#3437 Authtype as enum and getSessionInfo prints authtype name
Merged 2 years ago by tkopecek. Opened 2 years ago by jcupova.
jcupova/koji issue-3436  into  master

file modified
+4 -4
@@ -7382,13 +7382,13 @@ 

      print("")

      print("You are using the hub at %s" % session.baseurl)

      authtype = u.get('authtype', getattr(session, 'authtype', None))

-     if authtype == koji.AUTHTYPE_NORMAL:

+     if authtype == koji.AUTHTYPES['NORMAL']:

          print("Authenticated via password")

-     elif authtype == koji.AUTHTYPE_GSSAPI:

+     elif authtype == koji.AUTHTYPES['GSSAPI']:

          print("Authenticated via GSSAPI")

-     elif authtype == koji.AUTHTYPE_KERB:

+     elif authtype == koji.AUTHTYPES['KERBEROS']:

          print("Authenticated via Kerberos principal %s" % session.krb_principal)

-     elif authtype == koji.AUTHTYPE_SSL:

+     elif authtype == koji.AUTHTYPES['SSL']:

          print("Authenticated via client certificate %s" % options.cert)

  

  

file modified
+16 -7
@@ -217,10 +217,19 @@ 

  

  # authtype values

  # normal == username/password

- AUTHTYPE_NORMAL = 0

- AUTHTYPE_KERB = 1

- AUTHTYPE_SSL = 2

- AUTHTYPE_GSSAPI = 3

+ AUTHTYPES = Enum((

+     'NORMAL',

Please edit this 'NORMAL' string line to add the explanation comment # username+password. It's likely that we'll delete the "BACKWARD COMPATIBILITY" bit of code later, and then we'll lose this helpful comment.

+     'KERBEROS',

+     'SSL',

+     'GSSAPI',

+ ))

+ 

+ # authtype values - BACKWARD COMPATIBILITY (could be dropped in Koji 1.34)

+ # normal == username/password

+ AUTHTYPE_NORMAL = AUTHTYPES['NORMAL']

+ AUTHTYPE_KERB = AUTHTYPES['KERBEROS']

+ AUTHTYPE_SSL = AUTHTYPES['SSL']

+ AUTHTYPE_GSSAPI = AUTHTYPES['GSSAPI']

  

  # dependency types

  DEP_REQUIRE = 0
@@ -2473,7 +2482,7 @@ 

          if not sinfo:

              return False

          self.setSession(sinfo)

-         self.authtype = AUTHTYPE_NORMAL

+         self.authtype = AUTHTYPES['NORMAL']

          return True

  

      def subsession(self):
@@ -2577,7 +2586,7 @@ 

  

          self.setSession(sinfo)

  

-         self.authtype = AUTHTYPE_GSSAPI

+         self.authtype = AUTHTYPES['GSSAPI']

          return True

  

      def ssl_login(self, cert=None, ca=None, serverca=None, proxyuser=None, proxyauthtype=None):
@@ -2631,7 +2640,7 @@ 

          self.opts['serverca'] = serverca

          self.setSession(sinfo)

  

-         self.authtype = AUTHTYPE_SSL

+         self.authtype = AUTHTYPES['SSL']

          return True

  

      def logout(self):

file modified
+9 -9
@@ -289,7 +289,7 @@ 

          self.checkLoginAllowed(user_id)

  

          # create session and return

-         sinfo = self.createSession(user_id, hostip, koji.AUTHTYPE_NORMAL)

+         sinfo = self.createSession(user_id, hostip, koji.AUTHTYPES['NORMAL'])

          session_id = sinfo['session-id']

          context.cnx.commit()

          return sinfo
@@ -320,7 +320,7 @@ 

          """Login into brew via SSL. proxyuser name can be specified and if it is

          allowed in the configuration file then connection is allowed to login as

          that user. By default we assume that proxyuser is coming via same

-         authentication mechanism but proxyauthtype can be set to koji.AUTHTYPE_*

