rhodecode-enterprise-ce Commit - r4803:4c2bed55

metrics: use prom metrics, and added some additional metrics

super-admin -

r4803:4c2bed55 default

parent child

rhodecode/api/__init__.py

0 +11 -3

             # -*- coding: utf-8 -*-
             # Copyright (C) 2011-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import itertools
             import logging
             import sys
             import types
             import fnmatch
             import decorator
             import venusian
             from collections import OrderedDict
             from pyramid.exceptions import ConfigurationError
             from pyramid.renderers import render
             from pyramid.response import Response
             from pyramid.httpexceptions import HTTPNotFound
             from rhodecode.api.exc import (
                 JSONRPCBaseError, JSONRPCError, JSONRPCForbidden, JSONRPCValidationError)
             from rhodecode.apps._base import TemplateArgs
             from rhodecode.lib.auth import AuthUser
             from rhodecode.lib.base import get_ip_addr, attach_context_attributes
             from rhodecode.lib.exc_tracking import store_exception
             from rhodecode.lib.ext_json import json
             from rhodecode.lib.utils2 import safe_str
             from rhodecode.lib.plugins.utils import get_plugin_settings
             from rhodecode.model.db import User, UserApiKeys
             log = logging.getLogger(__name__)
             DEFAULT_RENDERER = 'jsonrpc_renderer'
             DEFAULT_URL = '/_admin/apiv2'
             def find_methods(jsonrpc_methods, pattern):
                 matches = OrderedDict()
                 if not isinstance(pattern, (list, tuple)):
                     pattern = [pattern]
                 for single_pattern in pattern:
                     for method_name, method in jsonrpc_methods.items():
                         if fnmatch.fnmatch(method_name, single_pattern):
                             matches[method_name] = method
                 return matches
             class ExtJsonRenderer(object):
                 """
                 Custom renderer that mkaes use of our ext_json lib
                 """
                 def __init__(self, serializer=json.dumps, **kw):
                     """ Any keyword arguments will be passed to the ``serializer``
                     function."""
                     self.serializer = serializer
                     self.kw = kw
                 def __call__(self, info):
                     """ Returns a plain JSON-encoded string with content-type
                     ``application/json``. The content-type may be overridden by
                     setting ``request.response.content_type``."""
                     def _render(value, system):
                         request = system.get('request')
                         if request is not None:
                             response = request.response
                             ct = response.content_type
                             if ct == response.default_content_type:
                                 response.content_type = 'application/json'
                         return self.serializer(value, **self.kw)
                     return _render
             def jsonrpc_response(request, result):
                 rpc_id = getattr(request, 'rpc_id', None)
                 response = request.response
                 # store content_type before render is called
                 ct = response.content_type
                 ret_value = ''
                 if rpc_id:
                     ret_value = {
                         'id': rpc_id,
                         'result': result,
                         'error': None,
                     }
                     # fetch deprecation warnings, and store it inside results
                     deprecation = getattr(request, 'rpc_deprecation', None)
                     if deprecation:
                         ret_value['DEPRECATION_WARNING'] = deprecation
                 raw_body = render(DEFAULT_RENDERER, ret_value, request=request)
                 response.body = safe_str(raw_body, response.charset)
                 if ct == response.default_content_type:
                     response.content_type = 'application/json'
                 return response
             def jsonrpc_error(request, message, retid=None, code=None, headers=None):
                 """
                 Generate a Response object with a JSON-RPC error body
                 :param code:
                 :param retid:
                 :param message:
                 """
                 err_dict = {'id': retid, 'result': None, 'error': message}
                 body = render(DEFAULT_RENDERER, err_dict, request=request).encode('utf-8')
                 return Response(
                     body=body,
                     status=code,
                     content_type='application/json',
                     headerlist=headers
                 )
             def exception_view(exc, request):
                 rpc_id = getattr(request, 'rpc_id', None)
                 if isinstance(exc, JSONRPCError):
                     fault_message = safe_str(exc.message)
                     log.debug('json-rpc error rpc_id:%s "%s"', rpc_id, fault_message)
                 elif isinstance(exc, JSONRPCValidationError):
                     colander_exc = exc.colander_exception
                     # TODO(marcink): think maybe of nicer way to serialize errors ?
                     fault_message = colander_exc.asdict()
                     log.debug('json-rpc colander error rpc_id:%s "%s"', rpc_id, fault_message)
                 elif isinstance(exc, JSONRPCForbidden):
                     fault_message = 'Access was denied to this resource.'
                     log.warning('json-rpc forbidden call rpc_id:%s "%s"', rpc_id, fault_message)
                 elif isinstance(exc, HTTPNotFound):
                     method = request.rpc_method
                     log.debug('json-rpc method `%s` not found in list of '
                               'api calls: %s, rpc_id:%s',
                               method, request.registry.jsonrpc_methods.keys(), rpc_id)
                     similar = 'none'
                     try:
                         similar_paterns = ['*{}*'.format(x) for x in method.split('_')]
                         similar_found = find_methods(
                             request.registry.jsonrpc_methods, similar_paterns)
                         similar = ', '.join(similar_found.keys()) or similar
                     except Exception:
                         # make the whole above block safe
                         pass
                     fault_message = "No such method: {}. Similar methods: {}".format(
                         method, similar)
                 else:
                     fault_message = 'undefined error'
                     exc_info = exc.exc_info()
                     store_exception(id(exc_info), exc_info, prefix='rhodecode-api')
                     statsd = request.registry.statsd
                     if statsd:
-                        statsd.incr('rhodecode_exception', tags=["api"])
+                        statsd.incr('rhodecode_exception_total', tags=["exc_source:api"])
                 return jsonrpc_error(request, fault_message, rpc_id)
             def request_view(request):
                 """
                 Main request handling method. It handles all logic to call a specific
                 exposed method
                 """
                 # cython compatible inspect
                 from rhodecode.config.patches import inspect_getargspec
                 inspect = inspect_getargspec()
                 # check if we can find this session using api_key, get_by_auth_token
                 # search not expired tokens only
                 try:
                     api_user = User.get_by_auth_token(request.rpc_api_key)
                     if api_user is None:
                         return jsonrpc_error(
                             request, retid=request.rpc_id, message='Invalid API KEY')
                     if not api_user.active:
                         return jsonrpc_error(
                             request, retid=request.rpc_id,
                             message='Request from this user not allowed')
                     # check if we are allowed to use this IP
                     auth_u = AuthUser(
                         api_user.user_id, request.rpc_api_key, ip_addr=request.rpc_ip_addr)
                     if not auth_u.ip_allowed:
                         return jsonrpc_error(
                             request, retid=request.rpc_id,
                             message='Request from IP:%s not allowed' % (
                                 request.rpc_ip_addr,))
                     else:
                         log.info('Access for IP:%s allowed', request.rpc_ip_addr)
                     # register our auth-user
                     request.rpc_user = auth_u
                     request.environ['rc_auth_user_id'] = auth_u.user_id
                     # now check if token is valid for API
                     auth_token = request.rpc_api_key
                     token_match = api_user.authenticate_by_token(
                         auth_token, roles=[UserApiKeys.ROLE_API])
                     invalid_token = not token_match
                     log.debug('Checking if API KEY is valid with proper role')
                     if invalid_token:
                         return jsonrpc_error(
                             request, retid=request.rpc_id,
                             message='API KEY invalid or, has bad role for an API call')
                 except Exception:
                     log.exception('Error on API AUTH')
                     return jsonrpc_error(
                         request, retid=request.rpc_id, message='Invalid API KEY')
                 method = request.rpc_method
                 func = request.registry.jsonrpc_methods[method]
                 # now that we have a method, add request._req_params to
                 # self.kargs and dispatch control to WGIController
                 argspec = inspect.getargspec(func)
                 arglist = argspec[0]
                 defaults = map(type, argspec[3] or [])
                 default_empty = types.NotImplementedType
                 # kw arguments required by this method
                 func_kwargs = dict(itertools.izip_longest(
                     reversed(arglist), reversed(defaults), fillvalue=default_empty))
                 # This attribute will need to be first param of a method that uses
                 # api_key, which is translated to instance of user at that name
                 user_var = 'apiuser'
                 request_var = 'request'
                 for arg in [user_var, request_var]:
                     if arg not in arglist:
                         return jsonrpc_error(
                             request,
                             retid=request.rpc_id,
                             message='This method [%s] does not support '
                                     'required parameter `%s`' % (func.__name__, arg))
                 # get our arglist and check if we provided them as args
                 for arg, default in func_kwargs.items():
                     if arg in [user_var, request_var]:
                         # user_var and request_var are pre-hardcoded parameters and we
                         # don't need to do any translation
                         continue
                     # skip the required param check if it's default value is
                     # NotImplementedType (default_empty)
                     if default == default_empty and arg not in request.rpc_params:
                         return jsonrpc_error(
                             request,
                             retid=request.rpc_id,
                             message=('Missing non optional `%s` arg in JSON DATA' % arg)
                         )
                 # sanitize extra passed arguments
                 for k in request.rpc_params.keys()[:]:
                     if k not in func_kwargs:
                         del request.rpc_params[k]
                 call_params = request.rpc_params
                 call_params.update({
                     'request': request,
                     'apiuser': auth_u
                 })
                 # register some common functions for usage
                 attach_context_attributes(TemplateArgs(), request, request.rpc_user.user_id)
+                statsd = request.registry.statsd
                 try:
                     ret_value = func(**call_params)
-                    return jsonrpc_response(request, ret_value)
+                    resp = jsonrpc_response(request, ret_value)
+                    if statsd:
+                        statsd.incr('rhodecode_api_call_success_total')
+                    return resp
                 except JSONRPCBaseError:
                     raise
                 except Exception:
                     log.exception('Unhandled exception occurred on api call: %s', func)
                     exc_info = sys.exc_info()
                     exc_id, exc_type_name = store_exception(
                         id(exc_info), exc_info, prefix='rhodecode-api')
                     error_headers = [('RhodeCode-Exception-Id', str(exc_id)),
                                      ('RhodeCode-Exception-Type', str(exc_type_name))]
-                    return jsonrpc_error(
+                    err_resp = jsonrpc_error(
                         request, retid=request.rpc_id, message='Internal server error',
                         headers=error_headers)
+                    if statsd:
+                        statsd.incr('rhodecode_api_call_fail_total')
+                    return err_resp
             def setup_request(request):
                 """
                 Parse a JSON-RPC request body. It's used inside the predicates method
                 to validate and bootstrap requests for usage in rpc calls.
                 We need to raise JSONRPCError here if we want to return some errors back to
                 user.
                 """
                 log.debug('Executing setup request: %r', request)
                 request.rpc_ip_addr = get_ip_addr(request.environ)
                 # TODO(marcink): deprecate GET at some point
                 if request.method not in ['POST', 'GET']:
                     log.debug('unsupported request method "%s"', request.method)
                     raise JSONRPCError(
                         'unsupported request method "%s". Please use POST' % request.method)
                 if 'CONTENT_LENGTH' not in request.environ:
                     log.debug("No Content-Length")
                     raise JSONRPCError("Empty body, No Content-Length in request")
                 else:
                     length = request.environ['CONTENT_LENGTH']
                     log.debug('Content-Length: %s', length)
                     if length == 0:
                         log.debug("Content-Length is 0")
                         raise JSONRPCError("Content-Length is 0")
                 raw_body = request.body
                 log.debug("Loading JSON body now")
                 try:
                     json_body = json.loads(raw_body)
                 except ValueError as e:
                     # catch JSON errors Here
                     raise JSONRPCError("JSON parse error ERR:%s RAW:%r" % (e, raw_body))
                 request.rpc_id = json_body.get('id')
                 request.rpc_method = json_body.get('method')
                 # check required base parameters
                 try:
                     api_key = json_body.get('api_key')
                     if not api_key:
                         api_key = json_body.get('auth_token')
                     if not api_key:
                         raise KeyError('api_key or auth_token')
                     # TODO(marcink): support passing in token in request header
                     request.rpc_api_key = api_key
                     request.rpc_id = json_body['id']
                     request.rpc_method = json_body['method']
                     request.rpc_params = json_body['args'] \
                         if isinstance(json_body['args'], dict) else {}
                     log.debug('method: %s, params: %.10240r', request.rpc_method, request.rpc_params)
                 except KeyError as e:
                     raise JSONRPCError('Incorrect JSON data. Missing %s' % e)
                 log.debug('setup complete, now handling method:%s rpcid:%s',
                           request.rpc_method, request.rpc_id, )
             class RoutePredicate(object):
                 def __init__(self, val, config):
                     self.val = val
                 def text(self):
                     return 'jsonrpc route = %s' % self.val
                 phash = text
                 def __call__(self, info, request):
                     if self.val:
                         # potentially setup and bootstrap our call
                         setup_request(request)
                         # Always return True so that even if it isn't a valid RPC it
                         # will fall through to the underlaying handlers like notfound_view
                         return True
             class NotFoundPredicate(object):
                 def __init__(self, val, config):
                     self.val = val
                     self.methods = config.registry.jsonrpc_methods
                 def text(self):
                     return 'jsonrpc method not found = {}.'.format(self.val)
                 phash = text
                 def __call__(self, info, request):
                     return hasattr(request, 'rpc_method')
             class MethodPredicate(object):
                 def __init__(self, val, config):
                     self.method = val
                 def text(self):
                     return 'jsonrpc method = %s' % self.method
                 phash = text
                 def __call__(self, context, request):
                     # we need to explicitly return False here, so pyramid doesn't try to
                     # execute our view directly. We need our main handler to execute things
                     return getattr(request, 'rpc_method') == self.method
             def add_jsonrpc_method(config, view, **kwargs):
                 # pop the method name
                 method = kwargs.pop('method', None)
                 if method is None:
                     raise ConfigurationError(
                         'Cannot register a JSON-RPC method without specifying the "method"')
                 # we define custom predicate, to enable to detect conflicting methods,
                 # those predicates are kind of "translation" from the decorator variables
                 # to internal predicates names
                 kwargs['jsonrpc_method'] = method
                 # register our view into global view store for validation
                 config.registry.jsonrpc_methods[method] = view
                 # we're using our main request_view handler, here, so each method
                 # has a unified handler for itself
                 config.add_view(request_view, route_name='apiv2', **kwargs)
             class jsonrpc_method(object):
                 """
                 decorator that works similar to @add_view_config decorator,
                 but tailored for our JSON RPC
                 """
                 venusian = venusian  # for testing injection
                 def __init__(self, method=None, **kwargs):
                     self.method = method
                     self.kwargs = kwargs
                 def __call__(self, wrapped):
                     kwargs = self.kwargs.copy()
                     kwargs['method'] = self.method or wrapped.__name__
                     depth = kwargs.pop('_depth', 0)
                     def callback(context, name, ob):
                         config = context.config.with_package(info.module)
                         config.add_jsonrpc_method(view=ob, **kwargs)
                     info = venusian.attach(wrapped, callback, category='pyramid',
                                            depth=depth + 1)
                     if info.scope == 'class':
                         # ensure that attr is set if decorating a class method
                         kwargs.setdefault('attr', wrapped.__name__)
                     kwargs['_info'] = info.codeinfo  # fbo action_method
                     return wrapped
             class jsonrpc_deprecated_method(object):
                 """
                 Marks method as deprecated, adds log.warning, and inject special key to
                 the request variable to mark method as deprecated.
                 Also injects special docstring that extract_docs will catch to mark
                 method as deprecated.
                 :param use_method: specify which method should be used instead of
                     the decorated one
                 Use like::
                     @jsonrpc_method()
                     @jsonrpc_deprecated_method(use_method='new_func', deprecated_at_version='3.0.0')
                     def old_func(request, apiuser, arg1, arg2):
                         ...
                 """
                 def __init__(self, use_method, deprecated_at_version):
                     self.use_method = use_method
                     self.deprecated_at_version = deprecated_at_version
                     self.deprecated_msg = ''
                 def __call__(self, func):
                     self.deprecated_msg = 'Please use method `{method}` instead.'.format(
                         method=self.use_method)
                     docstring = """\n
                     .. deprecated:: {version}
                        {deprecation_message}
                     {original_docstring}
                     """
                     func.__doc__ = docstring.format(
                         version=self.deprecated_at_version,
                         deprecation_message=self.deprecated_msg,
                         original_docstring=func.__doc__)
                     return decorator.decorator(self.__wrapper, func)
                 def __wrapper(self, func, *fargs, **fkwargs):
                     log.warning('DEPRECATED API CALL on function %s, please '
                                 'use `%s` instead', func, self.use_method)
                     # alter function docstring to mark as deprecated, this is picked up
                     # via fabric file that generates API DOC.
                     result = func(*fargs, **fkwargs)
                     request = fargs[0]
                     request.rpc_deprecation = 'DEPRECATED METHOD ' + self.deprecated_msg
                     return result
             def add_api_methods(config):
                 from rhodecode.api.views import (
                     deprecated_api, gist_api, pull_request_api, repo_api, repo_group_api,
                     server_api, search_api, testing_api, user_api, user_group_api)
                 config.scan('rhodecode.api.views')
             def includeme(config):
                 plugin_module = 'rhodecode.api'
                 plugin_settings = get_plugin_settings(
                     plugin_module, config.registry.settings)
                 if not hasattr(config.registry, 'jsonrpc_methods'):
                     config.registry.jsonrpc_methods = OrderedDict()
                 # match filter by given method only
                 config.add_view_predicate('jsonrpc_method', MethodPredicate)
                 config.add_view_predicate('jsonrpc_method_not_found', NotFoundPredicate)
                 config.add_renderer(DEFAULT_RENDERER, ExtJsonRenderer(
                     serializer=json.dumps, indent=4))
                 config.add_directive('add_jsonrpc_method', add_jsonrpc_method)
                 config.add_route_predicate(
                     'jsonrpc_call', RoutePredicate)
                 config.add_route(
                     'apiv2', plugin_settings.get('url', DEFAULT_URL), jsonrpc_call=True)
                 # register some exception handling view
                 config.add_view(exception_view, context=JSONRPCBaseError)
                 config.add_notfound_view(exception_view, jsonrpc_method_not_found=True)
                 add_api_methods(config)

rhodecode/authentication/base.py

0 +9 -2

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             Authentication modules
             """
             import socket
             import string
             import colander
             import copy
             import logging
             import time
             import traceback
             import warnings
             import functools
             from pyramid.threadlocal import get_current_registry
             from rhodecode.authentication.interface import IAuthnPluginRegistry
             from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
             from rhodecode.lib import rc_cache
+            from rhodecode.lib.statsd_client import StatsdClient
             from rhodecode.lib.auth import PasswordGenerator, _RhodeCodeCryptoBCrypt
             from rhodecode.lib.utils2 import safe_int, safe_str
-            from rhodecode.lib.exceptions import LdapConnectionError, LdapUsernameError, \
+            from rhodecode.lib.exceptions import (LdapConnectionError, LdapUsernameError, LdapPasswordError)
-                LdapPasswordError
             from rhodecode.model.db import User
             from rhodecode.model.meta import Session
             from rhodecode.model.settings import SettingsModel
             from rhodecode.model.user import UserModel
             from rhodecode.model.user_group import UserGroupModel
             log = logging.getLogger(__name__)
             # auth types that authenticate() function can receive
             VCS_TYPE = 'vcs'
             HTTP_TYPE = 'http'
             external_auth_session_key = 'rhodecode.external_auth'
             class hybrid_property(object):
                 """
                 a property decorator that works both for instance and class
                 """
                 def __init__(self, fget, fset=None, fdel=None, expr=None):
                     self.fget = fget
                     self.fset = fset
                     self.fdel = fdel
                     self.expr = expr or fget
                     functools.update_wrapper(self, fget)
                 def __get__(self, instance, owner):
                     if instance is None:
                         return self.expr(owner)
                     else:
                         return self.fget(instance)
                 def __set__(self, instance, value):
                     self.fset(instance, value)
                 def __delete__(self, instance):
                     self.fdel(instance)
             class LazyFormencode(object):
                 def __init__(self, formencode_obj, *args, **kwargs):
                     self.formencode_obj = formencode_obj
                     self.args = args
                     self.kwargs = kwargs
                 def __call__(self, *args, **kwargs):
                     from inspect import isfunction
                     formencode_obj = self.formencode_obj
                     if isfunction(formencode_obj):
                         # case we wrap validators into functions
                         formencode_obj = self.formencode_obj(*args, **kwargs)
                     return formencode_obj(*self.args, **self.kwargs)
             class RhodeCodeAuthPluginBase(object):
                 # UID is used to register plugin to the registry
                 uid = None
                 # cache the authentication request for N amount of seconds. Some kind
                 # of authentication methods are very heavy and it's very efficient to cache
                 # the result of a call. If it's set to None (default) cache is off
                 AUTH_CACHE_TTL = None
                 AUTH_CACHE = {}
                 auth_func_attrs = {
                     "username": "unique username",
                     "firstname": "first name",
                     "lastname": "last name",
                     "email": "email address",
                     "groups": '["list", "of", "groups"]',
                     "user_group_sync":
                         'True|False defines if returned user groups should be synced',
                     "extern_name": "name in external source of record",
                     "extern_type": "type of external source of record",
                     "admin": 'True|False defines if user should be RhodeCode super admin',
                     "active":
                         'True|False defines active state of user internally for RhodeCode',
                     "active_from_extern":
                         "True|False|None, active state from the external auth, "
                         "None means use definition from RhodeCode extern_type active value"
                 }
                 # set on authenticate() method and via set_auth_type func.
                 auth_type = None
                 # set on authenticate() method and via set_calling_scope_repo, this is a
                 # calling scope repository when doing authentication most likely on VCS
                 # operations
                 acl_repo_name = None
                 # List of setting names to store encrypted. Plugins may override this list
                 # to store settings encrypted.
                 _settings_encrypted = []
                 # Mapping of python to DB settings model types. Plugins may override or
                 # extend this mapping.
                 _settings_type_map = {
                     colander.String: 'unicode',
                     colander.Integer: 'int',
                     colander.Boolean: 'bool',
                     colander.List: 'list',
                 }
                 # list of keys in settings that are unsafe to be logged, should be passwords
                 # or other crucial credentials
                 _settings_unsafe_keys = []
                 def __init__(self, plugin_id):
                     self._plugin_id = plugin_id
                     self._settings = {}
                 def __str__(self):
                     return self.get_id()
                 def _get_setting_full_name(self, name):
                     """
                     Return the full setting name used for storing values in the database.
                     """
                     # TODO: johbo: Using the name here is problematic. It would be good to
                     # introduce either new models in the database to hold Plugin and
                     # PluginSetting or to use the plugin id here.
                     return 'auth_{}_{}'.format(self.name, name)
                 def _get_setting_type(self, name):
                     """
                     Return the type of a setting. This type is defined by the SettingsModel
                     and determines how the setting is stored in DB. Optionally the suffix
                     `.encrypted` is appended to instruct SettingsModel to store it
                     encrypted.
                     """
                     schema_node = self.get_settings_schema().get(name)
                     db_type = self._settings_type_map.get(
                         type(schema_node.typ), 'unicode')
                     if name in self._settings_encrypted:
                         db_type = '{}.encrypted'.format(db_type)
                     return db_type
                 @classmethod
                 def docs(cls):
                     """
                     Defines documentation url which helps with plugin setup
                     """
                     return ''
                 @classmethod
                 def icon(cls):
                     """
                     Defines ICON in SVG format for authentication method
                     """
                     return ''
                 def is_enabled(self):
                     """
                     Returns true if this plugin is enabled. An enabled plugin can be
                     configured in the admin interface but it is not consulted during
                     authentication.
                     """
                     auth_plugins = SettingsModel().get_auth_plugins()
                     return self.get_id() in auth_plugins
                 def is_active(self, plugin_cached_settings=None):
                     """
                     Returns true if the plugin is activated. An activated plugin is
                     consulted during authentication, assumed it is also enabled.
                     """
                     return self.get_setting_by_name(
                         'enabled', plugin_cached_settings=plugin_cached_settings)
                 def get_id(self):
                     """
                     Returns the plugin id.
                     """
                     return self._plugin_id
                 def get_display_name(self, load_from_settings=False):
                     """
                     Returns a translation string for displaying purposes.
                     if load_from_settings is set, plugin settings can override the display name
                     """
                     raise NotImplementedError('Not implemented in base class')
                 def get_settings_schema(self):
                     """
                     Returns a colander schema, representing the plugin settings.
                     """
                     return AuthnPluginSettingsSchemaBase()
                 def _propagate_settings(self, raw_settings):
                     settings = {}
                     for node in self.get_settings_schema():
                         settings[node.name] = self.get_setting_by_name(
                             node.name, plugin_cached_settings=raw_settings)
                     return settings
                 def get_settings(self, use_cache=True):
                     """
                     Returns the plugin settings as dictionary.
                     """
                     if self._settings != {} and use_cache:
                         return self._settings
                     raw_settings = SettingsModel().get_all_settings()
                     settings = self._propagate_settings(raw_settings)
                     self._settings = settings
                     return self._settings
                 def get_setting_by_name(self, name, default=None, plugin_cached_settings=None):
                     """
                     Returns a plugin setting by name.
                     """
                     full_name = 'rhodecode_{}'.format(self._get_setting_full_name(name))
                     if plugin_cached_settings:
                         plugin_settings = plugin_cached_settings
                     else:
                         plugin_settings = SettingsModel().get_all_settings()
                     if full_name in plugin_settings:
                         return plugin_settings[full_name]
                     else:
                         return default
                 def create_or_update_setting(self, name, value):
                     """
                     Create or update a setting for this plugin in the persistent storage.
                     """
                     full_name = self._get_setting_full_name(name)
                     type_ = self._get_setting_type(name)
                     db_setting = SettingsModel().create_or_update_setting(
                         full_name, value, type_)
                     return db_setting.app_settings_value
                 def log_safe_settings(self, settings):
                     """
                     returns a log safe representation of settings, without any secrets
                     """
                     settings_copy = copy.deepcopy(settings)
                     for k in self._settings_unsafe_keys:
                         if k in settings_copy:
                             del settings_copy[k]
                     return settings_copy
                 @hybrid_property
                 def name(self):
                     """
                     Returns the name of this authentication plugin.
                     :returns: string
                     """
                     raise NotImplementedError("Not implemented in base class")
                 def get_url_slug(self):
                     """
                     Returns a slug which should be used when constructing URLs which refer
                     to this plugin. By default it returns the plugin name. If the name is
                     not suitable for using it in an URL the plugin should override this
                     method.
                     """
                     return self.name
                 @property
                 def is_headers_auth(self):
                     """
                     Returns True if this authentication plugin uses HTTP headers as
                     authentication method.
                     """
                     return False
                 @hybrid_property
                 def is_container_auth(self):
                     """
                     Deprecated method that indicates if this authentication plugin uses
                     HTTP headers as authentication method.
                     """
                     warnings.warn(
                         'Use is_headers_auth instead.', category=DeprecationWarning)
                     return self.is_headers_auth
                 @hybrid_property
                 def allows_creating_users(self):
                     """
                     Defines if Plugin allows users to be created on-the-fly when
                     authentication is called. Controls how external plugins should behave
                     in terms if they are allowed to create new users, or not. Base plugins
                     should not be allowed to, but External ones should be !
                     :return: bool
                     """
                     return False
                 def set_auth_type(self, auth_type):
                     self.auth_type = auth_type
                 def set_calling_scope_repo(self, acl_repo_name):
                     self.acl_repo_name = acl_repo_name
                 def allows_authentication_from(
                         self, user, allows_non_existing_user=True,
                         allowed_auth_plugins=None, allowed_auth_sources=None):
                     """
                     Checks if this authentication module should accept a request for
                     the current user.
                     :param user: user object fetched using plugin's get_user() method.
                     :param allows_non_existing_user: if True, don't allow the
                         user to be empty, meaning not existing in our database
                     :param allowed_auth_plugins: if provided, users extern_type will be
                         checked against a list of provided extern types, which are plugin
                         auth_names in the end
                     :param allowed_auth_sources: authentication type allowed,
                         `http` or `vcs` default is both.
                         defines if plugin will accept only http authentication vcs
                         authentication(git/hg) or both
                     :returns: boolean
                     """
                     if not user and not allows_non_existing_user:
                         log.debug('User is empty but plugin does not allow empty users,'
                                   'not allowed to authenticate')
                         return False
                     expected_auth_plugins = allowed_auth_plugins or [self.name]
                     if user and (user.extern_type and
                                  user.extern_type not in expected_auth_plugins):
                         log.debug(
                             'User `%s` is bound to `%s` auth type. Plugin allows only '
                             '%s, skipping', user, user.extern_type, expected_auth_plugins)
                         return False
                     # by default accept both
                     expected_auth_from = allowed_auth_sources or [HTTP_TYPE, VCS_TYPE]
                     if self.auth_type not in expected_auth_from:
                         log.debug('Current auth source is %s but plugin only allows %s',
                                   self.auth_type, expected_auth_from)
                         return False
                     return True
                 def get_user(self, username=None, **kwargs):
                     """
                     Helper method for user fetching in plugins, by default it's using
                     simple fetch by username, but this method can be custimized in plugins
                     eg. headers auth plugin to fetch user by environ params
                     :param username: username if given to fetch from database
                     :param kwargs: extra arguments needed for user fetching.
                     """
                     user = None
                     log.debug(
                         'Trying to fetch user `%s` from RhodeCode database', username)
                     if username:
                         user = User.get_by_username(username)
                         if not user:
                             log.debug('User not found, fallback to fetch user in '
                                       'case insensitive mode')
                             user = User.get_by_username(username, case_insensitive=True)
                     else:
                         log.debug('provided username:`%s` is empty skipping...', username)
                     if not user:
                         log.debug('User `%s` not found in database', username)
                     else:
                         log.debug('Got DB user:%s', user)
                     return user
                 def user_activation_state(self):
                     """
                     Defines user activation state when creating new users
                     :returns: boolean
                     """
                     raise NotImplementedError("Not implemented in base class")
                 def auth(self, userobj, username, passwd, settings, **kwargs):
                     """
                     Given a user object (which may be null), username, a plaintext
                     password, and a settings object (containing all the keys needed as
                     listed in settings()), authenticate this user's login attempt.
                     Return None on failure. On success, return a dictionary of the form:
                         see: RhodeCodeAuthPluginBase.auth_func_attrs
                     This is later validated for correctness
                     """
                     raise NotImplementedError("not implemented in base class")
                 def _authenticate(self, userobj, username, passwd, settings, **kwargs):
                     """
                     Wrapper to call self.auth() that validates call on it
                     :param userobj: userobj
                     :param username: username
                     :param passwd: plaintext password
                     :param settings: plugin settings
                     """
                     auth = self.auth(userobj, username, passwd, settings, **kwargs)
                     if auth:
                         auth['_plugin'] = self.name
                         auth['_ttl_cache'] = self.get_ttl_cache(settings)
                         # check if hash should be migrated ?
                         new_hash = auth.get('_hash_migrate')
                         if new_hash:
                             self._migrate_hash_to_bcrypt(username, passwd, new_hash)
                         if 'user_group_sync' not in auth:
                             auth['user_group_sync'] = False
                         return self._validate_auth_return(auth)
                     return auth
                 def _migrate_hash_to_bcrypt(self, username, password, new_hash):
                     new_hash_cypher = _RhodeCodeCryptoBCrypt()
                     # extra checks, so make sure new hash is correct.
                     password_encoded = safe_str(password)
                     if new_hash and new_hash_cypher.hash_check(
                             password_encoded, new_hash):
                         cur_user = User.get_by_username(username)
                         cur_user.password = new_hash
                         Session().add(cur_user)
                         Session().flush()
                         log.info('Migrated user %s hash to bcrypt', cur_user)
                 def _validate_auth_return(self, ret):
                     if not isinstance(ret, dict):
                         raise Exception('returned value from auth must be a dict')
                     for k in self.auth_func_attrs:
                         if k not in ret:
                             raise Exception('Missing %s attribute from returned data' % k)
                     return ret
                 def get_ttl_cache(self, settings=None):
                     plugin_settings = settings or self.get_settings()
                     # we set default to 30, we make a compromise here,
                     # performance > security, mostly due to LDAP/SVN, majority
                     # of users pick cache_ttl to be enabled
                     from rhodecode.authentication import plugin_default_auth_ttl
                     cache_ttl = plugin_default_auth_ttl
                     if isinstance(self.AUTH_CACHE_TTL, (int, long)):
                         # plugin cache set inside is more important than the settings value
                         cache_ttl = self.AUTH_CACHE_TTL
                     elif plugin_settings.get('cache_ttl'):
                         cache_ttl = safe_int(plugin_settings.get('cache_ttl'), 0)
                     plugin_cache_active = bool(cache_ttl and cache_ttl > 0)
                     return plugin_cache_active, cache_ttl
             class RhodeCodeExternalAuthPlugin(RhodeCodeAuthPluginBase):
                 @hybrid_property
                 def allows_creating_users(self):
                     return True
                 def use_fake_password(self):
                     """
                     Return a boolean that indicates whether or not we should set the user's
                     password to a random value when it is authenticated by this plugin.
                     If your plugin provides authentication, then you will generally
                     want this.
                     :returns: boolean
                     """
                     raise NotImplementedError("Not implemented in base class")
                 def _authenticate(self, userobj, username, passwd, settings, **kwargs):
                     # at this point _authenticate calls plugin's `auth()` function
                     auth = super(RhodeCodeExternalAuthPlugin, self)._authenticate(
                         userobj, username, passwd, settings, **kwargs)
                     if auth:
                         # maybe plugin will clean the username ?
                         # we should use the return value
                         username = auth['username']
                         # if external source tells us that user is not active, we should
                         # skip rest of the process. This can prevent from creating users in
                         # RhodeCode when using external authentication, but if it's
                         # inactive user we shouldn't create that user anyway
                         if auth['active_from_extern'] is False:
                             log.warning(
                                 "User %s authenticated against %s, but is inactive",
                                 username, self.__module__)
                             return None
                         cur_user = User.get_by_username(username, case_insensitive=True)
                         is_user_existing = cur_user is not None
                         if is_user_existing:
                             log.debug('Syncing user `%s` from '
                                       '`%s` plugin', username, self.name)
                         else:
                             log.debug('Creating non existing user `%s` from '
                                       '`%s` plugin', username, self.name)
                         if self.allows_creating_users:
                             log.debug('Plugin `%s` allows to '
                                       'create new users', self.name)
                         else:
                             log.debug('Plugin `%s` does not allow to '
                                       'create new users', self.name)
                         user_parameters = {
                             'username': username,
                             'email': auth["email"],
                             'firstname': auth["firstname"],
                             'lastname': auth["lastname"],
                             'active': auth["active"],
                             'admin': auth["admin"],
                             'extern_name': auth["extern_name"],
                             'extern_type': self.name,
                             'plugin': self,
                             'allow_to_create_user': self.allows_creating_users,
                         }
                         if not is_user_existing:
                             if self.use_fake_password():
                                 # Randomize the PW because we don't need it, but don't want
                                 # them blank either
                                 passwd = PasswordGenerator().gen_password(length=16)
                             user_parameters['password'] = passwd
                         else:
                             # Since the password is required by create_or_update method of
                             # UserModel, we need to set it explicitly.
                             # The create_or_update method is smart and recognises the
                             # password hashes as well.
                             user_parameters['password'] = cur_user.password
                         # we either create or update users, we also pass the flag
                         # that controls if this method can actually do that.
                         # raises NotAllowedToCreateUserError if it cannot, and we try to.
                         user = UserModel().create_or_update(**user_parameters)
                         Session().flush()
                         # enforce user is just in given groups, all of them has to be ones
                         # created from plugins. We store this info in _group_data JSON
                         # field
                         if auth['user_group_sync']:
                             try:
                                 groups = auth['groups'] or []
                                 log.debug(
                                     'Performing user_group sync based on set `%s` '
                                     'returned by `%s` plugin', groups, self.name)
                                 UserGroupModel().enforce_groups(user, groups, self.name)
                             except Exception:
                                 # for any reason group syncing fails, we should
                                 # proceed with login
                                 log.error(traceback.format_exc())
                         Session().commit()
                     return auth
             class AuthLdapBase(object):
                 @classmethod
                 def _build_servers(cls, ldap_server_type, ldap_server, port, use_resolver=True):
                     def host_resolver(host, port, full_resolve=True):
                         """
                         Main work for this function is to prevent ldap connection issues,
                         and detect them early using a "greenified" sockets
                         """
                         host = host.strip()
                         if not full_resolve:
                             return '{}:{}'.format(host, port)
                         log.debug('LDAP: Resolving IP for LDAP host `%s`', host)
                         try:
                             ip = socket.gethostbyname(host)
                             log.debug('LDAP: Got LDAP host `%s` ip %s', host, ip)
                         except Exception:
                             raise LdapConnectionError('Failed to resolve host: `{}`'.format(host))
                         log.debug('LDAP: Checking if IP %s is accessible', ip)
                         s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                         try:
                             s.connect((ip, int(port)))
                             s.shutdown(socket.SHUT_RD)
                             log.debug('LDAP: connection to %s successful', ip)
                         except Exception:
                             raise LdapConnectionError(
                                 'Failed to connect to host: `{}:{}`'.format(host, port))
                         return '{}:{}'.format(host, port)
                     if len(ldap_server) == 1:
                         # in case of single server use resolver to detect potential
                         # connection issues
                         full_resolve = True
                     else:
                         full_resolve = False
                     return ', '.join(
                         ["{}://{}".format(
                             ldap_server_type,
                             host_resolver(host, port, full_resolve=use_resolver and full_resolve))
                          for host in ldap_server])
                 @classmethod
                 def _get_server_list(cls, servers):
                     return map(string.strip, servers.split(','))
                 @classmethod
                 def get_uid(cls, username, server_addresses):
                     uid = username
                     for server_addr in server_addresses:
                         uid = chop_at(username, "@%s" % server_addr)
                     return uid
                 @classmethod
                 def validate_username(cls, username):
                     if "," in username:
                         raise LdapUsernameError(
                             "invalid character `,` in username: `{}`".format(username))
                 @classmethod
                 def validate_password(cls, username, password):
                     if not password:
                         msg = "Authenticating user %s with blank password not allowed"
                         log.warning(msg, username)
                         raise LdapPasswordError(msg)
             def loadplugin(plugin_id):
                 """
                 Loads and returns an instantiated authentication plugin.
                 Returns the RhodeCodeAuthPluginBase subclass on success,
                 or None on failure.
                 """
                 # TODO: Disusing pyramids thread locals to retrieve the registry.
                 authn_registry = get_authn_registry()
                 plugin = authn_registry.get_plugin(plugin_id)
                 if plugin is None:
                     log.error('Authentication plugin not found: "%s"', plugin_id)
                 return plugin
             def get_authn_registry(registry=None):
                 registry = registry or get_current_registry()
                 authn_registry = registry.queryUtility(IAuthnPluginRegistry)
                 return authn_registry
             def authenticate(username, password, environ=None, auth_type=None,
                              skip_missing=False, registry=None, acl_repo_name=None):
                 """
                 Authentication function used for access control,
                 It tries to authenticate based on enabled authentication modules.
                 :param username: username can be empty for headers auth
                 :param password: password can be empty for headers auth
                 :param environ: environ headers passed for headers auth
                 :param auth_type: type of authentication, either `HTTP_TYPE` or `VCS_TYPE`
                 :param skip_missing: ignores plugins that are in db but not in environment
                 :returns: None if auth failed, plugin_user dict if auth is correct
                 """
                 if not auth_type or auth_type not in [HTTP_TYPE, VCS_TYPE]:
                     raise ValueError('auth type must be on of http, vcs got "%s" instead'
                                      % auth_type)
                 headers_only = environ and not (username and password)
                 authn_registry = get_authn_registry(registry)
                 plugins_to_check = authn_registry.get_plugins_for_authentication()
                 log.debug('Starting ordered authentication chain using %s plugins',
                           [x.name for x in plugins_to_check])
                 for plugin in plugins_to_check:
                     plugin.set_auth_type(auth_type)
                     plugin.set_calling_scope_repo(acl_repo_name)
                     if headers_only and not plugin.is_headers_auth:
                         log.debug('Auth type is for headers only and plugin `%s` is not '
                                   'headers plugin, skipping...', plugin.get_id())
                         continue
                     log.debug('Trying authentication using ** %s **', plugin.get_id())
                     # load plugin settings from RhodeCode database
                     plugin_settings = plugin.get_settings()
                     plugin_sanitized_settings = plugin.log_safe_settings(plugin_settings)
                     log.debug('Plugin `%s` settings:%s', plugin.get_id(), plugin_sanitized_settings)
                     # use plugin's method of user extraction.
                     user = plugin.get_user(username, environ=environ,
                                            settings=plugin_settings)
                     display_user = user.username if user else username
                     log.debug(
                         'Plugin %s extracted user is `%s`', plugin.get_id(), display_user)
                     if not plugin.allows_authentication_from(user):
                         log.debug('Plugin %s does not accept user `%s` for authentication',
                                   plugin.get_id(), display_user)
                         continue
                     else:
                         log.debug('Plugin %s accepted user `%s` for authentication',
                                   plugin.get_id(), display_user)
                     log.info('Authenticating user `%s` using %s plugin',
                              display_user, plugin.get_id())
                     plugin_cache_active, cache_ttl = plugin.get_ttl_cache(plugin_settings)
                     log.debug('AUTH_CACHE_TTL for plugin `%s` active: %s (TTL: %s)',
                               plugin.get_id(), plugin_cache_active, cache_ttl)
                     user_id = user.user_id if user else 'no-user'
                     # don't cache for empty users
                     plugin_cache_active = plugin_cache_active and user_id
                     cache_namespace_uid = 'cache_user_auth.{}'.format(user_id)
                     region = rc_cache.get_or_create_region('cache_perms', cache_namespace_uid)
                     @region.conditional_cache_on_arguments(namespace=cache_namespace_uid,
                                                            expiration_time=cache_ttl,
                                                            condition=plugin_cache_active)
                     def compute_auth(
                             cache_name, plugin_name, username, password):
                         # _authenticate is a wrapper for .auth() method of plugin.
                         # it checks if .auth() sends proper data.
                         # For RhodeCodeExternalAuthPlugin it also maps users to
                         # Database and maps the attributes returned from .auth()
                         # to RhodeCode database. If this function returns data
                         # then auth is correct.
                         log.debug('Running plugin `%s` _authenticate method '
                                   'using username and password', plugin.get_id())
                         return plugin._authenticate(
                             user, username, password, plugin_settings,
                             environ=environ or {})
                     start = time.time()
                     # for environ based auth, password can be empty, but then the validation is
                     # on the server that fills in the env data needed for authentication
                     plugin_user = compute_auth('auth', plugin.name, username, (password or ''))
                     auth_time = time.time() - start
                     log.debug('Authentication for plugin `%s` completed in %.4fs, '
                               'expiration time of fetched cache %.1fs.',
                               plugin.get_id(), auth_time, cache_ttl)
                     log.debug('PLUGIN USER DATA: %s', plugin_user)
+                    statsd = StatsdClient.statsd
                     if plugin_user:
                         log.debug('Plugin returned proper authentication data')
+                        if statsd:
+                            statsd.incr('rhodecode_login_success_total')
                         return plugin_user
                     # we failed to Auth because .auth() method didn't return proper user
                     log.debug("User `%s` failed to authenticate against %s",
                               display_user, plugin.get_id())
+                    if statsd:
+                        statsd.incr('rhodecode_login_fail_total')
                 # case when we failed to authenticate against all defined plugins
                 return None
             def chop_at(s, sub, inclusive=False):
                 """Truncate string ``s`` at the first occurrence of ``sub``.
                 If ``inclusive`` is true, truncate just after ``sub`` rather than at it.
                 >>> chop_at("plutocratic brats", "rat")
                 'plutoc'
                 >>> chop_at("plutocratic brats", "rat", True)
                 'plutocrat'
                 """
                 pos = s.find(sub)
                 if pos == -1:
                     return s
                 if inclusive:
                     return s[:pos+len(sub)]
                 return s[:pos]

