##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
sessions: don't touch session for API calls.
marcink -
r3749:7da1bd06 new-ui
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,583 +1,592 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2010-2019 RhodeCode GmbH
3 # Copyright (C) 2010-2019 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 """
21 """
22 The base Controller API
22 The base Controller API
23 Provides the BaseController class for subclassing. And usage in different
23 Provides the BaseController class for subclassing. And usage in different
24 controllers
24 controllers
25 """
25 """
26
26
27 import logging
27 import logging
28 import socket
28 import socket
29
29
30 import markupsafe
30 import markupsafe
31 import ipaddress
31 import ipaddress
32
32
33 from paste.auth.basic import AuthBasicAuthenticator
33 from paste.auth.basic import AuthBasicAuthenticator
34 from paste.httpexceptions import HTTPUnauthorized, HTTPForbidden, get_exception
34 from paste.httpexceptions import HTTPUnauthorized, HTTPForbidden, get_exception
35 from paste.httpheaders import WWW_AUTHENTICATE, AUTHORIZATION
35 from paste.httpheaders import WWW_AUTHENTICATE, AUTHORIZATION
36
36
37 import rhodecode
37 import rhodecode
38 from rhodecode.apps._base import TemplateArgs
38 from rhodecode.apps._base import TemplateArgs
39 from rhodecode.authentication.base import VCS_TYPE
39 from rhodecode.authentication.base import VCS_TYPE
40 from rhodecode.lib import auth, utils2
40 from rhodecode.lib import auth, utils2
41 from rhodecode.lib import helpers as h
41 from rhodecode.lib import helpers as h
42 from rhodecode.lib.auth import AuthUser, CookieStoreWrapper
42 from rhodecode.lib.auth import AuthUser, CookieStoreWrapper
43 from rhodecode.lib.exceptions import UserCreationError
43 from rhodecode.lib.exceptions import UserCreationError
44 from rhodecode.lib.utils import (password_changed, get_enabled_hook_classes)
44 from rhodecode.lib.utils import (password_changed, get_enabled_hook_classes)
45 from rhodecode.lib.utils2 import (
45 from rhodecode.lib.utils2 import (
46 str2bool, safe_unicode, AttributeDict, safe_int, sha1, aslist, safe_str)
46 str2bool, safe_unicode, AttributeDict, safe_int, sha1, aslist, safe_str)
47 from rhodecode.model.db import Repository, User, ChangesetComment, UserBookmark
47 from rhodecode.model.db import Repository, User, ChangesetComment, UserBookmark
48 from rhodecode.model.notification import NotificationModel
48 from rhodecode.model.notification import NotificationModel
49 from rhodecode.model.settings import VcsSettingsModel, SettingsModel
49 from rhodecode.model.settings import VcsSettingsModel, SettingsModel
50
50
51 log = logging.getLogger(__name__)
51 log = logging.getLogger(__name__)
52
52
53
53
54 def _filter_proxy(ip):
54 def _filter_proxy(ip):
55 """
55 """
56 Passed in IP addresses in HEADERS can be in a special format of multiple
56 Passed in IP addresses in HEADERS can be in a special format of multiple
57 ips. Those comma separated IPs are passed from various proxies in the
57 ips. Those comma separated IPs are passed from various proxies in the
58 chain of request processing. The left-most being the original client.
58 chain of request processing. The left-most being the original client.
59 We only care about the first IP which came from the org. client.
59 We only care about the first IP which came from the org. client.
60
60
61 :param ip: ip string from headers
61 :param ip: ip string from headers
62 """
62 """
63 if ',' in ip:
63 if ',' in ip:
64 _ips = ip.split(',')
64 _ips = ip.split(',')
65 _first_ip = _ips[0].strip()
65 _first_ip = _ips[0].strip()
66 log.debug('Got multiple IPs %s, using %s', ','.join(_ips), _first_ip)
66 log.debug('Got multiple IPs %s, using %s', ','.join(_ips), _first_ip)
67 return _first_ip
67 return _first_ip
68 return ip
68 return ip
69
69
70
70
71 def _filter_port(ip):
71 def _filter_port(ip):
72 """
72 """
