rhodecode-enterprise-ce Commit - r5541:8026ecb9

fix(vcs-operations): fixed problems with locked repos and with branch permissions reporting, previously it shown error 500 when those cases were handled

super-admin -

r5541:8026ecb9 default

parent child

Collapse all files

rhodecode/config/environment.py

0 +1 0

             # Copyright (C) 2010-2023 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             import rhodecode
             import collections
             from rhodecode.config import utils
             from rhodecode.lib.utils import load_rcextensions
             from rhodecode.lib.utils2 import str2bool
             from rhodecode.lib.vcs import connect_vcs
             log = logging.getLogger(__name__)
             def propagate_rhodecode_config(global_config, settings, config):
                 # Store the settings to make them available to other modules.
                 settings_merged = global_config.copy()
                 settings_merged.update(settings)
                 if config:
                     settings_merged.update(config)
                 rhodecode.PYRAMID_SETTINGS = settings_merged
                 rhodecode.CONFIG = settings_merged
                 if 'default_user_id' not in rhodecode.CONFIG:
                     rhodecode.CONFIG['default_user_id'] = utils.get_default_user_id()
                 log.debug('set rhodecode.CONFIG data')
             def load_pyramid_environment(global_config, settings):
                 # Some parts of the code expect a merge of global and app settings.
                 settings_merged = global_config.copy()
                 settings_merged.update(settings)
                 # TODO(marcink): probably not required anymore
                 # configure channelstream,
                 settings_merged['channelstream_config'] = {
                     'enabled': str2bool(settings_merged.get('channelstream.enabled', False)),
                     'server': settings_merged.get('channelstream.server'),
                     'secret': settings_merged.get('channelstream.secret')
                 }
                 # If this is a test run we prepare the test environment like
                 # creating a test database, test search index and test repositories.
                 # This has to be done before the database connection is initialized.
                 if rhodecode.is_test:
                     rhodecode.disable_error_handler = True
                     from rhodecode import authentication
                     authentication.plugin_default_auth_ttl = 0
                     utils.initialize_test_environment(settings_merged)
                 # Initialize the database connection.
                 utils.initialize_database(settings_merged)
                 load_rcextensions(root_path=settings_merged['here'])
                 # Limit backends to `vcs.backends` from configuration, and preserve the order
                 for alias in list(rhodecode.BACKENDS.keys()):
                     if alias not in settings['vcs.backends']:
                         del rhodecode.BACKENDS[alias]
                 _sorted_backend = sorted(rhodecode.BACKENDS.items(),
                                          key=lambda item: settings['vcs.backends'].index(item[0]))
                 rhodecode.BACKENDS = collections.OrderedDict(_sorted_backend)
                 log.info('Enabled VCS backends: %s', list(rhodecode.BACKENDS.keys()))
                 # initialize vcs client and optionally run the server if enabled
                 vcs_server_uri = settings['vcs.server']
                 vcs_server_enabled = settings['vcs.server.enable']
                 utils.configure_vcs(settings)
                 # first run, to store data...
                 propagate_rhodecode_config(global_config, settings, {})
                 if vcs_server_enabled:
                     connect_vcs(vcs_server_uri, utils.get_vcs_server_protocol(settings))
                 else:
                     log.warning('vcs-server not enabled, vcs connection unavailable')

rhodecode/lib/hook_daemon/hook_module.py

0 +3 -3

             # Copyright (C) 2010-2023 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             import traceback
             from rhodecode.model import meta
             from rhodecode.lib import hooks_base
             from rhodecode.lib.exceptions import HTTPLockedRC, HTTPBranchProtected
             from rhodecode.lib.utils2 import AttributeDict
             log = logging.getLogger(__name__)
             class Hooks(object):
                 """
                 Exposes the hooks for remote callbacks
                 """
                 def __init__(self, request=None, log_prefix=''):
                     self.log_prefix = log_prefix
                     self.request = request
                 def repo_size(self, extras):
                     log.debug("%sCalled repo_size of %s object", self.log_prefix, self)
                     return self._call_hook(hooks_base.repo_size, extras)
                 def pre_pull(self, extras):
                     log.debug("%sCalled pre_pull of %s object", self.log_prefix, self)
                     return self._call_hook(hooks_base.pre_pull, extras)
                 def post_pull(self, extras):
                     log.debug("%sCalled post_pull of %s object", self.log_prefix, self)
                     return self._call_hook(hooks_base.post_pull, extras)
                 def pre_push(self, extras):
                     log.debug("%sCalled pre_push of %s object", self.log_prefix, self)
                     return self._call_hook(hooks_base.pre_push, extras)
                 def post_push(self, extras):
                     log.debug("%sCalled post_push of %s object", self.log_prefix, self)
                     return self._call_hook(hooks_base.post_push, extras)
                 def _call_hook(self, hook, extras):
                     extras = AttributeDict(extras)
                     _server_url = extras['server_url']
                     extras.request = self.request
                     try:
                         result = hook(extras)
                         if result is None:
                             raise Exception(f'Failed to obtain hook result from func: {hook}')
-                    except HTTPBranchProtected as handled_error:
+                    except HTTPBranchProtected as error:
                         # Those special cases don't need error reporting. It's a case of
                         # locked repo or protected branch
                         result = AttributeDict({
-                            'status': handled_error.code,
+                            'status': error.code,
-                            'output': handled_error.explanation
+                            'output': error.explanation
                         })
                     except (HTTPLockedRC, Exception) as error:
                         # locked needs different handling since we need to also
                         # handle PULL operations
                         exc_tb = ''
                         if not isinstance(error, HTTPLockedRC):
                             exc_tb = traceback.format_exc()
                             log.exception('%sException when handling hook %s', self.log_prefix, hook)
                         error_args = error.args
                         return {
                             'status': 128,
                             'output': '',
                             'exception': type(error).__name__,
                             'exception_traceback': exc_tb,
                             'exception_args': error_args,
                         }
                     finally:
                         meta.Session.remove()
                     log.debug('%sGot hook call response %s', self.log_prefix, result)
                     return {
                         'status': result.status,
                         'output': result.output,
                     }
                 def __enter__(self):
                     return self
                 def __exit__(self, exc_type, exc_val, exc_tb):
                     pass

rhodecode/lib/hooks_base.py

0 +2 0

             # Copyright (C) 2013-2023 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             Set of hooks run by RhodeCode Enterprise
             """
             import os
             import logging
             import rhodecode
             from rhodecode import events
             from rhodecode.lib import helpers as h
             from rhodecode.lib import audit_logger
             from rhodecode.lib.utils2 import safe_str, user_agent_normalizer
             from rhodecode.lib.exceptions import (
                 HTTPLockedRC, HTTPBranchProtected, UserCreationError, ClientNotSupportedError)
             from rhodecode.model.db import Repository, User
             from rhodecode.lib.statsd_client import StatsdClient
             log = logging.getLogger(__name__)
             class HookResponse(object):
                 def __init__(self, status, output):
                     self.status = status
                     self.output = output
                 def __add__(self, other):
                     other_status = getattr(other, 'status', 0)
                     new_status = max(self.status, other_status)
                     other_output = getattr(other, 'output', '')
                     new_output = self.output + other_output
                     return HookResponse(new_status, new_output)
                 def __bool__(self):
                     return self.status == 0
                 def to_json(self):
                     return {'status': self.status, 'output': self.output}
             def is_shadow_repo(extras):
                 """
                 Returns ``True`` if this is an action executed against a shadow repository.
                 """
                 return extras['is_shadow_repo']
             def check_vcs_client(extras):
                 """
                 Checks if vcs client is allowed (Only works in enterprise edition)
                 """
                 try:
                     from rc_ee.lib.security.utils import is_vcs_client_whitelisted
                 except ModuleNotFoundError:
                     is_vcs_client_whitelisted = lambda *x: True
                 backend = extras.get('scm')
                 if not is_vcs_client_whitelisted(extras.get('user_agent'), backend):
                     raise ClientNotSupportedError(f"Your {backend} client is forbidden")
             def _get_scm_size(alias, root_path):
                 if not alias.startswith('.'):
                     alias += '.'
                 size_scm, size_root = 0, 0
                 for path, unused_dirs, files in os.walk(safe_str(root_path)):
                     if path.find(alias) != -1:
                         for f in files:
                             try:
                                 size_scm += os.path.getsize(os.path.join(path, f))
                             except OSError:
                                 pass
                     else:
                         for f in files:
                             try:
                                 size_root += os.path.getsize(os.path.join(path, f))
                             except OSError:
                                 pass
                 size_scm_f = h.format_byte_size_binary(size_scm)
                 size_root_f = h.format_byte_size_binary(size_root)
                 size_total_f = h.format_byte_size_binary(size_root + size_scm)
                 return size_scm_f, size_root_f, size_total_f
             # actual hooks called by Mercurial internally, and GIT by our Python Hooks
             def repo_size(extras):
                 """Present size of repository after push."""
                 repo = Repository.get_by_repo_name(extras.repository)
                 vcs_part = f'.{repo.repo_type}'
                 size_vcs, size_root, size_total = _get_scm_size(vcs_part, repo.repo_full_path)
                 msg = (f'RhodeCode: `{repo.repo_name}` size summary {vcs_part}:{size_vcs} repo:{size_root} total:{size_total}\n')
                 return HookResponse(0, msg)
             def pre_push(extras):
                 """
                 Hook executed before pushing code.
                 It bans pushing when the repository is locked.
                 """
                 check_vcs_client(extras)
                 user = User.get_by_username(extras.username)
                 output = ''
                 if extras.locked_by[0] and user.user_id != int(extras.locked_by[0]):
                     locked_by = User.get(extras.locked_by[0]).username
                     reason = extras.locked_by[2]
                     # this exception is interpreted in git/hg middlewares and based
                     # on that proper return code is server to client
                     _http_ret = HTTPLockedRC(
                         _locked_by_explanation(extras.repository, locked_by, reason))
                     if str(_http_ret.code).startswith('2'):
                         # 2xx Codes don't raise exceptions
                         output = _http_ret.title
                     else:
                         raise _http_ret
                 hook_response = ''
                 if not is_shadow_repo(extras):
                     if extras.commit_ids and extras.check_branch_perms:
                         auth_user = user.AuthUser()
                         repo = Repository.get_by_repo_name(extras.repository)
+                        if not repo:
+                            raise ValueError(f'Repo for {extras.repository} not found')
                         affected_branches = []
                         if repo.repo_type == 'hg':
                             for entry in extras.commit_ids:
                                 if entry['type'] == 'branch':
                                     is_forced = bool(entry['multiple_heads'])
                                     affected_branches.append([entry['name'], is_forced])
                         elif repo.repo_type == 'git':
                             for entry in extras.commit_ids:
                                 if entry['type'] == 'heads':
                                     is_forced = bool(entry['pruned_sha'])
                                     affected_branches.append([entry['name'], is_forced])
                         for branch_name, is_forced in affected_branches:
                             rule, branch_perm = auth_user.get_rule_and_branch_permission(
                                 extras.repository, branch_name)
                             if not branch_perm:
                                 # no branch permission found for this branch, just keep checking
                                 continue
                             if branch_perm == 'branch.push_force':
                                 continue
                             elif branch_perm == 'branch.push' and is_forced is False:
                                 continue
                             elif branch_perm == 'branch.push' and is_forced is True:
                                 halt_message = f'Branch `{branch_name}` changes rejected by rule {rule}. ' \
                                                f'FORCE PUSH FORBIDDEN.'
                             else:
                                 halt_message = f'Branch `{branch_name}` changes rejected by rule {rule}.'
                             if halt_message:
                                 _http_ret = HTTPBranchProtected(halt_message)
                                 raise _http_ret
                     # Propagate to external components. This is done after checking the
                     # lock, for consistent behavior.
                     hook_response = pre_push_extension(
                         repo_store_path=Repository.base_path(), **extras)
                     events.trigger(events.RepoPrePushEvent(
                         repo_name=extras.repository, extras=extras))
                 return HookResponse(0, output) + hook_response
             def pre_pull(extras):
                 """
                 Hook executed before pulling the code.
                 It bans pulling when the repository is locked.
                 """
                 check_vcs_client(extras)
                 output = ''
                 if extras.locked_by[0]:
                     locked_by = User.get(extras.locked_by[0]).username
                     reason = extras.locked_by[2]
                     # this exception is interpreted in git/hg middlewares and based
                     # on that proper return code is server to client
                     _http_ret = HTTPLockedRC(
                         _locked_by_explanation(extras.repository, locked_by, reason))
                     if str(_http_ret.code).startswith('2'):
                         # 2xx Codes don't raise exceptions
                         output = _http_ret.title
                     else:
                         raise _http_ret
                 # Propagate to external components. This is done after checking the
                 # lock, for consistent behavior.
                 hook_response = ''
                 if not is_shadow_repo(extras):
                     extras.hook_type = extras.hook_type or 'pre_pull'
                     hook_response = pre_pull_extension(
                         repo_store_path=Repository.base_path(), **extras)
                     events.trigger(events.RepoPrePullEvent(
                         repo_name=extras.repository, extras=extras))
                 return HookResponse(0, output) + hook_response
             def post_pull(extras):
                 """Hook executed after client pulls the code."""
                 audit_user = audit_logger.UserWrap(
                     username=extras.username,
                     ip_addr=extras.ip)
                 repo = audit_logger.RepoWrap(repo_name=extras.repository)
                 audit_logger.store(
                     'user.pull', action_data={'user_agent': extras.user_agent},
                     user=audit_user, repo=repo, commit=True)
                 statsd = StatsdClient.statsd
                 if statsd:
                     statsd.incr('rhodecode_pull_total', tags=[
                         f'user-agent:{user_agent_normalizer(extras.user_agent)}',
                     ])
                 output = ''
                 # make lock is a tri state False, True, None. We only make lock on True
                 if extras.make_lock is True and not is_shadow_repo(extras):
                     user = User.get_by_username(extras.username)
                     Repository.lock(Repository.get_by_repo_name(extras.repository),
                                     user.user_id,
                                     lock_reason=Repository.LOCK_PULL)
                     msg = 'Made lock on repo `{}`'.format(extras.repository)
                     output += msg
                 if extras.locked_by[0]:
                     locked_by = User.get(extras.locked_by[0]).username
                     reason = extras.locked_by[2]
                     _http_ret = HTTPLockedRC(
                         _locked_by_explanation(extras.repository, locked_by, reason))
                     if str(_http_ret.code).startswith('2'):
                         # 2xx Codes don't raise exceptions
                         output += _http_ret.title
                 # Propagate to external components.
                 hook_response = ''
                 if not is_shadow_repo(extras):
                     extras.hook_type = extras.hook_type or 'post_pull'
                     hook_response = post_pull_extension(
                         repo_store_path=Repository.base_path(), **extras)
                     events.trigger(events.RepoPullEvent(
                         repo_name=extras.repository, extras=extras))
                 return HookResponse(0, output) + hook_response
             def post_push(extras):
                 """Hook executed after user pushes to the repository."""
                 commit_ids = extras.commit_ids
                 # log the push call
                 audit_user = audit_logger.UserWrap(
                     username=extras.username, ip_addr=extras.ip)
                 repo = audit_logger.RepoWrap(repo_name=extras.repository)
                 audit_logger.store(
                     'user.push', action_data={
                         'user_agent': extras.user_agent,
                         'commit_ids': commit_ids[:400]},
                     user=audit_user, repo=repo, commit=True)
                 statsd = StatsdClient.statsd
                 if statsd:
                     statsd.incr('rhodecode_push_total', tags=[
