Trees       Indices       Help   
BuildBot 0.8.6p1
Package buildbot :: Package status :: Package web :: Module authz
[frames] | no frames]

Source Code for Module buildbot.status.web.authz

  1  # This file is part of Buildbot.  Buildbot is free software: you can 
  2  # redistribute it and/or modify it under the terms of the GNU General Public 
  3  # License as published by the Free Software Foundation, version 2. 
  4  # 
  5  # This program is distributed in the hope that it will be useful, but WITHOUT 
  6  # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 
  7  # FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more 
  8  # details. 
  9  # 
 10  # You should have received a copy of the GNU General Public License along with 
 11  # this program; if not, write to the Free Software Foundation, Inc., 51 
 12  # Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 
 13  # 
 14  # Copyright Buildbot Team Members 
 15   
 16  from twisted.internet import defer 
 17  from buildbot.status.web.auth import IAuth 
 18  from buildbot.status.web.session import SessionManager 
 19   
 20  COOKIE_KEY="BuildBotSession" 

 21 -class Authz(object): 

 22      """Decide who can do what.""" 
 23   
 24      knownActions = [ 
 25      # If you add a new action here, be sure to also update the documentation 
 26      # at docs/cfg-statustargets.texinfo 
 27              'gracefulShutdown', 
 28              'forceBuild', 
 29              'forceAllBuilds', 
 30              'pingBuilder', 
 31              'stopBuild', 
 32              'stopAllBuilds', 
 33              'cancelPendingBuild', 
 34              'stopChange', 
 35              'cleanShutdown', 
 36              'showUsersPage', 
 37      ] 
 38   

 39 -    def __init__(self, 
 40              default_action=False, 
 41              auth=None, 
 42              useHttpHeader=False, 
 43              **kwargs): 

 44          self.auth = auth 
 45          if auth: 
 46              assert IAuth.providedBy(auth) 
 47   
 48          self.useHttpHeader = useHttpHeader 
 49   
 50          self.config = dict( (a, default_action) for a in self.knownActions ) 
 51          for act in self.knownActions: 
 52              if act in kwargs: 
 53                  self.config[act] = kwargs[act] 
 54                  del kwargs[act] 
 55   
 56          self.sessions = SessionManager() 
 57          if kwargs: 
 58              raise ValueError("unknown authorization action(s) " + ", ".join(kwargs.keys())) 

 59   

 60 -    def session(self, request): 

 61          if COOKIE_KEY in request.received_cookies: 
 62              cookie = request.received_cookies[COOKIE_KEY] 
 63              return self.sessions.get(cookie) 
 64          return None 

 65               

 66 -    def authenticated(self, request): 

 67          if self.useHttpHeader: 
 68              return request.getUser() != None 
 69          return self.session(request) != None 

 70   

 71 -    def getUserInfo(self, user): 

 72          if self.useHttpHeader: 
 73              return dict(userName=user, fullName=user, email=user, groups=[ user ]) 
 74          s = self.sessions.getUser(user) 
 75          if s: 
 76              return s.infos 

 77   

 78 -    def getUsername(self, request): 

 79          """Get the userid of the user""" 
 80          if self.useHttpHeader: 
 81              return request.getUser() 
 82          s = self.session(request) 
 83          if s: 
 84              return s.user 
 85          return request.args.get("username", ["<unknown>"])[0] 

 86   

 87 -    def getUsernameHTML(self, request): 

 88          """Get the user formatated in html (with possible link to email)""" 
 89          if self.useHttpHeader: 
 90              return request.getUser() 
 91          s = self.session(request) 
 92          if s: 
 93              return s.userInfosHTML() 
 94          return "not authenticated?!" 

 95   

 96 -    def getUsernameFull(self, request): 

 97          """Get the full username as fullname <email>""" 
 98          if self.useHttpHeader: 
 99              return request.getUser() 
100          s = self.session(request) 
101          if s: 
102              return "%(fullName)s <%(email)s>"%(s.infos) 
103          else: 
104              return request.args.get("username", ["<unknown>"])[0] 

105   
106   

107 -    def getPassword(self, request): 

108          if self.useHttpHeader: 
109              return request.getPassword() 
110          return request.args.get("passwd", ["<no-password>"])[0] 

111   

112 -    def advertiseAction(self, action, request): 

113          """Should the web interface even show the form for ACTION?""" 
114          if action not in self.knownActions: 
115              raise KeyError("unknown action") 
116          cfg = self.config.get(action, False) 
117          if cfg: 
118              if cfg == 'auth' or callable(cfg): 
119                  return self.authenticated(request) 
120          return cfg 

121   

122 -    def actionAllowed(self, action, request, *args): 

123          """Is this ACTION allowed, given this http REQUEST?""" 
124          if action not in self.knownActions: 
125              raise KeyError("unknown action") 
126          cfg = self.config.get(action, False) 
127          if cfg: 
128              if cfg == 'auth' or callable(cfg): 
129                  if not self.auth: 
130                      return defer.succeed(False) 
131                  def check_authenticate(res): 
132                      if callable(cfg) and not cfg(self.getUsername(request), *args): 
133                          return False 
134                      return True 

135                  # retain old behaviour, if people have scripts 
136                  # without cookie support 
137                  passwd = self.getPassword(request) 
138                  if self.authenticated(request): 
139                      return defer.succeed(check_authenticate(None)) 
140                  elif passwd != "<no-password>": 
141                      def check_login(cookie): 
142                          ret = False 
143                          if type(cookie) is str: 
144                              ret = check_authenticate(None) 
145                              self.sessions.remove(cookie) 
146                          return ret 

147                      d = self.login(request) 
148                      d.addBoth(check_login) 
149                      return d 
150                  else: 
151                      return defer.succeed(False) 
152          return defer.succeed(cfg) 
153   

154 -    def login(self, request): 

155          """Login one user, and return session cookie""" 
156          if self.authenticated(request): 
157              return defer.succeed(False) 
158   
159          user = request.args.get("username", ["<unknown>"])[0] 
160          passwd = request.args.get("passwd", ["<no-password>"])[0] 
161          if user == "<unknown>" or passwd == "<no-password>": 
162              return defer.succeed(False) 
163          if not self.auth: 
164              return defer.succeed(False) 
165          d = defer.maybeDeferred(self.auth.authenticate, user, passwd) 
166          def check_authenticate(res): 
167              if res: 
168                  cookie, s = self.sessions.new(user, self.auth.getUserInfo(user)) 
169                  request.addCookie(COOKIE_KEY, cookie, s.getExpiration(),path="/") 
170                  request.received_cookies = {COOKIE_KEY:cookie} 
171                  return cookie 
172              else: 
173                  return False 

174          d.addBoth(check_authenticate) 
175          return d 
176   

177 -    def logout(self, request): 

178          if COOKIE_KEY in request.received_cookies: 
179              cookie = request.received_cookies[COOKIE_KEY] 
180              self.sessions.remove(cookie) 

181

   Trees       Indices       Help   
BuildBot 0.8.6p1
Generated by Epydoc 3.0.1 on Sun Mar 25 19:40:41 2012 http://epydoc.sourceforge.net