73 Removes a port from ip, there are 4 main cases to handle here.
73 Removes a port from ip, there are 4 main cases to handle here.
74 - ipv4 eg. 127.0.0.1
74 - ipv4 eg. 127.0.0.1
75 - ipv6 eg. ::1
75 - ipv6 eg. ::1
76 - ipv4+port eg. 127.0.0.1:8080
76 - ipv4+port eg. 127.0.0.1:8080
77 - ipv6+port eg. [::1]:8080
77 - ipv6+port eg. [::1]:8080
78
78
79 :param ip:
79 :param ip:
80 """
80 """
81 def is_ipv6(ip_addr):
81 def is_ipv6(ip_addr):
82 if hasattr(socket, 'inet_pton'):
82 if hasattr(socket, 'inet_pton'):
83 try:
83 try:
84 socket.inet_pton(socket.AF_INET6, ip_addr)
84 socket.inet_pton(socket.AF_INET6, ip_addr)
85 except socket.error:
85 except socket.error:
86 return False
86 return False
87 else:
87 else:
88 # fallback to ipaddress
88 # fallback to ipaddress
89 try:
89 try:
90 ipaddress.IPv6Address(safe_unicode(ip_addr))
90 ipaddress.IPv6Address(safe_unicode(ip_addr))
91 except Exception:
91 except Exception:
92 return False
92 return False
93 return True
93 return True
94
94
95 if ':' not in ip: # must be ipv4 pure ip
95 if ':' not in ip: # must be ipv4 pure ip
96 return ip
96 return ip
97
97
98 if '[' in ip and ']' in ip: # ipv6 with port
98 if '[' in ip and ']' in ip: # ipv6 with port
99 return ip.split(']')[0][1:].lower()
99 return ip.split(']')[0][1:].lower()
100
100
101 # must be ipv6 or ipv4 with port
101 # must be ipv6 or ipv4 with port
102 if is_ipv6(ip):
102 if is_ipv6(ip):
103 return ip
103 return ip
104 else:
104 else:
105 ip, _port = ip.split(':')[:2] # means ipv4+port
105 ip, _port = ip.split(':')[:2] # means ipv4+port
106 return ip
106 return ip
107
107
108
108
109 def get_ip_addr(environ):
109 def get_ip_addr(environ):
110 proxy_key = 'HTTP_X_REAL_IP'
110 proxy_key = 'HTTP_X_REAL_IP'
111 proxy_key2 = 'HTTP_X_FORWARDED_FOR'
111 proxy_key2 = 'HTTP_X_FORWARDED_FOR'
112 def_key = 'REMOTE_ADDR'
112 def_key = 'REMOTE_ADDR'
113 _filters = lambda x: _filter_port(_filter_proxy(x))
113 _filters = lambda x: _filter_port(_filter_proxy(x))
114
114
115 ip = environ.get(proxy_key)
115 ip = environ.get(proxy_key)
116 if ip:
116 if ip:
117 return _filters(ip)
117 return _filters(ip)
118
118
119 ip = environ.get(proxy_key2)
119 ip = environ.get(proxy_key2)
120 if ip:
120 if ip:
121 return _filters(ip)
121 return _filters(ip)
122
122
123 ip = environ.get(def_key, '0.0.0.0')
123 ip = environ.get(def_key, '0.0.0.0')
124 return _filters(ip)
124 return _filters(ip)
125
125
126
126
127 def get_server_ip_addr(environ, log_errors=True):
127 def get_server_ip_addr(environ, log_errors=True):
128 hostname = environ.get('SERVER_NAME')
128 hostname = environ.get('SERVER_NAME')
129 try:
129 try:
130 return socket.gethostbyname(hostname)
130 return socket.gethostbyname(hostname)
131 except Exception as e:
131 except Exception as e:
132 if log_errors:
132 if log_errors:
133 # in some cases this lookup is not possible, and we don't want to
133 # in some cases this lookup is not possible, and we don't want to
134 # make it an exception in logs
134 # make it an exception in logs
135 log.exception('Could not retrieve server ip address: %s', e)
135 log.exception('Could not retrieve server ip address: %s', e)
136 return hostname
136 return hostname
137
137
138
138
139 def get_server_port(environ):
139 def get_server_port(environ):
140 return environ.get('SERVER_PORT')
140 return environ.get('SERVER_PORT')
141
141
142
142
143 def get_access_path(environ):
143 def get_access_path(environ):
144 path = environ.get('PATH_INFO')
144 path = environ.get('PATH_INFO')
145 org_req = environ.get('pylons.original_request')
145 org_req = environ.get('pylons.original_request')
146 if org_req:
146 if org_req:
147 path = org_req.environ.get('PATH_INFO')
147 path = org_req.environ.get('PATH_INFO')
148 return path
148 return path
149
149
150
150
151 def get_user_agent(environ):
151 def get_user_agent(environ):
152 return environ.get('HTTP_USER_AGENT')
152 return environ.get('HTTP_USER_AGENT')
153
153
154
154
155 def vcs_operation_context(
155 def vcs_operation_context(
156 environ, repo_name, username, action, scm, check_locking=True,
156 environ, repo_name, username, action, scm, check_locking=True,
157 is_shadow_repo=False, check_branch_perms=False, detect_force_push=False):
157 is_shadow_repo=False, check_branch_perms=False, detect_force_push=False):
158 """
158 """
159 Generate the context for a vcs operation, e.g. push or pull.
159 Generate the context for a vcs operation, e.g. push or pull.
160
160
161 This context is passed over the layers so that hooks triggered by the
161 This context is passed over the layers so that hooks triggered by the
162 vcs operation know details like the user, the user's IP address etc.
162 vcs operation know details like the user, the user's IP address etc.
163
163
164 :param check_locking: Allows to switch of the computation of the locking
164 :param check_locking: Allows to switch of the computation of the locking
165 data. This serves mainly the need of the simplevcs middleware to be
165 data. This serves mainly the need of the simplevcs middleware to be
166 able to disable this for certain operations.
166 able to disable this for certain operations.