                         f'user-agent:{user_agent_normalizer(extras.user_agent)}',
                     ])
                 # Propagate to external components.
                 output = ''
                 # make lock is a tri state False, True, None. We only release lock on False
                 if extras.make_lock is False and not is_shadow_repo(extras):
                     Repository.unlock(Repository.get_by_repo_name(extras.repository))
                     msg = f'Released lock on repo `{extras.repository}`\n'
                     output += msg
                 if extras.locked_by[0]:
                     locked_by = User.get(extras.locked_by[0]).username
                     reason = extras.locked_by[2]
                     _http_ret = HTTPLockedRC(
                         _locked_by_explanation(extras.repository, locked_by, reason))
                     # TODO: johbo: if not?
                     if str(_http_ret.code).startswith('2'):
                         # 2xx Codes don't raise exceptions
                         output += _http_ret.title
                 if extras.new_refs:
                     tmpl = '{}/{}/pull-request/new?{{ref_type}}={{ref_name}}'.format(
                         safe_str(extras.server_url), safe_str(extras.repository))
                     for branch_name in extras.new_refs['branches']:
                         pr_link = tmpl.format(ref_type='branch', ref_name=safe_str(branch_name))
                         output += f'RhodeCode: open pull request link: {pr_link}\n'
                     for book_name in extras.new_refs['bookmarks']:
                         pr_link = tmpl.format(ref_type='bookmark', ref_name=safe_str(book_name))
                         output += f'RhodeCode: open pull request link: {pr_link}\n'
                 hook_response = ''
                 if not is_shadow_repo(extras):
                     hook_response = post_push_extension(
                         repo_store_path=Repository.base_path(),
                         **extras)
                     events.trigger(events.RepoPushEvent(
                         repo_name=extras.repository, pushed_commit_ids=commit_ids, extras=extras))
                 output += 'RhodeCode: push completed\n'
                 return HookResponse(0, output) + hook_response
             def _locked_by_explanation(repo_name, user_name, reason):
                 message = f'Repository `{repo_name}` locked by user `{user_name}`. Reason:`{reason}`'
                 return message
             def check_allowed_create_user(user_dict, created_by, **kwargs):
                 # pre create hooks
                 if pre_create_user.is_active():
                     hook_result = pre_create_user(created_by=created_by, **user_dict)
                     allowed = hook_result.status == 0
                     if not allowed:
                         reason = hook_result.output
                         raise UserCreationError(reason)
             class ExtensionCallback(object):
                 """
                 Forwards a given call to rcextensions, sanitizes keyword arguments.
                 Does check if there is an extension active for that hook. If it is
                 there, it will forward all `kwargs_keys` keyword arguments to the
                 extension callback.
                 """
                 def __init__(self, hook_name, kwargs_keys):
                     self._hook_name = hook_name
                     self._kwargs_keys = set(kwargs_keys)
                 def __call__(self, *args, **kwargs):
                     log.debug('Calling extension callback for `%s`', self._hook_name)
                     callback = self._get_callback()
                     if not callback:
                         log.debug('extension callback `%s` not found, skipping...', self._hook_name)
                         return
                     kwargs_to_pass = {}
                     for key in self._kwargs_keys:
                         try:
                             kwargs_to_pass[key] = kwargs[key]
                         except KeyError:
                             log.error('Failed to fetch %s key from given kwargs. '
                                       'Expected keys: %s', key, self._kwargs_keys)
                             raise
                     # backward compat for removed api_key for old hooks. This was it works
                     # with older rcextensions that require api_key present
                     if self._hook_name in ['CREATE_USER_HOOK', 'DELETE_USER_HOOK']:
                         kwargs_to_pass['api_key'] = '_DEPRECATED_'
                     return callback(**kwargs_to_pass)
                 def is_active(self):
                     return hasattr(rhodecode.EXTENSIONS, self._hook_name)
                 def _get_callback(self):
                     return getattr(rhodecode.EXTENSIONS, self._hook_name, None)
             pre_pull_extension = ExtensionCallback(
                 hook_name='PRE_PULL_HOOK',
                 kwargs_keys=(
                     'server_url', 'config', 'scm', 'username', 'ip', 'action',
                     'repository', 'hook_type', 'user_agent', 'repo_store_path',))
             post_pull_extension = ExtensionCallback(
                 hook_name='PULL_HOOK',
                 kwargs_keys=(
                     'server_url', 'config', 'scm', 'username', 'ip', 'action',
                     'repository', 'hook_type', 'user_agent', 'repo_store_path',))
             pre_push_extension = ExtensionCallback(
                 hook_name='PRE_PUSH_HOOK',
                 kwargs_keys=(
                     'server_url', 'config', 'scm', 'username', 'ip', 'action',
                     'repository', 'repo_store_path', 'commit_ids', 'hook_type', 'user_agent',))
             post_push_extension = ExtensionCallback(
                 hook_name='PUSH_HOOK',
                 kwargs_keys=(
                     'server_url', 'config', 'scm', 'username', 'ip', 'action',
                     'repository', 'repo_store_path', 'commit_ids', 'hook_type', 'user_agent',))
             pre_create_user = ExtensionCallback(
                 hook_name='PRE_CREATE_USER_HOOK',
                 kwargs_keys=(
                     'username', 'password', 'email', 'firstname', 'lastname', 'active',
                     'admin', 'created_by'))
             create_pull_request = ExtensionCallback(
                 hook_name='CREATE_PULL_REQUEST',
                 kwargs_keys=(
                     'server_url', 'config', 'scm', 'username', 'ip', 'action',
                     'repository', 'pull_request_id', 'url', 'title', 'description',
                     'status', 'created_on', 'updated_on', 'commit_ids', 'review_status',
                     'mergeable', 'source', 'target', 'author', 'reviewers'))
             merge_pull_request = ExtensionCallback(
                 hook_name='MERGE_PULL_REQUEST',
                 kwargs_keys=(
                     'server_url', 'config', 'scm', 'username', 'ip', 'action',
                     'repository', 'pull_request_id', 'url', 'title', 'description',
                     'status', 'created_on', 'updated_on', 'commit_ids', 'review_status',
                     'mergeable', 'source', 'target', 'author', 'reviewers'))
             close_pull_request = ExtensionCallback(
                 hook_name='CLOSE_PULL_REQUEST',
                 kwargs_keys=(
                     'server_url', 'config', 'scm', 'username', 'ip', 'action',
                     'repository', 'pull_request_id', 'url', 'title', 'description',
                     'status', 'created_on', 'updated_on', 'commit_ids', 'review_status',
                     'mergeable', 'source', 'target', 'author', 'reviewers'))
             review_pull_request = ExtensionCallback(
                 hook_name='REVIEW_PULL_REQUEST',
                 kwargs_keys=(
                     'server_url', 'config', 'scm', 'username', 'ip', 'action',
                     'repository', 'pull_request_id', 'url', 'title', 'description',
                     'status', 'created_on', 'updated_on', 'commit_ids', 'review_status',
                     'mergeable', 'source', 'target', 'author', 'reviewers'))
             comment_pull_request = ExtensionCallback(
                 hook_name='COMMENT_PULL_REQUEST',
                 kwargs_keys=(
                     'server_url', 'config', 'scm', 'username', 'ip', 'action',
                     'repository', 'pull_request_id', 'url', 'title', 'description',
                     'status', 'comment', 'created_on', 'updated_on', 'commit_ids', 'review_status',
                     'mergeable', 'source', 'target', 'author', 'reviewers'))
             comment_edit_pull_request = ExtensionCallback(
                 hook_name='COMMENT_EDIT_PULL_REQUEST',
                 kwargs_keys=(
                     'server_url', 'config', 'scm', 'username', 'ip', 'action',
                     'repository', 'pull_request_id', 'url', 'title', 'description',
                     'status', 'comment', 'created_on', 'updated_on', 'commit_ids', 'review_status',
                     'mergeable', 'source', 'target', 'author', 'reviewers'))
             update_pull_request = ExtensionCallback(
                 hook_name='UPDATE_PULL_REQUEST',
                 kwargs_keys=(
                     'server_url', 'config', 'scm', 'username', 'ip', 'action',
                     'repository', 'pull_request_id', 'url', 'title', 'description',
                     'status', 'created_on', 'updated_on', 'commit_ids', 'review_status',
                     'mergeable', 'source', 'target', 'author', 'reviewers'))
             create_user = ExtensionCallback(
                 hook_name='CREATE_USER_HOOK',
                 kwargs_keys=(
                     'username', 'full_name_or_username', 'full_contact', 'user_id',
                     'name', 'firstname', 'short_contact', 'admin', 'lastname',
                     'ip_addresses', 'extern_type', 'extern_name',
                     'email', 'api_keys', 'last_login',
                     'full_name', 'active', 'password', 'emails',
                     'inherit_default_permissions', 'created_by', 'created_on'))
             delete_user = ExtensionCallback(
                 hook_name='DELETE_USER_HOOK',
                 kwargs_keys=(
                     'username', 'full_name_or_username', 'full_contact', 'user_id',
                     'name', 'firstname', 'short_contact', 'admin', 'lastname',
                     'ip_addresses',
                     'email', 'last_login',
                     'full_name', 'active', 'password', 'emails',
                     'inherit_default_permissions', 'deleted_by'))
             create_repository = ExtensionCallback(
                 hook_name='CREATE_REPO_HOOK',
                 kwargs_keys=(
                     'repo_name', 'repo_type', 'description', 'private', 'created_on',
                     'enable_downloads', 'repo_id', 'user_id', 'enable_statistics',
                     'clone_uri', 'fork_id', 'group_id', 'created_by'))
             delete_repository = ExtensionCallback(
                 hook_name='DELETE_REPO_HOOK',
                 kwargs_keys=(
                     'repo_name', 'repo_type', 'description', 'private', 'created_on',
                     'enable_downloads', 'repo_id', 'user_id', 'enable_statistics',
                     'clone_uri', 'fork_id', 'group_id', 'deleted_by', 'deleted_on'))
             comment_commit_repository = ExtensionCallback(
                 hook_name='COMMENT_COMMIT_REPO_HOOK',
                 kwargs_keys=(
                     'repo_name', 'repo_type', 'description', 'private', 'created_on',
                     'enable_downloads', 'repo_id', 'user_id', 'enable_statistics',
                     'clone_uri', 'fork_id', 'group_id',
                     'repository', 'created_by', 'comment', 'commit'))
             comment_edit_commit_repository = ExtensionCallback(
                 hook_name='COMMENT_EDIT_COMMIT_REPO_HOOK',
                 kwargs_keys=(
                     'repo_name', 'repo_type', 'description', 'private', 'created_on',
                     'enable_downloads', 'repo_id', 'user_id', 'enable_statistics',
                     'clone_uri', 'fork_id', 'group_id',
                     'repository', 'created_by', 'comment', 'commit'))
             create_repository_group = ExtensionCallback(
                 hook_name='CREATE_REPO_GROUP_HOOK',
                 kwargs_keys=(
                     'group_name', 'group_parent_id', 'group_description',
                     'group_id', 'user_id', 'created_by', 'created_on',
                     'enable_locking'))

