if self.token: return Identity(self.token.get_code(), "token") if self.signed_data: identity = Identity(None, "signed_grant") identity.provides.update(self.signed_data["grants"]) return identity return None
def test_superuser_matrix(superuser, normie): test_cases = [ (superuser, {scopes.SUPERUSER}, True), (superuser, {scopes.DIRECT_LOGIN}, True), (superuser, {scopes.READ_USER, scopes.SUPERUSER}, True), (superuser, {scopes.READ_USER}, False), (normie, {scopes.SUPERUSER}, False), (normie, {scopes.DIRECT_LOGIN}, False), (normie, {scopes.READ_USER, scopes.SUPERUSER}, False), (normie, {scopes.READ_USER}, False), ] for user_obj, scope_set, expected in test_cases: perm_user = QuayDeferredPermissionUser.for_user(user_obj, scope_set) has_su = perm_user.can(SuperUserPermission()) assert has_su == expected
def common_login(user_uuid, permanent_session=True): """ Performs login of the given user, with optional non-permanence on the session. Returns a tuple with (success, headers to set on success). """ user = model.get_user(user_uuid) if user is None: return (False, None) if login_user(LoginWrappedDBUser(user_uuid)): logger.debug('Successfully signed in as user %s with uuid %s', user.username, user_uuid) new_identity = QuayDeferredPermissionUser.for_id(user_uuid) identity_changed.send(app, identity=new_identity) session['login_time'] = datetime.datetime.now() if permanent_session and features.PERMANENT_SESSIONS: session_timeout_str = app.config.get('SESSION_TIMEOUT', '31d') session.permanent = True session.permanent_session_lifetime = convert_to_timedelta( session_timeout_str) # Inform our user analytics that we have a new "lead" create_lead_future = user_analytics.create_lead( user.email, user.username, user.given_name, user.family_name, user.company, user.location, ) create_lead_future.add_done_callback( build_error_callback('Create lead failed')) # Force a new CSRF token. headers = {} headers[QUAY_CSRF_UPDATED_HEADER_NAME] = generate_csrf_token( force=True) return (True, headers) logger.debug('User could not be logged in, inactive?') return (False, None)