+         authentication mechanism but proxyauthtype can be set to koji.AUTHTYPE['*']

          value for different handling. Typical case is proxying kerberos user via

          web ui which itself is authenticated via SSL certificate. (See kojiweb

          for usage).
@@ -336,7 +336,7 @@ 

              # it is kerberos principal rather than user's name.

              username = context.environ.get('REMOTE_USER')

              client_dn = username

-             authtype = koji.AUTHTYPE_GSSAPI

+             authtype = koji.AUTHTYPES['GSSAPI']

          else:

              if context.environ.get('SSL_CLIENT_VERIFY') != 'SUCCESS':

                  raise koji.AuthError('could not verify client: %s' %
@@ -349,10 +349,10 @@ 

                      'unable to get user information (%s) from client certificate' %

                      name_dn_component)

              client_dn = context.environ.get('SSL_CLIENT_S_DN')

-             authtype = koji.AUTHTYPE_SSL

+             authtype = koji.AUTHTYPES['SSL']

  

          if proxyuser:

-             if authtype == koji.AUTHTYPE_GSSAPI:

+             if authtype == koji.AUTHTYPES['GSSAPI']:

                  delimiter = ','

                  proxy_opt = 'ProxyPrincipals'

              else:
@@ -363,7 +363,7 @@ 

              # backwards compatible for GSSAPI.

              # in old way, proxy user whitelist is ProxyDNs.

              # TODO: this should be removed in future release

-             if authtype == koji.AUTHTYPE_GSSAPI and not context.opts.get(

+             if authtype == koji.AUTHTYPES['GSSAPI'] and not context.opts.get(

                      'DisableGSSAPIProxyDNFallback', False):

                  proxy_dns += [dn.strip() for dn in

                                context.opts.get('ProxyDNs', '').split('|')]
@@ -379,18 +379,18 @@ 

                  if not context.opts['AllowProxyAuthType'] and authtype != proxyauthtype:

                      raise koji.AuthError("Proxy must use same auth mechanism as hub (behaviour "

                                           "can be overriden via AllowProxyAuthType hub option)")

-                 if proxyauthtype not in (koji.AUTHTYPE_GSSAPI, koji.AUTHTYPE_SSL):

+                 if proxyauthtype not in (koji.AUTHTYPES['GSSAPI'], koji.AUTHTYPES['SSL']):

                      raise koji.AuthError(

                          "Proxied authtype %s is not valid for sslLogin" % proxyauthtype)

                  authtype = proxyauthtype

  

-         if authtype == koji.AUTHTYPE_GSSAPI and '@' in username:

+         if authtype == koji.AUTHTYPES['GSSAPI'] and '@' in username:

              user_id = self.getUserIdFromKerberos(username)

          else:

              user_id = self.getUserId(username)

          if not user_id:

              if context.opts.get('LoginCreatesUser'):

-                 if authtype == koji.AUTHTYPE_GSSAPI and '@' in username:

+                 if authtype == koji.AUTHTYPES['GSSAPI'] and '@' in username:

                      user_id = self.createUserFromKerberos(username)

                  else:

                      user_id = self.createUser(username)

file modified
+5 -6
@@ -73,12 +73,11 @@ 

  

          # valid authentication

          auth_tests = {

-             koji.AUTHTYPE_NORMAL: 'Authenticated via password',

-             koji.AUTHTYPE_GSSAPI: 'Authenticated via GSSAPI',

-             koji.AUTHTYPE_KERB: 'Authenticated via Kerberos principal %s' %

-                                 user['krb_principal'],

-             koji.AUTHTYPE_SSL: 'Authenticated via client certificate %s' %

-                                cert

+             koji.AUTHTYPES['NORMAL']: 'Authenticated via password',

+             koji.AUTHTYPES['GSSAPI']: 'Authenticated via GSSAPI',

+             koji.AUTHTYPES['KERBEROS']: 'Authenticated via Kerberos principal %s' %

+                                         user['krb_principal'],

+             koji.AUTHTYPES['SSL']: 'Authenticated via client certificate %s' % cert

          }

          hubinfo = "You are using the hub at %s" % self.huburl

          session.getLoggedInUser.return_value = user

file modified
+2 -3
@@ -3,7 +3,6 @@ 

  import mock

  

  import unittest

- import six

  

  import koji

  import koji.auth
@@ -28,7 +27,7 @@ 

          context.cnx.cursor.return_value = cursor

          cursor.fetchone.side_effect = [

              # get session

-             [koji.AUTHTYPE_NORMAL, 344, False, False, 'master', 'start_time',

+             [koji.AUTHTYPES['NORMAL'], 344, False, False, 'master', 'start_time',