167
167
168 """
168 """
169 # Tri-state value: False: unlock, None: nothing, True: lock
169 # Tri-state value: False: unlock, None: nothing, True: lock
170 make_lock = None
170 make_lock = None
171 locked_by = [None, None, None]
171 locked_by = [None, None, None]
172 is_anonymous = username == User.DEFAULT_USER
172 is_anonymous = username == User.DEFAULT_USER
173 user = User.get_by_username(username)
173 user = User.get_by_username(username)
174 if not is_anonymous and check_locking:
174 if not is_anonymous and check_locking:
175 log.debug('Checking locking on repository "%s"', repo_name)
175 log.debug('Checking locking on repository "%s"', repo_name)
176 repo = Repository.get_by_repo_name(repo_name)
176 repo = Repository.get_by_repo_name(repo_name)
177 make_lock, __, locked_by = repo.get_locking_state(
177 make_lock, __, locked_by = repo.get_locking_state(
178 action, user.user_id)
178 action, user.user_id)
179 user_id = user.user_id
179 user_id = user.user_id
180 settings_model = VcsSettingsModel(repo=repo_name)
180 settings_model = VcsSettingsModel(repo=repo_name)
181 ui_settings = settings_model.get_ui_settings()
181 ui_settings = settings_model.get_ui_settings()
182
182
183 # NOTE(marcink): This should be also in sync with
183 # NOTE(marcink): This should be also in sync with
184 # rhodecode/apps/ssh_support/lib/backends/base.py:update_environment scm_data
184 # rhodecode/apps/ssh_support/lib/backends/base.py:update_environment scm_data
185 store = [x for x in ui_settings if x.key == '/']
185 store = [x for x in ui_settings if x.key == '/']
186 repo_store = ''
186 repo_store = ''
187 if store:
187 if store:
188 repo_store = store[0].value
188 repo_store = store[0].value
189
189
190 scm_data = {
190 scm_data = {
191 'ip': get_ip_addr(environ),
191 'ip': get_ip_addr(environ),
192 'username': username,
192 'username': username,
193 'user_id': user_id,
193 'user_id': user_id,
194 'action': action,
194 'action': action,
195 'repository': repo_name,
195 'repository': repo_name,
196 'scm': scm,
196 'scm': scm,
197 'config': rhodecode.CONFIG['__file__'],
197 'config': rhodecode.CONFIG['__file__'],
198 'repo_store': repo_store,
198 'repo_store': repo_store,
199 'make_lock': make_lock,
199 'make_lock': make_lock,
200 'locked_by': locked_by,
200 'locked_by': locked_by,
201 'server_url': utils2.get_server_url(environ),
201 'server_url': utils2.get_server_url(environ),
202 'user_agent': get_user_agent(environ),
202 'user_agent': get_user_agent(environ),
203 'hooks': get_enabled_hook_classes(ui_settings),
203 'hooks': get_enabled_hook_classes(ui_settings),
204 'is_shadow_repo': is_shadow_repo,
204 'is_shadow_repo': is_shadow_repo,
205 'detect_force_push': detect_force_push,
205 'detect_force_push': detect_force_push,
206 'check_branch_perms': check_branch_perms,
206 'check_branch_perms': check_branch_perms,
207 }
207 }
208 return scm_data
208 return scm_data
209
209
210
210
211 class BasicAuth(AuthBasicAuthenticator):
211 class BasicAuth(AuthBasicAuthenticator):
212
212
213 def __init__(self, realm, authfunc, registry, auth_http_code=None,
213 def __init__(self, realm, authfunc, registry, auth_http_code=None,
214 initial_call_detection=False, acl_repo_name=None):
214 initial_call_detection=False, acl_repo_name=None):
215 self.realm = realm
215 self.realm = realm
216 self.initial_call = initial_call_detection
216 self.initial_call = initial_call_detection
217 self.authfunc = authfunc
217 self.authfunc = authfunc
218 self.registry = registry
218 self.registry = registry
219 self.acl_repo_name = acl_repo_name
219 self.acl_repo_name = acl_repo_name
220 self._rc_auth_http_code = auth_http_code
220 self._rc_auth_http_code = auth_http_code
221
221
222 def _get_response_from_code(self, http_code):
222 def _get_response_from_code(self, http_code):
223 try:
223 try:
224 return get_exception(safe_int(http_code))
224 return get_exception(safe_int(http_code))
225 except Exception:
225 except Exception:
226 log.exception('Failed to fetch response for code %s', http_code)
226 log.exception('Failed to fetch response for code %s', http_code)
227 return HTTPForbidden
227 return HTTPForbidden
228
228
229 def get_rc_realm(self):
229 def get_rc_realm(self):
230 return safe_str(self.registry.rhodecode_settings.get('rhodecode_realm'))
230 return safe_str(self.registry.rhodecode_settings.get('rhodecode_realm'))
231
231
232 def build_authentication(self):
232 def build_authentication(self):
233 head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)
233 head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)
234 if self._rc_auth_http_code and not self.initial_call:
234 if self._rc_auth_http_code and not self.initial_call:
235 # return alternative HTTP code if alternative http return code
235 # return alternative HTTP code if alternative http return code
