Fix the problem with login on new triggers.
This commit is contained in:
jakedt
parent
fa3af789b2
commit
4d2e090bea
3 changed files with 64 additions and 66 deletions
51
auth/auth.py
51
auth/auth.py
|
|
@ -21,7 +21,17 @@ from util.http import abort
|
|||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def validate_and_apply_oauth_token(token):
|
||||
def _load_user_from_cookie():
|
||||
if not current_user.is_anonymous():
|
||||
logger.debug('Loading user from cookie: %s', current_user.get_id())
|
||||
set_authenticated_user_deferred(current_user.get_id())
|
||||
loaded = QuayDeferredPermissionUser(current_user.get_id(), 'username', {scopes.DIRECT_LOGIN})
|
||||
identity_changed.send(app, identity=loaded)
|
||||
return current_user.db_user()
|
||||
return None
|
||||
|
||||
|
||||
def _validate_and_apply_oauth_token(token):
|
||||
validated = oauth.validate_access_token(token)
|
||||
if not validated:
|
||||
logger.warning('OAuth access token could not be validated: %s', token)
|
||||
|
|
@ -80,7 +90,7 @@ def process_basic_auth(auth):
|
|||
|
||||
elif credentials[0] == '$oauthtoken':
|
||||
oauth_token = credentials[1]
|
||||
validate_and_apply_oauth_token(oauth_token)
|
||||
_validate_and_apply_oauth_token(oauth_token)
|
||||
|
||||
elif '+' in credentials[0]:
|
||||
logger.debug('Trying robot auth with credentials %s' % str(credentials))
|
||||
|
|
@ -146,8 +156,8 @@ def process_token(auth):
|
|||
identity_changed.send(app, identity=Identity(token_data.code, 'token'))
|
||||
|
||||
|
||||
def process_oauth(f):
|
||||
@wraps(f)
|
||||
def process_oauth(func):
|
||||
@wraps(func)
|
||||
def wrapper(*args, **kwargs):
|
||||
auth = request.headers.get('authorization', '')
|
||||
if auth:
|
||||
|
|
@ -157,20 +167,15 @@ def process_oauth(f):
|
|||
return
|
||||
|
||||
token = normalized[1]
|
||||
validate_and_apply_oauth_token(token)
|
||||
elif not current_user.is_anonymous():
|
||||
logger.debug('Loading user from cookie: %s', current_user.get_id())
|
||||
set_authenticated_user_deferred(current_user.get_id())
|
||||
loaded = QuayDeferredPermissionUser(current_user.get_id(), 'username', {scopes.DIRECT_LOGIN})
|
||||
identity_changed.send(app, identity=loaded)
|
||||
else:
|
||||
_validate_and_apply_oauth_token(token)
|
||||
elif _load_user_from_cookie() is None:
|
||||
logger.debug('No auth header or login cookie.')
|
||||
return f(*args, **kwargs)
|
||||
return func(*args, **kwargs)
|
||||
return wrapper
|
||||
|
||||
|
||||
def process_auth(f):
|
||||
@wraps(f)
|
||||
def process_auth(func):
|
||||
@wraps(func)
|
||||
def wrapper(*args, **kwargs):
|
||||
auth = request.headers.get('authorization', '')
|
||||
|
||||
|
|
@ -181,16 +186,26 @@ def process_auth(f):
|
|||
else:
|
||||
logger.debug('No auth header.')
|
||||
|
||||
return f(*args, **kwargs)
|
||||
return func(*args, **kwargs)
|
||||
return wrapper
|
||||
|
||||
|
||||
def extract_namespace_repo_from_session(f):
|
||||
@wraps(f)
|
||||
def require_session_login(func):
|
||||
@wraps(func)
|
||||
def wrapper(*args, **kwargs):
|
||||
loaded = _load_user_from_cookie()
|
||||
if loaded is None or loaded.organization:
|
||||
abort(401, message='Method requires login and no valid login could be loaded.')
|
||||
return func(*args, **kwargs)
|
||||
return wrapper
|
||||
|
||||
|
||||
def extract_namespace_repo_from_session(func):
|
||||
@wraps(func)
|
||||
def wrapper(*args, **kwargs):
|
||||
if 'namespace' not in session or 'repository' not in session:
|
||||
logger.error('Unable to load namespace or repository from session: %s' % session)
|
||||
abort(400, message='Missing namespace in request')
|
||||
|
||||
return f(session['namespace'], session['repository'], *args, **kwargs)
|
||||
return func(session['namespace'], session['repository'], *args, **kwargs)
|
||||
return wrapper
|
||||
|
|
|
|||
Reference in a new issue