Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Rebase auth.py hotfix for koji 1.17.0

Browse source 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
This commit is contained in:
Patrick Uiterwijk 2019-06-01 22:55:04 +02:00
parent 94fa772a04
commit 1bb9476f78
1 changed files with 9 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

17
roles/koji_hub/files/auth.py
View file

@ -28,12 +28,13 @@ try:
import krbV import krbV
except ImportError: except ImportError:
krbV = None krbV = None
import koji
import urlparse #for parse_qs import urlparse #for parse_qs
from .context import context from .context import context
from six.moves import range from six.moves import range
from six.moves import urllib
from six.moves import zip from six.moves import zip
import six import six
from .util import to_list
# 1 - load session if provided # 1 - load session if provided
# - check uri for session id # - check uri for session id
@ -83,7 +84,7 @@ class Session(object):
self.message = 'no session args' self.message = 'no session args'
return return
args = urlparse.parse_qs(args, strict_parsing=True) args = urlparse.parse_qs(args, strict_parsing=True)
hostip = self.get_remote_ip(override=hostip) args = urllib.parse.parse_qs(args, strict_parsing=True)
try: try:
id = int(args['session-id'][0]) id = int(args['session-id'][0])
key = args['session-key'][0] key = args['session-key'][0]
@ -108,7 +109,7 @@ class Session(object):
'user_id': 'user_id', 'user_id': 'user_id',
} }
# sort for stability (unittests) # sort for stability (unittests)
fields, aliases = list(zip(*list(sorted(fields.items(), key=lambda x: x[1])))) fields, aliases = zip(*sorted(fields.items(), key=lambda x: x[1]))
q = """ q = """
SELECT %s FROM sessions SELECT %s FROM sessions
WHERE id = %%(id)i WHERE id = %%(id)i
@ -120,7 +121,7 @@ class Session(object):
row = c.fetchone() row = c.fetchone()
if not row: if not row:
raise koji.AuthError('Invalid session or bad credentials') raise koji.AuthError('Invalid session or bad credentials')
session_data = dict(list(zip(aliases, row))) session_data = dict(zip(aliases, row))
#check for expiration #check for expiration
if session_data['expired']: if session_data['expired']:
raise koji.AuthExpired('session "%i" has expired' % id) raise koji.AuthExpired('session "%i" has expired' % id)
@ -158,7 +159,7 @@ class Session(object):
fields = ('name', 'status', 'usertype') fields = ('name', 'status', 'usertype')
q = """SELECT %s FROM users WHERE id=%%(user_id)s""" % ','.join(fields) q = """SELECT %s FROM users WHERE id=%%(user_id)s""" % ','.join(fields)
c.execute(q, session_data) c.execute(q, session_data)
user_data = dict(list(zip(fields, c.fetchone()))) user_data = dict(zip(fields, c.fetchone()))
if user_data['status'] != koji.USER_STATUS['NORMAL']: if user_data['status'] != koji.USER_STATUS['NORMAL']:
raise koji.AuthError('logins by %s are not allowed' % user_data['name']) raise koji.AuthError('logins by %s are not allowed' % user_data['name'])
@ -322,7 +323,7 @@ class Session(object):
ac.addrs = conninfo ac.addrs = conninfo
# decode and read the authentication request # decode and read the authentication request
req = base64.decodestring(krb_req) req = base64.b64decode(krb_req)
ac, opts, sprinc, ccreds = ctx.rd_req(req, server=srvprinc, keytab=srvkt, ac, opts, sprinc, ccreds = ctx.rd_req(req, server=srvprinc, keytab=srvkt,
auth_context=ac, auth_context=ac,
options=krbV.AP_OPTS_MUTUAL_REQUIRED) options=krbV.AP_OPTS_MUTUAL_REQUIRED)
@ -539,7 +540,7 @@ class Session(object):
def getPerms(self): def getPerms(self):
if not self.logged_in: if not self.logged_in:
return [] return []
return list(self.perms.keys()) return to_list(self.perms.keys())
def hasPerm(self, name): def hasPerm(self, name):
if not self.logged_in: if not self.logged_in:
@ -711,7 +712,7 @@ def get_user_data(user_id):
row = c.fetchone() row = c.fetchone()
if not row: if not row:
return None return None
return dict(list(zip(fields, row))) return dict(zip(fields, row))
def login(*args, **opts): def login(*args, **opts):
return context.session.login(*args, **opts) return context.session.login(*args, **opts)