236 # is specified in RhodeCode config, but ONLY if it's not the
236 # is specified in RhodeCode config, but ONLY if it's not the
237 # FIRST call
237 # FIRST call
238 custom_response_klass = self._get_response_from_code(
238 custom_response_klass = self._get_response_from_code(
239 self._rc_auth_http_code)
239 self._rc_auth_http_code)
240 return custom_response_klass(headers=head)
240 return custom_response_klass(headers=head)
241 return HTTPUnauthorized(headers=head)
241 return HTTPUnauthorized(headers=head)
242
242
243 def authenticate(self, environ):
243 def authenticate(self, environ):
244 authorization = AUTHORIZATION(environ)
244 authorization = AUTHORIZATION(environ)
245 if not authorization:
245 if not authorization:
246 return self.build_authentication()
246 return self.build_authentication()
247 (authmeth, auth) = authorization.split(' ', 1)
247 (authmeth, auth) = authorization.split(' ', 1)
248 if 'basic' != authmeth.lower():
248 if 'basic' != authmeth.lower():
249 return self.build_authentication()
249 return self.build_authentication()
250 auth = auth.strip().decode('base64')
250 auth = auth.strip().decode('base64')
251 _parts = auth.split(':', 1)
251 _parts = auth.split(':', 1)
252 if len(_parts) == 2:
252 if len(_parts) == 2:
253 username, password = _parts
253 username, password = _parts
254 auth_data = self.authfunc(
254 auth_data = self.authfunc(
255 username, password, environ, VCS_TYPE,
255 username, password, environ, VCS_TYPE,
256 registry=self.registry, acl_repo_name=self.acl_repo_name)
256 registry=self.registry, acl_repo_name=self.acl_repo_name)
257 if auth_data:
257 if auth_data:
258 return {'username': username, 'auth_data': auth_data}
258 return {'username': username, 'auth_data': auth_data}
259 if username and password:
259 if username and password:
260 # we mark that we actually executed authentication once, at
260 # we mark that we actually executed authentication once, at
261 # that point we can use the alternative auth code
261 # that point we can use the alternative auth code
262 self.initial_call = False
262 self.initial_call = False
263
263
264 return self.build_authentication()
264 return self.build_authentication()
265
265
266 __call__ = authenticate
266 __call__ = authenticate
267
267
268
268
269 def calculate_version_hash(config):
269 def calculate_version_hash(config):
270 return sha1(
270 return sha1(
271 config.get('beaker.session.secret', '') +
271 config.get('beaker.session.secret', '') +
272 rhodecode.__version__)[:8]
272 rhodecode.__version__)[:8]
273
273
274
274
275 def get_current_lang(request):
275 def get_current_lang(request):
276 # NOTE(marcink): remove after pyramid move
276 # NOTE(marcink): remove after pyramid move
277 try:
277 try:
278 return translation.get_lang()[0]
278 return translation.get_lang()[0]
279 except:
279 except:
280 pass
280 pass
281
281
282 return getattr(request, '_LOCALE_', request.locale_name)
282 return getattr(request, '_LOCALE_', request.locale_name)
283
283
284
284
285 def attach_context_attributes(context, request, user_id=None):
285 def attach_context_attributes(context, request, user_id=None):
286 """
286 """
287 Attach variables into template context called `c`.
287 Attach variables into template context called `c`.
288 """
288 """
289 config = request.registry.settings
289 config = request.registry.settings
290
290
291 rc_config = SettingsModel().get_all_settings(cache=True)
291 rc_config = SettingsModel().get_all_settings(cache=True)
292
292
293 context.rhodecode_version = rhodecode.__version__
293 context.rhodecode_version = rhodecode.__version__
294 context.rhodecode_edition = config.get('rhodecode.edition')
294 context.rhodecode_edition = config.get('rhodecode.edition')
295 # unique secret + version does not leak the version but keep consistency
295 # unique secret + version does not leak the version but keep consistency
296 context.rhodecode_version_hash = calculate_version_hash(config)
296 context.rhodecode_version_hash = calculate_version_hash(config)
297
297
298 # Default language set for the incoming request
298 # Default language set for the incoming request
299 context.language = get_current_lang(request)
299 context.language = get_current_lang(request)
300
300
301 # Visual options
301 # Visual options
302 context.visual = AttributeDict({})
302 context.visual = AttributeDict({})
303
303
304 # DB stored Visual Items
304 # DB stored Visual Items
305 context.visual.show_public_icon = str2bool(
305 context.visual.show_public_icon = str2bool(
306 rc_config.get('rhodecode_show_public_icon'))
306 rc_config.get('rhodecode_show_public_icon'))
307 context.visual.show_private_icon = str2bool(
307 context.visual.show_private_icon = str2bool(
308 rc_config.get('rhodecode_show_private_icon'))