rhodecode/config/middleware.py

0 +1 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import os
             import sys
             import logging
             import collections
             import tempfile
             import time
             from paste.gzipper import make_gzip_middleware
             import pyramid.events
             from pyramid.wsgi import wsgiapp
             from pyramid.authorization import ACLAuthorizationPolicy
             from pyramid.config import Configurator
             from pyramid.settings import asbool, aslist
             from pyramid.httpexceptions import (
                 HTTPException, HTTPError, HTTPInternalServerError, HTTPFound, HTTPNotFound)
             from pyramid.renderers import render_to_response
             from rhodecode.model import meta
             from rhodecode.config import patches
             from rhodecode.config import utils as config_utils
             from rhodecode.config.environment import load_pyramid_environment
             import rhodecode.events
             from rhodecode.lib.middleware.vcs import VCSMiddleware
             from rhodecode.lib.request import Request
             from rhodecode.lib.vcs import VCSCommunicationError
             from rhodecode.lib.exceptions import VCSServerUnavailable
             from rhodecode.lib.middleware.appenlight import wrap_in_appenlight_if_enabled
             from rhodecode.lib.middleware.https_fixup import HttpsFixup
             from rhodecode.lib.plugins.utils import register_rhodecode_plugin
             from rhodecode.lib.utils2 import aslist as rhodecode_aslist, AttributeDict
             from rhodecode.lib.exc_tracking import store_exception
             from rhodecode.subscribers import (
                 scan_repositories_if_enabled, write_js_routes_if_enabled,
                 write_metadata_if_needed, write_usage_data)
             from rhodecode.lib.statsd_client import StatsdClient
             log = logging.getLogger(__name__)
             def is_http_error(response):
                 # error which should have traceback
                 return response.status_code > 499
             def should_load_all():
                 """
                 Returns if all application components should be loaded. In some cases it's
                 desired to skip apps loading for faster shell script execution
                 """
                 ssh_cmd = os.environ.get('RC_CMD_SSH_WRAPPER')
                 if ssh_cmd:
                     return False
                 return True
             def make_pyramid_app(global_config, **settings):
                 """
                 Constructs the WSGI application based on Pyramid.
                 Specials:
                 * The application can also be integrated like a plugin via the call to
                   `includeme`. This is accompanied with the other utility functions which
                   are called. Changing this should be done with great care to not break
                   cases when these fragments are assembled from another place.
                 """
                 # Allows to use format style "{ENV_NAME}" placeholders in the configuration. It
                 # will be replaced by the value of the environment variable "NAME" in this case.
                 start_time = time.time()
                 log.info('Pyramid app config starting')
                 # init and bootstrap StatsdClient
                 StatsdClient.setup(settings)
                 debug = asbool(global_config.get('debug'))
                 if debug:
                     enable_debug()
                 environ = {'ENV_{}'.format(key): value for key, value in os.environ.items()}
                 global_config = _substitute_values(global_config, environ)
                 settings = _substitute_values(settings, environ)
                 sanitize_settings_and_apply_defaults(global_config, settings)
                 config = Configurator(settings=settings)
                 # Init our statsd at very start
                 config.registry.statsd = StatsdClient.statsd
                 # Apply compatibility patches
                 patches.inspect_getargspec()
                 load_pyramid_environment(global_config, settings)
                 # Static file view comes first
                 includeme_first(config)
                 includeme(config)
                 pyramid_app = config.make_wsgi_app()
                 pyramid_app = wrap_app_in_wsgi_middlewares(pyramid_app, config)
                 pyramid_app.config = config
                 config.configure_celery(global_config['__file__'])
                 # creating the app uses a connection - return it after we are done
                 meta.Session.remove()
                 statsd = StatsdClient.statsd
                 total_time = time.time() - start_time
                 log.info('Pyramid app `%s` created and configured in %.2fs',
                          pyramid_app.func_name, total_time)
                 if statsd:
                     elapsed_time_ms = 1000.0 * total_time
                     statsd.timing('rhodecode_app_bootstrap_timing', elapsed_time_ms, tags=[
                         "pyramid_app:{}".format(pyramid_app.func_name)
                     ])
                 return pyramid_app
             def not_found_view(request):
                 """
                 This creates the view which should be registered as not-found-view to
                 pyramid.
                 """
                 if not getattr(request, 'vcs_call', None):
                     # handle like regular case with our error_handler
                     return error_handler(HTTPNotFound(), request)
                 # handle not found view as a vcs call
                 settings = request.registry.settings
                 ae_client = getattr(request, 'ae_client', None)
                 vcs_app = VCSMiddleware(
                     HTTPNotFound(), request.registry, settings,
                     appenlight_client=ae_client)
                 return wsgiapp(vcs_app)(None, request)
             def error_handler(exception, request):
                 import rhodecode
                 from rhodecode.lib import helpers
                 from rhodecode.lib.utils2 import str2bool
                 rhodecode_title = rhodecode.CONFIG.get('rhodecode_title') or 'RhodeCode'
                 base_response = HTTPInternalServerError()
                 # prefer original exception for the response since it may have headers set
                 if isinstance(exception, HTTPException):
                     base_response = exception
                 elif isinstance(exception, VCSCommunicationError):
                     base_response = VCSServerUnavailable()
                 if is_http_error(base_response):
                     log.exception(
                         'error occurred handling this request for path: %s', request.path)
                 statsd = request.registry.statsd
                 if statsd and base_response.status_code > 499:
-                    statsd.incr('rhodecode_exception', tags=["code:{}".format(base_response.status_code)])
+                    statsd.incr('rhodecode_exception_total', tags=["code:{}".format(base_response.status_code)])
                 error_explanation = base_response.explanation or str(base_response)
                 if base_response.status_code == 404:
                     error_explanation += " Optionally you don't have permission to access this page."
                 c = AttributeDict()
                 c.error_message = base_response.status
                 c.error_explanation = error_explanation
                 c.visual = AttributeDict()
                 c.visual.rhodecode_support_url = (
                     request.registry.settings.get('rhodecode_support_url') or
                     request.route_url('rhodecode_support')
                 )
                 c.redirect_time = 0
                 c.rhodecode_name = rhodecode_title
                 if not c.rhodecode_name:
                     c.rhodecode_name = 'Rhodecode'
                 c.causes = []
                 if is_http_error(base_response):
                     c.causes.append('Server is overloaded.')
                     c.causes.append('Server database connection is lost.')
                     c.causes.append('Server expected unhandled error.')
                 if hasattr(base_response, 'causes'):
                     c.causes = base_response.causes
                 c.messages = helpers.flash.pop_messages(request=request)
                 exc_info = sys.exc_info()
                 c.exception_id = id(exc_info)
                 c.show_exception_id = isinstance(base_response, VCSServerUnavailable) \
                                       or base_response.status_code > 499
                 c.exception_id_url = request.route_url(
                     'admin_settings_exception_tracker_show', exception_id=c.exception_id)
                 if c.show_exception_id:
                     store_exception(c.exception_id, exc_info)
                 c.exception_debug = str2bool(rhodecode.CONFIG.get('debug'))
                 c.exception_config_ini = rhodecode.CONFIG.get('__file__')
                 response = render_to_response(
                     '/errors/error_document.mako', {'c': c, 'h': helpers}, request=request,
                     response=base_response)
                 return response
             def includeme_first(config):
                 # redirect automatic browser favicon.ico requests to correct place
                 def favicon_redirect(context, request):
                     return HTTPFound(
                         request.static_path('rhodecode:public/images/favicon.ico'))
                 config.add_view(favicon_redirect, route_name='favicon')
                 config.add_route('favicon', '/favicon.ico')
                 def robots_redirect(context, request):
                     return HTTPFound(
                         request.static_path('rhodecode:public/robots.txt'))
                 config.add_view(robots_redirect, route_name='robots')
                 config.add_route('robots', '/robots.txt')
                 config.add_static_view(
                     '_static/deform', 'deform:static')
                 config.add_static_view(
                     '_static/rhodecode', path='rhodecode:public', cache_max_age=3600 * 24)
             def includeme(config, auth_resources=None):
                 from rhodecode.lib.celerylib.loader import configure_celery
                 log.debug('Initializing main includeme from %s', os.path.basename(__file__))
                 settings = config.registry.settings
                 config.set_request_factory(Request)
                 # plugin information
                 config.registry.rhodecode_plugins = collections.OrderedDict()
                 config.add_directive(
                     'register_rhodecode_plugin', register_rhodecode_plugin)
                 config.add_directive('configure_celery', configure_celery)
                 if asbool(settings.get('appenlight', 'false')):
                     config.include('appenlight_client.ext.pyramid_tween')
                 load_all = should_load_all()
                 # Includes which are required. The application would fail without them.
                 config.include('pyramid_mako')
                 config.include('rhodecode.lib.rc_beaker')
                 config.include('rhodecode.lib.rc_cache')
                 config.include('rhodecode.apps._base.navigation')
                 config.include('rhodecode.apps._base.subscribers')
                 config.include('rhodecode.tweens')
                 config.include('rhodecode.authentication')
                 if load_all:
                     ce_auth_resources = [
                         'rhodecode.authentication.plugins.auth_crowd',
                         'rhodecode.authentication.plugins.auth_headers',
                         'rhodecode.authentication.plugins.auth_jasig_cas',
                         'rhodecode.authentication.plugins.auth_ldap',
                         'rhodecode.authentication.plugins.auth_pam',
                         'rhodecode.authentication.plugins.auth_rhodecode',
                         'rhodecode.authentication.plugins.auth_token',
                     ]
                     # load CE authentication plugins
                     if auth_resources:
                         ce_auth_resources.extend(auth_resources)
                     for resource in ce_auth_resources:
                         config.include(resource)
                     # Auto discover authentication plugins and include their configuration.
                     if asbool(settings.get('auth_plugin.import_legacy_plugins', 'true')):
                         from rhodecode.authentication import discover_legacy_plugins
                         discover_legacy_plugins(config)
                 # apps
                 if load_all:
                     config.include('rhodecode.api')
                     config.include('rhodecode.apps._base')
                     config.include('rhodecode.apps.hovercards')
                     config.include('rhodecode.apps.ops')
                     config.include('rhodecode.apps.channelstream')
                     config.include('rhodecode.apps.file_store')
                     config.include('rhodecode.apps.admin')
                     config.include('rhodecode.apps.login')
                     config.include('rhodecode.apps.home')
                     config.include('rhodecode.apps.journal')
                     config.include('rhodecode.apps.repository')
                     config.include('rhodecode.apps.repo_group')
                     config.include('rhodecode.apps.user_group')
                     config.include('rhodecode.apps.search')
                     config.include('rhodecode.apps.user_profile')
                     config.include('rhodecode.apps.user_group_profile')
                     config.include('rhodecode.apps.my_account')
                     config.include('rhodecode.apps.gist')
                     config.include('rhodecode.apps.svn_support')
                     config.include('rhodecode.apps.ssh_support')
                     config.include('rhodecode.apps.debug_style')
                 if load_all:
                     config.include('rhodecode.integrations')
                 config.add_route('rhodecode_support', 'https://rhodecode.com/help/', static=True)
                 config.add_translation_dirs('rhodecode:i18n/')
                 settings['default_locale_name'] = settings.get('lang', 'en')
                 # Add subscribers.
                 if load_all:
                     config.add_subscriber(scan_repositories_if_enabled,
                                           pyramid.events.ApplicationCreated)
                     config.add_subscriber(write_metadata_if_needed,
                                           pyramid.events.ApplicationCreated)
                     config.add_subscriber(write_usage_data,
                                           pyramid.events.ApplicationCreated)
                     config.add_subscriber(write_js_routes_if_enabled,
                                           pyramid.events.ApplicationCreated)
                 # request custom methods
                 config.add_request_method(
                     'rhodecode.lib.partial_renderer.get_partial_renderer',
                     'get_partial_renderer')
                 config.add_request_method(
                     'rhodecode.lib.request_counter.get_request_counter',
                     'request_count')
                 # Set the authorization policy.
                 authz_policy = ACLAuthorizationPolicy()
                 config.set_authorization_policy(authz_policy)
                 # Set the default renderer for HTML templates to mako.
                 config.add_mako_renderer('.html')
                 config.add_renderer(
                     name='json_ext',
                     factory='rhodecode.lib.ext_json_renderer.pyramid_ext_json')
                 config.add_renderer(
                     name='string_html',
                     factory='rhodecode.lib.string_renderer.html')
                 # include RhodeCode plugins
                 includes = aslist(settings.get('rhodecode.includes', []))
                 for inc in includes:
                     config.include(inc)
                 # custom not found view, if our pyramid app doesn't know how to handle
                 # the request pass it to potential VCS handling ap
                 config.add_notfound_view(not_found_view)
                 if not settings.get('debugtoolbar.enabled', False):
                     # disabled debugtoolbar handle all exceptions via the error_handlers
                     config.add_view(error_handler, context=Exception)
                 # all errors including 403/404/50X
                 config.add_view(error_handler, context=HTTPError)
             def wrap_app_in_wsgi_middlewares(pyramid_app, config):
                 """
                 Apply outer WSGI middlewares around the application.
                 """
                 registry = config.registry
                 settings = registry.settings
                 # enable https redirects based on HTTP_X_URL_SCHEME set by proxy
                 pyramid_app = HttpsFixup(pyramid_app, settings)
                 pyramid_app, _ae_client = wrap_in_appenlight_if_enabled(
                     pyramid_app, settings)
                 registry.ae_client = _ae_client
                 if settings['gzip_responses']:
                     pyramid_app = make_gzip_middleware(
                         pyramid_app, settings, compress_level=1)
                 # this should be the outer most middleware in the wsgi stack since
                 # middleware like Routes make database calls
                 def pyramid_app_with_cleanup(environ, start_response):
                     try:
                         return pyramid_app(environ, start_response)
                     finally:
                         # Dispose current database session and rollback uncommitted
                         # transactions.
                         meta.Session.remove()
                         # In a single threaded mode server, on non sqlite db we should have
                         # '0 Current Checked out connections' at the end of a request,
                         # if not, then something, somewhere is leaving a connection open
                         pool = meta.Base.metadata.bind.engine.pool
                         log.debug('sa pool status: %s', pool.status())
                         log.debug('Request processing finalized')
                 return pyramid_app_with_cleanup
             def sanitize_settings_and_apply_defaults(global_config, settings):
                 """
                 Applies settings defaults and does all type conversion.
                 We would move all settings parsing and preparation into this place, so that
                 we have only one place left which deals with this part. The remaining parts
                 of the application would start to rely fully on well prepared settings.
                 This piece would later be split up per topic to avoid a big fat monster
                 function.
                 """
                 settings.setdefault('rhodecode.edition', 'Community Edition')
                 settings.setdefault('rhodecode.edition_id', 'CE')
                 if 'mako.default_filters' not in settings:
                     # set custom default filters if we don't have it defined
                     settings['mako.imports'] = 'from rhodecode.lib.base import h_filter'
                     settings['mako.default_filters'] = 'h_filter'
                 if 'mako.directories' not in settings:
                     mako_directories = settings.setdefault('mako.directories', [
                         # Base templates of the original application
                         'rhodecode:templates',
                     ])
                     log.debug(
                         "Using the following Mako template directories: %s",
                         mako_directories)
                 # NOTE(marcink): fix redis requirement for schema of connection since 3.X
                 if 'beaker.session.type' in settings and settings['beaker.session.type'] == 'ext:redis':
                     raw_url = settings['beaker.session.url']
                     if not raw_url.startswith(('redis://', 'rediss://', 'unix://')):
                         settings['beaker.session.url'] = 'redis://' + raw_url
                 # Default includes, possible to change as a user
                 pyramid_includes = settings.setdefault('pyramid.includes', [])
                 log.debug(
                     "Using the following pyramid.includes: %s",
                     pyramid_includes)
                 # TODO: johbo: Re-think this, usually the call to config.include
                 # should allow to pass in a prefix.
                 settings.setdefault('rhodecode.api.url', '/_admin/api')
                 settings.setdefault('__file__', global_config.get('__file__'))
                 # Sanitize generic settings.
                 _list_setting(settings, 'default_encoding', 'UTF-8')
                 _bool_setting(settings, 'is_test', 'false')
                 _bool_setting(settings, 'gzip_responses', 'false')
                 # Call split out functions that sanitize settings for each topic.
                 _sanitize_appenlight_settings(settings)
                 _sanitize_vcs_settings(settings)
                 _sanitize_cache_settings(settings)
                 # configure instance id
                 config_utils.set_instance_id(settings)
                 return settings
             def enable_debug():
                 """
                 Helper to enable debug on running instance
                 :return:
                 """
                 import tempfile
                 import textwrap
                 import logging.config
                 ini_template = textwrap.dedent("""
                 #####################################
                 ### DEBUG LOGGING CONFIGURATION  ####
                 #####################################
                 [loggers]
                 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
                 [handlers]
                 keys = console, console_sql
                 [formatters]
                 keys = generic, color_formatter, color_formatter_sql
                 #############
                 ## LOGGERS ##
                 #############
                 [logger_root]
                 level = NOTSET
                 handlers = console
                 [logger_sqlalchemy]
                 level = INFO
                 handlers = console_sql
                 qualname = sqlalchemy.engine
                 propagate = 0
                 [logger_beaker]
                 level = DEBUG
                 handlers =
                 qualname = beaker.container
                 propagate = 1
                 [logger_rhodecode]
                 level = DEBUG
                 handlers =
                 qualname = rhodecode
                 propagate = 1
                 [logger_ssh_wrapper]
                 level = DEBUG
                 handlers =
                 qualname = ssh_wrapper
                 propagate = 1
                 [logger_celery]
                 level = DEBUG
                 handlers =
                 qualname = celery
                 ##############
                 ## HANDLERS ##
                 ##############
                 [handler_console]
                 class = StreamHandler
                 args = (sys.stderr, )
                 level = DEBUG
                 formatter = color_formatter
                 [handler_console_sql]
                 # "level = DEBUG" logs SQL queries and results.
                 # "level = INFO" logs SQL queries.
                 # "level = WARN" logs neither.  (Recommended for production systems.)
                 class = StreamHandler
                 args = (sys.stderr, )
                 level = WARN
                 formatter = color_formatter_sql
                 ################
                 ## FORMATTERS ##
                 ################
                 [formatter_generic]
                 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
                 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s | %(req_id)s
                 datefmt = %Y-%m-%d %H:%M:%S
                 [formatter_color_formatter]
                 class = rhodecode.lib.logging_formatter.ColorRequestTrackingFormatter
                 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s | %(req_id)s
                 datefmt = %Y-%m-%d %H:%M:%S
                 [formatter_color_formatter_sql]
                 class = rhodecode.lib.logging_formatter.ColorFormatterSql
                 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
                 datefmt = %Y-%m-%d %H:%M:%S
                 """)
                 with tempfile.NamedTemporaryFile(prefix='rc_debug_logging_', suffix='.ini',
                                                  delete=False) as f:
                     log.info('Saved Temporary DEBUG config at %s', f.name)
                     f.write(ini_template)
                 logging.config.fileConfig(f.name)
                 log.debug('DEBUG MODE ON')
                 os.remove(f.name)
             def _sanitize_appenlight_settings(settings):
                 _bool_setting(settings, 'appenlight', 'false')
             def _sanitize_vcs_settings(settings):
                 """
                 Applies settings defaults and does type conversion for all VCS related
                 settings.
                 """
                 _string_setting(settings, 'vcs.svn.compatible_version', '')
                 _string_setting(settings, 'vcs.hooks.protocol', 'http')
                 _string_setting(settings, 'vcs.hooks.host', '127.0.0.1')
                 _string_setting(settings, 'vcs.scm_app_implementation', 'http')
                 _string_setting(settings, 'vcs.server', '')
                 _string_setting(settings, 'vcs.server.protocol', 'http')
                 _bool_setting(settings, 'startup.import_repos', 'false')
                 _bool_setting(settings, 'vcs.hooks.direct_calls', 'false')
                 _bool_setting(settings, 'vcs.server.enable', 'true')
                 _bool_setting(settings, 'vcs.start_server', 'false')
                 _list_setting(settings, 'vcs.backends', 'hg, git, svn')
                 _int_setting(settings, 'vcs.connection_timeout', 3600)
                 # Support legacy values of vcs.scm_app_implementation. Legacy
                 # configurations may use 'rhodecode.lib.middleware.utils.scm_app_http', or
                 # disabled since 4.13 'vcsserver.scm_app' which is now mapped to 'http'.
                 scm_app_impl = settings['vcs.scm_app_implementation']
                 if scm_app_impl in ['rhodecode.lib.middleware.utils.scm_app_http', 'vcsserver.scm_app']:
                     settings['vcs.scm_app_implementation'] = 'http'
             def _sanitize_cache_settings(settings):
                 temp_store = tempfile.gettempdir()
                 default_cache_dir = os.path.join(temp_store, 'rc_cache')
                 # save default, cache dir, and use it for all backends later.
                 default_cache_dir = _string_setting(
                     settings,
                     'cache_dir',
                     default_cache_dir, lower=False, default_when_empty=True)
                 # ensure we have our dir created
                 if not os.path.isdir(default_cache_dir):
                     os.makedirs(default_cache_dir, mode=0o755)
                 # exception store cache
                 _string_setting(
                     settings,
                     'exception_tracker.store_path',
                     temp_store, lower=False, default_when_empty=True)
                 _bool_setting(
                     settings,
                     'exception_tracker.send_email',
                     'false')
                 _string_setting(
                     settings,
                     'exception_tracker.email_prefix',
                     '[RHODECODE ERROR]', lower=False, default_when_empty=True)
                 # cache_perms
                 _string_setting(
                     settings,
                     'rc_cache.cache_perms.backend',
                     'dogpile.cache.rc.file_namespace', lower=False)
                 _int_setting(
                     settings,
                     'rc_cache.cache_perms.expiration_time',
 )
                 _string_setting(
                     settings,
                     'rc_cache.cache_perms.arguments.filename',
                     os.path.join(default_cache_dir, 'rc_cache_1'), lower=False)
                 # cache_repo
                 _string_setting(
                     settings,
                     'rc_cache.cache_repo.backend',
                     'dogpile.cache.rc.file_namespace', lower=False)
                 _int_setting(
                     settings,
                     'rc_cache.cache_repo.expiration_time',
 )
                 _string_setting(
                     settings,
                     'rc_cache.cache_repo.arguments.filename',
                     os.path.join(default_cache_dir, 'rc_cache_2'), lower=False)
                 # cache_license
                 _string_setting(
                     settings,
                     'rc_cache.cache_license.backend',
                     'dogpile.cache.rc.file_namespace', lower=False)
                 _int_setting(
                     settings,
                     'rc_cache.cache_license.expiration_time',
 *60)
                 _string_setting(
                     settings,
                     'rc_cache.cache_license.arguments.filename',
                     os.path.join(default_cache_dir, 'rc_cache_3'), lower=False)
                 # cache_repo_longterm memory, 96H
                 _string_setting(
                     settings,
                     'rc_cache.cache_repo_longterm.backend',
                     'dogpile.cache.rc.memory_lru', lower=False)
                 _int_setting(
                     settings,
                     'rc_cache.cache_repo_longterm.expiration_time',
 )
                 _int_setting(
                     settings,
                     'rc_cache.cache_repo_longterm.max_size',
 )
                 # sql_cache_short
                 _string_setting(
                     settings,
                     'rc_cache.sql_cache_short.backend',
                     'dogpile.cache.rc.memory_lru', lower=False)
                 _int_setting(
                     settings,
                     'rc_cache.sql_cache_short.expiration_time',
 )
                 _int_setting(
                     settings,
                     'rc_cache.sql_cache_short.max_size',
 )
             def _int_setting(settings, name, default):
                 settings[name] = int(settings.get(name, default))
                 return settings[name]
             def _bool_setting(settings, name, default):
                 input_val = settings.get(name, default)
                 if isinstance(input_val, unicode):
                     input_val = input_val.encode('utf8')
                 settings[name] = asbool(input_val)
                 return settings[name]
             def _list_setting(settings, name, default):
                 raw_value = settings.get(name, default)
                 old_separator = ','
                 if old_separator in raw_value:
                     # If we get a comma separated list, pass it to our own function.
                     settings[name] = rhodecode_aslist(raw_value, sep=old_separator)
                 else:
                     # Otherwise we assume it uses pyramids space/newline separation.
                     settings[name] = aslist(raw_value)
                 return settings[name]
             def _string_setting(settings, name, default, lower=True, default_when_empty=False):
                 value = settings.get(name, default)
                 if default_when_empty and not value:
                     # use default value when value is empty
                     value = default
                 if lower:
                     value = value.lower()
                 settings[name] = value
                 return settings[name]
             def _substitute_values(mapping, substitutions):
                 result = {}
                 try:
                     for key, value in mapping.items():
                         # initialize without substitution first
                         result[key] = value
                         # Note: Cannot use regular replacements, since they would clash
                         # with the implementation of ConfigParser. Using "format" instead.
                         try:
                             result[key] = value.format(**substitutions)
                         except KeyError as e:
                             env_var = '{}'.format(e.args[0])
                             msg = 'Failed to substitute: `{key}={{{var}}}` with environment entry. ' \
                                   'Make sure your environment has {var} set, or remove this ' \
                                   'variable from config file'.format(key=key, var=env_var)
                             if env_var.startswith('ENV_'):
                                 raise ValueError(msg)
                             else:
                                 log.warning(msg)
                 except ValueError as e:
                     log.warning('Failed to substitute ENV variable: %s', e)
                     result = mapping
                 return result

rhodecode/lib/celerylib/__init__.py

0 +1 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import socket
             import logging
             import rhodecode
             from zope.cachedescriptors.property import Lazy as LazyProperty
             from rhodecode.lib.celerylib.loader import (
                 celery_app, RequestContextTask, get_logger)
             from rhodecode.lib.statsd_client import StatsdClient
             async_task = celery_app.task
             log = logging.getLogger(__name__)
             class ResultWrapper(object):
                 def __init__(self, task):
                     self.task = task
                 @LazyProperty
                 def result(self):
                     return self.task
             def run_task(task, *args, **kwargs):
                 log.debug('Got task `%s` for execution, celery mode enabled:%s', task, rhodecode.CELERY_ENABLED)
                 if task is None:
                     raise ValueError('Got non-existing task for execution')
                 statsd = StatsdClient.statsd
                 exec_mode = 'sync'
                 if rhodecode.CELERY_ENABLED:
                     try:
                         t = task.apply_async(args=args, kwargs=kwargs)
                         log.debug('executing task %s:%s in async mode', t.task_id, task)
                         exec_mode = 'async'
                         return t
                     except socket.error as e:
                         if isinstance(e, IOError) and e.errno == 111:
                             log.error('Unable to connect to celeryd `%s`. Sync execution', e)
                         else:
                             log.exception("Exception while connecting to celeryd.")
                     except KeyError as e:
                         log.error('Unable to connect to celeryd `%s`. Sync execution', e)
                     except Exception as e:
                         log.exception(
                             "Exception while trying to run task asynchronous. "
                             "Fallback to sync execution.")
                 else:
                     log.debug('executing task %s:%s in sync mode', 'TASK', task)
                 if statsd:
-                    statsd.incr('rhodecode_celery_task', tags=[
+                    statsd.incr('rhodecode_celery_task_total', tags=[
                         'task:{}'.format(task),
                         'mode:{}'.format(exec_mode)
                     ])
                 return ResultWrapper(task(*args, **kwargs))

