vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Allow superusers to disable user accounts

Browse source
This commit is contained in:
Joseph Schorr 2015-05-11 17:13:42 -04:00
parent 442cbed087
commit dc5af7496c
19 changed files with 291 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

8
auth/auth.py
View file

@ -35,6 +35,10 @@ def _load_user_from_cookie():
logger.debug('Loading user from cookie: %s', current_user.get_id())
db_user = current_user.db_user()
if db_user is not None:
# Don't allow disabled users to login.
if not db_user.enabled:
return None
set_authenticated_user(db_user)
loaded = QuayDeferredPermissionUser.for_user(db_user)
identity_changed.send(app, identity=loaded)
@ -62,6 +66,10 @@ def _validate_and_apply_oauth_token(token):
abort(401, message='OAuth access token has expired: %(token)s',
issue='invalid-oauth-token', token=token, headers=authenticate_header)
# Don't allow disabled users to login.
if not validated.authorized_user.enabled:
return None
# We have a valid token
scope_set = scopes.scopes_from_scope_string(validated.scope)
logger.debug('Successfully validated oauth access token: %s with scope: %s', token,

6
auth/auth_context.py
View file

@ -17,6 +17,9 @@ def get_authenticated_user():
logger.debug('Loading deferred authenticated user.')
loaded = model.get_user_by_uuid(user_uuid)
if not loaded.enabled:
return None
set_authenticated_user(loaded)
user = loaded
@ -26,6 +29,9 @@ def get_authenticated_user():
def set_authenticated_user(user_or_robot):
if not user_or_robot.enabled:
raise Exception('Attempt to authenticate a disabled user/robot: %s' % user_or_robot.username)
ctx = _request_ctx_stack.top
ctx.authenticated_user = user_or_robot