rhodecode/lib/middleware/simplevcs.py

0 +1 -1

             # Copyright (C) 2014-2023 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             SimpleVCS middleware for handling protocol request (push/clone etc.)
             It's implemented with basic auth function
             """
             import os
             import re
             import logging
             import importlib
             from functools import wraps
             import time
             from paste.httpheaders import REMOTE_USER, AUTH_TYPE
             from pyramid.httpexceptions import (
                 HTTPNotFound, HTTPForbidden, HTTPNotAcceptable, HTTPInternalServerError)
             from zope.cachedescriptors.property import Lazy as LazyProperty
             import rhodecode
             from rhodecode.authentication.base import authenticate, VCS_TYPE, loadplugin
             from rhodecode.lib import rc_cache
             from rhodecode.lib.svn_txn_utils import store_txn_id_data
             from rhodecode.lib.auth import AuthUser, HasPermissionAnyMiddleware
             from rhodecode.lib.base import (
                 BasicAuth, get_ip_addr, get_user_agent, vcs_operation_context)
             from rhodecode.lib.exceptions import (UserCreationError, NotAllowedToCreateUserError)
             from rhodecode.lib.hook_daemon.base import prepare_callback_daemon
             from rhodecode.lib.middleware import appenlight
             from rhodecode.lib.middleware.utils import scm_app_http
             from rhodecode.lib.str_utils import safe_bytes, safe_int
             from rhodecode.lib.utils import is_valid_repo, SLUG_RE
             from rhodecode.lib.utils2 import safe_str, fix_PATH, str2bool
             from rhodecode.lib.vcs.conf import settings as vcs_settings
             from rhodecode.lib.vcs.backends import base
             from rhodecode.model import meta
             from rhodecode.model.db import User, Repository, PullRequest
             from rhodecode.model.scm import ScmModel
             from rhodecode.model.pull_request import PullRequestModel
             from rhodecode.model.settings import SettingsModel, VcsSettingsModel
             log = logging.getLogger(__name__)
             def initialize_generator(factory):
                 """
                 Initializes the returned generator by draining its first element.
                 This can be used to give a generator an initializer, which is the code
                 up to the first yield statement. This decorator enforces that the first
                 produced element has the value ``"__init__"`` to make its special
                 purpose very explicit in the using code.
                 """
                 @wraps(factory)
                 def wrapper(*args, **kwargs):
                     gen = factory(*args, **kwargs)
                     try:
                         init = next(gen)
                     except StopIteration:
                         raise ValueError('Generator must yield at least one element.')
                     if init != "__init__":
                         raise ValueError('First yielded element must be "__init__".')
                     return gen
                 return wrapper
             class SimpleVCS(object):
                 """Common functionality for SCM HTTP handlers."""
                 SCM = 'unknown'
                 acl_repo_name = None
                 url_repo_name = None
                 vcs_repo_name = None
                 rc_extras = {}
                 # We have to handle requests to shadow repositories different than requests
                 # to normal repositories. Therefore we have to distinguish them. To do this
                 # we use this regex which will match only on URLs pointing to shadow
                 # repositories.
                 shadow_repo_re = re.compile(
                     '(?P<groups>(?:{slug_pat}/)*)'   # repo groups
                     '(?P<target>{slug_pat})/'        # target repo
                     'pull-request/(?P<pr_id>\\d+)/'  # pull request
                     'repository$'                    # shadow repo
                     .format(slug_pat=SLUG_RE.pattern))
                 def __init__(self, config, registry):
                     self.registry = registry
                     self.config = config
                     # re-populated by specialized middleware
                     self.repo_vcs_config = base.Config()
                     rc_settings = SettingsModel().get_all_settings(cache=True, from_request=False)
                     realm = rc_settings.get('rhodecode_realm') or 'RhodeCode AUTH'
                     # authenticate this VCS request using authfunc
                     auth_ret_code_detection = \
                         str2bool(self.config.get('auth_ret_code_detection', False))
                     self.authenticate = BasicAuth(
                         '', authenticate, registry, config.get('auth_ret_code'),
                         auth_ret_code_detection, rc_realm=realm)
                     self.ip_addr = '0.0.0.0'
                 @LazyProperty
                 def global_vcs_config(self):
                     try:
                         return VcsSettingsModel().get_ui_settings_as_config_obj()
                     except Exception:
                         return base.Config()
                 @property
                 def base_path(self):
                     settings_path = self.config.get('repo_store.path')
                     if not settings_path:
                         raise ValueError('FATAL: repo_store.path is empty')
                     return settings_path
                 def set_repo_names(self, environ):
                     """
                     This will populate the attributes acl_repo_name, url_repo_name,
                     vcs_repo_name and is_shadow_repo. In case of requests to normal (non
                     shadow) repositories all names are equal. In case of requests to a
                     shadow repository the acl-name points to the target repo of the pull
                     request and the vcs-name points to the shadow repo file system path.
                     The url-name is always the URL used by the vcs client program.
                     Example in case of a shadow repo:
                         acl_repo_name = RepoGroup/MyRepo
                         url_repo_name = RepoGroup/MyRepo/pull-request/3/repository
                         vcs_repo_name = /repo/base/path/RepoGroup/.__shadow_MyRepo_pr-3'
                     """
                     # First we set the repo name from URL for all attributes. This is the
                     # default if handling normal (non shadow) repo requests.
                     self.url_repo_name = self._get_repository_name(environ)
                     self.acl_repo_name = self.vcs_repo_name = self.url_repo_name
                     self.is_shadow_repo = False
                     # Check if this is a request to a shadow repository.
                     match = self.shadow_repo_re.match(self.url_repo_name)
                     if match:
                         match_dict = match.groupdict()
                         # Build acl repo name from regex match.
                         acl_repo_name = safe_str('{groups}{target}'.format(
                             groups=match_dict['groups'] or '',
                             target=match_dict['target']))
                         # Retrieve pull request instance by ID from regex match.
                         pull_request = PullRequest.get(match_dict['pr_id'])
                         # Only proceed if we got a pull request and if acl repo name from
                         # URL equals the target repo name of the pull request.
                         if pull_request and (acl_repo_name == pull_request.target_repo.repo_name):
                             # Get file system path to shadow repository.
                             workspace_id = PullRequestModel()._workspace_id(pull_request)
                             vcs_repo_name = pull_request.target_repo.get_shadow_repository_path(workspace_id)
                             # Store names for later usage.
                             self.vcs_repo_name = vcs_repo_name
                             self.acl_repo_name = acl_repo_name
                             self.is_shadow_repo = True
                     log.debug('Setting all VCS repository names: %s', {
                         'acl_repo_name': self.acl_repo_name,
                         'url_repo_name': self.url_repo_name,
                         'vcs_repo_name': self.vcs_repo_name,
                     })
                 @property
                 def scm_app(self):
                     custom_implementation = self.config['vcs.scm_app_implementation']
                     if custom_implementation == 'http':
                         log.debug('Using HTTP implementation of scm app.')
                         scm_app_impl = scm_app_http
                     else:
                         log.debug('Using custom implementation of scm_app: "{}"'.format(
                             custom_implementation))
                         scm_app_impl = importlib.import_module(custom_implementation)
                     return scm_app_impl
                 def _get_by_id(self, repo_name):
                     """
                     Gets a special pattern _<ID> from clone url and tries to replace it
                     with a repository_name for support of _<ID> non changeable urls
                     """
                     data = repo_name.split('/')
                     if len(data) >= 2:
                         from rhodecode.model.repo import RepoModel
                         by_id_match = RepoModel().get_repo_by_id(repo_name)
                         if by_id_match:
                             data[1] = by_id_match.repo_name
                     # Because PEP-3333-WSGI uses bytes-tunneled-in-latin-1 as PATH_INFO
                     # and we use this data
                     maybe_new_path = '/'.join(data)
                     return safe_bytes(maybe_new_path).decode('latin1')
                 def _invalidate_cache(self, repo_name):
                     """
                     Set's cache for this repository for invalidation on next access
                     :param repo_name: full repo name, also a cache key
                     """
                     ScmModel().mark_for_invalidation(repo_name)
                 def is_valid_and_existing_repo(self, repo_name, base_path, scm_type):
                     db_repo = Repository.get_by_repo_name(repo_name)
                     if not db_repo:
                         log.debug('Repository `%s` not found inside the database.',
                                   repo_name)
                         return False
                     if db_repo.repo_type != scm_type:
                         log.warning(
                             'Repository `%s` have incorrect scm_type, expected %s got %s',
                             repo_name, db_repo.repo_type, scm_type)
                         return False
                     config = db_repo._config
                     config.set('extensions', 'largefiles', '')
                     return is_valid_repo(
                         repo_name, base_path,
                         explicit_scm=scm_type, expect_scm=scm_type, config=config)
                 def valid_and_active_user(self, user):
                     """
                     Checks if that user is not empty, and if it's actually object it checks
                     if he's active.
                     :param user: user object or None
                     :return: boolean
                     """
                     if user is None:
                         return False
                     elif user.active:
                         return True
                     return False
                 @property
                 def is_shadow_repo_dir(self):
                     return os.path.isdir(self.vcs_repo_name)
                 def _check_permission(self, action, user, auth_user, repo_name, ip_addr=None,
                                       plugin_id='', plugin_cache_active=False, cache_ttl=0):
                     """
                     Checks permissions using action (push/pull) user and repository
                     name. If plugin_cache and ttl is set it will use the plugin which
                     authenticated the user to store the cached permissions result for N
                     amount of seconds as in cache_ttl
                     :param action: push or pull action
                     :param user: user instance
                     :param repo_name: repository name
                     """
                     log.debug('AUTH_CACHE_TTL for permissions `%s` active: %s (TTL: %s)',
                               plugin_id, plugin_cache_active, cache_ttl)
                     user_id = user.user_id
                     cache_namespace_uid = f'cache_user_auth.{rc_cache.PERMISSIONS_CACHE_VER}.{user_id}'
                     region = rc_cache.get_or_create_region('cache_perms', cache_namespace_uid)
                     @region.conditional_cache_on_arguments(namespace=cache_namespace_uid,
                                                            expiration_time=cache_ttl,
                                                            condition=plugin_cache_active)
                     def compute_perm_vcs(
                             cache_name, plugin_id, action, user_id, repo_name, ip_addr):
-                        log.debug('auth: calculating permission access now...')
+                        log.debug('auth: calculating permission access now for vcs operation: %s', action)
                         # check IP
                         inherit = user.inherit_default_permissions
                         ip_allowed = AuthUser.check_ip_allowed(
                             user_id, ip_addr, inherit_from_default=inherit)
                         if ip_allowed:
                             log.info('Access for IP:%s allowed', ip_addr)
                         else:
                             return False
                         if action == 'push':
                             perms = ('repository.write', 'repository.admin')
                             if not HasPermissionAnyMiddleware(*perms)(auth_user, repo_name):
                                 return False
                         else:
                             # any other action need at least read permission
                             perms = (
                                 'repository.read', 'repository.write', 'repository.admin')
                             if not HasPermissionAnyMiddleware(*perms)(auth_user, repo_name):
                                 return False
                         return True
                     start = time.time()
                     log.debug('Running plugin `%s` permissions check', plugin_id)
                     # for environ based auth, password can be empty, but then the validation is
                     # on the server that fills in the env data needed for authentication
                     perm_result = compute_perm_vcs(
                         'vcs_permissions', plugin_id, action, user.user_id, repo_name, ip_addr)
                     auth_time = time.time() - start
                     log.debug('Permissions for plugin `%s` completed in %.4fs, '
                               'expiration time of fetched cache %.1fs.',
                               plugin_id, auth_time, cache_ttl)
                     return perm_result
                 def _get_http_scheme(self, environ):
                     try:
                         return environ['wsgi.url_scheme']
                     except Exception:
                         log.exception('Failed to read http scheme')
                         return 'http'
                 def _get_default_cache_ttl(self):
                     # take AUTH_CACHE_TTL from the `rhodecode` auth plugin
                     plugin = loadplugin('egg:rhodecode-enterprise-ce#rhodecode')
                     plugin_settings = plugin.get_settings()
                     plugin_cache_active, cache_ttl = plugin.get_ttl_cache(
                         plugin_settings) or (False, 0)
                     return plugin_cache_active, cache_ttl
                 def __call__(self, environ, start_response):
                     try:
                         return self._handle_request(environ, start_response)
                     except Exception:
