vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix the problem with login on new triggers.

Browse source
This commit is contained in:
jakedt 2014-03-26 15:52:24 -04:00
parent fa3af789b2
commit 4d2e090bea
3 changed files with 64 additions and 66 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
auth/auth.py
View file

@ -21,7 +21,17 @@ from util.http import abort
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
def validate_and_apply_oauth_token(token): def _load_user_from_cookie():
if not current_user.is_anonymous():
logger.debug('Loading user from cookie: %s', current_user.get_id())
set_authenticated_user_deferred(current_user.get_id())
loaded = QuayDeferredPermissionUser(current_user.get_id(), 'username', {scopes.DIRECT_LOGIN})
identity_changed.send(app, identity=loaded)
return current_user.db_user()
return None
def _validate_and_apply_oauth_token(token):
validated = oauth.validate_access_token(token) validated = oauth.validate_access_token(token)
if not validated: if not validated:
logger.warning('OAuth access token could not be validated: %s', token) logger.warning('OAuth access token could not be validated: %s', token)
@ -80,7 +90,7 @@ def process_basic_auth(auth):
elif credentials[0] == '$oauthtoken': elif credentials[0] == '$oauthtoken':
oauth_token = credentials[1] oauth_token = credentials[1]
validate_and_apply_oauth_token(oauth_token) _validate_and_apply_oauth_token(oauth_token)
elif '+' in credentials[0]: elif '+' in credentials[0]:
logger.debug('Trying robot auth with credentials %s' % str(credentials)) logger.debug('Trying robot auth with credentials %s' % str(credentials))
@ -146,8 +156,8 @@ def process_token(auth):
identity_changed.send(app, identity=Identity(token_data.code, 'token')) identity_changed.send(app, identity=Identity(token_data.code, 'token'))
def process_oauth(f): def process_oauth(func):
@wraps(f) @wraps(func)
def wrapper(*args, **kwargs): def wrapper(*args, **kwargs):
auth = request.headers.get('authorization', '') auth = request.headers.get('authorization', '')
if auth: if auth:
@ -157,20 +167,15 @@ def process_oauth(f):
return return
token = normalized[1] token = normalized[1]
validate_and_apply_oauth_token(token) _validate_and_apply_oauth_token(token)
elif not current_user.is_anonymous(): elif _load_user_from_cookie() is None:
logger.debug('Loading user from cookie: %s', current_user.get_id())
set_authenticated_user_deferred(current_user.get_id())
loaded = QuayDeferredPermissionUser(current_user.get_id(), 'username', {scopes.DIRECT_LOGIN})
identity_changed.send(app, identity=loaded)
else:
logger.debug('No auth header or login cookie.') logger.debug('No auth header or login cookie.')
return f(*args, **kwargs) return func(*args, **kwargs)
return wrapper return wrapper
def process_auth(f): def process_auth(func):
@wraps(f) @wraps(func)
def wrapper(*args, **kwargs): def wrapper(*args, **kwargs):
auth = request.headers.get('authorization', '') auth = request.headers.get('authorization', '')
@ -181,16 +186,26 @@ def process_auth(f):
else: else:
logger.debug('No auth header.') logger.debug('No auth header.')
return f(*args, **kwargs) return func(*args, **kwargs)
return wrapper return wrapper
def extract_namespace_repo_from_session(f): def require_session_login(func):
@wraps(f) @wraps(func)
def wrapper(*args, **kwargs):
loaded = _load_user_from_cookie()
if loaded is None or loaded.organization:
abort(401, message='Method requires login and no valid login could be loaded.')
return func(*args, **kwargs)
return wrapper
def extract_namespace_repo_from_session(func):
@wraps(func)
def wrapper(*args, **kwargs): def wrapper(*args, **kwargs):
if 'namespace' not in session or 'repository' not in session: if 'namespace' not in session or 'repository' not in session:
logger.error('Unable to load namespace or repository from session: %s' % session) logger.error('Unable to load namespace or repository from session: %s' % session)
abort(400, message='Missing namespace in request') abort(400, message='Missing namespace in request')
return f(session['namespace'], session['repository'], *args, **kwargs) return func(session['namespace'], session['repository'], *args, **kwargs)
return wrapper return wrapper

