Chromium Code Reviews Chromium Code Reviews
Issue 1075723002:
Extract authentication options handling into a separate function. (Closed)
Base URL: https://chromium.googlesource.com/chromium/tools/depot_tools.git@master| OLD | NEW |
|---|---|
| 1 # coding: utf-8 | 1 # coding: utf-8 |
| 2 # Copyright (c) 2012 The Chromium Authors. All rights reserved. | 2 # Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
| 4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
| 5 """Defines class Rietveld to easily access a rietveld instance. | 5 """Defines class Rietveld to easily access a rietveld instance. |
| 6 | 6 |
| 7 Security implications: | 7 Security implications: |
| 8 | 8 |
| 9 The following hypothesis are made: | 9 The following hypothesis are made: |
| 10 - Rietveld enforces: | 10 - Rietveld enforces: |
| (...skipping 19 matching lines...) Expand all Loading... | |
| 30 import third_party.oauth2client.client as oa2client | 30 import third_party.oauth2client.client as oa2client |
| 31 from third_party import httplib2 | 31 from third_party import httplib2 |
| 32 | 32 |
| 33 # Appengine replies with 302 when authentication fails (sigh.) | 33 # Appengine replies with 302 when authentication fails (sigh.) |
| 34 oa2client.REFRESH_STATUS_CODES.append(302) | 34 oa2client.REFRESH_STATUS_CODES.append(302) |
| 35 upload.LOGGER.setLevel(logging.WARNING) # pylint: disable=E1103 | 35 upload.LOGGER.setLevel(logging.WARNING) # pylint: disable=E1103 |
| 36 | 36 |
| 37 | 37 |
| 38 class Rietveld(object): | 38 class Rietveld(object): |
| 39 """Accesses rietveld.""" | 39 """Accesses rietveld.""" |
| 40 def __init__(self, url, email, password, extra_headers=None, maxtries=None): | 40 def __init__( |
| 41 self, url, auth_config, email=None, extra_headers=None, maxtries=None): | |
| 41 self.url = url.rstrip('/') | 42 self.url = url.rstrip('/') |
| 42 | 43 self.rpc_server = upload.GetRpcServer(self.url, auth_config, email) |
| 43 # TODO(maruel): It's not awesome but maybe necessary to retrieve the value. | |
| 44 # It happens when the presubmit check is ran out of process, the cookie | |
| 45 # needed to be recreated from the credentials. Instead, it should pass the | |
| 46 # email and the cookie. | |
| 47 if email and password: | |
| 48 get_creds = lambda: (email, password) | |
| 49 self.rpc_server = upload.HttpRpcServer( | |
|
Vadim Sh.
2015/04/09 01:04:39
this branch is removed, since password can't be pa
| |
| 50 self.url, | |
| 51 get_creds, | |
| 52 extra_headers=extra_headers or {}) | |
| 53 else: | |
| 54 if email == '': | |
| 55 # If email is given as an empty string, then assume we want to make | |
| 56 # requests that do not need authentication. Bypass authentication by | |
| 57 # setting the auth_function to None. | |
| 58 self.rpc_server = upload.HttpRpcServer(url, None) | |
| 59 else: | |
| 60 self.rpc_server = upload.GetRpcServer(url, email) | |
| 61 | 44 |
| 62 self._xsrf_token = None | 45 self._xsrf_token = None |
| 63 self._xsrf_token_time = None | 46 self._xsrf_token_time = None |
| 64 | 47 |
| 65 self._maxtries = maxtries or 40 | 48 self._maxtries = maxtries or 40 |
| 66 | 49 |
| 67 def xsrf_token(self): | 50 def xsrf_token(self): |
| 68 if (not self._xsrf_token_time or | 51 if (not self._xsrf_token_time or |
| 69 (time.time() - self._xsrf_token_time) > 30*60): | 52 (time.time() - self._xsrf_token_time) > 30*60): |
| 70 self._xsrf_token_time = time.time() | 53 self._xsrf_token_time = time.time() |
| (...skipping 371 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 442 raise | 425 raise |
| 443 # If reaching this line, loop again. Uses a small backoff. | 426 # If reaching this line, loop again. Uses a small backoff. |
| 444 time.sleep(min(10, 1+retry*2)) | 427 time.sleep(min(10, 1+retry*2)) |
| 445 finally: | 428 finally: |
| 446 upload.ErrorExit = old_error_exit | 429 upload.ErrorExit = old_error_exit |
| 447 | 430 |
| 448 # DEPRECATED. | 431 # DEPRECATED. |
| 449 Send = get | 432 Send = get |
| 450 | 433 |
| 451 | 434 |
| 452 class OAuthRpcServer(object): | 435 class OAuthRpcServer(object): |
|
Vadim Sh.
