Merge pull request #1270 from hennevogel/refactoring_webui_authentifi…

…cation Refactoring webui authentification
openSUSE · Oct 20, 2015 · 7374e13 · 7374e13
2 parents 6a7a542 + 416b512
commit 7374e13
Show file tree

Hide file tree

Showing 7 changed files with 64 additions and 75 deletions.
diff --git a/src/api/app/controllers/webui/package_controller.rb b/src/api/app/controllers/webui/package_controller.rb
@@ -44,6 +44,9 @@ class Webui::PackageController < Webui::WebuiController
                                             :update_build_log, :devel_project, :buildresult, :rpmlint_result,
                                             :rpmlint_log, :meta, :attributes, :repositories, :files]
 
+  before_filter :do_backend_login, only: [:branch, :save_new_link, :save_modified_file, :save_meta, :change_flag,
+                                          :abort_build, :trigger_rebuild, :wipe_binaries, :remove]
+
   prepend_before_filter :lockout_spiders, :only => [:revisions, :dependency, :rdiff, :binary, :binaries, :requests]
 
   def show

diff --git a/src/api/app/controllers/webui/patchinfo_controller.rb b/src/api/app/controllers/webui/patchinfo_controller.rb
@@ -5,6 +5,8 @@ class Webui::PatchinfoController < Webui::WebuiController
   before_filter :get_binaries, except: [:show, :delete]
   before_filter :require_exists, except: [:new_patchinfo]
   before_filter :require_login, except: [:show]
+  before_filter :do_backend_login, only: [:save, :updatepatchinfo, :get_issue_sum]
+
 
   def new_patchinfo
     unless User.current.can_create_package_in? @project

diff --git a/src/api/app/controllers/webui/project_controller.rb b/src/api/app/controllers/webui/project_controller.rb
@@ -25,6 +25,8 @@ class Webui::ProjectController < Webui::WebuiController
                                      :maintenance_incidents, :unlock_dialog, :save_person, :save_group, :remove_role, :save_repository,
                                      :move_path, :save_prjconf]
 
+  before_filter :do_backend_login, only: [:clear_failed_comment, :change_flag, :unlock]
+
   # TODO: check if get_by_name or set_by_name is used for save_prjconf
   before_filter :set_project_by_name, only: [:save_meta, :save_prjconf]
 

diff --git a/src/api/app/controllers/webui/user_controller.rb b/src/api/app/controllers/webui/user_controller.rb
@@ -33,36 +33,31 @@ def login
   end
 
   def do_login
-    if params[:username].present? && params[:password]
-      logger.debug "Doing form authorization to login user #{params[:username]}"
-
-      session[:login] = params[:username]
-      session[:password] = params[:password]
-      authenticate_form_auth
-
-      begin
-        ActiveXML.api.direct_http "/person/#{session[:login]}/login", method: 'POST'
-        User.current = User.find_by_login!(session[:login])
-      rescue ActiveXML::Transport::UnauthorizedError
-        User.current = nil
-      end
-
-      unless User.current
-        return_to = return_path
-        reset_session
-        set_return_path(return_to)
-        flash.now[:error] = 'Authentication failed'
-        User.current = User.find_nobody!
-        render :template => 'webui/user/login'
-        return
-      end
+    mode = CONFIG['proxy_auth_mode'] || CONFIG['ichain_mode'] || :basic
+    logger.debug "do_login: with #{mode}"
+
+    case mode
+    when :on
+      user = User.find_by(login: request.env['HTTP_X_USERNAME'])
+    when :simulate
+      user = User.find_by(login: CONFIG['proxy_auth_test_user'])
+    when :basic, :off
+      user = User.find_with_credentials(params[:username], params[:password])
+    end
 
-      flash[:success] = 'You are logged in now'
-      session[:login] = User.current.login
-      return redirect_to(return_path)
+    if user.nil? || (user.state == User::STATES['ichainrequest'] || user.state == User::STATES['unconfirmed'])
+      set_return_path(return_path)
+      redirect_to(user_login_path, error: 'Authentication failed')
+      return
     end
-    flash[:error] = 'Authentication failed'
-    redirect_to :action => 'login'
+
+    logger.debug "USER found: #{user.login}"
+    User.current = user
+
+    session[:login] = User.current.login
+    session[:password] = params[:password]
+
+    redirect_to(return_path)
   end
 
   def show
@@ -210,10 +205,7 @@ def register
       redirect_to :controller => :user, :action => :index
     else
       session[:login] = opts[:login]
-      session[:password] = opts[:password]
-      authenticate_form_auth
-      # set User.current
-      check_user
+      User.current = User.find_by_login(session[:login])
       if Project.where(name: User.current.home_project_name).exists?
         redirect_to project_show_path(User.current.home_project_name)
       else
@@ -231,7 +223,7 @@ def password_dialog
 
   def change_password
     # check the valid of the params
-    if not params[:password] == session[:password]
+    unless User.current.password_equals?(params[:password])
       errmsg = 'The value of current password does not match your current password. Please enter the password and try again.'
     end
     if not params[:new_password] == params[:repeat_password]
@@ -250,7 +242,6 @@ def change_password
     user.update_password params[:new_password]
     user.save!
 
