rhodecode-enterprise-ce Commit - r1539:7998d3c5

pyramid: added checks for password change for authenticated users.

marcink -

r1539:7998d3c5 default

parent child

rhodecode/apps/_base/__init__.py

0 +32 -1

@@ -18,11 +18,14 b''
18	# RhodeCode Enterprise Edition, including its added features, Support services,	18	# RhodeCode Enterprise Edition, including its added features, Support services,
19	# and proprietary license terms, please see https://rhodecode.com/licenses/	19	# and proprietary license terms, please see https://rhodecode.com/licenses/
20		20
		21	import time
21	import logging	22	import logging
22	from pylons import tmpl_context as c	23	from pylons import tmpl_context as c
23	from pyramid.httpexceptions import HTTPFound	24	from pyramid.httpexceptions import HTTPFound
24		25
25	from rhodecode.lib~~.utils2~~ import ~~StrictAttributeDict~~	26	from rhodecode.lib import helpers as h
		27	from rhodecode.lib.utils2 import StrictAttributeDict, safe_int
		28	from rhodecode.model.db import User
26		29
27	log = logging.getLogger(__name__)	30	log = logging.getLogger(__name__)
28		31
@@ -43,6 +46,34 b' class BaseAppView(object):'
43	self.session = request.session	46	self.session = request.session
44	self._rhodecode_user = request.user # auth user	47	self._rhodecode_user = request.user # auth user
45	self._rhodecode_db_user = self._rhodecode_user.get_instance()	48	self._rhodecode_db_user = self._rhodecode_user.get_instance()
		49	self._maybe_needs_password_change(
		50	request.matched_route.name, self._rhodecode_db_user)
		51
		52	def _maybe_needs_password_change(self, view_name, user_obj):
		53	log.debug('Checking if user %s needs password change on view %s',
		54	user_obj, view_name)
		55	skip_user_views = [
		56	'logout', 'login',
		57	'my_account_password', 'my_account_password_update'
		58	]
		59
		60	if not user_obj:
		61	return
		62
		63	if user_obj.username == User.DEFAULT_USER:
		64	return
		65
		66	now = time.time()
		67	should_change = user_obj.user_data.get('force_password_change')
		68	change_after = safe_int(should_change) or 0
		69	if should_change and now > change_after:
		70	log.debug('User %s requires password change', user_obj)
		71	h.flash('You are required to change your password', 'warning',
		72	ignore_duplicate=True)
		73
		74	if view_name not in skip_user_views:
		75	raise HTTPFound(
		76	self.request.route_path('my_account_password'))
46		77
47	def _get_local_tmpl_context(self):	78	def _get_local_tmpl_context(self):
48	c = TemplateArgs()	79	c = TemplateArgs()

rhodecode/apps/login/tests/test_register_captcha.py

0 +8 -3

             from rhodecode.apps.login.views import LoginView, CaptchaData
             from rhodecode.config.routing import ADMIN_PREFIX
+            from rhodecode.lib.utils2 import AttributeDict
             from rhodecode.model.settings import SettingsModel
             from rhodecode.tests.utils import AssertResponse
                     model.create_or_update_setting(name=self.name, val=self.value)
                     return self
-                def __exit__(self, type, value, traceback):
+                def __exit__(self, exc_type, exc_val, exc_tb):
                     model = SettingsModel()
                     if self.old_setting:
                         model.create_or_update_setting(
                     ('privkey', '',       CaptchaData(True,  'privkey', '')),
                     ('privkey', 'pubkey', CaptchaData(True,  'privkey', 'pubkey')),
                 ])
-                def test_get_captcha_data(self, private_key, public_key, expected, db):
+                def test_get_captcha_data(self, private_key, public_key, expected, db,
-                    login_view = LoginView(mock.Mock(), mock.Mock())
+                                          request_stub, user_util):
+                    request_stub.user = user_util.create_user().AuthUser
+                    request_stub.matched_route = AttributeDict({'name': 'login'})
+                    login_view = LoginView(mock.Mock(), request_stub)
                     with RhodeCodeSetting('captcha_private_key', private_key):
                         with RhodeCodeSetting('captcha_public_key', public_key):
                             captcha = login_view._get_captcha_data()

rhodecode/lib/base.py

0 +2 -11

                         _route_name)
                     )
-                    # TODO: Maybe this should be move to pyramid to cover all views.
-                    # check user attributes for password change flag
                     user_obj = auth_user.get_instance()
                     if user_obj and user_obj.user_data.get('force_password_change'):
                         h.flash('You are required to change your password', 'warning',
                                 ignore_duplicate=True)
+                        return self._dispatch_redirect(
-                        skip_user_check_urls = [
+                            url('my_account_password'), environ, start_response)
-                            'error.document', 'login.logout', 'login.index',
-                            'admin/my_account.my_account_password',
-                            'admin/my_account.my_account_password_update'
-                        if _route_name not in skip_user_check_urls:
-                            return self._dispatch_redirect(
-                                url('my_account_password'), environ, start_response)
                     return WSGIController.__call__(self, environ, start_response)

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages