Map logins to internal users in Auth module
This makes it possible to implement #349 as a Auth module. Another use case would be to encode usernames that contain characters unsupported by the file system.
This commit is contained in:
parent
5d9485d660
commit
689e5c9dd5
@ -167,7 +167,7 @@ class Application:
|
|||||||
super().__init__()
|
super().__init__()
|
||||||
self.configuration = configuration
|
self.configuration = configuration
|
||||||
self.logger = logger
|
self.logger = logger
|
||||||
self.is_authenticated = auth.load(configuration, logger)
|
self.Auth = auth.load(configuration, logger)
|
||||||
self.Collection = storage.load(configuration, logger)
|
self.Collection = storage.load(configuration, logger)
|
||||||
self.authorized = rights.load(configuration, logger)
|
self.authorized = rights.load(configuration, logger)
|
||||||
self.encoding = configuration.get("encoding", "request")
|
self.encoding = configuration.get("encoding", "request")
|
||||||
@ -288,10 +288,11 @@ class Application:
|
|||||||
authorization = environ.get("HTTP_AUTHORIZATION", None)
|
authorization = environ.get("HTTP_AUTHORIZATION", None)
|
||||||
if authorization and authorization.startswith("Basic"):
|
if authorization and authorization.startswith("Basic"):
|
||||||
authorization = authorization[len("Basic"):].strip()
|
authorization = authorization[len("Basic"):].strip()
|
||||||
user, password = self.decode(base64.b64decode(
|
login, password = self.decode(base64.b64decode(
|
||||||
authorization.encode("ascii")), environ).split(":", 1)
|
authorization.encode("ascii")), environ).split(":", 1)
|
||||||
|
user = self.Auth.map_login_to_user(login)
|
||||||
else:
|
else:
|
||||||
user = environ.get("REMOTE_USER")
|
user = self.Auth.map_login_to_user(environ.get("REMOTE_USER", ""))
|
||||||
password = None
|
password = None
|
||||||
|
|
||||||
# If "/.well-known" is not available, clients query "/"
|
# If "/.well-known" is not available, clients query "/"
|
||||||
@ -303,7 +304,7 @@ class Application:
|
|||||||
self.logger.info("Refused unsafe username: %s", user)
|
self.logger.info("Refused unsafe username: %s", user)
|
||||||
is_authenticated = False
|
is_authenticated = False
|
||||||
else:
|
else:
|
||||||
is_authenticated = self.is_authenticated(user, password)
|
is_authenticated = self.Auth.is_authenticated(user, password)
|
||||||
is_valid_user = is_authenticated or not user
|
is_valid_user = is_authenticated or not user
|
||||||
|
|
||||||
# Create principal collection
|
# Create principal collection
|
||||||
|
@ -65,12 +65,12 @@ def load(configuration, logger):
|
|||||||
auth_type = configuration.get("auth", "type")
|
auth_type = configuration.get("auth", "type")
|
||||||
logger.debug("Authentication type is %s", auth_type)
|
logger.debug("Authentication type is %s", auth_type)
|
||||||
if auth_type == "None":
|
if auth_type == "None":
|
||||||
return lambda user, password: True
|
class_ = NoneAuth
|
||||||
elif auth_type == "htpasswd":
|
elif auth_type == "htpasswd":
|
||||||
return Auth(configuration, logger).is_authenticated
|
class_ = Auth
|
||||||
else:
|
else:
|
||||||
module = import_module(auth_type)
|
class_ = import_module(auth_type).Auth
|
||||||
return module.Auth(configuration, logger).is_authenticated
|
return class_(configuration, logger)
|
||||||
|
|
||||||
|
|
||||||
class BaseAuth:
|
class BaseAuth:
|
||||||
@ -88,6 +88,15 @@ class BaseAuth:
|
|||||||
"""
|
"""
|
||||||
raise NotImplementedError
|
raise NotImplementedError
|
||||||
|
|
||||||
|
def map_login_to_user(self, login):
|
||||||
|
"""Map login to internal username."""
|
||||||
|
return login
|
||||||
|
|
||||||
|
|
||||||
|
class NoneAuth(BaseAuth):
|
||||||
|
def is_authenticated(self, user, password):
|
||||||
|
return True
|
||||||
|
|
||||||
|
|
||||||
class Auth(BaseAuth):
|
class Auth(BaseAuth):
|
||||||
def __init__(self, configuration, logger):
|
def __init__(self, configuration, logger):
|
||||||
|
Loading…
x
Reference in New Issue
Block a user