Warning

This document is for an in-development version of Galaxy. You can alternatively view this page in the latest release if it exists or view the top of the latest release's documentation.

galaxy.auth.providers package

Created on 15/07/2014

@author: Andrew Robinson

class galaxy.auth.providers.AuthProvider[source]

Bases: object

A base class for all Auth Providers.

abstract property plugin_type: Short string providing labelling this plugin

abstract authenticate(email, username, password, options, request)[source]

Check that the user credentials are correct.

Besides checking password, it is possible to perform custom checks like filtering client remote IP address using the request argument. We can get the remote IP address of the client using request.remote_addr and check if the IP is in whitelisted IPs and deny the authentication if it is not.

NOTE: Used within auto-registration to check it is ok to register this user.

Parameters:

email (str) – the user’s email address
username (str) – the user’s username
password (str) – the plain text password they typed
options (dict) – options provided in auth_config_file
request (GalaxyWebTransaction.request) – HTTP request object

Returns:

True: accept user, False: reject user and None: reject user and don’t try any other providers. str, str are the email and username to register with if accepting. The optional dict may contain other attributes, e.g. roles to assign when autoregistering.

Return type:

(bool, str, str) or (bool, str, str, dict)

abstract authenticate_user(user, password, options, request)[source]

Same as authenticate() method, except an User object is provided instead of a username.

Besides checking password, it is possible to perform custom checks like filtering client remote IP address using the request argument. We can get the remote IP address of the client using request.remote_addr and check if the IP is in whitelisted IPs and deny the authentication if it is not.

NOTE: used on normal login to check authentication and update user details if required.

Parameters:

user (galaxy.model.User) – the user to authenticate
password (str) – the plain text password they typed
options (dict) – options provided in auth_config_file
request (GalaxyWebTransaction.request) – HTTP request object

Returns:

True: accept user, False: reject user and None: reject user and don’t try any other providers

Return type:

bool

Submodules

galaxy.auth.providers.alwaysreject module

Created on 16/07/2014

@author: Andrew Robinson

class galaxy.auth.providers.alwaysreject.AlwaysReject[source]

Bases: AuthProvider

A simple authenticator that just accepts users (does not care about their password).

plugin_type = 'alwaysreject'

authenticate(email, username, password, options, request)[source]: See abstract method documentation.

authenticate_user(user, password, options, request)[source]: See abstract method documentation.

galaxy.auth.providers.ldap_ad module

Created on 15/07/2014

@author: Andrew Robinson

Modification on 24/10/2022

Addition of LDAP3 auth provider using the ldap3 module. The original LDAP auth provider uses the python-ldap library which has external dependencies like openldap client libs. ldap3 is a pure Python LDAP v3 client library.

@author: Mahendra Paipuri, CNRS

class galaxy.auth.providers.ldap_ad.LDAP[source]

Bases: AuthProvider

Attempts to authenticate users against an LDAP server.

If options include search-fields then it will attempt to search LDAP for those fields first. After that it will bind to LDAP with the username (formatted as specified).

plugin_type = 'ldap'

role_search_option = 'auto-register-roles'

__init__()[source]

check_config(username, email, options)[source]

ldap_search(email, username, options)[source]

authenticate(email, username, password, options, request)[source]: See abstract method documentation.

authenticate_user(user, password, options, request)[source]: See abstract method documentation.

class galaxy.auth.providers.ldap_ad.LDAP3[source]

Bases: LDAP

LDAP auth provider using ldap3 module

plugin_type = 'ldap3'

__init__()[source]

get_server(options, params)[source]

ldap_search(email, username, options)[source]

class galaxy.auth.providers.ldap_ad.ActiveDirectory[source]

Bases: LDAP

Effectively just an alias for LDAP auth, but may contain active directory specific logic in the future.

plugin_type = 'activedirectory'

galaxy.auth.providers.localdb module

Created on 16/07/2014

@author: Andrew Robinson

class galaxy.auth.providers.localdb.LocalDB[source]

Bases: AuthProvider

Authenticate users against the local Galaxy database (as per usual).

plugin_type = 'localdb'

authenticate(email, username, password, options, request)[source]: See abstract method documentation.

authenticate_user(user, password, options, request)[source]: See abstract method documentation.

galaxy.auth.providers.pam_auth module

Created on 13/07/2015

Author Peter van Heusden (pvh@sanbi.ac.za)

class galaxy.auth.providers.pam_auth.PAM[source]

Bases: AuthProvider

plugin_type = 'PAM'

authenticate(email, username, password, options, request)[source]

Check that the user credentials are correct.

Besides checking password, it is possible to perform custom checks like filtering client remote IP address using the request argument. We can get the remote IP address of the client using request.remote_addr and check if the IP is in whitelisted IPs and deny the authentication if it is not.

NOTE: Used within auto-registration to check it is ok to register this user.

Parameters:

email (str) – the user’s email address
username (str) – the user’s username
password (str) – the plain text password they typed
options (dict) – options provided in auth_config_file
request (GalaxyWebTransaction.request) – HTTP request object

Returns:

True: accept user, False: reject user and None: reject user and don’t try any other providers. str, str are the email and username to register with if accepting. The optional dict may contain other attributes, e.g. roles to assign when autoregistering.

Return type:

(bool, str, str) or (bool, str, str, dict)

authenticate_user(user, password, options, request)[source]

Same as authenticate() method, except an User object is provided instead of a username.

Besides checking password, it is possible to perform custom checks like filtering client remote IP address using the request argument. We can get the remote IP address of the client using request.remote_addr and check if the IP is in whitelisted IPs and deny the authentication if it is not.

NOTE: used on normal login to check authentication and update user details if required.

Parameters:

user (galaxy.model.User) – the user to authenticate
password (str) – the plain text password they typed
options (dict) – options provided in auth_config_file
request (GalaxyWebTransaction.request) – HTTP request object

Returns:

True: accept user, False: reject user and None: reject user and don’t try any other providers

Return type:

bool