                         log.exception("Exception while handling request")
                         appenlight.track_exception(environ)
                         return HTTPInternalServerError()(environ, start_response)
                     finally:
                         meta.Session.remove()
                 def _handle_request(self, environ, start_response):
                     if not self.url_repo_name:
                         log.warning('Repository name is empty: %s', self.url_repo_name)
                         # failed to get repo name, we fail now
                         return HTTPNotFound()(environ, start_response)
                     log.debug('Extracted repo name is %s', self.url_repo_name)
                     ip_addr = get_ip_addr(environ)
                     user_agent = get_user_agent(environ)
                     username = None
                     # skip passing error to error controller
                     environ['pylons.status_code_redirect'] = True
                     # ======================================================================
                     # GET ACTION PULL or PUSH
                     # ======================================================================
                     action = self._get_action(environ)
                     # ======================================================================
                     # Check if this is a request to a shadow repository of a pull request.
                     # In this case only pull action is allowed.
                     # ======================================================================
                     if self.is_shadow_repo and action != 'pull':
                         reason = 'Only pull action is allowed for shadow repositories.'
                         log.debug('User not allowed to proceed, %s', reason)
                         return HTTPNotAcceptable(reason)(environ, start_response)
                     # Check if the shadow repo actually exists, in case someone refers
                     # to it, and it has been deleted because of successful merge.
                     if self.is_shadow_repo and not self.is_shadow_repo_dir:
                         log.debug(
                             'Shadow repo detected, and shadow repo dir `%s` is missing',
                             self.is_shadow_repo_dir)
                         return HTTPNotFound()(environ, start_response)
                     # ======================================================================
                     # CHECK ANONYMOUS PERMISSION
                     # ======================================================================
                     detect_force_push = False
                     check_branch_perms = False
                     if action in ['pull', 'push']:
                         user_obj = anonymous_user = User.get_default_user()
                         auth_user = user_obj.AuthUser()
                         username = anonymous_user.username
                         if anonymous_user.active:
                             plugin_cache_active, cache_ttl = self._get_default_cache_ttl()
                             # ONLY check permissions if the user is activated
                             anonymous_perm = self._check_permission(
                                 action, anonymous_user, auth_user, self.acl_repo_name, ip_addr,
                                 plugin_id='anonymous_access',
                                 plugin_cache_active=plugin_cache_active,
                                 cache_ttl=cache_ttl,
                             )
                         else:
                             anonymous_perm = False
                         if not anonymous_user.active or not anonymous_perm:
                             if not anonymous_user.active:
                                 log.debug('Anonymous access is disabled, running '
                                           'authentication')
                             if not anonymous_perm:
                                 log.debug('Not enough credentials to access repo: `%s` '
                                           'repository as anonymous user', self.acl_repo_name)
                             username = None
                             # ==============================================================
                             # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
                             # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
                             # ==============================================================
                             # try to auth based on environ, container auth methods
                             log.debug('Running PRE-AUTH for container|headers based authentication')
                             # headers auth, by just reading special headers and bypass the auth with user/passwd
                             pre_auth = authenticate(
                                 '', '', environ, VCS_TYPE, registry=self.registry,
                                 acl_repo_name=self.acl_repo_name)
                             if pre_auth and pre_auth.get('username'):
                                 username = pre_auth['username']
                             log.debug('PRE-AUTH got `%s` as username', username)
                             if pre_auth:
                                 log.debug('PRE-AUTH successful from %s',
                                           pre_auth.get('auth_data', {}).get('_plugin'))
                             # If not authenticated by the container, running basic auth
                             # before inject the calling repo_name for special scope checks
                             self.authenticate.acl_repo_name = self.acl_repo_name
                             plugin_cache_active, cache_ttl = False, 0
                             plugin = None
                             # regular auth chain
                             if not username:
                                 self.authenticate.realm = self.authenticate.get_rc_realm()
                                 try:
                                     auth_result = self.authenticate(environ)
                                 except (UserCreationError, NotAllowedToCreateUserError) as e:
                                     log.error(e)
                                     reason = safe_str(e)
                                     return HTTPNotAcceptable(reason)(environ, start_response)
                                 if isinstance(auth_result, dict):
                                     AUTH_TYPE.update(environ, 'basic')
                                     REMOTE_USER.update(environ, auth_result['username'])
                                     username = auth_result['username']
                                     plugin = auth_result.get('auth_data', {}).get('_plugin')
                                     log.info(
                                         'MAIN-AUTH successful for user `%s` from %s plugin',
                                         username, plugin)
                                     plugin_cache_active, cache_ttl = auth_result.get(
                                         'auth_data', {}).get('_ttl_cache') or (False, 0)
                                 else:
                                     return auth_result.wsgi_application(environ, start_response)
                             # ==============================================================
                             # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME
                             # ==============================================================
                             user = User.get_by_username(username)
                             if not self.valid_and_active_user(user):
                                 return HTTPForbidden()(environ, start_response)
                             username = user.username
                             user_id = user.user_id
                             # check user attributes for password change flag
                             user_obj = user
                             auth_user = user_obj.AuthUser()
                             if user_obj and user_obj.username != User.DEFAULT_USER and \
                                     user_obj.user_data.get('force_password_change'):
                                 reason = 'password change required'
                                 log.debug('User not allowed to authenticate, %s', reason)
                                 return HTTPNotAcceptable(reason)(environ, start_response)
                             # check permissions for this repository
                             perm = self._check_permission(
                                 action, user, auth_user, self.acl_repo_name, ip_addr,
                                 plugin, plugin_cache_active, cache_ttl)
                             if not perm:
                                 return HTTPForbidden()(environ, start_response)
                             environ['rc_auth_user_id'] = str(user_id)
                         if action == 'push':
                             perms = auth_user.get_branch_permissions(self.acl_repo_name)
                             if perms:
                                 check_branch_perms = True
                                 detect_force_push = True
                     # extras are injected into UI object and later available
                     # in hooks executed by RhodeCode
                     check_locking = _should_check_locking(environ.get('QUERY_STRING'))
                     extras = vcs_operation_context(
                         environ, repo_name=self.acl_repo_name, username=username,
                         action=action, scm=self.SCM, check_locking=check_locking,
                         is_shadow_repo=self.is_shadow_repo, check_branch_perms=check_branch_perms,
                         detect_force_push=detect_force_push
                     )
                     # ======================================================================
                     # REQUEST HANDLING
                     # ======================================================================
                     repo_path = os.path.join(
                         safe_str(self.base_path), safe_str(self.vcs_repo_name))
                     log.debug('Repository path is %s', repo_path)
                     fix_PATH()
                     log.info(
                         '%s action on %s repo "%s" by "%s" from %s %s',
                         action, self.SCM, safe_str(self.url_repo_name),
                         safe_str(username), ip_addr, user_agent)
                     return self._generate_vcs_response(
                         environ, start_response, repo_path, extras, action)
                 def _get_txn_id(self, environ):
                     for k in ['RAW_URI', 'HTTP_DESTINATION']:
                         url = environ.get(k)
                         if not url:
                             continue
                         # regex to search for svn-txn-id
                         pattern = r'/!svn/txr/([^/]+)/'
                         # Search for the pattern in the URL
                         match = re.search(pattern, url)
                         # Check if a match is found and extract the captured group
                         if match:
                             txn_id = match.group(1)
                             return txn_id
                 @initialize_generator
                 def _generate_vcs_response(
                         self, environ, start_response, repo_path, extras, action):
                     """
                     Returns a generator for the response content.
                     This method is implemented as a generator, so that it can trigger
                     the cache validation after all content sent back to the client. It
                     also handles the locking exceptions which will be triggered when
                     the first chunk is produced by the underlying WSGI application.
                     """
                     svn_txn_id = ''
                     if action == 'push':
                         svn_txn_id = self._get_txn_id(environ)
                     callback_daemon, extras = self._prepare_callback_daemon(
                         extras, environ, action, txn_id=svn_txn_id)
                     if svn_txn_id:
                         port = safe_int(extras['hooks_uri'].split(':')[-1])
                         txn_id_data = extras.copy()
                         txn_id_data.update({'port': port})
                         txn_id_data.update({'req_method': environ['REQUEST_METHOD']})
                         full_repo_path = repo_path
                         store_txn_id_data(full_repo_path, svn_txn_id, txn_id_data)
                     log.debug('HOOKS extras is %s', extras)
                     http_scheme = self._get_http_scheme(environ)
                     config = self._create_config(extras, self.acl_repo_name, scheme=http_scheme)
                     app = self._create_wsgi_app(repo_path, self.url_repo_name, config)
                     with callback_daemon:
                         app.rc_extras = extras
                         try:
                             response = app(environ, start_response)
                         finally:
                             # This statement works together with the decorator
                             # "initialize_generator" above. The decorator ensures that
                             # we hit the first yield statement before the generator is
                             # returned back to the WSGI server. This is needed to
                             # ensure that the call to "app" above triggers the
                             # needed callback to "start_response" before the
                             # generator is actually used.
                             yield "__init__"
                         # iter content
                         for chunk in response:
                             yield chunk
                         try:
                             # invalidate cache on push
                             if action == 'push':
                                 self._invalidate_cache(self.url_repo_name)
                         finally:
                             meta.Session.remove()
                 def _get_repository_name(self, environ):
                     """Get repository name out of the environmnent
                     :param environ: WSGI environment
                     """
                     raise NotImplementedError()
                 def _get_action(self, environ):
                     """Map request commands into a pull or push command.
                     :param environ: WSGI environment
                     """
                     raise NotImplementedError()
                 def _create_wsgi_app(self, repo_path, repo_name, config):
                     """Return the WSGI app that will finally handle the request."""
                     raise NotImplementedError()
                 def _create_config(self, extras, repo_name, scheme='http'):
                     """Create a safe config representation."""
                     raise NotImplementedError()
                 def _should_use_callback_daemon(self, extras, environ, action):
                     if extras.get('is_shadow_repo'):
                         # we don't want to execute hooks, and callback daemon for shadow repos
                         return False
                     return True
                 def _prepare_callback_daemon(self, extras, environ, action, txn_id=None):
                     protocol = vcs_settings.HOOKS_PROTOCOL
                     if not self._should_use_callback_daemon(extras, environ, action):
                         # disable callback daemon for actions that don't require it
                         protocol = 'local'
                     return prepare_callback_daemon(
                         extras, protocol=protocol,
                         host=vcs_settings.HOOKS_HOST, txn_id=txn_id)
             def _should_check_locking(query_string):
                 # this is kind of hacky, but due to how mercurial handles client-server
                 # server see all operation on commit; bookmarks, phases and
                 # obsolescence marker in different transaction, we don't want to check
                 # locking on those
                 return query_string not in ['cmd=listkeys']

