Fix cookie auth to work with oauth token auth. Make sure user loading is truly deferred to save DB connections.
This commit is contained in:
jakedt
parent
e759066ae0
commit
5bb4008880
6 changed files with 65 additions and 26 deletions
32
auth/auth.py
32
auth/auth.py
|
|
@ -2,16 +2,19 @@ import logging
|
|||
|
||||
from functools import wraps
|
||||
from datetime import datetime
|
||||
from flask import request, _request_ctx_stack, session
|
||||
from flask import request, session
|
||||
from flask.ext.principal import identity_changed, Identity
|
||||
from flask.ext.login import current_user
|
||||
from base64 import b64decode
|
||||
|
||||
import scopes
|
||||
|
||||
from data import model
|
||||
from data.model import oauth
|
||||
from app import app
|
||||
from permissions import QuayDeferredPermissionUser
|
||||
import scopes
|
||||
|
||||
from auth_context import (set_authenticated_user, set_validated_token,
|
||||
set_authenticated_user_deferred)
|
||||
from util.http import abort
|
||||
|
||||
|
||||
|
|
@ -34,8 +37,7 @@ def process_basic_auth(auth):
|
|||
try:
|
||||
token = model.load_token_data(credentials[1])
|
||||
logger.debug('Successfully validated token: %s' % credentials[1])
|
||||
ctx = _request_ctx_stack.top
|
||||
ctx.validated_token = token
|
||||
set_validated_token(token)
|
||||
|
||||
identity_changed.send(app, identity=Identity(token.code, 'token'))
|
||||
return
|
||||
|
|
@ -49,8 +51,7 @@ def process_basic_auth(auth):
|
|||
try:
|
||||
robot = model.verify_robot(credentials[0], credentials[1])
|
||||
logger.debug('Successfully validated robot: %s' % credentials[0])
|
||||
ctx = _request_ctx_stack.top
|
||||
ctx.authenticated_user = robot
|
||||
set_authenticated_user(robot)
|
||||
|
||||
deferred_robot = QuayDeferredPermissionUser(robot.username, 'username')
|
||||
identity_changed.send(app, identity=deferred_robot)
|
||||
|
|
@ -63,8 +64,7 @@ def process_basic_auth(auth):
|
|||
|
||||
if authenticated:
|
||||
logger.debug('Successfully validated user: %s' % authenticated.username)
|
||||
ctx = _request_ctx_stack.top
|
||||
ctx.authenticated_user = authenticated
|
||||
set_authenticated_user(authenticated)
|
||||
|
||||
new_identity = QuayDeferredPermissionUser(authenticated.username, 'username')
|
||||
identity_changed.send(app, identity=new_identity)
|
||||
|
|
@ -102,8 +102,7 @@ def process_token(auth):
|
|||
auth=auth)
|
||||
|
||||
logger.debug('Successfully validated token: %s', token_data.code)
|
||||
ctx = _request_ctx_stack.top
|
||||
ctx.validated_token = token_data
|
||||
set_validated_token(token_data)
|
||||
|
||||
identity_changed.send(app, identity=Identity(token_data.code, 'token'))
|
||||
|
||||
|
|
@ -141,15 +140,18 @@ def process_oauth(f):
|
|||
scope_set = scopes.scopes_from_scope_string(validated.scope)
|
||||
logger.debug('Successfully validated oauth access token: %s with scope: %s', token,
|
||||
scope_set)
|
||||
|
||||
ctx = _request_ctx_stack.top
|
||||
ctx.authenticated_user = validated.authorized_user
|
||||
set_authenticated_user(validated.authorized_user)
|
||||
|
||||
new_identity = QuayDeferredPermissionUser(validated.authorized_user.username, 'username',
|
||||
scope_set)
|
||||
identity_changed.send(app, identity=new_identity)
|
||||
elif not current_user.is_anonymous():
|
||||
logger.debug('Loading user from cookie: %s', current_user.get_id())
|
||||
set_authenticated_user_deferred(current_user.get_id())
|
||||
loaded = QuayDeferredPermissionUser(current_user.get_id(), 'username')
|
||||
identity_changed.send(app, identity=loaded)
|
||||
else:
|
||||
logger.debug('No auth header.')
|
||||
logger.debug('No auth header or user session.')
|
||||
return f(*args, **kwargs)
|
||||
return wrapper
|
||||
|
||||
|
|
|
|||
Reference in a new issue