Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix server auth based on username #17132

Merged
merged 3 commits into from
Oct 9, 2024
Merged

fix server auth based on username #17132

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
239d28a
fix server auth based on username
memsharded Oct 8, 2024
901a091
fix unit tests
memsharded Oct 8, 2024
eae1750
fix tests
memsharded Oct 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion conans/client/downloaders/file_downloader.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ def _download_file(self, url, auth, headers, file_path, verify_ssl, try_resume=F
if response.status_code == 404:
raise NotFoundException("Not found: %s" % url)
elif response.status_code == 403:
if auth is None or (hasattr(auth, "token") and auth.token is None):
if auth is None or (hasattr(auth, "bearer") and auth.bearer is None):
# TODO: This is a bit weird, why this conversion? Need to investigate
raise AuthenticationException(response_to_str(response))
raise ForbiddenException(response_to_str(response))
Expand Down
3 changes: 1 addition & 2 deletions conans/client/rest/auth_manager.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,7 @@
Flow:
Directly invoke a REST method in RestApiClient, example: get_conan.
if receives AuthenticationException (not open method) will ask user for login and password
and will invoke RestApiClient.get_token() (with LOGIN_RETRIES retries) and retry to call
get_conan with the new token.
(with LOGIN_RETRIES retries) and retry to call with the new token.
"""

from conan.api.output import ConanOutput
Expand Down
2 changes: 1 addition & 1 deletion conans/client/rest/file_uploader.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ def _handle_400_response(response, auth):
raise AuthenticationException(response_to_str(response))

if response.status_code == 403:
if auth is None or auth.token is None:
if auth is None or auth.bearer is None:
raise AuthenticationException(response_to_str(response))
raise ForbiddenException(response_to_str(response))

Expand Down
6 changes: 0 additions & 6 deletions conans/server/service/authorize.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,19 +127,13 @@ def check_read_conan(self, username, ref):
username: User that request to read the conans
ref: RecipeReference
"""
if ref.user == username:
return

self._check_any_rule_ok(username, self.read_permissions, ref)

def check_write_conan(self, username, ref):
"""
username: User that request to write the conans
ref: RecipeReference
"""
if ref.user == username:
return True

self._check_any_rule_ok(username, self.write_permissions, ref)

def check_delete_conan(self, username, ref):
Expand Down
6 changes: 5 additions & 1 deletion test/integration/remote/rest_api_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,11 @@ class RestApiTest(unittest.TestCase):
def setUpClass(cls):
if not cls.server:
with environment_update({"CONAN_SERVER_PORT": str(get_free_port())}):
cls.server = TestServerLauncher(server_capabilities=['ImCool', 'TooCool'])
read_perms = [("*/*@*/*", "private_user")]
write_perms = [("*/*@*/*", "private_user")]
cls.server = TestServerLauncher(server_capabilities=['ImCool', 'TooCool'],
read_permissions=read_perms,
write_permissions=write_perms)
cls.server.start()

filename = os.path.join(temp_folder(), "conan.conf")
Expand Down
4 changes: 2 additions & 2 deletions test/integration/remote/retry_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ def test_error_403_forbidden(self):
uploader = FileUploader(requester=_RequesterMock(403, "content"),
verify=False, config=_ConfigMock())
with self.assertRaisesRegex(ForbiddenException, "content"):
auth = namedtuple("auth", "token")
auth = namedtuple("auth", "bearer")
uploader.upload(url="fake", abs_path=self.filename, retry=2, auth=auth("token"))
output_lines = output.getvalue().splitlines()
counter = Counter(output_lines)
Expand All @@ -86,7 +86,7 @@ def test_error_403_authentication(self):
uploader = FileUploader(requester=_RequesterMock(403, "content"),
verify=False, config=_ConfigMock())
with self.assertRaisesRegex(AuthenticationException, "content"):
auth = namedtuple("auth", "token")
auth = namedtuple("auth", "bearer")
uploader.upload(url="fake", abs_path=self.filename, retry=2, auth=auth(None))
output_lines = output.getvalue().splitlines()
counter = Counter(output_lines)
Expand Down
4 changes: 2 additions & 2 deletions test/unittests/client/rest/uploader_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ def test_401_raises_unauthoirzed_exception(self):
uploader.upload("fake_url", self.f)

def test_403_raises_unauthoirzed_exception_if_no_token(self):
auth = namedtuple("auth", "token")(None)
auth = namedtuple("auth", "bearer")(None)
uploader = FileUploader(MockRequester(403), verify=False, config=_ConfigMock())
with self.assertRaisesRegex(AuthenticationException, "tururu"):
uploader.upload("fake_url", self.f, auth=auth)
Expand All @@ -48,7 +48,7 @@ def test_403_raises_unauthorized_exception_if_no_auth(self):
uploader.upload("fake_url", self.f)

def test_403_raises_forbidden_exception_if_token(self):
auth = namedtuple("auth", "token")("SOMETOKEN")
auth = namedtuple("auth", "bearer")("SOMETOKEN")
uploader = FileUploader(MockRequester(403), verify=False, config=_ConfigMock())
with self.assertRaisesRegex(ForbiddenException, "tururu"):
uploader.upload("fake_url", self.f, auth=auth)
Expand Down
7 changes: 3 additions & 4 deletions test/unittests/server/service/authorizer_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ def test_permissions(self):
# Only lasote can read it but other conans can be readed
read_perms = [(str(self.openssl_ref), "lasote"), ("*/*@*/*", "*")]
# Only pepe (and lasote because its owner) can write it and no more users can write
write_perms = [(str(self.openssl_ref), "pepe")]
write_perms = [(str(self.openssl_ref), "pepe, lasote")]

authorizer = BasicAuthorizer(read_perms, write_perms)

Expand Down Expand Up @@ -185,12 +185,11 @@ def test_users(self):
# Simple user list
read_perms = [("openssl/*@lasote/testing", "user1,user2,user3")]
authorizer = BasicAuthorizer(read_perms, [])
for u in ['user1','user2','user3']:
for u in ['user1', 'user2', 'user3']:
authorizer.check_read_conan(u, self.openssl_ref)

# Spaces bewteen user names should be ignored
read_perms = [("openssl/*@lasote/testing", "user1 , user2,\tuser3")]
authorizer = BasicAuthorizer(read_perms, [])
for u in ['user1','user2','user3']:
for u in ['user1', 'user2', 'user3']:
authorizer.check_read_conan(u, self.openssl_ref)

2 changes: 1 addition & 1 deletion test/unittests/server/service/service_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ def setUp(self):
self.tmp_dir = temp_folder()

read_perms = [("*/*@*/*", "*")]
write_perms = []
write_perms = [("*/*@*/*", "*")]
authorizer = BasicAuthorizer(read_perms, write_perms)

self.fake_url = "http://url"
Expand Down