Loading portal/service/auth.py +25 −12 Original line number Diff line number Diff line Loading @@ -13,6 +13,17 @@ from portal.service import errors log = logging.getLogger(__name__) def log_auth(message, level='info', logger=AUTH): req = flask.request message = f"[AUTH] {message} | IP: {req.remote_addr}, UA: {req.user_agent}" method = getattr(logger, level) method(message) def log_auth_w(message): log_auth(message=message, level='warning') class AuthService: def __init__(self, rest_service): self._rest_service = rest_service Loading Loading @@ -56,14 +67,14 @@ class AuthService: Returns(User): the authenticated user """ if secret is None: AUTH.warning(f"[AUTH] Gitlab: No access token for {identifier}") log_auth_w(f"Gitlab: No access token for {identifier}") raise errors.PortalAPIError(400, 'No gitlab access token found.') self.validate_gitlab_token(secret, username=identifier) user = self._rest_service.find.user(identifier, throws=False) if user is None: AUTH.warning(f"[AUTH] Gitlab: Invalid access token for {identifier}") log_auth_w(f"Gitlab: Invalid access token for {identifier}") raise errors.InvalidGitlabAccessTokenError() return user Loading @@ -78,13 +89,13 @@ class AuthService: """ user = self._rest_service.find.user(identifier, throws=False) if user is None or secret is None: AUTH.warning(f"[AUTH] Login: Invalid user or secret for {identifier}") log_auth_w(f"Login: Invalid user or secret for {identifier}") raise errors.IncorrectCredentialsError() if user.verify_password(password=secret): AUTH.info(f"[AUTH] Login successful with password for {identifier}: {user.log_name}") log_auth(f"Login successful with password for {identifier}: {user.log_name}") return user AUTH.warning(f"[AUTH] Login: Invalid credentials for {identifier}") log_auth_w(f"Login: Invalid credentials for {identifier}") raise errors.IncorrectCredentialsError() def login_secret(self, identifier: str, secret: str) -> Client: Loading @@ -99,9 +110,9 @@ class AuthService: """ client = self._find_client_helper(identifier) if client.verify_secret(secret): AUTH.info(f"[AUTH] Login successful with secret for {identifier}: {client.log_name}") AUTH.info(f"Login successful with secret for {identifier}: {client.log_name}") return client AUTH.warning(f"[AUTH] Login: Invalid credentials for {identifier}") log_auth_w(f"Login: Invalid credentials for {identifier}") raise errors.UnauthorizedError(f"[LOGIN] Invalid secret.") def validate_gitlab_token(self, token: str, username: str, throws: bool = True): Loading @@ -117,8 +128,10 @@ class AuthService: user = client.user if user.username != username: if throws: log_auth_w(f"Login: gitlab authorization failed for - {username}") raise errors.InvalidGitlabAccessTokenError() return False log_auth(f"Login: gitlab authorization success - {username}") return True def find_client(self, throw=True) -> Client: Loading Loading
portal/service/auth.py +25 −12 Original line number Diff line number Diff line Loading @@ -13,6 +13,17 @@ from portal.service import errors log = logging.getLogger(__name__) def log_auth(message, level='info', logger=AUTH): req = flask.request message = f"[AUTH] {message} | IP: {req.remote_addr}, UA: {req.user_agent}" method = getattr(logger, level) method(message) def log_auth_w(message): log_auth(message=message, level='warning') class AuthService: def __init__(self, rest_service): self._rest_service = rest_service Loading Loading @@ -56,14 +67,14 @@ class AuthService: Returns(User): the authenticated user """ if secret is None: AUTH.warning(f"[AUTH] Gitlab: No access token for {identifier}") log_auth_w(f"Gitlab: No access token for {identifier}") raise errors.PortalAPIError(400, 'No gitlab access token found.') self.validate_gitlab_token(secret, username=identifier) user = self._rest_service.find.user(identifier, throws=False) if user is None: AUTH.warning(f"[AUTH] Gitlab: Invalid access token for {identifier}") log_auth_w(f"Gitlab: Invalid access token for {identifier}") raise errors.InvalidGitlabAccessTokenError() return user Loading @@ -78,13 +89,13 @@ class AuthService: """ user = self._rest_service.find.user(identifier, throws=False) if user is None or secret is None: AUTH.warning(f"[AUTH] Login: Invalid user or secret for {identifier}") log_auth_w(f"Login: Invalid user or secret for {identifier}") raise errors.IncorrectCredentialsError() if user.verify_password(password=secret): AUTH.info(f"[AUTH] Login successful with password for {identifier}: {user.log_name}") log_auth(f"Login successful with password for {identifier}: {user.log_name}") return user AUTH.warning(f"[AUTH] Login: Invalid credentials for {identifier}") log_auth_w(f"Login: Invalid credentials for {identifier}") raise errors.IncorrectCredentialsError() def login_secret(self, identifier: str, secret: str) -> Client: Loading @@ -99,9 +110,9 @@ class AuthService: """ client = self._find_client_helper(identifier) if client.verify_secret(secret): AUTH.info(f"[AUTH] Login successful with secret for {identifier}: {client.log_name}") AUTH.info(f"Login successful with secret for {identifier}: {client.log_name}") return client AUTH.warning(f"[AUTH] Login: Invalid credentials for {identifier}") log_auth_w(f"Login: Invalid credentials for {identifier}") raise errors.UnauthorizedError(f"[LOGIN] Invalid secret.") def validate_gitlab_token(self, token: str, username: str, throws: bool = True): Loading @@ -117,8 +128,10 @@ class AuthService: user = client.user if user.username != username: if throws: log_auth_w(f"Login: gitlab authorization failed for - {username}") raise errors.InvalidGitlabAccessTokenError() return False log_auth(f"Login: gitlab authorization success - {username}") return True def find_client(self, throw=True) -> Client: Loading