2015/04/09 01:04:39
This will be eventually removed (or rather merged
| |
| 453 def __init__(self, | 436 def __init__(self, |
| 454 host, | 437 host, |
| 455 client_email, | 438 client_email, |
| 456 client_private_key, | 439 client_private_key, |
| 457 private_key_password='notasecret', | 440 private_key_password='notasecret', |
| 458 user_agent=None, | 441 user_agent=None, |
| 459 timeout=None, | 442 timeout=None, |
| 460 extra_headers=None): | 443 extra_headers=None): |
| 461 """Wrapper around httplib2.Http() that handles authentication. | 444 """Wrapper around httplib2.Http() that handles authentication. |
| 462 | 445 |
| (...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 554 self.creds.access_token = None | 537 self.creds.access_token = None |
| 555 continue | 538 continue |
| 556 break | 539 break |
| 557 | 540 |
| 558 return ret[1] | 541 return ret[1] |
| 559 | 542 |
| 560 finally: | 543 finally: |
| 561 self._http.timeout = prev_timeout | 544 self._http.timeout = prev_timeout |
| 562 | 545 |
| 563 | 546 |
| 564 class JwtOAuth2Rietveld(Rietveld): | 547 class JwtOAuth2Rietveld(Rietveld): |
|
Vadim Sh.
2015/04/09 01:04:39
This will be eventually removed. JWT stuff will be
| |
| 565 """Access to Rietveld using OAuth authentication. | 548 """Access to Rietveld using OAuth authentication. |
| 566 | 549 |
| 567 This class is supposed to be used only by bots, since this kind of | 550 This class is supposed to be used only by bots, since this kind of |
| 568 access is restricted to service accounts. | 551 access is restricted to service accounts. |
| 569 """ | 552 """ |
| 570 # The parent__init__ is not called on purpose. | 553 # The parent__init__ is not called on purpose. |
| 571 # pylint: disable=W0231 | 554 # pylint: disable=W0231 |
| 572 def __init__(self, | 555 def __init__(self, |
| 573 url, | 556 url, |
| 574 client_email, | 557 client_email, |
| (...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 715 self, issue, patchset, reason, clobber, revision, builders_and_tests, | 698 self, issue, patchset, reason, clobber, revision, builders_and_tests, |
| 716 master=None, category='cq'): | 699 master=None, category='cq'): |
| 717 logging.info('ReadOnlyRietveld: triggering try jobs %r for issue %d' % | 700 logging.info('ReadOnlyRietveld: triggering try jobs %r for issue %d' % |
| 718 (builders_and_tests, issue)) | 701 (builders_and_tests, issue)) |
| 719 | 702 |
| 720 def trigger_distributed_try_jobs( # pylint:disable=R0201 | 703 def trigger_distributed_try_jobs( # pylint:disable=R0201 |
| 721 self, issue, patchset, reason, clobber, revision, masters, | 704 self, issue, patchset, reason, clobber, revision, masters, |
| 722 category='cq'): | 705 category='cq'): |
| 723 logging.info('ReadOnlyRietveld: triggering try jobs %r for issue %d' % | 706 logging.info('ReadOnlyRietveld: triggering try jobs %r for issue %d' % |
| 724 (masters, issue)) | 707 (masters, issue)) |
| OLD | NEW |
