add settings object for auth provider

2025-04-24 23:37:18 +00:00 · 2021-09-02 03:30:14 +03:00 · 2021-09-02 03:30:14 +03:00 · 5e24d81415
commit 5e24d81415
parent cb5756ea76
10 changed files with 110 additions and 12 deletions
--- a/CONFIGURING.md
+++ b/CONFIGURING.md
@ -22,9 +22,9 @@ libalpm and AUR related configuration.
 Base authorization settings.
 * `target` - specifies authorization provider, string, optional, default `disabled`. Allowed values are `disabled`, `configuration`.
 * `allowed_paths` - URI paths (exact match) which can be accessed without authorization, space separated list of strings, optional.
 * `allowed_paths_groups` - URI paths prefixes which can be accessed without authorization, space separated list of strings, optional.
 * `enabled` - enables web services authorization, boolean, optional, default `no`.  
 * `salt` - password hash salt, string, required in case if authorization enabled (automatically generated by `create-user` subcommand).
 ## `auth:*` groups
--- a/package/etc/ahriman.ini
+++ b/package/etc/ahriman.ini
@ -9,7 +9,7 @@ repositories = core extra community multilib
 root = /
 [auth]
-enabled = no
+target = disabled
 [build]
 archbuild_flags =
--- a/src/ahriman/core/auth/auth.py
+++ b/src/ahriman/core/auth/auth.py
@ -22,6 +22,7 @@ from __future__ import annotations
 from typing import Optional, Set, Type
 from ahriman.core.configuration import Configuration
 from ahriman.models.auth_settings import AuthSettings
 from ahriman.models.user_access import UserAccess
@ -38,16 +39,17 @@ class Auth:
    ALLOWED_PATHS = {"/", "/favicon.ico", "/index.html", "/login", "/logout"}
    ALLOWED_PATHS_GROUPS: Set[str] = set()
-    def __init__(self, configuration: Configuration) -> None:
+    def __init__(self, configuration: Configuration, provider: AuthSettings = AuthSettings.Disabled) -> None:
        """
        default constructor
        :param configuration: configuration instance
        :param provider: authorization type definition
        """
        self.allowed_paths = set(configuration.getlist("auth", "allowed_paths"))
        self.allowed_paths.update(self.ALLOWED_PATHS)
        self.allowed_paths_groups = set(configuration.getlist("auth", "allowed_paths_groups"))
        self.allowed_paths_groups.update(self.ALLOWED_PATHS_GROUPS)
-        self.enabled = configuration.getboolean("auth", "enabled", fallback=False)
+        self.enabled = provider.is_enabled
    @classmethod
    def load(cls: Type[Auth], configuration: Configuration) -> Auth:
@ -56,7 +58,8 @@ class Auth:
        :param configuration: configuration instance
        :return: authorization module according to current settings
        """
-        if configuration.getboolean("auth", "enabled", fallback=False):
+        provider = AuthSettings.from_option(configuration.get("auth", "target", fallback="disabled"))
        if provider == AuthSettings.Configuration:
            from ahriman.core.auth.mapping_auth import MappingAuth
            return MappingAuth(configuration)
        return cls(configuration)
--- a/src/ahriman/core/auth/mapping_auth.py
+++ b/src/ahriman/core/auth/mapping_auth.py
@ -22,6 +22,7 @@ from typing import Dict, Optional
 from ahriman.core.auth.auth import Auth
 from ahriman.core.configuration import Configuration
 from ahriman.core.exceptions import DuplicateUser
 from ahriman.models.auth_settings import AuthSettings
 from ahriman.models.user import User
 from ahriman.models.user_access import UserAccess
@ -33,12 +34,13 @@ class MappingAuth(Auth):
    :ivar _users: map of username to its descriptor
    """
-    def __init__(self, configuration: Configuration) -> None:
+    def __init__(self, configuration: Configuration, provider: AuthSettings = AuthSettings.Configuration) -> None:
        """
        default constructor
        :param configuration: configuration instance
        :param provider: authorization type definition
        """
-        Auth.__init__(self, configuration)
+        Auth.__init__(self, configuration, provider)
        self.salt = configuration.get("auth", "salt")
        self._users = self.get_users(configuration)
