galaxy.auth.providers package

Created on 15/07/2014

@author: Andrew Robinson

class galaxy.auth.providers.AuthProvider[source]

Bases: object

A base class for all Auth Providers.

abstract property plugin_type

Short string providing labelling this plugin

abstract authenticate(email, username, password, options, request)[source]

Check that the user credentials are correct.

Besides checking password, it is possible to perform custom checks like filtering client remote IP address using the request argument. We can get the remote IP address of the client using request.remote_addr and check if the IP is in whitelisted IPs and deny the authentication if it is not.

NOTE: Used within auto-registration to check it is ok to register this user.

Parameters:
  • email (str) – the user’s email address

  • username (str) – the user’s username

  • password (str) – the plain text password they typed

  • options (dict) – options provided in auth_config_file

  • request (GalaxyWebTransaction.request) – HTTP request object

Returns:

True: accept user, False: reject user and None: reject user and don’t try any other providers. str, str are the email and username to register with if accepting. The optional dict may contain other attributes, e.g. roles to assign when autoregistering.

Return type:

(bool, str, str) or (bool, str, str, dict)

abstract authenticate_user(user, password, options, request)[source]

Same as authenticate() method, except an User object is provided instead of a username.

Besides checking password, it is possible to perform custom checks like filtering client remote IP address using the request argument. We can get the remote IP address of the client using request.remote_addr and check if the IP is in whitelisted IPs and deny the authentication if it is not.

NOTE: used on normal login to check authentication and update user details if required.

Parameters:
  • user (galaxy.model.User) – the user to authenticate

  • password (str) – the plain text password they typed

  • options (dict) – options provided in auth_config_file

  • request (GalaxyWebTransaction.request) – HTTP request object

Returns:

True: accept user, False: reject user and None: reject user and don’t try any other providers

Return type:

bool

Submodules

galaxy.auth.providers.alwaysreject module

Created on 16/07/2014

@author: Andrew Robinson

class galaxy.auth.providers.alwaysreject.AlwaysReject[source]

Bases: AuthProvider

A simple authenticator that just accepts users (does not care about their password).

plugin_type = 'alwaysreject'
authenticate(email, username, password, options, request)[source]

See abstract method documentation.

authenticate_user(user, password, options, request)[source]

See abstract method documentation.

galaxy.auth.providers.ldap_ad module

Created on 15/07/2014

@author: Andrew Robinson

Modification on 24/10/2022

Addition of LDAP3 auth provider using the ldap3 module. The original LDAP auth provider uses the python-ldap library which has external dependencies like openldap client libs. ldap3 is a pure Python LDAP v3 client library.

@author: Mahendra Paipuri, CNRS

class galaxy.auth.providers.ldap_ad.LDAP[source]

Bases: AuthProvider

Attempts to authenticate users against an LDAP server.

If options include search-fields then it will attempt to search LDAP for those fields first. After that it will bind to LDAP with the username (formatted as specified).

plugin_type = 'ldap'
role_search_option = 'auto-register-roles'
__init__()[source]
check_config(username, email, options)[source]
authenticate(email, username, password, options, request)[source]

See abstract method documentation.

authenticate_user(user, password, options, request)[source]

See abstract method documentation.

class galaxy.auth.providers.ldap_ad.LDAP3[source]

Bases: LDAP

LDAP auth provider using ldap3 module

plugin_type = 'ldap3'
__init__()[source]
get_server(options, params)[source]
class galaxy.auth.providers.ldap_ad.ActiveDirectory[source]

Bases: LDAP

Effectively just an alias for LDAP auth, but may contain active directory specific logic in the future.

plugin_type = 'activedirectory'

galaxy.auth.providers.localdb module

Created on 16/07/2014

@author: Andrew Robinson

class galaxy.auth.providers.localdb.LocalDB[source]

Bases: AuthProvider

Authenticate users against the local Galaxy database (as per usual).

plugin_type = 'localdb'
authenticate(email, username, password, options, request)[source]

See abstract method documentation.

authenticate_user(user, password, options, request)[source]

See abstract method documentation.

galaxy.auth.providers.pam_auth module

Created on 13/07/2015

Author Peter van Heusden (pvh@sanbi.ac.za)

class galaxy.auth.providers.pam_auth.PAM[source]

Bases: AuthProvider

plugin_type = 'PAM'
authenticate(email, username, password, options, request)[source]

Check that the user credentials are correct.

Besides checking password, it is possible to perform custom checks like filtering client remote IP address using the request argument. We can get the remote IP address of the client using request.remote_addr and check if the IP is in whitelisted IPs and deny the authentication if it is not.

NOTE: Used within auto-registration to check it is ok to register this user.

Parameters:
  • email (str) – the user’s email address

  • username (str) – the user’s username

  • password (str) – the plain text password they typed

  • options (dict) – options provided in auth_config_file

  • request (GalaxyWebTransaction.request) – HTTP request object

Returns:

True: accept user, False: reject user and None: reject user and don’t try any other providers. str, str are the email and username to register with if accepting. The optional dict may contain other attributes, e.g. roles to assign when autoregistering.

Return type:

(bool, str, str) or (bool, str, str, dict)

authenticate_user(user, password, options, request)[source]

Same as authenticate() method, except an User object is provided instead of a username.

Besides checking password, it is possible to perform custom checks like filtering client remote IP address using the request argument. We can get the remote IP address of the client using request.remote_addr and check if the IP is in whitelisted IPs and deny the authentication if it is not.

NOTE: used on normal login to check authentication and update user details if required.

Parameters:
  • user (galaxy.model.User) – the user to authenticate

  • password (str) – the plain text password they typed

  • options (dict) – options provided in auth_config_file

  • request (GalaxyWebTransaction.request) – HTTP request object

Returns:

True: accept user, False: reject user and None: reject user and don’t try any other providers

Return type:

bool