rhodecode/lib/utils.py

0 +30 -1

             # Copyright (C) 2010-2023 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             Utilities library for RhodeCode
             """
             import datetime
             import decorator
             import logging
             import os
             import re
             import sys
             import shutil
             import socket
             import tempfile
             import traceback
             import tarfile
             from functools import wraps
             from os.path import join as jn
             import paste
             import pkg_resources
             from webhelpers2.text import collapse, strip_tags, convert_accented_entities, convert_misc_entities
             from mako import exceptions
             from rhodecode import ConfigGet
+            from rhodecode.lib.exceptions import HTTPBranchProtected, HTTPLockedRC
             from rhodecode.lib.hash_utils import sha256_safe, md5, sha1
             from rhodecode.lib.type_utils import AttributeDict
             from rhodecode.lib.str_utils import safe_bytes, safe_str
             from rhodecode.lib.vcs.backends.base import Config
             from rhodecode.lib.vcs.exceptions import VCSError
             from rhodecode.lib.vcs.utils.helpers import get_scm, get_scm_backend
             from rhodecode.lib.ext_json import sjson as json
             from rhodecode.model import meta
             from rhodecode.model.db import (
                 Repository, User, RhodeCodeUi, UserLog, RepoGroup, UserGroup)
             from rhodecode.model.meta import Session
             log = logging.getLogger(__name__)
             REMOVED_REPO_PAT = re.compile(r'rm__\d{8}_\d{6}_\d{6}__.*')
             # String which contains characters that are not allowed in slug names for
             # repositories or repository groups. It is properly escaped to use it in
             # regular expressions.
             SLUG_BAD_CHARS = re.escape(r'`?=[]\;\'"<>,/~!@#$%^&*()+{}|:')
             # Regex that matches forbidden characters in repo/group slugs.
             SLUG_BAD_CHAR_RE = re.compile(r'[{}\x00-\x08\x0b-\x0c\x0e-\x1f]'.format(SLUG_BAD_CHARS))
             # Regex that matches allowed characters in repo/group slugs.
             SLUG_GOOD_CHAR_RE = re.compile(r'[^{}]'.format(SLUG_BAD_CHARS))
             # Regex that matches whole repo/group slugs.
             SLUG_RE = re.compile(r'[^{}]+'.format(SLUG_BAD_CHARS))
             _license_cache = None
             def adopt_for_celery(func):
                 """
                 Decorator designed to adopt hooks (from rhodecode.lib.hooks_base)
                 for further usage as a celery tasks.
                 """
                 @wraps(func)
                 def wrapper(extras):
                     extras = AttributeDict(extras)
                     try:
                         # HooksResponse implements to_json method which must be used there.
                         return func(extras).to_json()
+                    except HTTPBranchProtected as error:
+                        # Those special cases don't need error reporting. It's a case of
+                        # locked repo or protected branch
+                        error_args = error.args
+                        return {
+                            'status': error.code,
+                            'output': error.explanation,
+                            'exception': type(error).__name__,
+                            'exception_args': error_args,
+                            'exception_traceback': '',
+                        }
+                    except HTTPLockedRC as error:
+                        # Those special cases don't need error reporting. It's a case of
+                        # locked repo or protected branch
+                        error_args = error.args
+                        return {
+                            'status': error.code,
+                            'output': error.explanation,
+                            'exception': type(error).__name__,
+                            'exception_args': error_args,
+                            'exception_traceback': '',
+                        }
                     except Exception as e:
-                        return {'status': 128, 'exception': type(e).__name__, 'exception_args': e.args}
+                        return {
+                            'status': 128,
+                            'output': '',
+                            'exception': type(e).__name__,
+                            'exception_args': e.args,
+                            'exception_traceback': '',
+                        }
                 return wrapper
             def repo_name_slug(value):
                 """
                 Return slug of name of repository
                 This function is called on each creation/modification
                 of repository to prevent bad names in repo
                 """
                 replacement_char = '-'
                 slug = strip_tags(value)
                 slug = convert_accented_entities(slug)
                 slug = convert_misc_entities(slug)
                 slug = SLUG_BAD_CHAR_RE.sub('', slug)
                 slug = re.sub(r'[\s]+', '-', slug)
                 slug = collapse(slug, replacement_char)
                 return slug
             #==============================================================================
             # PERM DECORATOR HELPERS FOR EXTRACTING NAMES FOR PERM CHECKS
             #==============================================================================
             def get_repo_slug(request):
                 _repo = ''
                 if hasattr(request, 'db_repo_name'):
                     # if our requests has set db reference use it for name, this
                     # translates the example.com/_<id> into proper repo names
                     _repo = request.db_repo_name
                 elif getattr(request, 'matchdict', None):
                     # pyramid
                     _repo = request.matchdict.get('repo_name')
                 if _repo:
                     _repo = _repo.rstrip('/')
                 return _repo
             def get_repo_group_slug(request):
                 _group = ''
                 if hasattr(request, 'db_repo_group'):
                     # if our requests has set db reference use it for name, this
                     # translates the example.com/_<id> into proper repo group names
                     _group = request.db_repo_group.group_name
                 elif getattr(request, 'matchdict', None):
                     # pyramid
                     _group = request.matchdict.get('repo_group_name')
                 if _group:
                     _group = _group.rstrip('/')
                 return _group
             def get_user_group_slug(request):
                 _user_group = ''
                 if hasattr(request, 'db_user_group'):
                     _user_group = request.db_user_group.users_group_name
                 elif getattr(request, 'matchdict', None):
                     # pyramid
                     _user_group = request.matchdict.get('user_group_id')
                     _user_group_name = request.matchdict.get('user_group_name')
                     try:
                         if _user_group:
                             _user_group = UserGroup.get(_user_group)
                         elif _user_group_name:
                             _user_group = UserGroup.get_by_group_name(_user_group_name)
                         if _user_group:
                             _user_group = _user_group.users_group_name
                     except Exception:
                         log.exception('Failed to get user group by id and name')
                         # catch all failures here
                         return None
                 return _user_group
             def get_filesystem_repos(path, recursive=False, skip_removed_repos=True):
                 """
                 Scans given path for repos and return (name,(type,path)) tuple
                 :param path: path to scan for repositories
                 :param recursive: recursive search and return names with subdirs in front
                 """
                 # remove ending slash for better results
                 path = path.rstrip(os.sep)
                 log.debug('now scanning in %s location recursive:%s...', path, recursive)
                 def _get_repos(p):
                     dirpaths = get_dirpaths(p)
                     if not _is_dir_writable(p):
                         log.warning('repo path without write access: %s', p)
                     for dirpath in dirpaths:
                         if os.path.isfile(os.path.join(p, dirpath)):
                             continue
                         cur_path = os.path.join(p, dirpath)
                         # skip removed repos
                         if skip_removed_repos and REMOVED_REPO_PAT.match(dirpath):
                             continue
                         #skip .<somethin> dirs
                         if dirpath.startswith('.'):
                             continue
                         try:
                             scm_info = get_scm(cur_path)
                             yield scm_info[1].split(path, 1)[-1].lstrip(os.sep), scm_info
                         except VCSError:
                             if not recursive:
                                 continue
                             #check if this dir containts other repos for recursive scan
                             rec_path = os.path.join(p, dirpath)
                             if os.path.isdir(rec_path):
                                 yield from _get_repos(rec_path)
                 return _get_repos(path)
             def get_dirpaths(p: str) -> list:
                 try:
                     # OS-independable way of checking if we have at least read-only
                     # access or not.
                     dirpaths = os.listdir(p)
                 except OSError:
                     log.warning('ignoring repo path without read access: %s', p)
                     return []
                 # os.listpath has a tweak: If a unicode is passed into it, then it tries to
                 # decode paths and suddenly returns unicode objects itself. The items it
                 # cannot decode are returned as strings and cause issues.
                 #
                 # Those paths are ignored here until a solid solution for path handling has
                 # been built.
                 expected_type = type(p)
                 def _has_correct_type(item):
                     if type(item) is not expected_type:
                         log.error(
                             "Ignoring path %s since it cannot be decoded into str.",
                             # Using "repr" to make sure that we see the byte value in case
                             # of support.
                             repr(item))
                         return False
                     return True
                 dirpaths = [item for item in dirpaths if _has_correct_type(item)]
                 return dirpaths
             def _is_dir_writable(path):
                 """
                 Probe if `path` is writable.
                 Due to trouble on Cygwin / Windows, this is actually probing if it is
                 possible to create a file inside of `path`, stat does not produce reliable
                 results in this case.
                 """
                 try:
                     with tempfile.TemporaryFile(dir=path):
                         pass
                 except OSError:
                     return False
                 return True
             def is_valid_repo(repo_name, base_path, expect_scm=None, explicit_scm=None, config=None):
                 """
                 Returns True if given path is a valid repository False otherwise.
                 If expect_scm param is given also, compare if given scm is the same
                 as expected from scm parameter. If explicit_scm is given don't try to
                 detect the scm, just use the given one to check if repo is valid
                 :param repo_name:
                 :param base_path:
                 :param expect_scm:
                 :param explicit_scm:
                 :param config:
                 :return True: if given path is a valid repository
                 """
                 full_path = os.path.join(safe_str(base_path), safe_str(repo_name))
                 log.debug('Checking if `%s` is a valid path for repository. '
                           'Explicit type: %s', repo_name, explicit_scm)
                 try:
                     if explicit_scm:
                         detected_scms = [get_scm_backend(explicit_scm)(
                             full_path, config=config).alias]
                     else:
                         detected_scms = get_scm(full_path)
                     if expect_scm:
                         return detected_scms[0] == expect_scm
                     log.debug('path: %s is an vcs object:%s', full_path, detected_scms)
                     return True
                 except VCSError:
                     log.debug('path: %s is not a valid repo !', full_path)
                     return False
             def is_valid_repo_group(repo_group_name, base_path, skip_path_check=False):
                 """
                 Returns True if a given path is a repository group, False otherwise
                 :param repo_group_name:
                 :param base_path:
                 """
                 full_path = os.path.join(safe_str(base_path), safe_str(repo_group_name))
                 log.debug('Checking if `%s` is a valid path for repository group',
                           repo_group_name)
                 # check if it's not a repo
                 if is_valid_repo(repo_group_name, base_path):
                     log.debug('Repo called %s exist, it is not a valid repo group', repo_group_name)
                     return False
                 try:
                     # we need to check bare git repos at higher level
                     # since we might match branches/hooks/info/objects or possible
                     # other things inside bare git repo
                     maybe_repo = os.path.dirname(full_path)
                     if maybe_repo == base_path:
                         # skip root level repo check; we know root location CANNOT BE a repo group
                         return False
                     scm_ = get_scm(maybe_repo)
                     log.debug('path: %s is a vcs object:%s, not valid repo group', full_path, scm_)
                     return False
                 except VCSError:
                     pass
                 # check if it's a valid path
                 if skip_path_check or os.path.isdir(full_path):
                     log.debug('path: %s is a valid repo group !', full_path)
                     return True
                 log.debug('path: %s is not a valid repo group !', full_path)
                 return False
             def ask_ok(prompt, retries=4, complaint='[y]es or [n]o please!'):
                 while True:
                     ok = input(prompt)
                     if ok.lower() in ('y', 'ye', 'yes'):
                         return True
                     if ok.lower() in ('n', 'no', 'nop', 'nope'):
                         return False
                     retries = retries - 1
                     if retries < 0:
                         raise OSError
                     print(complaint)
             # propagated from mercurial documentation
             ui_sections = [
                 'alias', 'auth',
                 'decode/encode', 'defaults',
                 'diff', 'email',
                 'extensions', 'format',
                 'merge-patterns', 'merge-tools',
                 'hooks', 'http_proxy',
                 'smtp', 'patch',
                 'paths', 'profiling',
                 'server', 'trusted',
                 'ui', 'web', ]
             def prepare_config_data(clear_session=True, repo=None):
                 """
                 Read the configuration data from the database, *.ini files and return configuration
                 tuples.
                 """
                 from rhodecode.model.settings import VcsSettingsModel
                 sa = meta.Session()
                 settings_model = VcsSettingsModel(repo=repo, sa=sa)
                 ui_settings = settings_model.get_ui_settings()
                 ui_data = []
                 config = [
                     ('web', 'push_ssl', 'false'),
                 ]
                 for setting in ui_settings:
                     # Todo: remove this section once transition to *.ini files will be completed
                     if setting.section in ('largefiles', 'vcs_git_lfs'):
                         if setting.key != 'enabled':
                             continue
                     if setting.active:
                         ui_data.append((setting.section, setting.key, setting.value))
                         config.append((
                             safe_str(setting.section), safe_str(setting.key),
                             safe_str(setting.value)))
                     if setting.key == 'push_ssl':
                         # force set push_ssl requirement to False this is deprecated, and we must force it to False
                         config.append((
                             safe_str(setting.section), safe_str(setting.key), False))
                 config_getter = ConfigGet()
                 config.append(('vcs_git_lfs', 'store_location', config_getter.get_str('vcs.git.lfs.storage_location')))
                 config.append(('largefiles', 'usercache', config_getter.get_str('vcs.hg.largefiles.storage_location')))
                 log.debug(
                     'settings ui from db@repo[%s]: %s',
                     repo,
                     ','.join(['[{}] {}={}'.format(*s) for s in ui_data]))
                 if clear_session:
                     meta.Session.remove()
                 # TODO: mikhail: probably it makes no sense to re-read hooks information.
                 # It's already there and activated/deactivated
                 skip_entries = []
                 enabled_hook_classes = get_enabled_hook_classes(ui_settings)
                 if 'pull' not in enabled_hook_classes:
                     skip_entries.append(('hooks', RhodeCodeUi.HOOK_PRE_PULL))
                 if 'push' not in enabled_hook_classes:
                     skip_entries.append(('hooks', RhodeCodeUi.HOOK_PRE_PUSH))
                     skip_entries.append(('hooks', RhodeCodeUi.HOOK_PRETX_PUSH))
                     skip_entries.append(('hooks', RhodeCodeUi.HOOK_PUSH_KEY))
                 config = [entry for entry in config if entry[:2] not in skip_entries]
                 return config
             def make_db_config(clear_session=True, repo=None):
                 """
                 Create a :class:`Config` instance based on the values in the database.
                 """
                 config = Config()
                 config_data = prepare_config_data(clear_session=clear_session, repo=repo)
                 for section, option, value in config_data:
                     config.set(section, option, value)
                 return config
             def get_enabled_hook_classes(ui_settings):
                 """
                 Return the enabled hook classes.
                 :param ui_settings: List of ui_settings as returned
                     by :meth:`VcsSettingsModel.get_ui_settings`
                 :return: a list with the enabled hook classes. The order is not guaranteed.
                 :rtype: list
                 """
                 enabled_hooks = []
                 active_hook_keys = [
                     key for section, key, value, active in ui_settings
                     if section == 'hooks' and active]
                 hook_names = {
                     RhodeCodeUi.HOOK_PUSH: 'push',
                     RhodeCodeUi.HOOK_PULL: 'pull',
                     RhodeCodeUi.HOOK_REPO_SIZE: 'repo_size'
                 }
                 for key in active_hook_keys:
                     hook = hook_names.get(key)
                     if hook:
                         enabled_hooks.append(hook)
                 return enabled_hooks
             def set_rhodecode_config(config):
                 """
                 Updates pyramid config with new settings from database
                 :param config:
                 """
                 from rhodecode.model.settings import SettingsModel
                 app_settings = SettingsModel().get_all_settings()
                 for k, v in list(app_settings.items()):
                     config[k] = v
             def get_rhodecode_realm():
                 """
                 Return the rhodecode realm from database.
                 """
                 from rhodecode.model.settings import SettingsModel
                 realm = SettingsModel().get_setting_by_name('realm')
                 return safe_str(realm.app_settings_value)
             def get_rhodecode_repo_store_path():
                 """
                 Returns the base path. The base path is the filesystem path which points
                 to the repository store.
                 """
                 import rhodecode
                 return rhodecode.CONFIG['repo_store.path']
             def map_groups(path):
                 """
                 Given a full path to a repository, create all nested groups that this
                 repo is inside. This function creates parent-child relationships between
                 groups and creates default perms for all new groups.
                 :param paths: full path to repository
                 """
                 from rhodecode.model.repo_group import RepoGroupModel
                 sa = meta.Session()
                 groups = path.split(Repository.NAME_SEP)
                 parent = None
                 group = None
                 # last element is repo in nested groups structure
                 groups = groups[:-1]
                 rgm = RepoGroupModel(sa)
                 owner = User.get_first_super_admin()
                 for lvl, group_name in enumerate(groups):
                     group_name = '/'.join(groups[:lvl] + [group_name])
                     group = RepoGroup.get_by_group_name(group_name)
                     desc = '%s group' % group_name
                     # skip folders that are now removed repos
                     if REMOVED_REPO_PAT.match(group_name):
                         break
                     if group is None:
                         log.debug('creating group level: %s group_name: %s',
                                    lvl, group_name)
                         group = RepoGroup(group_name, parent)
                         group.group_description = desc
                         group.user = owner
                         sa.add(group)
                         perm_obj = rgm._create_default_perms(group)
                         sa.add(perm_obj)
                         sa.flush()
                     parent = group
                 return group
             def repo2db_mapper(initial_repo_list, remove_obsolete=False, force_hooks_rebuild=False):
                 """
                 maps all repos given in initial_repo_list, non existing repositories
                 are created, if remove_obsolete is True it also checks for db entries
                 that are not in initial_repo_list and removes them.
                 :param initial_repo_list: list of repositories found by scanning methods
                 :param remove_obsolete: check for obsolete entries in database
                 """
                 from rhodecode.model.repo import RepoModel
                 from rhodecode.model.repo_group import RepoGroupModel
                 from rhodecode.model.settings import SettingsModel
                 sa = meta.Session()
                 repo_model = RepoModel()
                 user = User.get_first_super_admin()
                 added = []
                 # creation defaults
                 defs = SettingsModel().get_default_repo_settings(strip_prefix=True)
                 enable_statistics = defs.get('repo_enable_statistics')
                 enable_locking = defs.get('repo_enable_locking')
                 enable_downloads = defs.get('repo_enable_downloads')
                 private = defs.get('repo_private')
                 for name, repo in list(initial_repo_list.items()):
                     group = map_groups(name)
                     str_name = safe_str(name)
                     db_repo = repo_model.get_by_repo_name(str_name)
                     # found repo that is on filesystem not in RhodeCode database
                     if not db_repo:
                         log.info('repository `%s` not found in the database, creating now', name)
                         added.append(name)
                         desc = (repo.description
                                 if repo.description != 'unknown'
                                 else '%s repository' % name)
                         db_repo = repo_model._create_repo(
                             repo_name=name,
                             repo_type=repo.alias,
                             description=desc,
                             repo_group=getattr(group, 'group_id', None),
                             owner=user,
                             enable_locking=enable_locking,
                             enable_downloads=enable_downloads,
                             enable_statistics=enable_statistics,
                             private=private,
                             state=Repository.STATE_CREATED
                         )
                         sa.commit()
                         # we added that repo just now, and make sure we updated server info
                         if db_repo.repo_type == 'git':
                             git_repo = db_repo.scm_instance()
                             # update repository server-info
                             log.debug('Running update server info')
                             git_repo._update_server_info(force=True)
                         db_repo.update_commit_cache(recursive=False)
                     config = db_repo._config
                     config.set('extensions', 'largefiles', '')
                     repo = db_repo.scm_instance(config=config)
                     repo.install_hooks(force=force_hooks_rebuild)
                 removed = []
                 if remove_obsolete:
                     # remove from database those repositories that are not in the filesystem
                     for repo in sa.query(Repository).all():
                         if repo.repo_name not in list(initial_repo_list.keys()):
                             log.debug("Removing non-existing repository found in db `%s`",
                                       repo.repo_name)
                             try:
                                 RepoModel(sa).delete(repo, forks='detach', fs_remove=False)
                                 sa.commit()
                                 removed.append(repo.repo_name)
                             except Exception:
                                 # don't hold further removals on error
                                 log.error(traceback.format_exc())
                                 sa.rollback()
                     def splitter(full_repo_name):
                         _parts = full_repo_name.rsplit(RepoGroup.url_sep(), 1)
                         gr_name = None
                         if len(_parts) == 2:
                             gr_name = _parts[0]
                         return gr_name
                     initial_repo_group_list = [splitter(x) for x in
                                                list(initial_repo_list.keys()) if splitter(x)]
                     # remove from database those repository groups that are not in the
                     # filesystem due to parent child relationships we need to delete them
                     # in a specific order of most nested first
                     all_groups = [x.group_name for x in sa.query(RepoGroup).all()]
                     def nested_sort(gr):
                         return len(gr.split('/'))
                     for group_name in sorted(all_groups, key=nested_sort, reverse=True):
                         if group_name not in initial_repo_group_list:
                             repo_group = RepoGroup.get_by_group_name(group_name)
                             if (repo_group.children.all() or
                                 not RepoGroupModel().check_exist_filesystem(
                                     group_name=group_name, exc_on_failure=False)):
                                 continue
                             log.info(
                                 'Removing non-existing repository group found in db `%s`',
                                 group_name)
                             try:
                                 RepoGroupModel(sa).delete(group_name, fs_remove=False)
                                 sa.commit()
                                 removed.append(group_name)
                             except Exception:
                                 # don't hold further removals on error
                                 log.exception(
                                     'Unable to remove repository group `%s`',
                                     group_name)
                                 sa.rollback()
                                 raise
                 return added, removed
             def load_rcextensions(root_path):
                 import rhodecode
                 from rhodecode.config import conf
                 path = os.path.join(root_path)
                 sys.path.append(path)
                 try:
                     rcextensions = __import__('rcextensions')
                 except ImportError:
                     if os.path.isdir(os.path.join(path, 'rcextensions')):
                         log.warning('Unable to load rcextensions from %s', path)
                     rcextensions = None
                 if rcextensions:
                     log.info('Loaded rcextensions from %s...', rcextensions)
                     rhodecode.EXTENSIONS = rcextensions
                     # Additional mappings that are not present in the pygments lexers
                     conf.LANGUAGES_EXTENSIONS_MAP.update(
                         getattr(rhodecode.EXTENSIONS, 'EXTRA_MAPPINGS', {}))
             def get_custom_lexer(extension):
                 """
                 returns a custom lexer if it is defined in rcextensions module, or None
                 if there's no custom lexer defined
                 """
                 import rhodecode
                 from pygments import lexers
                 # custom override made by RhodeCode
                 if extension in ['mako']:
                     return lexers.get_lexer_by_name('html+mako')
                 # check if we didn't define this extension as other lexer
                 extensions = rhodecode.EXTENSIONS and getattr(rhodecode.EXTENSIONS, 'EXTRA_LEXERS', None)
                 if extensions and extension in rhodecode.EXTENSIONS.EXTRA_LEXERS:
                     _lexer_name = rhodecode.EXTENSIONS.EXTRA_LEXERS[extension]
                     return lexers.get_lexer_by_name(_lexer_name)
             #==============================================================================
             # TEST FUNCTIONS AND CREATORS
             #==============================================================================
             def create_test_index(repo_location, config):
                 """
                 Makes default test index.
                 """
                 try:
                     import rc_testdata
                 except ImportError:
                     raise ImportError('Failed to import rc_testdata, '
                                       'please make sure this package is installed from requirements_test.txt')
                 rc_testdata.extract_search_index(
                     'vcs_search_index', os.path.dirname(config['search.location']))
             def create_test_directory(test_path):
                 """
                 Create test directory if it doesn't exist.
                 """
                 if not os.path.isdir(test_path):
                     log.debug('Creating testdir %s', test_path)
                     os.makedirs(test_path)
             def create_test_database(test_path, config):
                 """
                 Makes a fresh database.
                 """
                 from rhodecode.lib.db_manage import DbManage
                 from rhodecode.lib.utils2 import get_encryption_key
                 # PART ONE create db
                 dbconf = config['sqlalchemy.db1.url']
                 enc_key = get_encryption_key(config)
                 log.debug('making test db %s', dbconf)
                 dbmanage = DbManage(log_sql=False, dbconf=dbconf, root=config['here'],
                                     tests=True, cli_args={'force_ask': True}, enc_key=enc_key)
                 dbmanage.create_tables(override=True)
                 dbmanage.set_db_version()
                 # for tests dynamically set new root paths based on generated content
                 dbmanage.create_settings(dbmanage.config_prompt(test_path))
                 dbmanage.create_default_user()
                 dbmanage.create_test_admin_and_users()
                 dbmanage.create_permissions()
                 dbmanage.populate_default_permissions()
                 Session().commit()
             def create_test_repositories(test_path, config):
                 """
                 Creates test repositories in the temporary directory. Repositories are
                 extracted from archives within the rc_testdata package.
                 """
                 import rc_testdata
                 from rhodecode.tests import HG_REPO, GIT_REPO, SVN_REPO
                 log.debug('making test vcs repositories')
                 idx_path = config['search.location']
                 data_path = config['cache_dir']
                 # clean index and data
                 if idx_path and os.path.exists(idx_path):
                     log.debug('remove %s', idx_path)
                     shutil.rmtree(idx_path)
                 if data_path and os.path.exists(data_path):
                     log.debug('remove %s', data_path)
                     shutil.rmtree(data_path)
                 rc_testdata.extract_hg_dump('vcs_test_hg', jn(test_path, HG_REPO))
                 rc_testdata.extract_git_dump('vcs_test_git', jn(test_path, GIT_REPO))
                 # Note: Subversion is in the process of being integrated with the system,
                 # until we have a properly packed version of the test svn repository, this
                 # tries to copy over the repo from a package "rc_testdata"
                 svn_repo_path = rc_testdata.get_svn_repo_archive()
                 with tarfile.open(svn_repo_path) as tar:
                     tar.extractall(jn(test_path, SVN_REPO))
             def password_changed(auth_user, session):
                 # Never report password change in case of default user or anonymous user.
                 if auth_user.username == User.DEFAULT_USER or auth_user.user_id is None:
                     return False
                 password_hash = md5(safe_bytes(auth_user.password)) if auth_user.password else None
                 rhodecode_user = session.get('rhodecode_user', {})
                 session_password_hash = rhodecode_user.get('password', '')
                 return password_hash != session_password_hash
             def read_opensource_licenses():
                 global _license_cache
                 if not _license_cache:
                     licenses = pkg_resources.resource_string(
                         'rhodecode', 'config/licenses.json')
                     _license_cache = json.loads(licenses)
                 return _license_cache
             def generate_platform_uuid():
                 """
                 Generates platform UUID based on it's name
                 """
                 import platform
                 try:
                     uuid_list = [platform.platform()]
                     return sha256_safe(':'.join(uuid_list))
                 except Exception as e:
                     log.error('Failed to generate host uuid: %s', e)
                     return 'UNDEFINED'
             def send_test_email(recipients, email_body='TEST EMAIL'):
                 """
                 Simple code for generating test emails.
                 Usage::
                     from rhodecode.lib import utils
                     utils.send_test_email()
                 """
                 from rhodecode.lib.celerylib import tasks, run_task
                 email_body = email_body_plaintext = email_body
                 subject = f'SUBJECT FROM: {socket.gethostname()}'
                 tasks.send_email(recipients, subject, email_body_plaintext, email_body)

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages