Show More
| @@ -1,72 +1,46 b'' | |||||
| 1 | # Copyright (C) 2010-2024 RhodeCode GmbH |
|
1 | # Copyright (C) 2010-2024 RhodeCode GmbH | |
| 2 | # |
|
2 | # | |
| 3 | # This program is free software: you can redistribute it and/or modify |
|
3 | # This program is free software: you can redistribute it and/or modify | |
| 4 | # it under the terms of the GNU Affero General Public License, version 3 |
|
4 | # it under the terms of the GNU Affero General Public License, version 3 | |
| 5 | # (only), as published by the Free Software Foundation. |
|
5 | # (only), as published by the Free Software Foundation. | |
| 6 | # |
|
6 | # | |
| 7 | # This program is distributed in the hope that it will be useful, |
|
7 | # This program is distributed in the hope that it will be useful, | |
| 8 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
8 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 9 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
9 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 10 | # GNU General Public License for more details. |
|
10 | # GNU General Public License for more details. | |
| 11 | # |
|
11 | # | |
| 12 | # You should have received a copy of the GNU Affero General Public License |
|
12 | # You should have received a copy of the GNU Affero General Public License | |
| 13 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
13 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
| 14 | # |
|
14 | # | |
| 15 | # This program is dual-licensed. If you wish to learn more about the |
|
15 | # This program is dual-licensed. If you wish to learn more about the | |
| 16 | # RhodeCode Enterprise Edition, including its added features, Support services, |
|
16 | # RhodeCode Enterprise Edition, including its added features, Support services, | |
| 17 | # and proprietary license terms, please see https://rhodecode.com/licenses/ |
|
17 | # and proprietary license terms, please see https://rhodecode.com/licenses/ | |
| 18 |
|
18 | |||
| 19 | import logging |
|
19 | import logging | |
| 20 | import formencode |
|
|||
| 21 |
|
20 | |||
| 22 | from rhodecode import BACKENDS |
|
|||
| 23 | from rhodecode.apps._base import BaseAppView |
|
21 | from rhodecode.apps._base import BaseAppView | |
| 24 | from rhodecode.model.meta import Session |
|
|||
| 25 | from rhodecode.model.settings import SettingsModel |
|
|||
| 26 | from rhodecode.model.forms import WhitelistedVcsClientsForm |
|
|||
| 27 | from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator |
|
22 | from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator | |
| 28 |
|
23 | |||
| 29 | log = logging.getLogger(__name__) |
|
24 | log = logging.getLogger(__name__) | |
| 30 |
|
25 | |||
| 31 |
|
26 | |||
| 32 | class AdminSecurityView(BaseAppView): |
|
27 | class AdminSecurityView(BaseAppView): | |
| 33 |
|
28 | |||
| 34 | def load_default_context(self): |
|
29 | def load_default_context(self): | |
| 35 | c = self._get_local_tmpl_context() |
|
30 | c = self._get_local_tmpl_context() | |
| 36 | return c |
|
31 | return c | |
| 37 |
|
32 | |||
| 38 | @LoginRequired() |
|
33 | @LoginRequired() | |
| 39 | @HasPermissionAllDecorator('hg.admin') |
|
34 | @HasPermissionAllDecorator('hg.admin') | |
| 40 | def security(self): |
|
35 | def security(self): | |
| 41 | c = self.load_default_context() |
|
36 | c = self.load_default_context() | |
| 42 | c.active = 'security' |
|
37 | c.active = 'security' | |
| 43 | return self._get_template_context(c) |
|
38 | return self._get_template_context(c) | |
| 44 |
|
39 | |||
|
|
40 | ||||
| 45 | @LoginRequired() |
|
41 | @LoginRequired() | |
| 46 | @HasPermissionAllDecorator('hg.admin') |
|
42 | @HasPermissionAllDecorator('hg.admin') | |
| 47 | def vcs_whitelisted_client_versions_edit(self): |
|
43 | def admin_security_modify_allowed_vcs_client_versions(self): | |
| 48 | _ = self.request.translate |
|
|||
| 49 | c = self.load_default_context() |
|
44 | c = self.load_default_context() | |
| 50 | render_ctx = {} |
|
45 | c.active = 'security' | |
| 51 | settings = SettingsModel() |
|
46 | return self._get_template_context(c) | |
| 52 | form = WhitelistedVcsClientsForm(_, )() |
|
|||
| 53 | if self.request.method == 'POST': |
|
|||
| 54 | try: |
|
|||
| 55 | result = form.to_python(self.request.POST) |
|
|||
| 56 | for k, v in result.items(): |
|
|||
| 57 | if v: |
|
|||
| 58 | setting = settings.create_or_update_setting(name=f'{k}_allowed_clients', val=v) |
|
|||
| 59 | Session().add(setting) |
|
|||
| 60 | Session().commit() |
|
|||
| 61 |
|
||||
| 62 | except formencode.Invalid as errors: |
|
|||
| 63 | render_ctx.update({ |
|
|||
| 64 | 'errors': errors.error_dict |
|
|||
| 65 | }) |
|
|||
| 66 | for key in BACKENDS.keys(): |
|
|||
| 67 | verbose_name = f"initial_{key}" |
|
|||
| 68 | if existing := settings.get_setting_by_name(name=f'{key}_allowed_clients'): |
|
|||
| 69 | render_ctx[verbose_name] = existing.app_settings_value |
|
|||
| 70 | else: |
|
|||
| 71 | render_ctx[verbose_name] = '*' |
|
|||
| 72 | return self._get_template_context(c, **render_ctx) |
|
|||
| @@ -1,79 +1,50 b'' | |||||
| 1 | <%inherit file="/base/base.mako"/> |
|
1 | <%inherit file="/base/base.mako"/> | |
| 2 |
|
2 | |||
| 3 | <%def name="title()"> |
|
3 | <%def name="title()"> | |
| 4 | ${_('Security Admin')} |
|
4 | ${_('Security Admin')} | |
| 5 | %if c.rhodecode_name: |
|
5 | %if c.rhodecode_name: | |
| 6 | · ${h.branding(c.rhodecode_name)} |
|
6 | · ${h.branding(c.rhodecode_name)} | |
| 7 | %endif |
|
7 | %endif | |
| 8 | </%def> |
|
8 | </%def> | |
| 9 |
|
9 | |||
| 10 | <%def name="breadcrumbs_links()"></%def> |
|
10 | <%def name="breadcrumbs_links()"></%def> | |
| 11 |
|
11 | |||
| 12 | <%def name="menu_bar_nav()"> |
|
12 | <%def name="menu_bar_nav()"> | |
| 13 | ${self.menu_items(active='admin')} |
|
13 | ${self.menu_items(active='admin')} | |
| 14 | </%def> |
|
14 | </%def> | |
| 15 |
|
15 | |||
| 16 | <%def name="menu_bar_subnav()"> |
|
16 | <%def name="menu_bar_subnav()"> | |
| 17 | ${self.admin_menu(active='security')} |
|
17 | ${self.admin_menu(active='security')} | |
| 18 | </%def> |
|
18 | </%def> | |
| 19 |
|
19 | |||
| 20 | <%def name="main()"> |
|
20 | <%def name="main()"> | |
| 21 |
|
21 | |||
| 22 | <div class="box"> |
|
22 | <div class="box"> | |
| 23 |
|
23 | |||
| 24 | <div class="panel panel-default"> |
|
24 | <div class="panel panel-default"> | |
| 25 | <div class="panel-heading"> |
|
25 | <div class="panel-heading"> | |
| 26 | <h3 class="panel-title">${_('Security Audit')}</h3> |
|
26 | <h3 class="panel-title">${_('Security Audit')}</h3> | |
| 27 | </div> |
|
27 | </div> | |
| 28 | <div class="panel-body"> |
|
28 | <div class="panel-body"> | |
| 29 | <h4>${_('This feature is available in RhodeCode EE edition only. Contact {sales_email} to obtain a trial license.').format(sales_email='<a href="mailto:sales@rhodecode.com">sales@rhodecode.com</a>')|n}</h4> |
|
29 | <h4>${_('This feature is available in RhodeCode EE edition only. Contact {sales_email} to obtain a trial license.').format(sales_email='<a href="mailto:sales@rhodecode.com">sales@rhodecode.com</a>')|n}</h4> | |
| 30 | <p> |
|
30 | <p> | |
| 31 | ${_('You can scan your repositories for exposed secrets, passwords, etc')} |
|
31 | ${_('You can scan your repositories for exposed secrets, passwords, etc')} | |
| 32 | </p> |
|
32 | </p> | |
| 33 | </div> |
|
33 | </div> | |
| 34 | </div> |
|
34 | </div> | |
| 35 |
|
35 | |||
| 36 | <div class="panel panel-default"> |
|
36 | <div class="panel panel-default"> | |
| 37 | <div class="panel-heading"> |
|
37 | <div class="panel-heading"> | |
| 38 | <h3 class="panel-title">${_('Allowed client versions')}</h3> |
|
38 | <h3 class="panel-title">${_('Allowed client versions')}</h3> | |
| 39 | </div> |
|
39 | </div> | |
| 40 | <div class="panel-body"> |
|
40 | <div class="panel-body"> | |
| 41 | %if c.rhodecode_edition_id != 'EE': |
|
|||
| 42 | <h4>${_('This feature is available in RhodeCode EE edition only. Contact {sales_email} to obtain a trial license.').format(sales_email='<a href="mailto:sales@rhodecode.com">sales@rhodecode.com</a>')|n}</h4> |
|
41 | <h4>${_('This feature is available in RhodeCode EE edition only. Contact {sales_email} to obtain a trial license.').format(sales_email='<a href="mailto:sales@rhodecode.com">sales@rhodecode.com</a>')|n}</h4> | |
| 43 | <p> |
|
42 | <p> | |
| 44 | ${_('Some outdated client versions may have security vulnerabilities. This section have rules for whitelisting versions of clients for Git, Mercurial and SVN.')} |
|
43 | ${_('Some outdated client versions may have security vulnerabilities. This section have rules for whitelisting versions of clients for Git, Mercurial and SVN.')} | |
| 45 | </p> |
|
44 | </p> | |
| 46 | %else: |
|
|||
| 47 | <div class="inner form" id="container"> |
|
|||
| 48 |
|
|
45 | </div> | |
| 49 | %endif |
|
46 | ||
| 50 | </div> |
|
|||
| 51 |
|
47 | |||
| 52 | </div> |
|
48 | </div> | |
| 53 |
|
49 | |||
| 54 | <script> |
|
|||
| 55 | $(document).ready(function() { |
|
|||
| 56 | $.ajax({ |
|
|||
| 57 | url: pyroutes.url('admin_security_modify_allowed_vcs_client_versions'), |
|
|||
| 58 | type: 'GET', |
|
|||
| 59 | success: function(response) { |
|
|||
| 60 | $('#container').html(response); |
|
|||
| 61 | }, |
|
|||
| 62 | }); |
|
|||
| 63 | $(document).on('submit', '#allowed_clients_form', function(event) { |
|
|||
| 64 | event.preventDefault(); |
|
|||
| 65 | var formData = $(this).serialize(); |
|
|||
| 66 |
|
||||
| 67 | $.ajax({ |
|
|||
| 68 | url: pyroutes.url('admin_security_modify_allowed_vcs_client_versions'), |
|
|||
| 69 | type: 'POST', |
|
|||
| 70 | data: formData, |
|
|||
| 71 | success: function(response) { |
|
|||
| 72 | $('#container').html(response); |
|
|||
| 73 | }, |
|
|||
| 74 | }); |
|
|||
| 75 | }); |
|
|||
| 76 | }); |
|
|||
| 77 | </script> |
|
|||
| 78 |
|
||||
| 79 | </%def> |
|
50 | </%def> | |
| 1 | NO CONTENT: file was removed |
|
NO CONTENT: file was removed |
General Comments 0
You need to be logged in to leave comments.
Login now