308 rc_config.get('rhodecode_show_private_icon'))
309 context.visual.stylify_metatags = str2bool(
309 context.visual.stylify_metatags = str2bool(
310 rc_config.get('rhodecode_stylify_metatags'))
310 rc_config.get('rhodecode_stylify_metatags'))
311 context.visual.dashboard_items = safe_int(
311 context.visual.dashboard_items = safe_int(
312 rc_config.get('rhodecode_dashboard_items', 100))
312 rc_config.get('rhodecode_dashboard_items', 100))
313 context.visual.admin_grid_items = safe_int(
313 context.visual.admin_grid_items = safe_int(
314 rc_config.get('rhodecode_admin_grid_items', 100))
314 rc_config.get('rhodecode_admin_grid_items', 100))
315 context.visual.show_revision_number = str2bool(
315 context.visual.show_revision_number = str2bool(
316 rc_config.get('rhodecode_show_revision_number', True))
316 rc_config.get('rhodecode_show_revision_number', True))
317 context.visual.show_sha_length = safe_int(
317 context.visual.show_sha_length = safe_int(
318 rc_config.get('rhodecode_show_sha_length', 100))
318 rc_config.get('rhodecode_show_sha_length', 100))
319 context.visual.repository_fields = str2bool(
319 context.visual.repository_fields = str2bool(
320 rc_config.get('rhodecode_repository_fields'))
320 rc_config.get('rhodecode_repository_fields'))
321 context.visual.show_version = str2bool(
321 context.visual.show_version = str2bool(
322 rc_config.get('rhodecode_show_version'))
322 rc_config.get('rhodecode_show_version'))
323 context.visual.use_gravatar = str2bool(
323 context.visual.use_gravatar = str2bool(
324 rc_config.get('rhodecode_use_gravatar'))
324 rc_config.get('rhodecode_use_gravatar'))
325 context.visual.gravatar_url = rc_config.get('rhodecode_gravatar_url')
325 context.visual.gravatar_url = rc_config.get('rhodecode_gravatar_url')
326 context.visual.default_renderer = rc_config.get(
326 context.visual.default_renderer = rc_config.get(
327 'rhodecode_markup_renderer', 'rst')
327 'rhodecode_markup_renderer', 'rst')
328 context.visual.comment_types = ChangesetComment.COMMENT_TYPES
328 context.visual.comment_types = ChangesetComment.COMMENT_TYPES
329 context.visual.rhodecode_support_url = \
329 context.visual.rhodecode_support_url = \
330 rc_config.get('rhodecode_support_url') or h.route_url('rhodecode_support')
330 rc_config.get('rhodecode_support_url') or h.route_url('rhodecode_support')
331
331
332 context.visual.affected_files_cut_off = 60
332 context.visual.affected_files_cut_off = 60
333
333
334 context.pre_code = rc_config.get('rhodecode_pre_code')
334 context.pre_code = rc_config.get('rhodecode_pre_code')
335 context.post_code = rc_config.get('rhodecode_post_code')
335 context.post_code = rc_config.get('rhodecode_post_code')
336 context.rhodecode_name = rc_config.get('rhodecode_title')
336 context.rhodecode_name = rc_config.get('rhodecode_title')
337 context.default_encodings = aslist(config.get('default_encoding'), sep=',')
337 context.default_encodings = aslist(config.get('default_encoding'), sep=',')
338 # if we have specified default_encoding in the request, it has more
338 # if we have specified default_encoding in the request, it has more
339 # priority
339 # priority
340 if request.GET.get('default_encoding'):
340 if request.GET.get('default_encoding'):
341 context.default_encodings.insert(0, request.GET.get('default_encoding'))
341 context.default_encodings.insert(0, request.GET.get('default_encoding'))
342 context.clone_uri_tmpl = rc_config.get('rhodecode_clone_uri_tmpl')
342 context.clone_uri_tmpl = rc_config.get('rhodecode_clone_uri_tmpl')
343 context.clone_uri_ssh_tmpl = rc_config.get('rhodecode_clone_uri_ssh_tmpl')
343 context.clone_uri_ssh_tmpl = rc_config.get('rhodecode_clone_uri_ssh_tmpl')
344
344
345 # INI stored
345 # INI stored
346 context.labs_active = str2bool(
346 context.labs_active = str2bool(
347 config.get('labs_settings_active', 'false'))
347 config.get('labs_settings_active', 'false'))
348 context.ssh_enabled = str2bool(
348 context.ssh_enabled = str2bool(
349 config.get('ssh.generate_authorized_keyfile', 'false'))
349 config.get('ssh.generate_authorized_keyfile', 'false'))
350 context.ssh_key_generator_enabled = str2bool(
350 context.ssh_key_generator_enabled = str2bool(
351 config.get('ssh.enable_ui_key_generator', 'true'))
351 config.get('ssh.enable_ui_key_generator', 'true'))
352
352
353 context.visual.allow_repo_location_change = str2bool(
353 context.visual.allow_repo_location_change = str2bool(
354 config.get('allow_repo_location_change', True))
354 config.get('allow_repo_location_change', True))
355 context.visual.allow_custom_hooks_settings = str2bool(
355 context.visual.allow_custom_hooks_settings = str2bool(
356 config.get('allow_custom_hooks_settings', True))
356 config.get('allow_custom_hooks_settings', True))
357 context.debug_style = str2bool(config.get('debug_style', False))