10
endpoints/callbacks.py
View file

@ -1,7 +1,7 @@
import logging import logging
from flask import request, redirect, url_for, Blueprint from flask import request, redirect, url_for, Blueprint
from flask.ext.login import login_required, current_user from flask.ext.login import current_user
from endpoints.common import render_page_template, common_login from endpoints.common import render_page_template, common_login
from app import app, mixpanel from app import app, mixpanel
@ -9,6 +9,7 @@ from data import model
from util.names import parse_repository_name from util.names import parse_repository_name
from util.http import abort from util.http import abort
from auth.permissions import AdministerRepositoryPermission from auth.permissions import AdministerRepositoryPermission
from auth.auth import require_session_login
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -100,7 +101,7 @@ def github_oauth_callback():
@callback.route('/github/callback/attach', methods=['GET']) @callback.route('/github/callback/attach', methods=['GET'])
@login_required @require_session_login
def github_oauth_attach(): def github_oauth_attach():
token = exchange_github_code_for_token(request.args.get('code')) token = exchange_github_code_for_token(request.args.get('code'))
user_data = get_github_user(token) user_data = get_github_user(token)
@ -111,7 +112,7 @@ def github_oauth_attach():
@callback.route('/github/callback/trigger/<path:repository>', methods=['GET']) @callback.route('/github/callback/trigger/<path:repository>', methods=['GET'])
@login_required @require_session_login
@parse_repository_name @parse_repository_name
def attach_github_build_trigger(namespace, repository): def attach_github_build_trigger(namespace, repository):
permission = AdministerRepositoryPermission(namespace, repository) permission = AdministerRepositoryPermission(namespace, repository)
@ -124,7 +125,8 @@ def attach_github_build_trigger(namespace, repository):
trigger = model.create_build_trigger(repo, 'github', token, current_user.db_user()) trigger = model.create_build_trigger(repo, 'github', token, current_user.db_user())
admin_path = '%s/%s/%s' % (namespace, repository, 'admin') admin_path = '%s/%s/%s' % (namespace, repository, 'admin')
full_url = url_for('web.repository', path=admin_path) + '?tab=trigger&new_trigger=' + trigger.uuid full_url = '%s%s%s' % (url_for('web.repository', path=admin_path), '?tab=trigger&new_trigger=',
trigger.uuid)
logger.debug('Redirecting to full url: %s' % full_url) logger.debug('Redirecting to full url: %s' % full_url)
return redirect(full_url) return redirect(full_url)

33
endpoints/realtime.py
View file

@ -1,37 +1,18 @@
import logging import logging
import redis
import json import json
from functools import wraps from flask import request, Blueprint, abort, Response
from flask import request, make_response, Blueprint, abort, Response from flask.ext.login import current_user
from flask.ext.login import current_user, logout_user from data import userevent
from data import model, userevent from auth.auth import require_session_login
from app import app
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
realtime = Blueprint('realtime', __name__) realtime = Blueprint('realtime', __name__)
def api_login_required(f):
@wraps(f)
def decorated_view(*args, **kwargs):
if not current_user.is_authenticated():
abort(401)
if (current_user and current_user.db_user() and
current_user.db_user().organization):
abort(401)
if (current_user and current_user.db_user() and
current_user.db_user().robot):
abort(401)
return f(*args, **kwargs)
return decorated_view
@realtime.route("/user/") @realtime.route("/user/")
@api_login_required @require_session_login
def index(): def index():
debug_template = """ debug_template = """
<html> <html>
@ -58,14 +39,14 @@ def index():
@realtime.route("/user/test") @realtime.route("/user/test")
@api_login_required @require_session_login
def user_test(): def user_test():
evt = userevent.UserEvent('logs.quay.io', current_user.db_user().username) evt = userevent.UserEvent('logs.quay.io', current_user.db_user().username)
evt.publish_event_data('test', {'foo': 2}) evt.publish_event_data('test', {'foo': 2})
return 'OK' return 'OK'
@realtime.route("/user/subscribe") @realtime.route("/user/subscribe")
@api_login_required @require_session_login
def user_subscribe(): def user_subscribe():
def wrapper(listener): def wrapper(listener):
for event_id, data in listener.event_stream(): for event_id, data in listener.event_stream():