This repository has been archived on 2020-03-24. You can view files and clone it, but cannot push or open issues or pull requests.
quay/endpoints/common.py
2013-12-28 19:56:23 -05:00

71 lines
1.8 KiB
Python

import logging
import os
import base64
from flask import request, abort, session
from flask.ext.login import login_user, UserMixin
from flask.ext.principal import identity_changed
from data import model
from app import app, login_manager
from auth.permissions import QuayDeferredPermissionUser
logger = logging.getLogger(__name__)
@login_manager.user_loader
def load_user(username):
logger.debug('Loading user: %s' % username)
return _LoginWrappedDBUser(username)
class _LoginWrappedDBUser(UserMixin):
def __init__(self, db_username, db_user=None):
self._db_username = db_username
self._db_user = db_user
def db_user(self):
if not self._db_user:
self._db_user = model.get_user(self._db_username)
return self._db_user
def is_authenticated(self):
return self.db_user() is not None
def is_active(self):
return self.db_user().verified
def get_id(self):
return unicode(self._db_username)
def common_login(db_user):
if login_user(_LoginWrappedDBUser(db_user.username, db_user)):
logger.debug('Successfully signed in as: %s' % db_user.username)
new_identity = QuayDeferredPermissionUser(db_user.username, 'username')
identity_changed.send(app, identity=new_identity)
return True
else:
logger.debug('User could not be logged in, inactive?.')
return False
@app.before_request
def csrf_protect():
if request.method != "GET" and request.method != "HEAD":
token = session.get('_csrf_token', None)
found_token = request.values.get('_csrf_token', None)
# TODO: add if not token here, once we are sure all sessions have a token.
if token != found_token:
abort(403)
def generate_csrf_token():
if '_csrf_token' not in session:
session['_csrf_token'] = base64.b64encode(os.urandom(48))
return session['_csrf_token']
app.jinja_env.globals['csrf_token'] = generate_csrf_token