357 context.debug_style = str2bool(config.get('debug_style', False))
358
358
359 context.rhodecode_instanceid = config.get('instance_id')
359 context.rhodecode_instanceid = config.get('instance_id')
360
360
361 context.visual.cut_off_limit_diff = safe_int(
361 context.visual.cut_off_limit_diff = safe_int(
362 config.get('cut_off_limit_diff'))
362 config.get('cut_off_limit_diff'))
363 context.visual.cut_off_limit_file = safe_int(
363 context.visual.cut_off_limit_file = safe_int(
364 config.get('cut_off_limit_file'))
364 config.get('cut_off_limit_file'))
365
365
366 # AppEnlight
366 # AppEnlight
367 context.appenlight_enabled = str2bool(config.get('appenlight', 'false'))
367 context.appenlight_enabled = str2bool(config.get('appenlight', 'false'))
368 context.appenlight_api_public_key = config.get(
368 context.appenlight_api_public_key = config.get(
369 'appenlight.api_public_key', '')
369 'appenlight.api_public_key', '')
370 context.appenlight_server_url = config.get('appenlight.server_url', '')
370 context.appenlight_server_url = config.get('appenlight.server_url', '')
371
371
372 diffmode = {
372 diffmode = {
373 "unified": "unified",
373 "unified": "unified",
374 "sideside": "sideside"
374 "sideside": "sideside"
375 }.get(request.GET.get('diffmode'))
375 }.get(request.GET.get('diffmode'))
376
376
377 if diffmode and diffmode != request.session.get('rc_user_session_attr.diffmode'):
377 is_api = hasattr(request, 'rpc_user')
378 request.session['rc_user_session_attr.diffmode'] = diffmode
379
380 # session settings per user
381 session_attrs = {
378 session_attrs = {
382 # defaults
379 # defaults
383 "clone_url_format": "http",
380 "clone_url_format": "http",
384 "diffmode": "sideside"
381 "diffmode": "sideside"
385 }
382 }
386 for k, v in request.session.items():
383
387 pref = 'rc_user_session_attr.'
384 if not is_api:
388 if k and k.startswith(pref):
385 # don't access pyramid session for API calls
389 k = k[len(pref):]
386 if diffmode and diffmode != request.session.get('rc_user_session_attr.diffmode'):
390 session_attrs[k] = v
387 request.session['rc_user_session_attr.diffmode'] = diffmode
388
389 # session settings per user
390
391 for k, v in request.session.items():
392 pref = 'rc_user_session_attr.'
393 if k and k.startswith(pref):
394 k = k[len(pref):]
395 session_attrs[k] = v
391
396
392 context.user_session_attrs = session_attrs
397 context.user_session_attrs = session_attrs
393
398
394 # JS template context
399 # JS template context
395 context.template_context = {
400 context.template_context = {
396 'repo_name': None,
401 'repo_name': None,
397 'repo_type': None,
402 'repo_type': None,
398 'repo_landing_commit': None,
403 'repo_landing_commit': None,
399 'rhodecode_user': {
404 'rhodecode_user': {
400 'username': None,
405 'username': None,
401 'email': None,
406 'email': None,
402 'notification_status': False
407 'notification_status': False
403 },
408 },
404 'session_attrs': session_attrs,
409 'session_attrs': session_attrs,
405 'visual': {
410 'visual': {
406 'default_renderer': None
411 'default_renderer': None
407 },
412 },
408 'commit_data': {
413 'commit_data': {
409 'commit_id': None
414 'commit_id': None
410 },
415 },
411 'pull_request_data': {'pull_request_id': None},
416 'pull_request_data': {'pull_request_id': None},
412 'timeago': {
417 'timeago': {
413 'refresh_time': 120 * 1000,
418 'refresh_time': 120 * 1000,
414 'cutoff_limit': 1000 * 60 * 60 * 24 * 7
419 'cutoff_limit': 1000 * 60 * 60 * 24 * 7
415 },
420 },
416 'pyramid_dispatch': {
421 'pyramid_dispatch': {
417
422
418 },
423 },
419 'extra': {'plugins': {}}
424 'extra': {'plugins': {}}
420 }
425 }
421 # END CONFIG VARS
426 # END CONFIG VARS
427 if is_api:
428 csrf_token = None
429 else:
430 csrf_token = auth.get_csrf_token(session=request.session)
422
431
423 context.csrf_token = auth.get_csrf_token(session=request.session)
432 context.csrf_token = csrf_token
424 context.backends = rhodecode.BACKENDS.keys()
433 context.backends = rhodecode.BACKENDS.keys()
425 context.backends.sort()
434 context.backends.sort()
426 unread_count = 0
435 unread_count = 0
427 user_bookmark_list = []
436 user_bookmark_list = []
428 if user_id:
437 if user_id:
429 unread_count = NotificationModel().get_unread_cnt_for_user(user_id)
438 unread_count = NotificationModel().get_unread_cnt_for_user(user_id)
430 user_bookmark_list = UserBookmark.get_bookmarks_for_user(user_id)
439 user_bookmark_list = UserBookmark.get_bookmarks_for_user(user_id)
431 context.unread_notifications = unread_count
440 context.unread_notifications = unread_count
432 context.bookmark_items = user_bookmark_list
441 context.bookmark_items = user_bookmark_list
433
442
434 # web case
443 # web case
435 if hasattr(request, 'user'):
444 if hasattr(request, 'user'):
436 context.auth_user = request.user
445 context.auth_user = request.user
437 context.rhodecode_user = request.user
446 context.rhodecode_user = request.user
438
447
439 # api case
448 # api case
440 if hasattr(request, 'rpc_user'):
449 if hasattr(request, 'rpc_user'):
441 context.auth_user = request.rpc_user
450 context.auth_user = request.rpc_user
442 context.rhodecode_user = request.rpc_user
451 context.rhodecode_user = request.rpc_user
443
452
444 # attach the whole call context to the request
453 # attach the whole call context to the request
445 request.call_context = context
454 request.call_context = context
446
455
447
456
448 def get_auth_user(request):
457 def get_auth_user(request):
449 environ = request.environ
458 environ = request.environ
450 session = request.session
459 session = request.session
451
460
452 ip_addr = get_ip_addr(environ)
461 ip_addr = get_ip_addr(environ)
453 # make sure that we update permissions each time we call controller
462 # make sure that we update permissions each time we call controller
454 _auth_token = (request.GET.get('auth_token', '') or
463 _auth_token = (request.GET.get('auth_token', '') or
455 request.GET.get('api_key', ''))
464 request.GET.get('api_key', ''))
456
465
457 if _auth_token:
466 if _auth_token:
458 # when using API_KEY we assume user exists, and
467 # when using API_KEY we assume user exists, and
459 # doesn't need auth based on cookies.
468 # doesn't need auth based on cookies.
460 auth_user = AuthUser(api_key=_auth_token, ip_addr=ip_addr)
469 auth_user = AuthUser(api_key=_auth_token, ip_addr=ip_addr)
461 authenticated = False
470 authenticated = False
462 else:
471 else:
463 cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))
472 cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))
464 try:
473 try:
465 auth_user = AuthUser(user_id=cookie_store.get('user_id', None),
474 auth_user = AuthUser(user_id=cookie_store.get('user_id', None),
466 ip_addr=ip_addr)
475 ip_addr=ip_addr)
467 except UserCreationError as e:
476 except UserCreationError as e:
468 h.flash(e, 'error')
477 h.flash(e, 'error')
469 # container auth or other auth functions that create users
478 # container auth or other auth functions that create users
470 # on the fly can throw this exception signaling that there's
479 # on the fly can throw this exception signaling that there's
471 # issue with user creation, explanation should be provided
480 # issue with user creation, explanation should be provided
472 # in Exception itself. We then create a simple blank
481 # in Exception itself. We then create a simple blank
473 # AuthUser
482 # AuthUser
474 auth_user = AuthUser(ip_addr=ip_addr)
483 auth_user = AuthUser(ip_addr=ip_addr)
475
484
476 # in case someone changes a password for user it triggers session
485 # in case someone changes a password for user it triggers session
477 # flush and forces a re-login
486 # flush and forces a re-login
478 if password_changed(auth_user, session):
487 if password_changed(auth_user, session):
479 session.invalidate()
488 session.invalidate()
480 cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))
489 cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))
481 auth_user = AuthUser(ip_addr=ip_addr)
490 auth_user = AuthUser(ip_addr=ip_addr)
482
491
483 authenticated = cookie_store.get('is_authenticated')
492 authenticated = cookie_store.get('is_authenticated')
484
493
485 if not auth_user.is_authenticated and auth_user.is_user_object:
494 if not auth_user.is_authenticated and auth_user.is_user_object:
486 # user is not authenticated and not empty
495 # user is not authenticated and not empty
487 auth_user.set_authenticated(authenticated)
496 auth_user.set_authenticated(authenticated)
488
497
489 return auth_user
498 return auth_user
490
499
491
500
492 def h_filter(s):
501 def h_filter(s):
493 """
502 """
494 Custom filter for Mako templates. Mako by standard uses `markupsafe.escape`
503 Custom filter for Mako templates. Mako by standard uses `markupsafe.escape`
495 we wrap this with additional functionality that converts None to empty
504 we wrap this with additional functionality that converts None to empty
496 strings
505 strings
497 """
506 """
498 if s is None:
507 if s is None:
499 return markupsafe.Markup()
508 return markupsafe.Markup()
500 return markupsafe.escape(s)
509 return markupsafe.escape(s)
501
510
502
511
503 def add_events_routes(config):
512 def add_events_routes(config):
504 """
513 """
505 Adds routing that can be used in events. Because some events are triggered
514 Adds routing that can be used in events. Because some events are triggered
506 outside of pyramid context, we need to bootstrap request with some
515 outside of pyramid context, we need to bootstrap request with some
507 routing registered
516 routing registered
508 """
517 """
