Part of lp.code.xmlrpc.git View In Hierarchy
IGitAPI.| Method | __init__ | Undocumented |
| Method | translatePath | See IGitAPI. |
| Method | notify | See IGitAPI. |
| Method | authenticateWithPassword | See IGitAPI. |
| Method | checkRefPermissions | See IGitAPI. |
| Method | _verifyMacaroon | Undocumented |
| Method | _verifyAuthParams | Verify authentication parameters in the context of a repository. |
| Method | _performLookup | Undocumented |
| Method | _getGitNamespaceExtras | Get the namespace, repository name, and callback for the path. |
| Method | _reportError | Undocumented |
| Method | _createRepository | Undocumented |
| Method | _translatePath | Undocumented |
| Method | _authenticateWithPassword | Authenticate a user by username and password. |
| Method | _renderPermissions | Render a set of permission strings for XML-RPC output. |
| Method | _checkRefPermissions | Undocumented |
Verify authentication parameters in the context of a repository.
There are several possibilities:
- Anonymous authentication with no macaroon. We do no additional checks here.
- Anonymous authentication with a macaroon. This is forbidden.
- User authentication with no macaroon. We can only get here if something else has already verified user authentication (SSH with a key checked against the authserver, or
authenticateWithPassword); we do no additional checks beyond that.- User authentication with a macaroon. As above, we can only get here if something else has already verified user authentication. In this case, the macaroon is required to match the requester, and constrains their permissions.
- Internal-services authentication with a macaroon. In this case, we require that the macaroon does not identify a user.
- Internal-services authentication with no macaroon. This is forbidden.
| Parameters | requester | The logged-in IPerson, LAUNCHPAD_SERVICES, or
None for anonymous access. |
| repository | The context IGitRepository. | |
| auth_params | A dictionary of authentication parameters. | |
| Returns | An IMacaroonVerificationResult if macaroon authentication
was used, otherwise None. | |
| Raises | faults.Unauthorized | if the authentication parameters are not sufficient to grant access to the repository for this requester. |
If the path defines a full Git repository path including the owner and repository name, then the namespace that is returned is the namespace for the owner and the repository target specified.
If the path uses a shortcut name, then we only allow the requester to create a repository if they have permission to make the newly created repository the default for the shortcut target. If there is an existing default repository, then GitRepositoryExists is raised. The repository name that is used is determined by the namespace as the first unused name starting with the leaf part of the namespace name. In this case, the repository owner will be set to the namespace owner, and distribution source package namespaces are currently disallowed due to the complexities of ownership there.
This is a separate method from authenticateWithPassword because
otherwise Zope's XML-RPC publication machinery gets confused by the
decorator and publishes a method that takes zero arguments.