Port of kerberos_login to new backend structure. Some cosmetic fixes to ldap_auth

2015-11-13 09:16:59 +01:00 · 2015-11-13 09:16:59 +01:00 · fe4476f98a
--- a/airflow/contrib/security/kerberos/kerberos_login.py
+++ b/airflow/contrib/security/kerberos/kerberos_login.py
@ -24,11 +24,15 @@ login_manager = flask_login.LoginManager()
 login_manager.login_view = 'airflow.login'  # Calls login() bellow
 login_manager.login_message = None

+
 class AuthenticationError(Exception):
    pass


-class User(models.BaseUser):
+class KerberosUser(models.User):
+    def __init__(self, user):
+        self.user = user
+
    @staticmethod
    def authenticate(username, password):
        service_principal = "%s/%s" % (configuration.get('kerberos', 'principal'), utils.get_fqdn())
@ -65,9 +69,6 @@ class User(models.BaseUser):
        '''Access all the things'''
        return True

-models.User = User  # hack!
-del User
-

@login_manager.user_loader
 def load_user(userid):
@ -76,7 +77,7 @@ def load_user(userid):
    session.expunge_all()
    session.commit()
    session.close()
-    return user
+    return KerberosUser(user)


 def login(self, request):
@ -99,7 +100,7 @@ def login(self, request):
                           form=form)

    try:
-        models.User.authenticate(username, password)
+        KerberosUser.authenticate(username, password)

        session = settings.Session()
        user = session.query(models.User).filter(
@ -112,17 +113,18 @@ def login(self, request):

        session.merge(user)
        session.commit()
-        flask_login.login_user(user)
+        flask_login.login_user(KerberosUser(user))
        session.commit()
        session.close()

-        return redirect(request.args.get("next") or url_for("index"))
+        return redirect(request.args.get("next") or url_for("admin.index"))
    except AuthenticationError:
        flash("Incorrect login details")
        return self.render('airflow/login.html',
                           title="Airflow - Login",
                           form=form)

+
 class LoginForm(Form):
    username = StringField('Username', [InputRequired()])
    password = PasswordField('Password', [InputRequired()])
--- a/airflow/contrib/auth/backends/ldap_auth.py
+++ b/airflow/contrib/auth/backends/ldap_auth.py
@ -108,7 +108,7 @@ def load_user(userid):
 def login(self, request):
    if current_user.is_authenticated():
        flash("You are already logged in")
-        return redirect(url_for('index'))
+        return redirect(url_for('admin.index'))

    username = None
    password = None
--- a/requirements.txt
+++ b/requirements.txt
@ -46,4 +46,5 @@ unicodecsv
 slackclient
 ldap3
 Flask-WTF
-lxml
+lxml
+pykerberos
--- a/setup.py
+++ b/setup.py
@ -53,6 +53,7 @@ statsd = ['statsd>=3.0.1, <4.0']
 vertica = ['vertica-python>=0.5.1']
 ldap = ['ldap3>=0.9.9.1']
 devel = ['lxml>=3.3.4']
+kerberos = ['pykerberos>=1.1.8']

 all_dbs = postgres + mysql + hive + mssql + hdfs + vertica
 devel = all_dbs + doc + samba + s3 + ['nose'] + slack + crypto + oracle
@ -110,6 +111,7 @@ setup(
        'vertica': vertica,
        'ldap': ldap,
        'webhdfs': webhdfs,
+        'kerberos': kerberos,
    },
    author='Maxime Beauchemin',
    author_email='maximebeauchemin@gmail.com',