509
518
510 from rhodecode.apps._base import ADMIN_PREFIX
519 from rhodecode.apps._base import ADMIN_PREFIX
511
520
512 config.add_route(name='home', pattern='/')
521 config.add_route(name='home', pattern='/')
513
522
514 config.add_route(name='login', pattern=ADMIN_PREFIX + '/login')
523 config.add_route(name='login', pattern=ADMIN_PREFIX + '/login')
515 config.add_route(name='logout', pattern=ADMIN_PREFIX + '/logout')
524 config.add_route(name='logout', pattern=ADMIN_PREFIX + '/logout')
516 config.add_route(name='repo_summary', pattern='/{repo_name}')
525 config.add_route(name='repo_summary', pattern='/{repo_name}')
517 config.add_route(name='repo_summary_explicit', pattern='/{repo_name}/summary')
526 config.add_route(name='repo_summary_explicit', pattern='/{repo_name}/summary')
518 config.add_route(name='repo_group_home', pattern='/{repo_group_name}')
527 config.add_route(name='repo_group_home', pattern='/{repo_group_name}')
519
528
520 config.add_route(name='pullrequest_show',
529 config.add_route(name='pullrequest_show',
521 pattern='/{repo_name}/pull-request/{pull_request_id}')
530 pattern='/{repo_name}/pull-request/{pull_request_id}')
522 config.add_route(name='pull_requests_global',
531 config.add_route(name='pull_requests_global',
523 pattern='/pull-request/{pull_request_id}')
532 pattern='/pull-request/{pull_request_id}')
524 config.add_route(name='repo_commit',
533 config.add_route(name='repo_commit',
525 pattern='/{repo_name}/changeset/{commit_id}')
534 pattern='/{repo_name}/changeset/{commit_id}')
526
535
527 config.add_route(name='repo_files',
536 config.add_route(name='repo_files',
528 pattern='/{repo_name}/files/{commit_id}/{f_path}')
537 pattern='/{repo_name}/files/{commit_id}/{f_path}')
529
538
530
539
531 def bootstrap_config(request):
540 def bootstrap_config(request):
532 import pyramid.testing
541 import pyramid.testing
533 registry = pyramid.testing.Registry('RcTestRegistry')
542 registry = pyramid.testing.Registry('RcTestRegistry')
534
543
535 config = pyramid.testing.setUp(registry=registry, request=request)
544 config = pyramid.testing.setUp(registry=registry, request=request)
536
545
537 # allow pyramid lookup in testing
546 # allow pyramid lookup in testing
538 config.include('pyramid_mako')
547 config.include('pyramid_mako')
539 config.include('rhodecode.lib.rc_beaker')
548 config.include('rhodecode.lib.rc_beaker')
540 config.include('rhodecode.lib.rc_cache')
549 config.include('rhodecode.lib.rc_cache')
541
550
542 add_events_routes(config)
551 add_events_routes(config)
543
552
544 return config
553 return config
545
554
546
555
547 def bootstrap_request(**kwargs):
556 def bootstrap_request(**kwargs):
548 import pyramid.testing
557 import pyramid.testing
549
558
550 class TestRequest(pyramid.testing.DummyRequest):
559 class TestRequest(pyramid.testing.DummyRequest):
551 application_url = kwargs.pop('application_url', 'http://example.com')
560 application_url = kwargs.pop('application_url', 'http://example.com')
552 host = kwargs.pop('host', 'example.com:80')
561 host = kwargs.pop('host', 'example.com:80')
553 domain = kwargs.pop('domain', 'example.com')
562 domain = kwargs.pop('domain', 'example.com')
554
563
555 def translate(self, msg):
564 def translate(self, msg):
556 return msg
565 return msg
557
566
558 def plularize(self, singular, plural, n):
567 def plularize(self, singular, plural, n):
559 return singular
568 return singular
560
569
561 def get_partial_renderer(self, tmpl_name):
570 def get_partial_renderer(self, tmpl_name):
562
571
563 from rhodecode.lib.partial_renderer import get_partial_renderer
572 from rhodecode.lib.partial_renderer import get_partial_renderer
564 return get_partial_renderer(request=self, tmpl_name=tmpl_name)
573 return get_partial_renderer(request=self, tmpl_name=tmpl_name)
565
574
566 _call_context = TemplateArgs()
575 _call_context = TemplateArgs()
567 _call_context.visual = TemplateArgs()
576 _call_context.visual = TemplateArgs()
568 _call_context.visual.show_sha_length = 12
577 _call_context.visual.show_sha_length = 12
569 _call_context.visual.show_revision_number = True
578 _call_context.visual.show_revision_number = True
570
579
571 @property
580 @property
572 def call_context(self):
581 def call_context(self):
573 return self._call_context
582 return self._call_context
574
583
575 class TestDummySession(pyramid.testing.DummySession):
584 class TestDummySession(pyramid.testing.DummySession):
576 def save(*arg, **kw):
585 def save(*arg, **kw):
577 pass
586 pass
578
587
579 request = TestRequest(**kwargs)
588 request = TestRequest(**kwargs)
580 request.session = TestDummySession()
589 request.session = TestDummySession()
581
590
582 return request
591 return request
583
592
General Comments 0
You need to be logged in to leave comments. Login now