               'start_ts', 'update_time', 'update_ts', 'user_id'],

              # get user

              ['name', koji.USER_STATUS['NORMAL'], koji.USERTYPES['NORMAL']],
@@ -54,7 +53,7 @@ 

          self.assertEqual(s.hostip, 'remote-addr')

          self.assertEqual(s.callnum, 345)

          self.assertEqual(s.user_id, 'user_id')

-         self.assertEqual(s.authtype, koji.AUTHTYPE_NORMAL)

+         self.assertEqual(s.authtype, koji.AUTHTYPES['NORMAL'])

          self.assertEqual(s.master, 'master')

          self.assertTrue(s.logged_in)

  

file modified
+2 -2
@@ -266,7 +266,7 @@ 

      session = _getServer(environ)

      options = environ['koji.options']

  

-     if options['WebAuthType'] == koji.AUTHTYPE_SSL:

+     if options['WebAuthType'] == koji.AUTHTYPES['SSL']:

          ## Clients authenticate to KojiWeb by SSL, so extract

          ## the username via the (verified) client certificate

          if environ['wsgi.url_scheme'] != 'https':
@@ -283,7 +283,7 @@ 

          username = environ.get('SSL_CLIENT_S_DN_CN')

          if not username:

              raise koji.AuthError('unable to get user information from client certificate')

-     elif options['WebAuthType'] == koji.AUTHTYPE_GSSAPI:

+     elif options['WebAuthType'] == koji.AUTHTYPES['GSSAPI']:

          ## Clients authenticate to KojiWeb by Kerberos, so extract

          ## the username via the REMOTE_USER which will be the

          ## Kerberos principal

@@ -155,14 +155,14 @@ 

              raise koji.ConfigurationError(f"Invalid value {opts['WebAuthType']} for "

                                            "WebAuthType (ssl/gssapi)")

          if opts['WebAuthType'] == 'gssapi':

-             opts['WebAuthType'] = koji.AUTHTYPE_GSSAPI

+             opts['WebAuthType'] = koji.AUTHTYPES['GSSAPI']

          elif opts['WebAuthType'] == 'ssl':

-             opts['WebAuthType'] = koji.AUTHTYPE_SSL

+             opts['WebAuthType'] = koji.AUTHTYPES['SSL']

          # if there is no explicit request, use same authtype as web has

          elif opts['WebPrincipal']:

-             opts['WebAuthType'] = koji.AUTHTYPE_GSSAPI

+             opts['WebAuthType'] = koji.AUTHTYPES['GSSAPI']

          elif opts['WebCert']:

-             opts['WebAuthType'] = koji.AUTHTYPE_SSL

+             opts['WebAuthType'] = koji.AUTHTYPES['SSL']

  

          self.options = opts

          return opts

Original constants must stay there for backward compatibility.

rebased onto b6335b1b6857f0503421cd1305501075d2225825

2 years ago

This is not necessary - user can convert that value via Enum if it is needed for anything.

rebased onto 134775ed230d86ed2762709e8f3c0ed98baeb498

2 years ago

Metadata Update from @tkopecek:
- Pull-request tagged with: testing-ready

2 years ago

rebased onto 7000c77

2 years ago

Please edit this 'NORMAL' string line to add the explanation comment # username+password. It's likely that we'll delete the "BACKWARD COMPATIBILITY" bit of code later, and then we'll lose this helpful comment.

@ktdreyer When we'll delete the 'BACKWARD COMPATIBILITY' of code later, there should be drop this comment https://pagure.io/koji/pull-request/3437#_2__17 but there should be https://pagure.io/koji/pull-request/3437#_2__4 still.

pretty please pagure-ci rebuild

2 years ago

Metadata Update from @jobrauer:
- Pull-request tagged with: testing-done

2 years ago

Commit 2db60a0 fixes this pull-request

Pull-Request has been merged by tkopecek

2 years ago