Added no security store for static logins

datavisyn · Aug 31, 2022 · 28e24db · 28e24db
1 parent 0e28f8d
commit 28e24db
Show file tree

Hide file tree

Showing 4 changed files with 64 additions and 1 deletion.
diff --git a/tdp_core/__init__.py b/tdp_core/__init__.py
@@ -81,13 +81,18 @@ def register(self, registry: RegHelper):
         )
 
         # phovea_security_flask
-        # TODO: Add ENV variables to allow disabling
         registry.append(
             "user_stores",
             "alb_security_store",
             "tdp_core.security.store.alb_security_store",
             {},
         )
+        registry.append(
+            "user_stores",
+            "no_security_store",
+            "tdp_core.security.store.no_security_store",
+            {},
+        )
 
         # tdp_matomo
         registry.append("tdp-config-safe-keys", "matomo", "", {"configKey": "tdp_core.matomo"})

diff --git a/tdp_core/security/store/no_security_store.py b/tdp_core/security/store/no_security_store.py
@@ -0,0 +1,32 @@
+import logging
+from typing import List, Optional
+
+from ... import manager
+from ..model import User
+from .base_store import BaseStore
+
+_log = logging.getLogger(__name__)
+
+
+class NoSecurityStore(BaseStore):
+    def __init__(self, user: str, roles: List[str]):
+        self.user = user
+        self.roles = roles
+
+    def load_from_request(self, req):
+        return User(id=self.user, roles=self.roles)
+
+
+def create():
+    # Check if the security store is enabled.
+    # Why do we do this here and not in the __init__.py?
+    # Because the configuration is merged after the registry is loaded,
+    # such that no keys are available (except tdp_core keys).
+    if manager.settings.tdp_core.security.store.no_security_store.enable:
+        _log.info("Adding NoSecurityStore")
+        return NoSecurityStore(
+            manager.settings.tdp_core.security.store.no_security_store.user,
+            manager.settings.tdp_core.security.store.no_security_store.roles,
+        )
+
+    return None
diff --git a/tdp_core/settings/model.py b/tdp_core/settings/model.py
@@ -33,9 +33,17 @@ class AlbSecurityStoreSettings(BaseModel):
     signout_url: Optional[str] = None
 
 
+class NoSecurityStoreSettings(BaseModel):
+    enable: bool = False
+    user: str = "admin"
+    roles: List[str] = []
+
+
 class SecurityStoreSettings(BaseModel):
     alb_security_store: AlbSecurityStoreSettings = AlbSecurityStoreSettings()
     """Settings for the ALB security store"""
+    no_security_store: NoSecurityStoreSettings = NoSecurityStoreSettings()
+    """Settings for the no security store"""
 
 
 class SecuritySettings(BaseModel):

diff --git a/tdp_core/tests/test_security_login.py b/tdp_core/tests/test_security_login.py
@@ -5,6 +5,7 @@
 from tdp_core import manager
 from tdp_core.security.model import User
 from tdp_core.security.store.alb_security_store import create as create_alb_security_store
+from tdp_core.security.store.no_security_store import create as create_no_security_store
 
 
 def test_api_key(client: TestClient):
@@ -141,3 +142,20 @@ def test_alb_security_store(client: TestClient):
     response = client.post("/logout", headers=headers)
     assert response.status_code == 200
     assert response.json()["alb_security_store"]["redirect"] == "http://localhost/logout"
+
+
+def test_no_security_store(client: TestClient):
+    # Add some basic configuration
+    manager.settings.tdp_core.security.store.no_security_store.enable = True
+    manager.settings.tdp_core.security.store.no_security_store.user = "test_name"
+    manager.settings.tdp_core.security.store.no_security_store.roles = ["test_role"]
+
+    store = create_no_security_store()
+    assert store is not None
+
+    manager.security.user_stores = [store]
+
+    user_info = client.get("/loggedinas").json()
+    assert user_info != '"not_yet_logged_in"'
+    assert user_info["name"] == "test_name"
+    assert user_info["roles"] == ["test_role"]