-    session[:password] = params[:new_password]
     flash[:success] = 'Your password has been changed successfully.'
     redirect_to :action => :show, user: User.current
   end

diff --git a/src/api/app/controllers/webui/webui_controller.rb b/src/api/app/controllers/webui/webui_controller.rb
@@ -12,7 +12,6 @@ class Webui::WebuiController < ActionController::Base
   before_filter :setup_view_path
   before_filter :instantiate_controller_and_action_names
   before_filter :set_return_to, except: [:do_login, :login, :register_user]
-  before_filter :reset_activexml, :authenticate
   before_filter :check_user
   before_filter :check_anonymous
   before_filter :require_configuration
@@ -164,14 +163,40 @@ def require_login
     return true
   end
 
-  # sets session[:login] if the user is authenticated
-  def authenticate
+  def do_backend_login
     mode = CONFIG['proxy_auth_mode'] || :off
     logger.debug "Authenticating with iChain mode: #{mode}"
     if mode == :on || mode == :simulate
-      authenticate_proxy
+      mode = CONFIG['proxy_auth_mode'] || :off
+      proxy_user = request.env['HTTP_X_USERNAME']
+      proxy_email = request.env['HTTP_X_EMAIL']
+      if mode == :simulate
+        proxy_user ||= CONFIG['proxy_auth_test_user'] || CONFIG['proxy_test_user']
+        proxy_email ||= CONFIG['proxy_auth_test_email']
+      end
+      if proxy_user
+        session[:login] = proxy_user
+        session[:email] = proxy_email
+        ActiveXML.api.delete_additional_header 'X-Username'
+        ActiveXML.api.delete_additional_header 'X-Email'
+        ActiveXML.api.delete_additional_header 'Authorization'
+        # Set the headers for direct connection to the api, TODO: is this thread safe?
+        ActiveXML.api.set_additional_header( 'X-Username', proxy_user )
+        ActiveXML.api.set_additional_header( 'X-Email', proxy_email ) if proxy_email
+        # FIXME: hot fix to allow new users to login at all again
+        frontend.transport.direct_http(URI("/person/#{URI.escape(proxy_user)}"), :method => 'GET')
+      else
+        session[:login] = nil
+        session[:email] = nil
+      end
     else
-      authenticate_form_auth
+      if session[:login] && session[:password]
+        ActiveXML.api.delete_additional_header 'X-Username'
+        ActiveXML.api.delete_additional_header 'X-Email'
+        ActiveXML.api.delete_additional_header 'Authorization'
+        # pass credentials to transport plugin, TODO: is this thread safe?
+        ActiveXML.api.login(session[:login], session[:password])
+      end
     end
     if session[:login]
       logger.info "Authenticated request to '#{request.url}' from #{session[:login]}"
@@ -180,46 +205,10 @@ def authenticate
     end
   end
 
-  def authenticate_proxy
-    mode = CONFIG['proxy_auth_mode'] || :off
-    proxy_user = request.env['HTTP_X_USERNAME']
-    proxy_email = request.env['HTTP_X_EMAIL']
-    if mode == :simulate
-      proxy_user ||= CONFIG['proxy_auth_test_user'] || CONFIG['proxy_test_user']
-      proxy_email ||= CONFIG['proxy_auth_test_email']
-    end
-    if proxy_user
-      session[:login] = proxy_user
-      session[:email] = proxy_email
-      # Set the headers for direct connection to the api, TODO: is this thread safe?
-      ActiveXML::api.set_additional_header( 'X-Username', proxy_user )
-      ActiveXML::api.set_additional_header( 'X-Email', proxy_email ) if proxy_email
-      # FIXME: hot fix to allow new users to login at all again
-      frontend.transport.direct_http(URI("/person/#{URI.escape(proxy_user)}"), :method => 'GET')
-    else
-      session[:login] = nil
-      session[:email] = nil
-    end
-  end
-
-  def authenticate_form_auth
-    if session[:login] && session[:password]
-      # pass credentials to transport plugin, TODO: is this thread safe?
-      ActiveXML::api.login(session[:login], session[:password])
-    end
-  end
-
   def frontend
     FrontendCompat.new
   end
 
-  def reset_activexml
-    transport = ActiveXML::api
-    transport.delete_additional_header 'X-Username'
-    transport.delete_additional_header 'X-Email'
-    transport.delete_additional_header 'Authorization'
-  end
-
   def required_parameters(*parameters)
     parameters.each do |parameter|
       unless params.include? parameter.to_s

diff --git a/src/api/app/models/patchinfo.rb b/src/api/app/models/patchinfo.rb
@@ -238,6 +238,7 @@ def fetch_release_targets(pkg)
     data.elements('releasetarget')
   end
 
+  # TODO: This method is unused, should be replace with a BackendFile subclass
   def save
     path = if self.init_options[:package]
       "/source/#{self.init_options[:project]}/#{self.init_options[:package]}/_patchinfo"

diff --git a/src/api/test/unit/code_quality_test.rb b/src/api/test/unit/code_quality_test.rb
@@ -102,6 +102,7 @@ def setup
       'Webui::ProjectController#check_devel_package_status'                     => 81.95,
       'Webui::SearchController#set_parameters'                                  => 98.04,
       'Webui::WebuiHelper#flag_status'                                          => 93.0,
+      'Webui::WebuiController#do_backend_login'                                 => 96.31,
       'WizardController#package_wizard'                                         => 97.46
   }