Allow chained auth functions to chain to built-in auth functions. #4248
Conversation
|
I've found this limitation frustrating in the past myself. @wardi can you recall a reason to not chain core auth functions? |
|
No, just an oversight. We should absolutely be able to chain core auth functions |
There was a problem hiding this comment.
@ashleysommer Just some minor style comments but otherwise good to go!
| @@ -102,13 +102,19 @@ def _build(self): | |||
| fetched_auth_functions[name] = auth_function | |||
|
|
|||
| for name, func_list in chained_auth_functions.iteritems(): | |||
| if name not in fetched_auth_functions: | |||
| if name not in fetched_auth_functions and\ | |||
There was a problem hiding this comment.
Do you mind using parentheses instead of \ to wrap the line? Just to be consistent with the styling we use elsewhere in the code.
| else: | ||
| # fallback to chaining off the builtin auth function | ||
| prev_func = self._functions[name] | ||
| fetched_auth_functions[name] =\ |
|
We should have a simple test of this functionality too. The only current chained_auth tests are in the datastore extension, I'd be fine with adding another test there instead of creating a whole new plugin just for the tests. https://github.com/ckan/ckan/blob/master/ckanext/datastore/tests/test_chained_auth_functions.py |
|
@ashleysommer do you have time to add the little test @wardi mentions? |
|
Same issue here. Is there something I can do to speed up things? |
|
I implement a simple fix in addition to what has been proposed, because otherwise there would be an error ( |
|
closed in favour of #4579 |
Proposed fixes:
Some authentication plugins implement chained auth functions on actions such as
user_createanduser_update. If no other plugins provide these functions, then CKAN raises the exception "The auth 'user_create' is not found for chained auth". The CKAN built-in auth system however does provide these functions. So it makes sense to fallback to having the chained auth function chain to the corresponding built-in function.This is an example of one such plugin which attempts to chain off 'user_create' and 'user_update' and fails:
https://github.com/NaturalHistoryMuseum/ckanext-ldap/blob/6f9aec4edadaf792e347b4d20adad2c2322c167f/ckanext/ldap/logic/auth/create.py#L12
Features: