kanbanworkflowstimelinescrumrubyroadmapproject-planningproject-managementopenprojectangularissue-trackerifcgantt-chartganttbug-trackerboardsbcf
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
74 lines
2.9 KiB
74 lines
2.9 KiB
require 'open_project/authentication/manager'
|
|
|
|
module OpenProject
|
|
##
|
|
# OpenProject uses Warden strategies for request authentication.
|
|
module Authentication
|
|
class << self
|
|
##
|
|
# Updates the used warden strategies for a given scope. The strategies will be tried
|
|
# in the order they are set here. Plugins can call this to add or remove strategies.
|
|
# For available scopes please refer to `OpenProject::Authentication::Scope`.
|
|
#
|
|
# @param [Symbol] scope The scope for which to update the used warden strategies.
|
|
# @param [Boolean] store Indicates whether the user should be stored in the session
|
|
# for this scope. Optional. If not given, the current store flag
|
|
# for this strategy will remain unchanged what ever it is.
|
|
#
|
|
# @yield [strategies] A block returning the strategies to be used for this scope.
|
|
# @yieldparam [Array] strategies The strategies currently used by this scope. May be empty.
|
|
# @yieldreturn [Array] The strategies to be used by this scope.
|
|
def update_strategies(scope, store: nil, &block)
|
|
raise ArgumentError, "invalid scope: #{scope}" unless Scope.values.include? scope
|
|
|
|
current_strategies = Array(Manager.scope_strategies[scope])
|
|
|
|
Manager.store_defaults[scope] = store unless store.nil?
|
|
Manager.scope_strategies[scope] = block.call current_strategies if block_given?
|
|
end
|
|
|
|
##
|
|
# Allows to handle an authentication failure with a custom response.
|
|
#
|
|
# @param [Symbol] scope The scope for which to set the custom failure handler. Optional.
|
|
# If omitted the default failure handler is set.
|
|
#
|
|
# @yield [failure_handler] A block returning a custom failure response.
|
|
# @yieldparam [Warden::Proxy] warden Warden instance giving access to the would-be
|
|
# result message and headers.
|
|
# @yieldparam [Hash] warden_options Warden options including the scope of the failed
|
|
# strategy and the attempted request path.
|
|
# @yieldreturn [Array] A rack standard response such as `[401, {}, ['unauthenticated']]`.
|
|
def handle_failure(scope: nil, &block)
|
|
Manager.failure_handlers[scope] = block
|
|
end
|
|
end
|
|
|
|
##
|
|
# This module is only there to declare all used scopes. Technically a scope can be an
|
|
# arbitrary symbol. But we declare them here not to lose sight of them.
|
|
#
|
|
# Plugins can declare new scopes by declaring new constants in this module.
|
|
module Scope
|
|
API_V3 = :api_v3
|
|
|
|
class << self
|
|
def values
|
|
constants.map do |name|
|
|
const_get name
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
module Realm
|
|
module_function
|
|
|
|
def realm
|
|
'OpenProject'
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
Warden::Strategies::BasicAuth.prepend OpenProject::Authentication::Realm
|
|
|