class OpenIDHandle(object):
def __init__(self, root_url):
self.root_url = root_url
self.isLeaf = True
self.sessions = SessionManager()
def flatten_args(self, request):
# Flatten args (twisted returns arrays). Just always take first
args = {}
for arg in request.args:
args[arg] = request.args.get(arg)[0]
return args
def render(self, request):
session = {}
return_to = self.root_url + '_openid_handle/'
oidconsumer = consumer.Consumer(session, None)
info = oidconsumer.complete(self.flatten_args(request), return_to)
display_identifier = info.getDisplayIdentifier()
if info.status == consumer.FAILURE and display_identifier:
return 'OpenID Error: %s' % display_identifier
elif info.status == consumer.CANCEL:
return 'Cancelled'
elif info.status == consumer.SUCCESS:
# Success happened!
sreg_resp = sreg.SRegResponse.fromSuccessResponse(info)
teams_resp = teams.TeamsResponse.fromSuccessResponse(info)
user = {'fullName': '', 'userName': '', 'email': '',
'groups': []}
if not sreg_resp:
return 'No sreg?'
user['userName'] = sreg_resp.get('nickname')
user['fullName'] = sreg_resp.get('fullname')
user['email'] = sreg_resp.get('email')
if teams_resp:
user['groups'] = frozenset(teams_resp.teams)
cookie, s = self.sessions.new(user['userName'], user)
request.addCookie(COOKIE_KEY, cookie, expires=s.getExpiration(),
path="/")
request.received_cookies = {COOKIE_KEY: cookie}
request.redirect(self.root_url)
return 'DONE'
else:
return 'Strange state: %s' % info.status
try:
request.finish()
except RuntimeError:
# this occurs when the client has already disconnected; ignore
# it (see #2027)
log.msg("http client disconnected before results were sent")
class OpenIDHandle(object):
def __init__(self, root_url):
self.root_url = root_url
self.isLeaf = True
self.sessions = SessionManager()
def flatten_args(self, request):
# Flatten args (twisted returns arrays). Just always take first
args = {}
for arg in request.args:
args[arg] = request.args.get(arg)[0]
return args
def render(self, request):
session = {}
return_to = self.root_url + '_openid_handle/'
oidconsumer = consumer.Consumer(session, None)
info = oidconsumer.complete(self.flatten_args(request), return_to)
display_identifier = info.getDisplayIdentifier()
if info.status == consumer.FAILURE and display_identifier:
return 'OpenID Error: %s' % display_identifier
elif info.status == consumer.CANCEL:
return 'Cancelled'
elif info.status == consumer.SUCCESS:
# Success happened!
sreg_resp = sreg.SRegResponse.fromSuccessResponse(info)
teams_resp = teams.TeamsResponse.fromSuccessResponse(info)
user = {'fullName': '', 'userName': '', 'email': '',
'groups': []}
if not sreg_resp:
return 'No sreg?'
user['userName'] = sreg_resp.get('nickname')
user['fullName'] = sreg_resp.get('fullname')
user['email'] = sreg_resp.get('email')
if teams_resp:
user['groups'] = frozenset(teams_resp.teams)
cookie, s = self.sessions.new(user['userName'], user)
request.addCookie(COOKIE_KEY, cookie, expires=s.getExpiration(),
path="/")
request.received_cookies = {COOKIE_KEY: cookie}
request.redirect(self.root_url)
return 'DONE'
else:
return 'Strange state: %s' % info.status
try:
request.finish()
except RuntimeError:
# this occurs when the client has already disconnected; ignore
# it (see #2027)
log.msg("http client disconnected before results were sent")
class Authz(object):
"""Decide who can do what."""
knownActions = [
# If you add a new action here, be sure to also update the documentation
# at docs/manual/cfg-statustargets.rst.
'view',
'gracefulShutdown',
'forceBuild',
'forceAllBuilds',
'pingBuilder',
'stopBuild',
'stopAllBuilds',
'cancelPendingBuild',
'cancelAllPendingBuilds',
'stopChange',
'cleanShutdown',
'showUsersPage',
'pauseSlave',
]
def __init__(self,
default_action=False,
auth=None,
useHttpHeader=False,
httpLoginUrl=False,
view=True,
**kwargs):
self.auth = auth
if auth:
assert IAuth.providedBy(auth)
self.useHttpHeader = useHttpHeader
self.httpLoginUrl = httpLoginUrl
self.config = dict( (a, default_action) for a in self.knownActions )
self.config['view'] = view
for act in self.knownActions:
if act in kwargs:
self.config[act] = kwargs[act]
del kwargs[act]
self.sessions = SessionManager()
if kwargs:
raise ValueError("unknown authorization action(s) " + ", ".join(kwargs.keys()))
def session(self, request):
if COOKIE_KEY in request.received_cookies:
cookie = request.received_cookies[COOKIE_KEY]
return self.sessions.get(cookie)
return None
def authenticated(self, request):
if self.useHttpHeader:
return request.getUser() != ''
return self.session(request) != None
def getUserInfo(self, user):
if self.useHttpHeader:
return dict(userName=user, fullName=user, email=user, groups=[ user ])
s = self.sessions.getUser(user)
if s:
return s.infos
def getUsername(self, request):
"""Get the userid of the user"""
if self.useHttpHeader:
return request.getUser()
s = self.session(request)
if s:
return s.user
return request.args.get("username", ["<unknown>"])[0]
def getUsernameHTML(self, request):
"""Get the user formatted in html (with possible link to email)"""
if self.useHttpHeader:
return request.getUser()
s = self.session(request)
if s:
return s.userInfosHTML()
return "not authenticated?!"
def getUsernameFull(self, request):
"""Get the full username as fullname <email>"""
if self.useHttpHeader:
return request.getUser()
s = self.session(request)
if s:
return "%(fullName)s <%(email)s>" % (s.infos)
else:
return request.args.get("username", ["<unknown>"])[0]
def getPassword(self, request):
if self.useHttpHeader:
return request.getPassword()
return request.args.get("passwd", ["<no-password>"])[0]
def advertiseAction(self, action, request):
"""Should the web interface even show the form for ACTION?"""
if action not in self.knownActions:
raise KeyError("unknown action")
cfg = self.config.get(action, False)
if cfg:
if cfg == 'auth' or callable(cfg):
return self.authenticated(request)
return cfg
def actionAllowed(self, action, request, *args):
"""Is this ACTION allowed, given this http REQUEST?"""
if action not in self.knownActions:
raise KeyError("unknown action")
cfg = self.config.get(action, False)
if cfg:
if cfg == 'auth' or callable(cfg):
if not self.auth:
return defer.succeed(False)
def check_authenticate(res):
if callable(cfg) and not cfg(self.getUsername(request), *args):
return False
return True
# retain old behaviour, if people have scripts
# without cookie support
passwd = self.getPassword(request)
if self.authenticated(request):
return defer.succeed(check_authenticate(None))
elif passwd != "<no-password>":
def check_login(cookie):
ret = False
if type(cookie) is str:
ret = check_authenticate(None)
self.sessions.remove(cookie)
return ret
d = self.login(request)
d.addBoth(check_login)
return d
else:
return defer.succeed(False)
return defer.succeed(cfg)
def login(self, request):
"""Login one user, and return session cookie"""
if self.authenticated(request):
return defer.succeed(False)
user = request.args.get("username", ["<unknown>"])[0]
passwd = request.args.get("passwd", ["<no-password>"])[0]
if user == "<unknown>" or passwd == "<no-password>":
return defer.succeed(False)
if not self.auth:
return defer.succeed(False)
d = defer.maybeDeferred(self.auth.authenticate, user, passwd)
def check_authenticate(res):
if res:
cookie, s = self.sessions.new(user, self.auth.getUserInfo(user))
request.addCookie(COOKIE_KEY, cookie, expires=s.getExpiration(),path="/")
request.received_cookies = {COOKIE_KEY:cookie}
return cookie
else:
return False
d.addBoth(check_authenticate)
return d
def logout(self, request):
if COOKIE_KEY in request.received_cookies:
cookie = request.received_cookies[COOKIE_KEY]
self.sessions.remove(cookie)
class Authz(object):
"""Decide who can do what."""
knownActions = [
# If you add a new action here, be sure to also update the documentation
# at docs/cfg-statustargets.texinfo
'gracefulShutdown',
'forceBuild',
'forceAllBuilds',
'pingBuilder',
'stopBuild',
'stopAllBuilds',
'cancelPendingBuild',
'stopChange',
'cleanShutdown',
'showUsersPage',
]
def __init__(self,
default_action=False,
auth=None,
useHttpHeader=False,
httpLoginUrl=False,
**kwargs):
self.auth = auth
if auth:
assert IAuth.providedBy(auth)
self.useHttpHeader = useHttpHeader
self.httpLoginUrl = httpLoginUrl
self.config = dict((a, default_action) for a in self.knownActions)
for act in self.knownActions:
if act in kwargs:
self.config[act] = kwargs[act]
del kwargs[act]
self.sessions = SessionManager()
if kwargs:
raise ValueError("unknown authorization action(s) " +
", ".join(kwargs.keys()))
def session(self, request):
if COOKIE_KEY in request.received_cookies:
cookie = request.received_cookies[COOKIE_KEY]
return self.sessions.get(cookie)
return None
def authenticated(self, request):
if self.useHttpHeader:
return request.getUser() != ''
return self.session(request) != None
def getUserInfo(self, user):
if self.useHttpHeader:
return dict(userName=user,
fullName=user,
email=user,
groups=[user])
s = self.sessions.getUser(user)
if s:
return s.infos
def getUsername(self, request):
"""Get the userid of the user"""
if self.useHttpHeader:
return request.getUser()
s = self.session(request)
if s:
return s.user
return request.args.get("username", ["<unknown>"])[0]
def getUsernameHTML(self, request):
"""Get the user formatated in html (with possible link to email)"""
if self.useHttpHeader:
return request.getUser()
s = self.session(request)
if s:
return s.userInfosHTML()
return "not authenticated?!"
def getUsernameFull(self, request):
"""Get the full username as fullname <email>"""
if self.useHttpHeader:
return request.getUser()
s = self.session(request)
if s:
return "%(fullName)s <%(email)s>" % (s.infos)
else:
return request.args.get("username", ["<unknown>"])[0]
def getPassword(self, request):
if self.useHttpHeader:
return request.getPassword()
return request.args.get("passwd", ["<no-password>"])[0]
def advertiseAction(self, action, request):
"""Should the web interface even show the form for ACTION?"""
if action not in self.knownActions:
raise KeyError("unknown action")
cfg = self.config.get(action, False)
if cfg:
if cfg == 'auth' or callable(cfg):
return self.authenticated(request)
return cfg
def actionAllowed(self, action, request, *args):
"""Is this ACTION allowed, given this http REQUEST?"""
if action not in self.knownActions:
raise KeyError("unknown action")
cfg = self.config.get(action, False)
if cfg:
if cfg == 'auth' or callable(cfg):
if not self.auth:
return defer.succeed(False)
def check_authenticate(res):
if callable(cfg) and not cfg(self.getUsername(request), *
args):
return False
return True
# retain old behaviour, if people have scripts
# without cookie support
passwd = self.getPassword(request)
if self.authenticated(request):
return defer.succeed(check_authenticate(None))
elif passwd != "<no-password>":
def check_login(cookie):
ret = False
if type(cookie) is str:
ret = check_authenticate(None)
self.sessions.remove(cookie)
return ret
d = self.login(request)
d.addBoth(check_login)
return d
else:
return defer.succeed(False)
return defer.succeed(cfg)
def login(self, request):
"""Login one user, and return session cookie"""
if self.authenticated(request):
return defer.succeed(False)
user = request.args.get("username", ["<unknown>"])[0]
passwd = request.args.get("passwd", ["<no-password>"])[0]
if user == "<unknown>" or passwd == "<no-password>":
return defer.succeed(False)
if not self.auth:
return defer.succeed(False)
d = defer.maybeDeferred(self.auth.authenticate, user, passwd)
def check_authenticate(res):
if res:
cookie, s = self.sessions.new(user,
self.auth.getUserInfo(user))
request.addCookie(COOKIE_KEY,
cookie,
s.getExpiration(),
path="/")
request.received_cookies = {COOKIE_KEY: cookie}
return cookie
else:
return False
d.addBoth(check_authenticate)
return d
def logout(self, request):
if COOKIE_KEY in request.received_cookies:
cookie = request.received_cookies[COOKIE_KEY]
self.sessions.remove(cookie)