rhodecode/lib/celerylib/loader.py

0 +1 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             Celery loader, run with::
                 celery worker \
                     --beat \
                     --app rhodecode.lib.celerylib.loader \
                     --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler \
                     --loglevel DEBUG --ini=._dev/dev.ini
             """
             import os
             import logging
             import importlib
             from celery import Celery
             from celery import signals
             from celery import Task
             from celery import exceptions  # pragma: no cover
             from kombu.serialization import register
             from pyramid.threadlocal import get_current_request
             import rhodecode
             from rhodecode.lib.auth import AuthUser
             from rhodecode.lib.celerylib.utils import get_ini_config, parse_ini_vars, ping_db
             from rhodecode.lib.ext_json import json
             from rhodecode.lib.pyramid_utils import bootstrap, setup_logging, prepare_request
             from rhodecode.lib.utils2 import str2bool
             from rhodecode.model import meta
             register('json_ext', json.dumps, json.loads,
                      content_type='application/x-json-ext',
                      content_encoding='utf-8')
             log = logging.getLogger('celery.rhodecode.loader')
             def add_preload_arguments(parser):
                 parser.add_argument(
                     '--ini', default=None,
                     help='Path to ini configuration file.'
                 )
                 parser.add_argument(
                     '--ini-var', default=None,
                     help='Comma separated list of key=value to pass to ini.'
                 )
             def get_logger(obj):
                 custom_log = logging.getLogger(
                     'rhodecode.task.{}'.format(obj.__class__.__name__))
                 if rhodecode.CELERY_ENABLED:
                     try:
                         custom_log = obj.get_logger()
                     except Exception:
                         pass
                 return custom_log
             imports = ['rhodecode.lib.celerylib.tasks']
             try:
                 # try if we have EE tasks available
                 importlib.import_module('rc_ee')
                 imports.append('rc_ee.lib.celerylib.tasks')
             except ImportError:
                 pass
             base_celery_config = {
                 'result_backend': 'rpc://',
                 'result_expires': 60 * 60 * 24,
                 'result_persistent': True,
                 'imports': imports,
                 'worker_max_tasks_per_child': 100,
                 'accept_content': ['json_ext'],
                 'task_serializer': 'json_ext',
                 'result_serializer': 'json_ext',
                 'worker_hijack_root_logger': False,
                 'database_table_names': {
                     'task': 'beat_taskmeta',
                     'group': 'beat_groupmeta',
                 }
             }
             # init main celery app
             celery_app = Celery()
             celery_app.user_options['preload'].add(add_preload_arguments)
             ini_file_glob = None
             @signals.setup_logging.connect
             def setup_logging_callback(**kwargs):
                 setup_logging(ini_file_glob)
             @signals.user_preload_options.connect
             def on_preload_parsed(options, **kwargs):
                 ini_location = options['ini']
                 ini_vars = options['ini_var']
                 celery_app.conf['INI_PYRAMID'] = options['ini']
                 if ini_location is None:
                     print('You must provide the paste --ini argument')
                     exit(-1)
                 options = None
                 if ini_vars is not None:
                     options = parse_ini_vars(ini_vars)
                 global ini_file_glob
                 ini_file_glob = ini_location
                 log.debug('Bootstrapping RhodeCode application...')
                 env = bootstrap(ini_location, options=options)
                 setup_celery_app(
                     app=env['app'], root=env['root'], request=env['request'],
                     registry=env['registry'], closer=env['closer'],
                     ini_location=ini_location)
                 # fix the global flag even if it's disabled via .ini file because this
                 # is a worker code that doesn't need this to be disabled.
                 rhodecode.CELERY_ENABLED = True
             @signals.task_prerun.connect
             def task_prerun_signal(task_id, task, args, **kwargs):
                 ping_db()
             @signals.task_success.connect
             def task_success_signal(result, **kwargs):
                 meta.Session.commit()
                 closer = celery_app.conf['PYRAMID_CLOSER']
                 if closer:
                     closer()
             @signals.task_retry.connect
             def task_retry_signal(
                     request, reason, einfo, **kwargs):
                 meta.Session.remove()
                 closer = celery_app.conf['PYRAMID_CLOSER']
                 if closer:
                     closer()
             @signals.task_failure.connect
             def task_failure_signal(
                     task_id, exception, args, kwargs, traceback, einfo, **kargs):
                 from rhodecode.lib.exc_tracking import store_exception
                 from rhodecode.lib.statsd_client import StatsdClient
                 meta.Session.remove()
                 # simulate sys.exc_info()
                 exc_info = (einfo.type, einfo.exception, einfo.tb)
                 store_exception(id(exc_info), exc_info, prefix='rhodecode-celery')
                 statsd = StatsdClient.statsd
                 if statsd:
-                    statsd.incr('rhodecode_exception', tags=["celery"])
+                    statsd.incr('rhodecode_exception_total', tags=["exc_source:celery"])
                 closer = celery_app.conf['PYRAMID_CLOSER']
                 if closer:
                     closer()
             @signals.task_revoked.connect
             def task_revoked_signal(
                     request, terminated, signum, expired, **kwargs):
                 closer = celery_app.conf['PYRAMID_CLOSER']
                 if closer:
                     closer()
             def setup_celery_app(app, root, request, registry, closer, ini_location):
                 ini_dir = os.path.dirname(os.path.abspath(ini_location))
                 celery_config = base_celery_config
                 celery_config.update({
                     # store celerybeat scheduler db where the .ini file is
                     'beat_schedule_filename': os.path.join(ini_dir, 'celerybeat-schedule'),
                 })
                 ini_settings = get_ini_config(ini_location)
                 log.debug('Got custom celery conf: %s', ini_settings)
                 celery_config.update(ini_settings)
                 celery_app.config_from_object(celery_config)
                 celery_app.conf.update({'PYRAMID_APP': app})
                 celery_app.conf.update({'PYRAMID_ROOT': root})
                 celery_app.conf.update({'PYRAMID_REQUEST': request})
                 celery_app.conf.update({'PYRAMID_REGISTRY': registry})
                 celery_app.conf.update({'PYRAMID_CLOSER': closer})
             def configure_celery(config, ini_location):
                 """
                 Helper that is called from our application creation logic. It gives
                 connection info into running webapp and allows execution of tasks from
                 RhodeCode itself
                 """
                 # store some globals into rhodecode
                 rhodecode.CELERY_ENABLED = str2bool(
                     config.registry.settings.get('use_celery'))
                 if rhodecode.CELERY_ENABLED:
                     log.info('Configuring celery based on `%s` file', ini_location)
                     setup_celery_app(
                         app=None, root=None, request=None, registry=config.registry,
                         closer=None, ini_location=ini_location)
             def maybe_prepare_env(req):
                 environ = {}
                 try:
                     environ.update({
                         'PATH_INFO': req.environ['PATH_INFO'],
                         'SCRIPT_NAME': req.environ['SCRIPT_NAME'],
                         'HTTP_HOST':req.environ.get('HTTP_HOST', req.environ['SERVER_NAME']),
                         'SERVER_NAME': req.environ['SERVER_NAME'],
                         'SERVER_PORT': req.environ['SERVER_PORT'],
                         'wsgi.url_scheme': req.environ['wsgi.url_scheme'],
                     })
                 except Exception:
                     pass
                 return environ
             class RequestContextTask(Task):
                 """
                 This is a celery task which will create a rhodecode app instance context
                 for the task, patch pyramid with the original request
                 that created the task and also add the user to the context.
                 """
                 def apply_async(self, args=None, kwargs=None, task_id=None, producer=None,
                                 link=None, link_error=None, shadow=None, **options):
                     """ queue the job to run (we are in web request context here) """
                     req = get_current_request()
                     # web case
                     if hasattr(req, 'user'):
                         ip_addr = req.user.ip_addr
                         user_id = req.user.user_id
                     # api case
                     elif hasattr(req, 'rpc_user'):
                         ip_addr = req.rpc_user.ip_addr
                         user_id = req.rpc_user.user_id
                     else:
                         raise Exception(
                             'Unable to fetch required data from request: {}. \n'
                             'This task is required to be executed from context of '
                             'request in a webapp'.format(repr(req)))
                     if req:
                         # we hook into kwargs since it is the only way to pass our data to
                         # the celery worker
                         environ = maybe_prepare_env(req)
                         options['headers'] = options.get('headers', {})
                         options['headers'].update({
                             'rhodecode_proxy_data': {
                                 'environ': environ,
                                 'auth_user': {
                                     'ip_addr': ip_addr,
                                     'user_id': user_id
                                 },
                             }
                         })
                     return super(RequestContextTask, self).apply_async(
                         args, kwargs, task_id, producer, link, link_error, shadow, **options)
                 def __call__(self, *args, **kwargs):
                     """ rebuild the context and then run task on celery worker """
                     proxy_data = getattr(self.request, 'rhodecode_proxy_data', None)
                     if not proxy_data:
                         return super(RequestContextTask, self).__call__(*args, **kwargs)
                     log.debug('using celery proxy data to run task: %r', proxy_data)
                     # re-inject and register threadlocals for proper routing support
                     request = prepare_request(proxy_data['environ'])
                     request.user = AuthUser(user_id=proxy_data['auth_user']['user_id'],
                                             ip_addr=proxy_data['auth_user']['ip_addr'])
                     return super(RequestContextTask, self).__call__(*args, **kwargs)

