Add UUID to User model and use in cookie.

This commit is contained in:
Jimmy Zelinskie 2014-11-11 17:22:37 -05:00 committed by Jimmy Zelinskie
parent b3886570eb
commit 9d677b8eb3
8 changed files with 91 additions and 61 deletions

View file

@ -25,7 +25,7 @@ def _load_user_from_cookie():
if not current_user.is_anonymous():
logger.debug('Loading user from cookie: %s', current_user.get_id())
set_authenticated_user_deferred(current_user.get_id())
loaded = QuayDeferredPermissionUser(current_user.get_id(), 'user_db_id', {scopes.DIRECT_LOGIN})
loaded = QuayDeferredPermissionUser(current_user.get_id(), 'user_uuid', {scopes.DIRECT_LOGIN})
identity_changed.send(app, identity=loaded)
return current_user.db_user()
return None
@ -58,7 +58,7 @@ def _validate_and_apply_oauth_token(token):
set_authenticated_user(validated.authorized_user)
set_validated_oauth_token(validated)
new_identity = QuayDeferredPermissionUser(validated.authorized_user.id, 'user_db_id', scope_set)
new_identity = QuayDeferredPermissionUser(validated.authorized_user.uuid, 'user_uuid', scope_set)
identity_changed.send(app, identity=new_identity)
@ -98,7 +98,7 @@ def process_basic_auth(auth):
logger.debug('Successfully validated robot: %s' % credentials[0])
set_authenticated_user(robot)
deferred_robot = QuayDeferredPermissionUser(robot.id, 'user_db_id', {scopes.DIRECT_LOGIN})
deferred_robot = QuayDeferredPermissionUser(robot.uuid, 'user_uuid', {scopes.DIRECT_LOGIN})
identity_changed.send(app, identity=deferred_robot)
return
except model.InvalidRobotException:
@ -111,7 +111,7 @@ def process_basic_auth(auth):
logger.debug('Successfully validated user: %s' % authenticated.username)
set_authenticated_user(authenticated)
new_identity = QuayDeferredPermissionUser(authenticated.id, 'user_db_id',
new_identity = QuayDeferredPermissionUser(authenticated.uuid, 'user_uuid',
{scopes.DIRECT_LOGIN})
identity_changed.send(app, identity=new_identity)
return

View file

@ -10,13 +10,13 @@ logger = logging.getLogger(__name__)
def get_authenticated_user():
user = getattr(_request_ctx_stack.top, 'authenticated_user', None)
if not user:
db_id = getattr(_request_ctx_stack.top, 'authenticated_db_id', None)
if not db_id:
logger.debug('No authenticated user or deferred database id.')
user_uuid = getattr(_request_ctx_stack.top, 'authenticated_user_uuid', None)
if not user_uuid:
logger.debug('No authenticated user or deferred database uuid.')
return None
logger.debug('Loading deferred authenticated user.')
loaded = model.get_user_by_id(db_id)
loaded = model.get_user_by_uuid(user_uuid)
set_authenticated_user(loaded)
user = loaded
@ -30,10 +30,10 @@ def set_authenticated_user(user_or_robot):
ctx.authenticated_user = user_or_robot
def set_authenticated_user_deferred(user_or_robot_db_id):
logger.debug('Deferring loading of authenticated user object: %s', user_or_robot_db_id)
def set_authenticated_user_deferred(user_or_robot_uuid):
logger.debug('Deferring loading of authenticated user object with uuid: %s', user_or_robot_uuid)
ctx = _request_ctx_stack.top
ctx.authenticated_db_id = user_or_robot_db_id
ctx.authenticated_user_uuid = user_or_robot_uuid
def get_validated_oauth_token():

View file

@ -58,8 +58,8 @@ SCOPE_MAX_USER_ROLES.update({
class QuayDeferredPermissionUser(Identity):
def __init__(self, db_id, auth_type, scopes):
super(QuayDeferredPermissionUser, self).__init__(db_id, auth_type)
def __init__(self, id, auth_type, scopes):
super(QuayDeferredPermissionUser, self).__init__(id, auth_type)
self._permissions_loaded = False
self._scope_set = scopes
@ -88,7 +88,7 @@ class QuayDeferredPermissionUser(Identity):
def can(self, permission):
if not self._permissions_loaded:
logger.debug('Loading user permissions after deferring.')
user_object = model.get_user_by_id(self.id)
user_object = model.get_user_by_uuid(self.id)
# Add the superuser need, if applicable.
if (user_object.username is not None and
@ -228,11 +228,11 @@ def on_identity_loaded(sender, identity):
# We have verified an identity, load in all of the permissions
if isinstance(identity, QuayDeferredPermissionUser):
logger.debug('Deferring permissions for user: %s', identity.id)
logger.debug('Deferring permissions for user with uuid: %s', identity.id)
elif identity.auth_type == 'user_db_id':
logger.debug('Switching username permission to deferred object: %s', identity.id)
switch_to_deferred = QuayDeferredPermissionUser(identity.id, 'user_db_id', {scopes.DIRECT_LOGIN})
elif identity.auth_type == 'user_uuid':
logger.debug('Switching username permission to deferred object with uuid: %s', identity.id)
switch_to_deferred = QuayDeferredPermissionUser(identity.id, 'user_uuid', {scopes.DIRECT_LOGIN})
identity_changed.send(app, identity=switch_to_deferred)
elif identity.auth_type == 'token':

View file

@ -137,6 +137,7 @@ class BaseModel(ReadSlaveModel):
class User(BaseModel):
uuid = CharField(default=uuid_generator)
username = CharField(unique=True, index=True)
password_hash = CharField(null=True)
email = CharField(unique=True, index=True,

View file

@ -0,0 +1,26 @@
"""add uuid field to user
Revision ID: 17f11e265e13
Revises: 204abf14783d
Create Date: 2014-11-11 14:32:54.866188
"""
# revision identifiers, used by Alembic.
revision = '17f11e265e13'
down_revision = '204abf14783d'
from alembic import op
import sqlalchemy as sa
from sqlalchemy.dialects import mysql
def upgrade(tables):
### commands auto generated by Alembic - please adjust! ###
op.add_column('user', sa.Column('uuid', sa.String(length=255), nullable=False))
### end Alembic commands ###
def downgrade(tables):
### commands auto generated by Alembic - please adjust! ###
op.drop_column('user', 'uuid')
### end Alembic commands ###

View file

@ -614,6 +614,13 @@ def get_namespace_by_user_id(namespace_user_db_id):
raise InvalidUsernameException('User with id does not exist: %s' % namespace_user_db_id)
def get_user_by_uuid(user_uuid):
try:
return User.get(User.uuid == user_uuid, User.organization == False)
except User.DoesNotExist:
return None
def get_user_or_org_by_customer_id(customer_id):
try:
return User.get(User.stripe_id == customer_id)

View file

@ -85,23 +85,19 @@ def param_required(param_name):
@login_manager.user_loader
def load_user(user_db_id):
logger.debug('User loader loading deferred user id: %s' % user_db_id)
try:
user_db_id_int = int(user_db_id)
return _LoginWrappedDBUser(user_db_id_int)
except ValueError:
return None
def load_user(user_uuid):
logger.debug('User loader loading deferred user with uuid: %s' % user_uuid)
return _LoginWrappedDBUser(user_uuid)
class _LoginWrappedDBUser(UserMixin):
def __init__(self, user_db_id, db_user=None):
self._db_id = user_db_id
def __init__(self, user_uuid, db_user=None):
self._uuid = user_uuid
self._db_user = db_user
def db_user(self):
if not self._db_user:
self._db_user = model.get_user_by_id(self._db_id)
self._db_user = model.get_user_by_uuid(self._uuid)
return self._db_user
def is_authenticated(self):
@ -111,13 +107,13 @@ class _LoginWrappedDBUser(UserMixin):
return self.db_user().verified
def get_id(self):
return unicode(self._db_id)
return unicode(self._uuid)
def common_login(db_user):
if login_user(_LoginWrappedDBUser(db_user.id, db_user)):
logger.debug('Successfully signed in as: %s' % db_user.username)
new_identity = QuayDeferredPermissionUser(db_user.id, 'user_db_id', {scopes.DIRECT_LOGIN})
if login_user(_LoginWrappedDBUser(db_user.uuid, db_user)):
logger.debug('Successfully signed in as: %s (%s)' % (db_user.username, db_user.uuid))
new_identity = QuayDeferredPermissionUser(db_user.uuid, 'user_uuid', {scopes.DIRECT_LOGIN})
identity_changed.send(app, identity=new_identity)
session['login_time'] = datetime.datetime.now()
return True

Binary file not shown.