ClearML/clearml-server
1
0
Fork 0
mirror of https://github.com/clearml/clearml-server synced 2025-03-03 18:54:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add fixed user list support

Browse Source
This commit is contained in:
allegroai 2019-07-09 00:04:43 +03:00
parent a33c94e24f
commit 76962667a3
3 changed files with 57 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
server/service_repo/auth/auth.py
View File

@ -1,5 +1,6 @@
import base64 import base64
import jwt import jwt
from mongoengine import Q
from database.errors import translate_errors_context from database.errors import translate_errors_context
from database.model.company import Company from database.model.company import Company
@ -11,6 +12,7 @@ from timing_context import TimingContext
from .payload import Payload, Token, Basic, AuthType from .payload import Payload, Token, Basic, AuthType
from .identity import Identity from .identity import Identity
from .fixed_user import FixedUser
log = config.logger(__file__) log = config.logger(__file__)
@ -54,8 +56,17 @@ def authorize_credentials(auth_data, service, action, call_data_items):
log.exception('malformed credentials') log.exception('malformed credentials')
raise errors.unauthorized.BadCredentials(str(e)) raise errors.unauthorized.BadCredentials(str(e))
query = Q(credentials__match=Credentials(key=access_key, secret=secret_key))
if FixedUser.enabled():
fixed_user = FixedUser.get_by_username(access_key)
if fixed_user:
if secret_key != fixed_user.password:
raise errors.unauthorized.InvalidCredentials('bad username or password')
query = Q(id=fixed_user.user_id)
with TimingContext("mongo", "user_by_cred"), translate_errors_context('authorizing request'): with TimingContext("mongo", "user_by_cred"), translate_errors_context('authorizing request'):
user = User.objects(credentials__match=Credentials(key=access_key, secret=secret_key)).first() user = User.objects(query).first()
if not user: if not user:
raise errors.unauthorized.InvalidCredentials('failed to locate provided credentials') raise errors.unauthorized.InvalidCredentials('failed to locate provided credentials')

38
server/service_repo/auth/fixed_user.py Normal file
View File

@ -0,0 +1,38 @@
import hashlib
from functools import lru_cache
from typing import Sequence, TypeVar
import attr
from config import config
T = TypeVar("T", bound="FixedUser")
@attr.s(auto_attribs=True)
class FixedUser:
username: str
password: str
name: str
def __attrs_post_init__(self):
self.user_id = hashlib.md5(f"{self.username}:{self.password}".encode()).hexdigest()
@classmethod
def enabled(self):
return config.get("apiserver.auth.fixed_users.enabled", False)
@classmethod
@lru_cache()
def from_config(cls) -> Sequence[T]:
return [cls(**user) for user in config.get("apiserver.auth.fixed_users.users", [])]
@classmethod
@lru_cache()
def get_by_username(cls, username) -> T:
return next(
(user for user in cls.from_config() if user.username == username), None
)
def __hash__(self):
return hash(self.user_id)

8
server/services/auth.py
View File

@ -20,7 +20,8 @@ from config import config
from database.errors import translate_errors_context from database.errors import translate_errors_context
from database.model.auth import User from database.model.auth import User
from service_repo import APICall, endpoint from service_repo import APICall, endpoint
from service_repo.auth import Token, AuthType from service_repo.auth import Token
from service_repo.auth.fixed_user import FixedUser
log = config.logger(__file__) log = config.logger(__file__)
@ -167,3 +168,8 @@ def update(call, company_id, _):
call.result.data_model = UpdateResponse( call.result.data_model = UpdateResponse(
updated=result.modified_count, fields=fields updated=result.modified_count, fields=fields
) )
@endpoint("auth.fixed_users_mode")
def fixed_users_mode(call: APICall, *_, **__):
call.result.data = dict(enabled=FixedUser.enabled())