--- a/src/ahriman/models/auth_settings.py
+++ b/src/ahriman/models/auth_settings.py
@ -0,0 +1,58 @@
 #
 # Copyright (c) 2021 ahriman team.
 #
 # This file is part of ahriman
 # (see https://github.com/arcan1s/ahriman).
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 from __future__ import annotations
 from enum import Enum, auto
 from typing import Type
 from ahriman.core.exceptions import InvalidOption
 class AuthSettings(Enum):
    """
    web authorization type
    :cvar Disabled: authorization is disabled
    :cvar Configuration: configuration based authorization
    """
    Disabled = auto()
    Configuration = auto()
    @classmethod
    def from_option(cls: Type[AuthSettings], value: str) -> AuthSettings:
        """
        construct value from configuration
        :param value: configuration value
        :return: parsed value
        """
        if value.lower() in ("disabled", "no"):
            return cls.Disabled
        if value.lower() in ("configuration", "mapping"):
            return cls.Configuration
        raise InvalidOption(value)
    @property
    def is_enabled(self) -> bool:
        """
        :return: False in case if authorization is disabled and True otherwise
        """
        if self == AuthSettings.Disabled:
            return False
        return True
--- a/tests/ahriman/core/auth/conftest.py
+++ b/tests/ahriman/core/auth/conftest.py
@ -10,5 +10,4 @@ def mapping_auth(configuration: Configuration) -> MappingAuth:
    auth provider fixture
    :return: auth service instance
    """
    configuration.set_option("auth", "enabled", "yes")
    return MappingAuth(configuration)
--- a/tests/ahriman/core/auth/test_auth.py
+++ b/tests/ahriman/core/auth/test_auth.py
@ -9,7 +9,7 @@ def test_load_dummy(configuration: Configuration) -> None:
    """
    must load dummy validator if authorization is not enabled
    """
-    configuration.set_option("auth", "enabled", "no")
+    configuration.set_option("auth", "target", "disabled")
    auth = Auth.load(configuration)
    assert isinstance(auth, Auth)
@ -26,7 +26,7 @@ def test_load_mapping(configuration: Configuration) -> None:
    """
    must load mapping validator if option set
    """
-    configuration.set_option("auth", "enabled", "yes")
+    configuration.set_option("auth", "target", "configuration")
    auth = Auth.load(configuration)
    assert isinstance(auth, MappingAuth)
--- a/tests/ahriman/models/test_auth_settings.py
+++ b/tests/ahriman/models/test_auth_settings.py
@ -0,0 +1,36 @@
 import pytest
 from ahriman.core.exceptions import InvalidOption
 from ahriman.models.auth_settings import AuthSettings
 def test_from_option_invalid() -> None:
    """
    must raise exception on invalid option
    """
    with pytest.raises(InvalidOption, match=".* `invalid`$"):
        AuthSettings.from_option("invalid")
 def test_from_option_valid() -> None:
    """
    must return value from valid options
    """
    assert AuthSettings.from_option("disabled") == AuthSettings.Disabled
    assert AuthSettings.from_option("DISABLED") == AuthSettings.Disabled
    assert AuthSettings.from_option("no") == AuthSettings.Disabled
    assert AuthSettings.from_option("NO") == AuthSettings.Disabled
    assert AuthSettings.from_option("configuration") == AuthSettings.Configuration
    assert AuthSettings.from_option("ConFigUration") == AuthSettings.Configuration
    assert AuthSettings.from_option("mapping") == AuthSettings.Configuration
    assert AuthSettings.from_option("MAPPing") == AuthSettings.Configuration
 def test_is_enabled() -> None:
    """
    must mark as disabled authorization for disabled and enabled otherwise
    """
    assert not AuthSettings.Disabled.is_enabled
    for option in filter(lambda o: o != AuthSettings.Disabled, AuthSettings):
        assert option.is_enabled
--- a/tests/ahriman/web/conftest.py
+++ b/tests/ahriman/web/conftest.py
@ -32,7 +32,7 @@ def application_with_auth(configuration: Configuration, user: User, mocker: Mock
    :param mocker: mocker object
    :return: application test instance
    """
-    configuration.set_option("auth", "enabled", "yes")
+    configuration.set_option("auth", "target", "configuration")
    mocker.patch.object(ahriman.core.auth.helpers, "_has_aiohttp_security", True)
    mocker.patch("pathlib.Path.mkdir")
    application = setup_service("x86_64", configuration)
--- a/tests/ahriman/web/middlewares/conftest.py
+++ b/tests/ahriman/web/middlewares/conftest.py
@ -25,7 +25,7 @@ def authorization_policy(configuration: Configuration, user: User) -> Authorizat
    fixture for authorization policy
    :return: authorization policy fixture
    """
-    configuration.set_option("auth", "enabled", "yes")
+    configuration.set_option("auth", "target", "configuration")
    validator = Auth.load(configuration)
    policy = AuthorizationPolicy(validator)
    policy.validator._users = {user.username: user}