rhodecode/lib/celerylib/tasks.py

0 +4 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2012-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             RhodeCode task modules, containing all task that suppose to be run
             by celery daemon
             """
             import os
             import time
             from pyramid import compat
             from pyramid_mailer.mailer import Mailer
             from pyramid_mailer.message import Message
             from email.utils import formatdate
             import rhodecode
             from rhodecode.lib import audit_logger
             from rhodecode.lib.celerylib import get_logger, async_task, RequestContextTask, run_task
             from rhodecode.lib import hooks_base
             from rhodecode.lib.utils2 import safe_int, str2bool, aslist
+            from rhodecode.lib.statsd_client import StatsdClient
             from rhodecode.model.db import (
                 Session, IntegrityError, true, Repository, RepoGroup, User)
             from rhodecode.model.permission import PermissionModel
             @async_task(ignore_result=True, base=RequestContextTask)
             def send_email(recipients, subject, body='', html_body='', email_config=None,
                            extra_headers=None):
                 """
                 Sends an email with defined parameters from the .ini files.
                 :param recipients: list of recipients, it this is empty the defined email
                     address from field 'email_to' is used instead
                 :param subject: subject of the mail
                 :param body: body of the mail
                 :param html_body: html version of body
                 :param email_config: specify custom configuration for mailer
                 :param extra_headers: specify custom headers
                 """
                 log = get_logger(send_email)
                 email_config = email_config or rhodecode.CONFIG
                 mail_server = email_config.get('smtp_server') or None
                 if mail_server is None:
                     log.error("SMTP server information missing. Sending email failed. "
                               "Make sure that `smtp_server` variable is configured "
                               "inside the .ini file")
                     return False
                 subject = "%s %s" % (email_config.get('email_prefix', ''), subject)
                 if recipients:
                     if isinstance(recipients, compat.string_types):
                         recipients = recipients.split(',')
                 else:
                     # if recipients are not defined we send to email_config + all admins
                     admins = []
                     for u in User.query().filter(User.admin == true()).all():
                         if u.email:
                             admins.append(u.email)
                     recipients = []
                     config_email = email_config.get('email_to')
                     if config_email:
                         recipients += [config_email]
                     recipients += admins
                 # translate our LEGACY config into the one that pyramid_mailer supports
                 email_conf = dict(
                     host=mail_server,
                     port=email_config.get('smtp_port', 25),
                     username=email_config.get('smtp_username'),
                     password=email_config.get('smtp_password'),
                     tls=str2bool(email_config.get('smtp_use_tls')),
                     ssl=str2bool(email_config.get('smtp_use_ssl')),
                     # SSL key file
                     # keyfile='',
                     # SSL certificate file
                     # certfile='',
                     # Location of maildir
                     # queue_path='',
                     default_sender=email_config.get('app_email_from', 'RhodeCode-noreply@rhodecode.com'),
                     debug=str2bool(email_config.get('smtp_debug')),
                     # /usr/sbin/sendmail	Sendmail executable
                     # sendmail_app='',
                     # {sendmail_app} -t -i -f {sender}	Template for sendmail execution
                     # sendmail_template='',
                 )
                 if extra_headers is None:
                     extra_headers = {}
                 extra_headers.setdefault('Date', formatdate(time.time()))
                 if 'thread_ids' in extra_headers:
                     thread_ids = extra_headers.pop('thread_ids')
                     extra_headers['References'] = ' '.join('<{}>'.format(t) for t in thread_ids)
                 try:
                     mailer = Mailer(**email_conf)
                     message = Message(subject=subject,
                                       sender=email_conf['default_sender'],
                                       recipients=recipients,
                                       body=body, html=html_body,
                                       extra_headers=extra_headers)
                     mailer.send_immediately(message)
+                    statsd = StatsdClient.statsd
+                    if statsd:
+                        statsd.incr('rhodecode_email_sent_total')
                 except Exception:
                     log.exception('Mail sending failed')
                     return False
                 return True
             @async_task(ignore_result=True, base=RequestContextTask)
             def create_repo(form_data, cur_user):
                 from rhodecode.model.repo import RepoModel
                 from rhodecode.model.user import UserModel
                 from rhodecode.model.scm import ScmModel
                 from rhodecode.model.settings import SettingsModel
                 log = get_logger(create_repo)
                 cur_user = UserModel()._get_user(cur_user)
                 owner = cur_user
                 repo_name = form_data['repo_name']
                 repo_name_full = form_data['repo_name_full']
                 repo_type = form_data['repo_type']
                 description = form_data['repo_description']
                 private = form_data['repo_private']
                 clone_uri = form_data.get('clone_uri')
                 repo_group = safe_int(form_data['repo_group'])
                 copy_fork_permissions = form_data.get('copy_permissions')
                 copy_group_permissions = form_data.get('repo_copy_permissions')
                 fork_of = form_data.get('fork_parent_id')
                 state = form_data.get('repo_state', Repository.STATE_PENDING)
                 # repo creation defaults, private and repo_type are filled in form
                 defs = SettingsModel().get_default_repo_settings(strip_prefix=True)
                 enable_statistics = form_data.get(
                     'enable_statistics', defs.get('repo_enable_statistics'))
                 enable_locking = form_data.get(
                     'enable_locking', defs.get('repo_enable_locking'))
                 enable_downloads = form_data.get(
                     'enable_downloads', defs.get('repo_enable_downloads'))
                 # set landing rev based on default branches for SCM
                 landing_ref, _label = ScmModel.backend_landing_ref(repo_type)
                 try:
                     RepoModel()._create_repo(
                         repo_name=repo_name_full,
                         repo_type=repo_type,
                         description=description,
                         owner=owner,
                         private=private,
                         clone_uri=clone_uri,
                         repo_group=repo_group,
                         landing_rev=landing_ref,
                         fork_of=fork_of,
                         copy_fork_permissions=copy_fork_permissions,
                         copy_group_permissions=copy_group_permissions,
                         enable_statistics=enable_statistics,
                         enable_locking=enable_locking,
                         enable_downloads=enable_downloads,
                         state=state
                     )
                     Session().commit()
                     # now create this repo on Filesystem
                     RepoModel()._create_filesystem_repo(
                         repo_name=repo_name,
                         repo_type=repo_type,
                         repo_group=RepoModel()._get_repo_group(repo_group),
                         clone_uri=clone_uri,
                     )
                     repo = Repository.get_by_repo_name(repo_name_full)
                     hooks_base.create_repository(created_by=owner.username, **repo.get_dict())
                     # update repo commit caches initially
                     repo.update_commit_cache()
                     # set new created state
                     repo.set_state(Repository.STATE_CREATED)
                     repo_id = repo.repo_id
                     repo_data = repo.get_api_data()
                     audit_logger.store(
                         'repo.create', action_data={'data': repo_data},
                         user=cur_user,
                         repo=audit_logger.RepoWrap(repo_name=repo_name, repo_id=repo_id))
                     Session().commit()
                     PermissionModel().trigger_permission_flush()
                 except Exception as e:
                     log.warning('Exception occurred when creating repository, '
                                 'doing cleanup...', exc_info=True)
                     if isinstance(e, IntegrityError):
                         Session().rollback()
                     # rollback things manually !
                     repo = Repository.get_by_repo_name(repo_name_full)
                     if repo:
                         Repository.delete(repo.repo_id)
                         Session().commit()
                         RepoModel()._delete_filesystem_repo(repo)
                     log.info('Cleanup of repo %s finished', repo_name_full)
                     raise
                 return True
             @async_task(ignore_result=True, base=RequestContextTask)
             def create_repo_fork(form_data, cur_user):
                 """
                 Creates a fork of repository using internal VCS methods
                 """
                 from rhodecode.model.repo import RepoModel
                 from rhodecode.model.user import UserModel
                 log = get_logger(create_repo_fork)
                 cur_user = UserModel()._get_user(cur_user)
                 owner = cur_user
                 repo_name = form_data['repo_name']  # fork in this case
                 repo_name_full = form_data['repo_name_full']
                 repo_type = form_data['repo_type']
                 description = form_data['description']
                 private = form_data['private']
                 clone_uri = form_data.get('clone_uri')
                 repo_group = safe_int(form_data['repo_group'])
                 landing_ref = form_data['landing_rev']
                 copy_fork_permissions = form_data.get('copy_permissions')
                 fork_id = safe_int(form_data.get('fork_parent_id'))
                 try:
                     fork_of = RepoModel()._get_repo(fork_id)
                     RepoModel()._create_repo(
                         repo_name=repo_name_full,
                         repo_type=repo_type,
                         description=description,
                         owner=owner,
                         private=private,
                         clone_uri=clone_uri,
                         repo_group=repo_group,
                         landing_rev=landing_ref,
                         fork_of=fork_of,
                         copy_fork_permissions=copy_fork_permissions
                     )
                     Session().commit()
                     base_path = Repository.base_path()
                     source_repo_path = os.path.join(base_path, fork_of.repo_name)
                     # now create this repo on Filesystem
                     RepoModel()._create_filesystem_repo(
                         repo_name=repo_name,
                         repo_type=repo_type,
                         repo_group=RepoModel()._get_repo_group(repo_group),
                         clone_uri=source_repo_path,
                     )
                     repo = Repository.get_by_repo_name(repo_name_full)
                     hooks_base.create_repository(created_by=owner.username, **repo.get_dict())
                     # update repo commit caches initially
                     config = repo._config
                     config.set('extensions', 'largefiles', '')
                     repo.update_commit_cache(config=config)
                     # set new created state
                     repo.set_state(Repository.STATE_CREATED)
                     repo_id = repo.repo_id
                     repo_data = repo.get_api_data()
                     audit_logger.store(
                         'repo.fork', action_data={'data': repo_data},
                         user=cur_user,
                         repo=audit_logger.RepoWrap(repo_name=repo_name, repo_id=repo_id))
                     Session().commit()
                 except Exception as e:
                     log.warning('Exception occurred when forking repository, '
                                 'doing cleanup...', exc_info=True)
                     if isinstance(e, IntegrityError):
                         Session().rollback()
                     # rollback things manually !
                     repo = Repository.get_by_repo_name(repo_name_full)
                     if repo:
                         Repository.delete(repo.repo_id)
                         Session().commit()
                         RepoModel()._delete_filesystem_repo(repo)
                     log.info('Cleanup of repo %s finished', repo_name_full)
                     raise
                 return True
             @async_task(ignore_result=True)
             def repo_maintenance(repoid):
                 from rhodecode.lib import repo_maintenance as repo_maintenance_lib
                 log = get_logger(repo_maintenance)
                 repo = Repository.get_by_id_or_repo_name(repoid)
                 if repo:
                     maintenance = repo_maintenance_lib.RepoMaintenance()
                     tasks = maintenance.get_tasks_for_repo(repo)
                     log.debug('Executing %s tasks on repo `%s`', tasks, repoid)
                     executed_types = maintenance.execute(repo)
                     log.debug('Got execution results %s', executed_types)
                 else:
                     log.debug('Repo `%s` not found or without a clone_url', repoid)
             @async_task(ignore_result=True)
             def check_for_update(send_email_notification=True, email_recipients=None):
                 from rhodecode.model.update import UpdateModel
                 from rhodecode.model.notification import EmailNotificationModel
                 log = get_logger(check_for_update)
                 update_url = UpdateModel().get_update_url()
                 cur_ver = rhodecode.__version__
                 try:
                     data = UpdateModel().get_update_data(update_url)
                     current_ver = UpdateModel().get_stored_version(fallback=cur_ver)
                     latest_ver = data['versions'][0]['version']
                     UpdateModel().store_version(latest_ver)
                     if send_email_notification:
                         log.debug('Send email notification is enabled. '
                                   'Current RhodeCode version: %s, latest known: %s', current_ver, latest_ver)
                         if UpdateModel().is_outdated(current_ver, latest_ver):
                             email_kwargs = {
                                 'current_ver': current_ver,
                                 'latest_ver': latest_ver,
                             }
                             (subject, email_body, email_body_plaintext) = EmailNotificationModel().render_email(
                                 EmailNotificationModel.TYPE_UPDATE_AVAILABLE, **email_kwargs)
                             email_recipients = aslist(email_recipients, sep=',') or \
                                                [user.email for user in User.get_all_super_admins()]
                             run_task(send_email, email_recipients, subject,
                                      email_body_plaintext, email_body)
                 except Exception:
                     pass
             @async_task(ignore_result=False)
             def beat_check(*args, **kwargs):
                 log = get_logger(beat_check)
                 log.info('%r: Got args: %r and kwargs %r', beat_check, args, kwargs)
                 return time.time()
             def sync_last_update_for_objects(*args, **kwargs):
                 skip_repos = kwargs.get('skip_repos')
                 if not skip_repos:
                     repos = Repository.query() \
                         .order_by(Repository.group_id.asc())
                     for repo in repos:
                         repo.update_commit_cache()
                 skip_groups = kwargs.get('skip_groups')
                 if not skip_groups:
                     repo_groups = RepoGroup.query() \
                         .filter(RepoGroup.group_parent_id == None)
                     for root_gr in repo_groups:
                         for repo_gr in reversed(root_gr.recursive_groups()):
                             repo_gr.update_commit_cache()
             @async_task(ignore_result=True)
             def sync_last_update(*args, **kwargs):
                 sync_last_update_for_objects(*args, **kwargs)

rhodecode/lib/hooks_base.py

0 +2 -2

             # -*- coding: utf-8 -*-
             # Copyright (C) 2013-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             Set of hooks run by RhodeCode Enterprise
             """
             import os
             import logging
             import rhodecode
             from rhodecode import events
             from rhodecode.lib import helpers as h
             from rhodecode.lib import audit_logger
             from rhodecode.lib.utils2 import safe_str
             from rhodecode.lib.exceptions import (
                 HTTPLockedRC, HTTPBranchProtected, UserCreationError)
             from rhodecode.model.db import Repository, User
             from rhodecode.lib.statsd_client import StatsdClient
             log = logging.getLogger(__name__)
             class HookResponse(object):
                 def __init__(self, status, output):
                     self.status = status
                     self.output = output
                 def __add__(self, other):
                     other_status = getattr(other, 'status', 0)
                     new_status = max(self.status, other_status)
                     other_output = getattr(other, 'output', '')
                     new_output = self.output + other_output
                     return HookResponse(new_status, new_output)
                 def __bool__(self):
                     return self.status == 0
             def is_shadow_repo(extras):
                 """
                 Returns ``True`` if this is an action executed against a shadow repository.
                 """
                 return extras['is_shadow_repo']
             def _get_scm_size(alias, root_path):
                 if not alias.startswith('.'):
                     alias += '.'
                 size_scm, size_root = 0, 0
                 for path, unused_dirs, files in os.walk(safe_str(root_path)):
                     if path.find(alias) != -1:
                         for f in files:
                             try:
                                 size_scm += os.path.getsize(os.path.join(path, f))
                             except OSError:
                                 pass
                     else:
                         for f in files:
                             try:
                                 size_root += os.path.getsize(os.path.join(path, f))
                             except OSError:
                                 pass
                 size_scm_f = h.format_byte_size_binary(size_scm)
                 size_root_f = h.format_byte_size_binary(size_root)
                 size_total_f = h.format_byte_size_binary(size_root + size_scm)
                 return size_scm_f, size_root_f, size_total_f
             # actual hooks called by Mercurial internally, and GIT by our Python Hooks
             def repo_size(extras):
                 """Present size of repository after push."""
                 repo = Repository.get_by_repo_name(extras.repository)
                 vcs_part = safe_str(u'.%s' % repo.repo_type)
                 size_vcs, size_root, size_total = _get_scm_size(vcs_part,
                                                                 repo.repo_full_path)
                 msg = ('Repository `%s` size summary %s:%s repo:%s total:%s\n'
                        % (repo.repo_name, vcs_part, size_vcs, size_root, size_total))
                 return HookResponse(0, msg)
             def pre_push(extras):
                 """
                 Hook executed before pushing code.
                 It bans pushing when the repository is locked.
                 """
                 user = User.get_by_username(extras.username)
                 output = ''
                 if extras.locked_by[0] and user.user_id != int(extras.locked_by[0]):
                     locked_by = User.get(extras.locked_by[0]).username
                     reason = extras.locked_by[2]
                     # this exception is interpreted in git/hg middlewares and based
                     # on that proper return code is server to client
                     _http_ret = HTTPLockedRC(
                         _locked_by_explanation(extras.repository, locked_by, reason))
                     if str(_http_ret.code).startswith('2'):
                         # 2xx Codes don't raise exceptions
                         output = _http_ret.title
                     else:
                         raise _http_ret
                 hook_response = ''
                 if not is_shadow_repo(extras):
                     if extras.commit_ids and extras.check_branch_perms:
                         auth_user = user.AuthUser()
                         repo = Repository.get_by_repo_name(extras.repository)
                         affected_branches = []
                         if repo.repo_type == 'hg':
                             for entry in extras.commit_ids:
                                 if entry['type'] == 'branch':
                                     is_forced = bool(entry['multiple_heads'])
                                     affected_branches.append([entry['name'], is_forced])
                         elif repo.repo_type == 'git':
                             for entry in extras.commit_ids:
                                 if entry['type'] == 'heads':
                                     is_forced = bool(entry['pruned_sha'])
                                     affected_branches.append([entry['name'], is_forced])
                         for branch_name, is_forced in affected_branches:
                             rule, branch_perm = auth_user.get_rule_and_branch_permission(
                                 extras.repository, branch_name)
                             if not branch_perm:
                                 # no branch permission found for this branch, just keep checking
                                 continue
                             if branch_perm == 'branch.push_force':
                                 continue
                             elif branch_perm == 'branch.push' and is_forced is False:
                                 continue
                             elif branch_perm == 'branch.push' and is_forced is True:
                                 halt_message = 'Branch `{}` changes rejected by rule {}. ' \
                                                'FORCE PUSH FORBIDDEN.'.format(branch_name, rule)
                             else:
                                 halt_message = 'Branch `{}` changes rejected by rule {}.'.format(
                                     branch_name, rule)
                             if halt_message:
                                 _http_ret = HTTPBranchProtected(halt_message)
                                 raise _http_ret
                     # Propagate to external components. This is done after checking the
                     # lock, for consistent behavior.
                     hook_response = pre_push_extension(
                         repo_store_path=Repository.base_path(), **extras)
                     events.trigger(events.RepoPrePushEvent(
                         repo_name=extras.repository, extras=extras))
                 return HookResponse(0, output) + hook_response
             def pre_pull(extras):
                 """
                 Hook executed before pulling the code.
                 It bans pulling when the repository is locked.
                 """
                 output = ''
                 if extras.locked_by[0]:
                     locked_by = User.get(extras.locked_by[0]).username
                     reason = extras.locked_by[2]
                     # this exception is interpreted in git/hg middlewares and based
                     # on that proper return code is server to client
                     _http_ret = HTTPLockedRC(
                         _locked_by_explanation(extras.repository, locked_by, reason))
                     if str(_http_ret.code).startswith('2'):
                         # 2xx Codes don't raise exceptions
                         output = _http_ret.title
                     else:
                         raise _http_ret
                 # Propagate to external components. This is done after checking the
                 # lock, for consistent behavior.
                 hook_response = ''
                 if not is_shadow_repo(extras):
                     extras.hook_type = extras.hook_type or 'pre_pull'
                     hook_response = pre_pull_extension(
                         repo_store_path=Repository.base_path(), **extras)
                     events.trigger(events.RepoPrePullEvent(
                         repo_name=extras.repository, extras=extras))
                 return HookResponse(0, output) + hook_response
             def post_pull(extras):
                 """Hook executed after client pulls the code."""
                 audit_user = audit_logger.UserWrap(
                     username=extras.username,
                     ip_addr=extras.ip)
                 repo = audit_logger.RepoWrap(repo_name=extras.repository)
                 audit_logger.store(
                     'user.pull', action_data={'user_agent': extras.user_agent},
                     user=audit_user, repo=repo, commit=True)
                 statsd = StatsdClient.statsd
                 if statsd:
-                    statsd.incr('rhodecode_pull')
+                    statsd.incr('rhodecode_pull_total')
                 output = ''
                 # make lock is a tri state False, True, None. We only make lock on True
                 if extras.make_lock is True and not is_shadow_repo(extras):
                     user = User.get_by_username(extras.username)
                     Repository.lock(Repository.get_by_repo_name(extras.repository),
                                     user.user_id,
                                     lock_reason=Repository.LOCK_PULL)
                     msg = 'Made lock on repo `%s`' % (extras.repository,)
                     output += msg
                 if extras.locked_by[0]:
                     locked_by = User.get(extras.locked_by[0]).username
                     reason = extras.locked_by[2]
                     _http_ret = HTTPLockedRC(
                         _locked_by_explanation(extras.repository, locked_by, reason))
                     if str(_http_ret.code).startswith('2'):
                         # 2xx Codes don't raise exceptions
                         output += _http_ret.title
                 # Propagate to external components.
                 hook_response = ''
                 if not is_shadow_repo(extras):
                     extras.hook_type = extras.hook_type or 'post_pull'
                     hook_response = post_pull_extension(
                         repo_store_path=Repository.base_path(), **extras)
                     events.trigger(events.RepoPullEvent(
                         repo_name=extras.repository, extras=extras))
                 return HookResponse(0, output) + hook_response
             def post_push(extras):
                 """Hook executed after user pushes to the repository."""
                 commit_ids = extras.commit_ids
                 # log the push call
                 audit_user = audit_logger.UserWrap(
                     username=extras.username, ip_addr=extras.ip)
                 repo = audit_logger.RepoWrap(repo_name=extras.repository)
                 audit_logger.store(
                     'user.push', action_data={
                         'user_agent': extras.user_agent,
                         'commit_ids': commit_ids[:400]},
                     user=audit_user, repo=repo, commit=True)
                 statsd = StatsdClient.statsd
                 if statsd:
-                    statsd.incr('rhodecode_push')
+                    statsd.incr('rhodecode_push_total')
                 # Propagate to external components.
                 output = ''
                 # make lock is a tri state False, True, None. We only release lock on False
                 if extras.make_lock is False and not is_shadow_repo(extras):
                     Repository.unlock(Repository.get_by_repo_name(extras.repository))
                     msg = 'Released lock on repo `{}`\n'.format(safe_str(extras.repository))
                     output += msg
                 if extras.locked_by[0]:
                     locked_by = User.get(extras.locked_by[0]).username
                     reason = extras.locked_by[2]
                     _http_ret = HTTPLockedRC(
                         _locked_by_explanation(extras.repository, locked_by, reason))
                     # TODO: johbo: if not?
                     if str(_http_ret.code).startswith('2'):
                         # 2xx Codes don't raise exceptions
                         output += _http_ret.title
                 if extras.new_refs:
                     tmpl = '{}/{}/pull-request/new?{{ref_type}}={{ref_name}}'.format(
                         safe_str(extras.server_url), safe_str(extras.repository))
                     for branch_name in extras.new_refs['branches']:
                         output += 'RhodeCode: open pull request link: {}\n'.format(
                             tmpl.format(ref_type='branch', ref_name=safe_str(branch_name)))
                     for book_name in extras.new_refs['bookmarks']:
                         output += 'RhodeCode: open pull request link: {}\n'.format(
                             tmpl.format(ref_type='bookmark', ref_name=safe_str(book_name)))
                 hook_response = ''
                 if not is_shadow_repo(extras):
                     hook_response = post_push_extension(
                         repo_store_path=Repository.base_path(),
                         **extras)
                     events.trigger(events.RepoPushEvent(
                         repo_name=extras.repository, pushed_commit_ids=commit_ids, extras=extras))
                 output += 'RhodeCode: push completed\n'
                 return HookResponse(0, output) + hook_response
             def _locked_by_explanation(repo_name, user_name, reason):
                 message = (
                     'Repository `%s` locked by user `%s`. Reason:`%s`'
                     % (repo_name, user_name, reason))
                 return message
             def check_allowed_create_user(user_dict, created_by, **kwargs):
                 # pre create hooks
                 if pre_create_user.is_active():
                     hook_result = pre_create_user(created_by=created_by, **user_dict)
                     allowed = hook_result.status == 0
                     if not allowed:
                         reason = hook_result.output
                         raise UserCreationError(reason)
             class ExtensionCallback(object):
                 """
                 Forwards a given call to rcextensions, sanitizes keyword arguments.
                 Does check if there is an extension active for that hook. If it is
                 there, it will forward all `kwargs_keys` keyword arguments to the
                 extension callback.
                 """
                 def __init__(self, hook_name, kwargs_keys):
                     self._hook_name = hook_name
                     self._kwargs_keys = set(kwargs_keys)
                 def __call__(self, *args, **kwargs):
                     log.debug('Calling extension callback for `%s`', self._hook_name)
                     callback = self._get_callback()
                     if not callback:
                         log.debug('extension callback `%s` not found, skipping...', self._hook_name)
                         return
                     kwargs_to_pass = {}
                     for key in self._kwargs_keys:
                         try:
                             kwargs_to_pass[key] = kwargs[key]
                         except KeyError:
                             log.error('Failed to fetch %s key from given kwargs. '
                                       'Expected keys: %s', key, self._kwargs_keys)
                             raise
                     # backward compat for removed api_key for old hooks. This was it works
                     # with older rcextensions that require api_key present
                     if self._hook_name in ['CREATE_USER_HOOK', 'DELETE_USER_HOOK']:
                         kwargs_to_pass['api_key'] = '_DEPRECATED_'
                     return callback(**kwargs_to_pass)
                 def is_active(self):
                     return hasattr(rhodecode.EXTENSIONS, self._hook_name)
                 def _get_callback(self):
                     return getattr(rhodecode.EXTENSIONS, self._hook_name, None)
             pre_pull_extension = ExtensionCallback(
                 hook_name='PRE_PULL_HOOK',
                 kwargs_keys=(
                     'server_url', 'config', 'scm', 'username', 'ip', 'action',
                     'repository', 'hook_type', 'user_agent', 'repo_store_path',))
             post_pull_extension = ExtensionCallback(
                 hook_name='PULL_HOOK',
                 kwargs_keys=(
                     'server_url', 'config', 'scm', 'username', 'ip', 'action',
                     'repository', 'hook_type', 'user_agent', 'repo_store_path',))
             pre_push_extension = ExtensionCallback(
                 hook_name='PRE_PUSH_HOOK',
                 kwargs_keys=(
                     'server_url', 'config', 'scm', 'username', 'ip', 'action',
                     'repository', 'repo_store_path', 'commit_ids', 'hook_type', 'user_agent',))
             post_push_extension = ExtensionCallback(
                 hook_name='PUSH_HOOK',
                 kwargs_keys=(
                     'server_url', 'config', 'scm', 'username', 'ip', 'action',
                     'repository', 'repo_store_path', 'commit_ids', 'hook_type', 'user_agent',))
             pre_create_user = ExtensionCallback(
                 hook_name='PRE_CREATE_USER_HOOK',
                 kwargs_keys=(
                     'username', 'password', 'email', 'firstname', 'lastname', 'active',
                     'admin', 'created_by'))
             create_pull_request = ExtensionCallback(
                 hook_name='CREATE_PULL_REQUEST',
                 kwargs_keys=(
                     'server_url', 'config', 'scm', 'username', 'ip', 'action',
                     'repository', 'pull_request_id', 'url', 'title', 'description',
                     'status', 'created_on', 'updated_on', 'commit_ids', 'review_status',
                     'mergeable', 'source', 'target', 'author', 'reviewers'))
             merge_pull_request = ExtensionCallback(
                 hook_name='MERGE_PULL_REQUEST',
                 kwargs_keys=(
                     'server_url', 'config', 'scm', 'username', 'ip', 'action',
                     'repository', 'pull_request_id', 'url', 'title', 'description',
                     'status', 'created_on', 'updated_on', 'commit_ids', 'review_status',
                     'mergeable', 'source', 'target', 'author', 'reviewers'))
             close_pull_request = ExtensionCallback(
                 hook_name='CLOSE_PULL_REQUEST',
                 kwargs_keys=(
                     'server_url', 'config', 'scm', 'username', 'ip', 'action',
                     'repository', 'pull_request_id', 'url', 'title', 'description',
                     'status', 'created_on', 'updated_on', 'commit_ids', 'review_status',
                     'mergeable', 'source', 'target', 'author', 'reviewers'))
             review_pull_request = ExtensionCallback(
                 hook_name='REVIEW_PULL_REQUEST',
                 kwargs_keys=(
                     'server_url', 'config', 'scm', 'username', 'ip', 'action',
                     'repository', 'pull_request_id', 'url', 'title', 'description',
                     'status', 'created_on', 'updated_on', 'commit_ids', 'review_status',
                     'mergeable', 'source', 'target', 'author', 'reviewers'))
             comment_pull_request = ExtensionCallback(
                 hook_name='COMMENT_PULL_REQUEST',
                 kwargs_keys=(
                     'server_url', 'config', 'scm', 'username', 'ip', 'action',
                     'repository', 'pull_request_id', 'url', 'title', 'description',
                     'status', 'comment', 'created_on', 'updated_on', 'commit_ids', 'review_status',
                     'mergeable', 'source', 'target', 'author', 'reviewers'))
             comment_edit_pull_request = ExtensionCallback(
                 hook_name='COMMENT_EDIT_PULL_REQUEST',
                 kwargs_keys=(
                     'server_url', 'config', 'scm', 'username', 'ip', 'action',
                     'repository', 'pull_request_id', 'url', 'title', 'description',
                     'status', 'comment', 'created_on', 'updated_on', 'commit_ids', 'review_status',
                     'mergeable', 'source', 'target', 'author', 'reviewers'))
             update_pull_request = ExtensionCallback(
                 hook_name='UPDATE_PULL_REQUEST',
                 kwargs_keys=(
                     'server_url', 'config', 'scm', 'username', 'ip', 'action',
                     'repository', 'pull_request_id', 'url', 'title', 'description',
                     'status', 'created_on', 'updated_on', 'commit_ids', 'review_status',
                     'mergeable', 'source', 'target', 'author', 'reviewers'))
             create_user = ExtensionCallback(
                 hook_name='CREATE_USER_HOOK',
                 kwargs_keys=(
                     'username', 'full_name_or_username', 'full_contact', 'user_id',
                     'name', 'firstname', 'short_contact', 'admin', 'lastname',
                     'ip_addresses', 'extern_type', 'extern_name',
                     'email', 'api_keys', 'last_login',
                     'full_name', 'active', 'password', 'emails',
                     'inherit_default_permissions', 'created_by', 'created_on'))
             delete_user = ExtensionCallback(
                 hook_name='DELETE_USER_HOOK',
                 kwargs_keys=(
                     'username', 'full_name_or_username', 'full_contact', 'user_id',
                     'name', 'firstname', 'short_contact', 'admin', 'lastname',
                     'ip_addresses',
                     'email', 'last_login',
                     'full_name', 'active', 'password', 'emails',
                     'inherit_default_permissions', 'deleted_by'))
             create_repository = ExtensionCallback(
                 hook_name='CREATE_REPO_HOOK',
                 kwargs_keys=(
                     'repo_name', 'repo_type', 'description', 'private', 'created_on',
                     'enable_downloads', 'repo_id', 'user_id', 'enable_statistics',
                     'clone_uri', 'fork_id', 'group_id', 'created_by'))
             delete_repository = ExtensionCallback(
                 hook_name='DELETE_REPO_HOOK',
                 kwargs_keys=(
                     'repo_name', 'repo_type', 'description', 'private', 'created_on',
                     'enable_downloads', 'repo_id', 'user_id', 'enable_statistics',
                     'clone_uri', 'fork_id', 'group_id', 'deleted_by', 'deleted_on'))
             comment_commit_repository = ExtensionCallback(
                 hook_name='COMMENT_COMMIT_REPO_HOOK',
                 kwargs_keys=(
                     'repo_name', 'repo_type', 'description', 'private', 'created_on',
                     'enable_downloads', 'repo_id', 'user_id', 'enable_statistics',
                     'clone_uri', 'fork_id', 'group_id',
                     'repository', 'created_by', 'comment', 'commit'))
             comment_edit_commit_repository = ExtensionCallback(
                 hook_name='COMMENT_EDIT_COMMIT_REPO_HOOK',
                 kwargs_keys=(
                     'repo_name', 'repo_type', 'description', 'private', 'created_on',
                     'enable_downloads', 'repo_id', 'user_id', 'enable_statistics',
                     'clone_uri', 'fork_id', 'group_id',
                     'repository', 'created_by', 'comment', 'commit'))
             create_repository_group = ExtensionCallback(
                 hook_name='CREATE_REPO_GROUP_HOOK',
                 kwargs_keys=(
                     'group_name', 'group_parent_id', 'group_description',
                     'group_id', 'user_id', 'created_by', 'created_on',
                     'enable_locking'))

rhodecode/lib/middleware/request_wrapper.py

0 +4 -5

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import time
             import logging
             import rhodecode
             from rhodecode.lib.auth import AuthUser
             from rhodecode.lib.base import get_ip_addr, get_access_path, get_user_agent
             from rhodecode.lib.utils2 import safe_str, get_current_rhodecode_user
             log = logging.getLogger(__name__)
             class RequestWrapperTween(object):
                 def __init__(self, handler, registry):
                     self.handler = handler
                     self.registry = registry
                     # one-time configuration code goes here
                 def _get_user_info(self, request):
                     user = get_current_rhodecode_user(request)
                     if not user:
                         user = AuthUser.repr_user(ip=get_ip_addr(request.environ))
                     return user
                 def __call__(self, request):
                     start = time.time()
                     log.debug('Starting request time measurement')
                     try:
                         response = self.handler(request)
                     finally:
                         count = request.request_count()
                         _ver_ = rhodecode.__version__
                         _path = safe_str(get_access_path(request.environ))
                         _auth_user = self._get_user_info(request)
+                        user_id = getattr(_auth_user, 'user_id', _auth_user)
                         total = time.time() - start
                         log.info(
                             'Req[%4s] %s %s Request to %s time: %.4fs [%s], RhodeCode %s',
                             count, _auth_user, request.environ.get('REQUEST_METHOD'),
                             _path, total, get_user_agent(request. environ), _ver_
                         )
                         statsd = request.registry.statsd
                         if statsd:
                             resp_code = response.status_code
-                            user_id = getattr(_auth_user, 'user_id', _auth_user)
                             elapsed_time_ms = 1000.0 * total
                             statsd.timing(
                                 'rhodecode_req_timing', elapsed_time_ms,
                                 tags=[
-                                    #"path:{}".format(_path),
+                                    "view_name:{}".format(request.matched_route.name),
                                     #"user:{}".format(user_id),
                                     "code:{}".format(resp_code)
                                 ]
                             )
                             statsd.incr(
-                                'rhodecode_req_count', tags=[
+                                'rhodecode_req_count_total', tags=[
-                                    #"path:{}".format(_path),
+                                    "view_name:{}".format(request.matched_route.name),
                                     #"user:{}".format(user_id),
                                     "code:{}".format(resp_code)
                                 ])
                     return response
             def includeme(config):
                 config.add_tween(
                     'rhodecode.lib.middleware.request_wrapper.RequestWrapperTween',
                 )

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages