##// END OF EJS Templates
auth: Fix renaming of 'auth_cahe_ttl' to 'cache_ttl' #4127
Martin Bornhold -
r503:82fa7f5f default
parent child Browse files
Show More
@@ -1,620 +1,620 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2010-2016 RhodeCode GmbH
3 # Copyright (C) 2010-2016 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 """
21 """
22 Authentication modules
22 Authentication modules
23 """
23 """
24
24
25 import colander
25 import colander
26 import logging
26 import logging
27 import time
27 import time
28 import traceback
28 import traceback
29 import warnings
29 import warnings
30
30
31 from pyramid.threadlocal import get_current_registry
31 from pyramid.threadlocal import get_current_registry
32 from sqlalchemy.ext.hybrid import hybrid_property
32 from sqlalchemy.ext.hybrid import hybrid_property
33
33
34 from rhodecode.authentication.interface import IAuthnPluginRegistry
34 from rhodecode.authentication.interface import IAuthnPluginRegistry
35 from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
35 from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
36 from rhodecode.lib import caches
36 from rhodecode.lib import caches
37 from rhodecode.lib.auth import PasswordGenerator, _RhodeCodeCryptoBCrypt
37 from rhodecode.lib.auth import PasswordGenerator, _RhodeCodeCryptoBCrypt
38 from rhodecode.lib.utils2 import md5_safe, safe_int
38 from rhodecode.lib.utils2 import md5_safe, safe_int
39 from rhodecode.lib.utils2 import safe_str
39 from rhodecode.lib.utils2 import safe_str
40 from rhodecode.model.db import User
40 from rhodecode.model.db import User
41 from rhodecode.model.meta import Session
41 from rhodecode.model.meta import Session
42 from rhodecode.model.settings import SettingsModel
42 from rhodecode.model.settings import SettingsModel
43 from rhodecode.model.user import UserModel
43 from rhodecode.model.user import UserModel
44 from rhodecode.model.user_group import UserGroupModel
44 from rhodecode.model.user_group import UserGroupModel
45
45
46
46
47 log = logging.getLogger(__name__)
47 log = logging.getLogger(__name__)
48
48
49 # auth types that authenticate() function can receive
49 # auth types that authenticate() function can receive
50 VCS_TYPE = 'vcs'
50 VCS_TYPE = 'vcs'
51 HTTP_TYPE = 'http'
51 HTTP_TYPE = 'http'
52
52
53
53
54 class LazyFormencode(object):
54 class LazyFormencode(object):
55 def __init__(self, formencode_obj, *args, **kwargs):
55 def __init__(self, formencode_obj, *args, **kwargs):
56 self.formencode_obj = formencode_obj
56 self.formencode_obj = formencode_obj
57 self.args = args
57 self.args = args
58 self.kwargs = kwargs
58 self.kwargs = kwargs
59
59
60 def __call__(self, *args, **kwargs):
60 def __call__(self, *args, **kwargs):
61 from inspect import isfunction
61 from inspect import isfunction
62 formencode_obj = self.formencode_obj
62 formencode_obj = self.formencode_obj
63 if isfunction(formencode_obj):
63 if isfunction(formencode_obj):
64 # case we wrap validators into functions
64 # case we wrap validators into functions
65 formencode_obj = self.formencode_obj(*args, **kwargs)
65 formencode_obj = self.formencode_obj(*args, **kwargs)
66 return formencode_obj(*self.args, **self.kwargs)
66 return formencode_obj(*self.args, **self.kwargs)
67
67
68
68
69 class RhodeCodeAuthPluginBase(object):
69 class RhodeCodeAuthPluginBase(object):
70 # cache the authentication request for N amount of seconds. Some kind
70 # cache the authentication request for N amount of seconds. Some kind
71 # of authentication methods are very heavy and it's very efficient to cache
71 # of authentication methods are very heavy and it's very efficient to cache
72 # the result of a call. If it's set to None (default) cache is off
72 # the result of a call. If it's set to None (default) cache is off
73 AUTH_CACHE_TTL = None
73 AUTH_CACHE_TTL = None
74 AUTH_CACHE = {}
74 AUTH_CACHE = {}
75
75
76 auth_func_attrs = {
76 auth_func_attrs = {
77 "username": "unique username",
77 "username": "unique username",
78 "firstname": "first name",
78 "firstname": "first name",
79 "lastname": "last name",
79 "lastname": "last name",
80 "email": "email address",
80 "email": "email address",
81 "groups": '["list", "of", "groups"]',
81 "groups": '["list", "of", "groups"]',
82 "extern_name": "name in external source of record",
82 "extern_name": "name in external source of record",
83 "extern_type": "type of external source of record",
83 "extern_type": "type of external source of record",
84 "admin": 'True|False defines if user should be RhodeCode super admin',
84 "admin": 'True|False defines if user should be RhodeCode super admin',
85 "active":
85 "active":
86 'True|False defines active state of user internally for RhodeCode',
86 'True|False defines active state of user internally for RhodeCode',
87 "active_from_extern":
87 "active_from_extern":
88 "True|False\None, active state from the external auth, "
88 "True|False\None, active state from the external auth, "
89 "None means use definition from RhodeCode extern_type active value"
89 "None means use definition from RhodeCode extern_type active value"
90 }
90 }
91 # set on authenticate() method and via set_auth_type func.
91 # set on authenticate() method and via set_auth_type func.
92 auth_type = None
92 auth_type = None
93
93
94 # List of setting names to store encrypted. Plugins may override this list
94 # List of setting names to store encrypted. Plugins may override this list
95 # to store settings encrypted.
95 # to store settings encrypted.
96 _settings_encrypted = []
96 _settings_encrypted = []
97
97
98 # Mapping of python to DB settings model types. Plugins may override or
98 # Mapping of python to DB settings model types. Plugins may override or
99 # extend this mapping.
99 # extend this mapping.
100 _settings_type_map = {
100 _settings_type_map = {
101 colander.String: 'unicode',
101 colander.String: 'unicode',
102 colander.Integer: 'int',
102 colander.Integer: 'int',
103 colander.Boolean: 'bool',
103 colander.Boolean: 'bool',
104 colander.List: 'list',
104 colander.List: 'list',
105 }
105 }
106
106
107 def __init__(self, plugin_id):
107 def __init__(self, plugin_id):
108 self._plugin_id = plugin_id
108 self._plugin_id = plugin_id
109
109
110 def __str__(self):
110 def __str__(self):
111 return self.get_id()
111 return self.get_id()
112
112
113 def _get_setting_full_name(self, name):
113 def _get_setting_full_name(self, name):
114 """
114 """
115 Return the full setting name used for storing values in the database.
115 Return the full setting name used for storing values in the database.
116 """
116 """
117 # TODO: johbo: Using the name here is problematic. It would be good to
117 # TODO: johbo: Using the name here is problematic. It would be good to
118 # introduce either new models in the database to hold Plugin and
118 # introduce either new models in the database to hold Plugin and
119 # PluginSetting or to use the plugin id here.
119 # PluginSetting or to use the plugin id here.
120 return 'auth_{}_{}'.format(self.name, name)
120 return 'auth_{}_{}'.format(self.name, name)
121
121
122 def _get_setting_type(self, name):
122 def _get_setting_type(self, name):
123 """
123 """
124 Return the type of a setting. This type is defined by the SettingsModel
124 Return the type of a setting. This type is defined by the SettingsModel
125 and determines how the setting is stored in DB. Optionally the suffix
125 and determines how the setting is stored in DB. Optionally the suffix
126 `.encrypted` is appended to instruct SettingsModel to store it
126 `.encrypted` is appended to instruct SettingsModel to store it
127 encrypted.
127 encrypted.
128 """
128 """
129 schema_node = self.get_settings_schema().get(name)
129 schema_node = self.get_settings_schema().get(name)
130 db_type = self._settings_type_map.get(
130 db_type = self._settings_type_map.get(
131 type(schema_node.typ), 'unicode')
131 type(schema_node.typ), 'unicode')
132 if name in self._settings_encrypted:
132 if name in self._settings_encrypted:
133 db_type = '{}.encrypted'.format(db_type)
133 db_type = '{}.encrypted'.format(db_type)
134 return db_type
134 return db_type
135
135
136 def is_enabled(self):
136 def is_enabled(self):
137 """
137 """
138 Returns true if this plugin is enabled. An enabled plugin can be
138 Returns true if this plugin is enabled. An enabled plugin can be
139 configured in the admin interface but it is not consulted during
139 configured in the admin interface but it is not consulted during
140 authentication.
140 authentication.
141 """
141 """
142 auth_plugins = SettingsModel().get_auth_plugins()
142 auth_plugins = SettingsModel().get_auth_plugins()
143 return self.get_id() in auth_plugins
143 return self.get_id() in auth_plugins
144
144
145 def is_active(self):
145 def is_active(self):
146 """
146 """
147 Returns true if the plugin is activated. An activated plugin is
147 Returns true if the plugin is activated. An activated plugin is
148 consulted during authentication, assumed it is also enabled.
148 consulted during authentication, assumed it is also enabled.
149 """
149 """
150 return self.get_setting_by_name('enabled')
150 return self.get_setting_by_name('enabled')
151
151
152 def get_id(self):
152 def get_id(self):
153 """
153 """
154 Returns the plugin id.
154 Returns the plugin id.
155 """
155 """
156 return self._plugin_id
156 return self._plugin_id
157
157
158 def get_display_name(self):
158 def get_display_name(self):
159 """
159 """
160 Returns a translation string for displaying purposes.
160 Returns a translation string for displaying purposes.
161 """
161 """
162 raise NotImplementedError('Not implemented in base class')
162 raise NotImplementedError('Not implemented in base class')
163
163
164 def get_settings_schema(self):
164 def get_settings_schema(self):
165 """
165 """
166 Returns a colander schema, representing the plugin settings.
166 Returns a colander schema, representing the plugin settings.
167 """
167 """
168 return AuthnPluginSettingsSchemaBase()
168 return AuthnPluginSettingsSchemaBase()
169
169
170 def get_setting_by_name(self, name, default=None):
170 def get_setting_by_name(self, name, default=None):
171 """
171 """
172 Returns a plugin setting by name.
172 Returns a plugin setting by name.
173 """
173 """
174 full_name = self._get_setting_full_name(name)
174 full_name = self._get_setting_full_name(name)
175 db_setting = SettingsModel().get_setting_by_name(full_name)
175 db_setting = SettingsModel().get_setting_by_name(full_name)
176 return db_setting.app_settings_value if db_setting else default
176 return db_setting.app_settings_value if db_setting else default
177
177
178 def create_or_update_setting(self, name, value):
178 def create_or_update_setting(self, name, value):
179 """
179 """
180 Create or update a setting for this plugin in the persistent storage.
180 Create or update a setting for this plugin in the persistent storage.
181 """
181 """
182 full_name = self._get_setting_full_name(name)
182 full_name = self._get_setting_full_name(name)
183 type_ = self._get_setting_type(name)
183 type_ = self._get_setting_type(name)
184 db_setting = SettingsModel().create_or_update_setting(
184 db_setting = SettingsModel().create_or_update_setting(
185 full_name, value, type_)
185 full_name, value, type_)
186 return db_setting.app_settings_value
186 return db_setting.app_settings_value
187
187
188 def get_settings(self):
188 def get_settings(self):
189 """
189 """
190 Returns the plugin settings as dictionary.
190 Returns the plugin settings as dictionary.
191 """
191 """
192 settings = {}
192 settings = {}
193 for node in self.get_settings_schema():
193 for node in self.get_settings_schema():
194 settings[node.name] = self.get_setting_by_name(node.name)
194 settings[node.name] = self.get_setting_by_name(node.name)
195 return settings
195 return settings
196
196
197 @property
197 @property
198 def validators(self):
198 def validators(self):
199 """
199 """
200 Exposes RhodeCode validators modules
200 Exposes RhodeCode validators modules
201 """
201 """
202 # this is a hack to overcome issues with pylons threadlocals and
202 # this is a hack to overcome issues with pylons threadlocals and
203 # translator object _() not beein registered properly.
203 # translator object _() not beein registered properly.
204 class LazyCaller(object):
204 class LazyCaller(object):
205 def __init__(self, name):
205 def __init__(self, name):
206 self.validator_name = name
206 self.validator_name = name
207
207
208 def __call__(self, *args, **kwargs):
208 def __call__(self, *args, **kwargs):
209 from rhodecode.model import validators as v
209 from rhodecode.model import validators as v
210 obj = getattr(v, self.validator_name)
210 obj = getattr(v, self.validator_name)
211 # log.debug('Initializing lazy formencode object: %s', obj)
211 # log.debug('Initializing lazy formencode object: %s', obj)
212 return LazyFormencode(obj, *args, **kwargs)
212 return LazyFormencode(obj, *args, **kwargs)
213
213
214 class ProxyGet(object):
214 class ProxyGet(object):
215 def __getattribute__(self, name):
215 def __getattribute__(self, name):
216 return LazyCaller(name)
216 return LazyCaller(name)
217
217
218 return ProxyGet()
218 return ProxyGet()
219
219
220 @hybrid_property
220 @hybrid_property
221 def name(self):
221 def name(self):
222 """
222 """
223 Returns the name of this authentication plugin.
223 Returns the name of this authentication plugin.
224
224
225 :returns: string
225 :returns: string
226 """
226 """
227 raise NotImplementedError("Not implemented in base class")
227 raise NotImplementedError("Not implemented in base class")
228
228
229 @property
229 @property
230 def is_headers_auth(self):
230 def is_headers_auth(self):
231 """
231 """
232 Returns True if this authentication plugin uses HTTP headers as
232 Returns True if this authentication plugin uses HTTP headers as
233 authentication method.
233 authentication method.
234 """
234 """
235 return False
235 return False
236
236
237 @hybrid_property
237 @hybrid_property
238 def is_container_auth(self):
238 def is_container_auth(self):
239 """
239 """
240 Deprecated method that indicates if this authentication plugin uses
240 Deprecated method that indicates if this authentication plugin uses
241 HTTP headers as authentication method.
241 HTTP headers as authentication method.
242 """
242 """
243 warnings.warn(
243 warnings.warn(
244 'Use is_headers_auth instead.', category=DeprecationWarning)
244 'Use is_headers_auth instead.', category=DeprecationWarning)
245 return self.is_headers_auth
245 return self.is_headers_auth
246
246
247 @hybrid_property
247 @hybrid_property
248 def allows_creating_users(self):
248 def allows_creating_users(self):
249 """
249 """
250 Defines if Plugin allows users to be created on-the-fly when
250 Defines if Plugin allows users to be created on-the-fly when
251 authentication is called. Controls how external plugins should behave
251 authentication is called. Controls how external plugins should behave
252 in terms if they are allowed to create new users, or not. Base plugins
252 in terms if they are allowed to create new users, or not. Base plugins
253 should not be allowed to, but External ones should be !
253 should not be allowed to, but External ones should be !
254
254
255 :return: bool
255 :return: bool
256 """
256 """
257 return False
257 return False
258
258
259 def set_auth_type(self, auth_type):
259 def set_auth_type(self, auth_type):
260 self.auth_type = auth_type
260 self.auth_type = auth_type
261
261
262 def allows_authentication_from(
262 def allows_authentication_from(
263 self, user, allows_non_existing_user=True,
263 self, user, allows_non_existing_user=True,
264 allowed_auth_plugins=None, allowed_auth_sources=None):
264 allowed_auth_plugins=None, allowed_auth_sources=None):
265 """
265 """
266 Checks if this authentication module should accept a request for
266 Checks if this authentication module should accept a request for
267 the current user.
267 the current user.
268
268
269 :param user: user object fetched using plugin's get_user() method.
269 :param user: user object fetched using plugin's get_user() method.
270 :param allows_non_existing_user: if True, don't allow the
270 :param allows_non_existing_user: if True, don't allow the
271 user to be empty, meaning not existing in our database
271 user to be empty, meaning not existing in our database
272 :param allowed_auth_plugins: if provided, users extern_type will be
272 :param allowed_auth_plugins: if provided, users extern_type will be
273 checked against a list of provided extern types, which are plugin
273 checked against a list of provided extern types, which are plugin
274 auth_names in the end
274 auth_names in the end
275 :param allowed_auth_sources: authentication type allowed,
275 :param allowed_auth_sources: authentication type allowed,
276 `http` or `vcs` default is both.
276 `http` or `vcs` default is both.
277 defines if plugin will accept only http authentication vcs
277 defines if plugin will accept only http authentication vcs
278 authentication(git/hg) or both
278 authentication(git/hg) or both
279 :returns: boolean
279 :returns: boolean
280 """
280 """
281 if not user and not allows_non_existing_user:
281 if not user and not allows_non_existing_user:
282 log.debug('User is empty but plugin does not allow empty users,'
282 log.debug('User is empty but plugin does not allow empty users,'
283 'not allowed to authenticate')
283 'not allowed to authenticate')
284 return False
284 return False
285
285
286 expected_auth_plugins = allowed_auth_plugins or [self.name]
286 expected_auth_plugins = allowed_auth_plugins or [self.name]
287 if user and (user.extern_type and
287 if user and (user.extern_type and
288 user.extern_type not in expected_auth_plugins):
288 user.extern_type not in expected_auth_plugins):
289 log.debug(
289 log.debug(
290 'User `%s` is bound to `%s` auth type. Plugin allows only '
290 'User `%s` is bound to `%s` auth type. Plugin allows only '
291 '%s, skipping', user, user.extern_type, expected_auth_plugins)
291 '%s, skipping', user, user.extern_type, expected_auth_plugins)
292
292
293 return False
293 return False
294
294
295 # by default accept both
295 # by default accept both
296 expected_auth_from = allowed_auth_sources or [HTTP_TYPE, VCS_TYPE]
296 expected_auth_from = allowed_auth_sources or [HTTP_TYPE, VCS_TYPE]
297 if self.auth_type not in expected_auth_from:
297 if self.auth_type not in expected_auth_from:
298 log.debug('Current auth source is %s but plugin only allows %s',
298 log.debug('Current auth source is %s but plugin only allows %s',
299 self.auth_type, expected_auth_from)
299 self.auth_type, expected_auth_from)
300 return False
300 return False
301
301
302 return True
302 return True
303
303
304 def get_user(self, username=None, **kwargs):
304 def get_user(self, username=None, **kwargs):
305 """
305 """
306 Helper method for user fetching in plugins, by default it's using
306 Helper method for user fetching in plugins, by default it's using
307 simple fetch by username, but this method can be custimized in plugins
307 simple fetch by username, but this method can be custimized in plugins
308 eg. headers auth plugin to fetch user by environ params
308 eg. headers auth plugin to fetch user by environ params
309
309
310 :param username: username if given to fetch from database
310 :param username: username if given to fetch from database
311 :param kwargs: extra arguments needed for user fetching.
311 :param kwargs: extra arguments needed for user fetching.
312 """
312 """
313 user = None
313 user = None
314 log.debug(
314 log.debug(
315 'Trying to fetch user `%s` from RhodeCode database', username)
315 'Trying to fetch user `%s` from RhodeCode database', username)
316 if username:
316 if username:
317 user = User.get_by_username(username)
317 user = User.get_by_username(username)
318 if not user:
318 if not user:
319 log.debug('User not found, fallback to fetch user in '
319 log.debug('User not found, fallback to fetch user in '
320 'case insensitive mode')
320 'case insensitive mode')
321 user = User.get_by_username(username, case_insensitive=True)
321 user = User.get_by_username(username, case_insensitive=True)
322 else:
322 else:
323 log.debug('provided username:`%s` is empty skipping...', username)
323 log.debug('provided username:`%s` is empty skipping...', username)
324 if not user:
324 if not user:
325 log.debug('User `%s` not found in database', username)
325 log.debug('User `%s` not found in database', username)
326 return user
326 return user
327
327
328 def user_activation_state(self):
328 def user_activation_state(self):
329 """
329 """
330 Defines user activation state when creating new users
330 Defines user activation state when creating new users
331
331
332 :returns: boolean
332 :returns: boolean
333 """
333 """
334 raise NotImplementedError("Not implemented in base class")
334 raise NotImplementedError("Not implemented in base class")
335
335
336 def auth(self, userobj, username, passwd, settings, **kwargs):
336 def auth(self, userobj, username, passwd, settings, **kwargs):
337 """
337 """
338 Given a user object (which may be null), username, a plaintext
338 Given a user object (which may be null), username, a plaintext
339 password, and a settings object (containing all the keys needed as
339 password, and a settings object (containing all the keys needed as
340 listed in settings()), authenticate this user's login attempt.
340 listed in settings()), authenticate this user's login attempt.
341
341
342 Return None on failure. On success, return a dictionary of the form:
342 Return None on failure. On success, return a dictionary of the form:
343
343
344 see: RhodeCodeAuthPluginBase.auth_func_attrs
344 see: RhodeCodeAuthPluginBase.auth_func_attrs
345 This is later validated for correctness
345 This is later validated for correctness
346 """
346 """
347 raise NotImplementedError("not implemented in base class")
347 raise NotImplementedError("not implemented in base class")
348
348
349 def _authenticate(self, userobj, username, passwd, settings, **kwargs):
349 def _authenticate(self, userobj, username, passwd, settings, **kwargs):
350 """
350 """
351 Wrapper to call self.auth() that validates call on it
351 Wrapper to call self.auth() that validates call on it
352
352
353 :param userobj: userobj
353 :param userobj: userobj
354 :param username: username
354 :param username: username
355 :param passwd: plaintext password
355 :param passwd: plaintext password
356 :param settings: plugin settings
356 :param settings: plugin settings
357 """
357 """
358 auth = self.auth(userobj, username, passwd, settings, **kwargs)
358 auth = self.auth(userobj, username, passwd, settings, **kwargs)
359 if auth:
359 if auth:
360 # check if hash should be migrated ?
360 # check if hash should be migrated ?
361 new_hash = auth.get('_hash_migrate')
361 new_hash = auth.get('_hash_migrate')
362 if new_hash:
362 if new_hash:
363 self._migrate_hash_to_bcrypt(username, passwd, new_hash)
363 self._migrate_hash_to_bcrypt(username, passwd, new_hash)
364 return self._validate_auth_return(auth)
364 return self._validate_auth_return(auth)
365 return auth
365 return auth
366
366
367 def _migrate_hash_to_bcrypt(self, username, password, new_hash):
367 def _migrate_hash_to_bcrypt(self, username, password, new_hash):
368 new_hash_cypher = _RhodeCodeCryptoBCrypt()
368 new_hash_cypher = _RhodeCodeCryptoBCrypt()
369 # extra checks, so make sure new hash is correct.
369 # extra checks, so make sure new hash is correct.
370 password_encoded = safe_str(password)
370 password_encoded = safe_str(password)
371 if new_hash and new_hash_cypher.hash_check(
371 if new_hash and new_hash_cypher.hash_check(
372 password_encoded, new_hash):
372 password_encoded, new_hash):
373 cur_user = User.get_by_username(username)
373 cur_user = User.get_by_username(username)
374 cur_user.password = new_hash
374 cur_user.password = new_hash
375 Session().add(cur_user)
375 Session().add(cur_user)
376 Session().flush()
376 Session().flush()
377 log.info('Migrated user %s hash to bcrypt', cur_user)
377 log.info('Migrated user %s hash to bcrypt', cur_user)
378
378
379 def _validate_auth_return(self, ret):
379 def _validate_auth_return(self, ret):
380 if not isinstance(ret, dict):
380 if not isinstance(ret, dict):
381 raise Exception('returned value from auth must be a dict')
381 raise Exception('returned value from auth must be a dict')
382 for k in self.auth_func_attrs:
382 for k in self.auth_func_attrs:
383 if k not in ret:
383 if k not in ret:
384 raise Exception('Missing %s attribute from returned data' % k)
384 raise Exception('Missing %s attribute from returned data' % k)
385 return ret
385 return ret
386
386
387
387
388 class RhodeCodeExternalAuthPlugin(RhodeCodeAuthPluginBase):
388 class RhodeCodeExternalAuthPlugin(RhodeCodeAuthPluginBase):
389
389
390 @hybrid_property
390 @hybrid_property
391 def allows_creating_users(self):
391 def allows_creating_users(self):
392 return True
392 return True
393
393
394 def use_fake_password(self):
394 def use_fake_password(self):
395 """
395 """
396 Return a boolean that indicates whether or not we should set the user's
396 Return a boolean that indicates whether or not we should set the user's
397 password to a random value when it is authenticated by this plugin.
397 password to a random value when it is authenticated by this plugin.
398 If your plugin provides authentication, then you will generally
398 If your plugin provides authentication, then you will generally
399 want this.
399 want this.
400
400
401 :returns: boolean
401 :returns: boolean
402 """
402 """
403 raise NotImplementedError("Not implemented in base class")
403 raise NotImplementedError("Not implemented in base class")
404
404
405 def _authenticate(self, userobj, username, passwd, settings, **kwargs):
405 def _authenticate(self, userobj, username, passwd, settings, **kwargs):
406 # at this point _authenticate calls plugin's `auth()` function
406 # at this point _authenticate calls plugin's `auth()` function
407 auth = super(RhodeCodeExternalAuthPlugin, self)._authenticate(
407 auth = super(RhodeCodeExternalAuthPlugin, self)._authenticate(
408 userobj, username, passwd, settings, **kwargs)
408 userobj, username, passwd, settings, **kwargs)
409 if auth:
409 if auth:
410 # maybe plugin will clean the username ?
410 # maybe plugin will clean the username ?
411 # we should use the return value
411 # we should use the return value
412 username = auth['username']
412 username = auth['username']
413
413
414 # if external source tells us that user is not active, we should
414 # if external source tells us that user is not active, we should
415 # skip rest of the process. This can prevent from creating users in
415 # skip rest of the process. This can prevent from creating users in
416 # RhodeCode when using external authentication, but if it's
416 # RhodeCode when using external authentication, but if it's
417 # inactive user we shouldn't create that user anyway
417 # inactive user we shouldn't create that user anyway
418 if auth['active_from_extern'] is False:
418 if auth['active_from_extern'] is False:
419 log.warning(
419 log.warning(
420 "User %s authenticated against %s, but is inactive",
420 "User %s authenticated against %s, but is inactive",
421 username, self.__module__)
421 username, self.__module__)
422 return None
422 return None
423
423
424 cur_user = User.get_by_username(username, case_insensitive=True)
424 cur_user = User.get_by_username(username, case_insensitive=True)
425 is_user_existing = cur_user is not None
425 is_user_existing = cur_user is not None
426
426
427 if is_user_existing:
427 if is_user_existing:
428 log.debug('Syncing user `%s` from '
428 log.debug('Syncing user `%s` from '
429 '`%s` plugin', username, self.name)
429 '`%s` plugin', username, self.name)
430 else:
430 else:
431 log.debug('Creating non existing user `%s` from '
431 log.debug('Creating non existing user `%s` from '
432 '`%s` plugin', username, self.name)
432 '`%s` plugin', username, self.name)
433
433
434 if self.allows_creating_users:
434 if self.allows_creating_users:
435 log.debug('Plugin `%s` allows to '
435 log.debug('Plugin `%s` allows to '
436 'create new users', self.name)
436 'create new users', self.name)
437 else:
437 else:
438 log.debug('Plugin `%s` does not allow to '
438 log.debug('Plugin `%s` does not allow to '
439 'create new users', self.name)
439 'create new users', self.name)
440
440
441 user_parameters = {
441 user_parameters = {
442 'username': username,
442 'username': username,
443 'email': auth["email"],
443 'email': auth["email"],
444 'firstname': auth["firstname"],
444 'firstname': auth["firstname"],
445 'lastname': auth["lastname"],
445 'lastname': auth["lastname"],
446 'active': auth["active"],
446 'active': auth["active"],
447 'admin': auth["admin"],
447 'admin': auth["admin"],
448 'extern_name': auth["extern_name"],
448 'extern_name': auth["extern_name"],
449 'extern_type': self.name,
449 'extern_type': self.name,
450 'plugin': self,
450 'plugin': self,
451 'allow_to_create_user': self.allows_creating_users,
451 'allow_to_create_user': self.allows_creating_users,
452 }
452 }
453
453
454 if not is_user_existing:
454 if not is_user_existing:
455 if self.use_fake_password():
455 if self.use_fake_password():
456 # Randomize the PW because we don't need it, but don't want
456 # Randomize the PW because we don't need it, but don't want
457 # them blank either
457 # them blank either
458 passwd = PasswordGenerator().gen_password(length=16)
458 passwd = PasswordGenerator().gen_password(length=16)
459 user_parameters['password'] = passwd
459 user_parameters['password'] = passwd
460 else:
460 else:
461 # Since the password is required by create_or_update method of
461 # Since the password is required by create_or_update method of
462 # UserModel, we need to set it explicitly.
462 # UserModel, we need to set it explicitly.
463 # The create_or_update method is smart and recognises the
463 # The create_or_update method is smart and recognises the
464 # password hashes as well.
464 # password hashes as well.
465 user_parameters['password'] = cur_user.password
465 user_parameters['password'] = cur_user.password
466
466
467 # we either create or update users, we also pass the flag
467 # we either create or update users, we also pass the flag
468 # that controls if this method can actually do that.
468 # that controls if this method can actually do that.
469 # raises NotAllowedToCreateUserError if it cannot, and we try to.
469 # raises NotAllowedToCreateUserError if it cannot, and we try to.
470 user = UserModel().create_or_update(**user_parameters)
470 user = UserModel().create_or_update(**user_parameters)
471 Session().flush()
471 Session().flush()
472 # enforce user is just in given groups, all of them has to be ones
472 # enforce user is just in given groups, all of them has to be ones
473 # created from plugins. We store this info in _group_data JSON
473 # created from plugins. We store this info in _group_data JSON
474 # field
474 # field
475 try:
475 try:
476 groups = auth['groups'] or []
476 groups = auth['groups'] or []
477 UserGroupModel().enforce_groups(user, groups, self.name)
477 UserGroupModel().enforce_groups(user, groups, self.name)
478 except Exception:
478 except Exception:
479 # for any reason group syncing fails, we should
479 # for any reason group syncing fails, we should
480 # proceed with login
480 # proceed with login
481 log.error(traceback.format_exc())
481 log.error(traceback.format_exc())
482 Session().commit()
482 Session().commit()
483 return auth
483 return auth
484
484
485
485
486 def loadplugin(plugin_id):
486 def loadplugin(plugin_id):
487 """
487 """
488 Loads and returns an instantiated authentication plugin.
488 Loads and returns an instantiated authentication plugin.
489 Returns the RhodeCodeAuthPluginBase subclass on success,
489 Returns the RhodeCodeAuthPluginBase subclass on success,
490 or None on failure.
490 or None on failure.
491 """
491 """
492 # TODO: Disusing pyramids thread locals to retrieve the registry.
492 # TODO: Disusing pyramids thread locals to retrieve the registry.
493 authn_registry = get_authn_registry()
493 authn_registry = get_authn_registry()
494 plugin = authn_registry.get_plugin(plugin_id)
494 plugin = authn_registry.get_plugin(plugin_id)
495 if plugin is None:
495 if plugin is None:
496 log.error('Authentication plugin not found: "%s"', plugin_id)
496 log.error('Authentication plugin not found: "%s"', plugin_id)
497 return plugin
497 return plugin
498
498
499
499
500 def get_authn_registry(registry=None):
500 def get_authn_registry(registry=None):
501 registry = registry or get_current_registry()
501 registry = registry or get_current_registry()
502 authn_registry = registry.getUtility(IAuthnPluginRegistry)
502 authn_registry = registry.getUtility(IAuthnPluginRegistry)
503 return authn_registry
503 return authn_registry
504
504
505
505
506 def get_auth_cache_manager(custom_ttl=None):
506 def get_auth_cache_manager(custom_ttl=None):
507 return caches.get_cache_manager(
507 return caches.get_cache_manager(
508 'auth_plugins', 'rhodecode.authentication', custom_ttl)
508 'auth_plugins', 'rhodecode.authentication', custom_ttl)
509
509
510
510
511 def authenticate(username, password, environ=None, auth_type=None,
511 def authenticate(username, password, environ=None, auth_type=None,
512 skip_missing=False):
512 skip_missing=False):
513 """
513 """
514 Authentication function used for access control,
514 Authentication function used for access control,
515 It tries to authenticate based on enabled authentication modules.
515 It tries to authenticate based on enabled authentication modules.
516
516
517 :param username: username can be empty for headers auth
517 :param username: username can be empty for headers auth
518 :param password: password can be empty for headers auth
518 :param password: password can be empty for headers auth
519 :param environ: environ headers passed for headers auth
519 :param environ: environ headers passed for headers auth
520 :param auth_type: type of authentication, either `HTTP_TYPE` or `VCS_TYPE`
520 :param auth_type: type of authentication, either `HTTP_TYPE` or `VCS_TYPE`
521 :param skip_missing: ignores plugins that are in db but not in environment
521 :param skip_missing: ignores plugins that are in db but not in environment
522 :returns: None if auth failed, plugin_user dict if auth is correct
522 :returns: None if auth failed, plugin_user dict if auth is correct
523 """
523 """
524 if not auth_type or auth_type not in [HTTP_TYPE, VCS_TYPE]:
524 if not auth_type or auth_type not in [HTTP_TYPE, VCS_TYPE]:
525 raise ValueError('auth type must be on of http, vcs got "%s" instead'
525 raise ValueError('auth type must be on of http, vcs got "%s" instead'
526 % auth_type)
526 % auth_type)
527 headers_only = environ and not (username and password)
527 headers_only = environ and not (username and password)
528
528
529 authn_registry = get_authn_registry()
529 authn_registry = get_authn_registry()
530 for plugin in authn_registry.get_plugins_for_authentication():
530 for plugin in authn_registry.get_plugins_for_authentication():
531 plugin.set_auth_type(auth_type)
531 plugin.set_auth_type(auth_type)
532 user = plugin.get_user(username)
532 user = plugin.get_user(username)
533 display_user = user.username if user else username
533 display_user = user.username if user else username
534
534
535 if headers_only and not plugin.is_headers_auth:
535 if headers_only and not plugin.is_headers_auth:
536 log.debug('Auth type is for headers only and plugin `%s` is not '
536 log.debug('Auth type is for headers only and plugin `%s` is not '
537 'headers plugin, skipping...', plugin.get_id())
537 'headers plugin, skipping...', plugin.get_id())
538 continue
538 continue
539
539
540 # load plugin settings from RhodeCode database
540 # load plugin settings from RhodeCode database
541 plugin_settings = plugin.get_settings()
541 plugin_settings = plugin.get_settings()
542 log.debug('Plugin settings:%s', plugin_settings)
542 log.debug('Plugin settings:%s', plugin_settings)
543
543
544 log.debug('Trying authentication using ** %s **', plugin.get_id())
544 log.debug('Trying authentication using ** %s **', plugin.get_id())
545 # use plugin's method of user extraction.
545 # use plugin's method of user extraction.
546 user = plugin.get_user(username, environ=environ,
546 user = plugin.get_user(username, environ=environ,
547 settings=plugin_settings)
547 settings=plugin_settings)
548 display_user = user.username if user else username
548 display_user = user.username if user else username
549 log.debug(
549 log.debug(
550 'Plugin %s extracted user is `%s`', plugin.get_id(), display_user)
550 'Plugin %s extracted user is `%s`', plugin.get_id(), display_user)
551
551
552 if not plugin.allows_authentication_from(user):
552 if not plugin.allows_authentication_from(user):
553 log.debug('Plugin %s does not accept user `%s` for authentication',
553 log.debug('Plugin %s does not accept user `%s` for authentication',
554 plugin.get_id(), display_user)
554 plugin.get_id(), display_user)
555 continue
555 continue
556 else:
556 else:
557 log.debug('Plugin %s accepted user `%s` for authentication',
557 log.debug('Plugin %s accepted user `%s` for authentication',
558 plugin.get_id(), display_user)
558 plugin.get_id(), display_user)
559
559
560 log.info('Authenticating user `%s` using %s plugin',
560 log.info('Authenticating user `%s` using %s plugin',
561 display_user, plugin.get_id())
561 display_user, plugin.get_id())
562
562
563 _cache_ttl = 0
563 _cache_ttl = 0
564
564
565 if isinstance(plugin.AUTH_CACHE_TTL, (int, long)):
565 if isinstance(plugin.AUTH_CACHE_TTL, (int, long)):
566 # plugin cache set inside is more important than the settings value
566 # plugin cache set inside is more important than the settings value
567 _cache_ttl = plugin.AUTH_CACHE_TTL
567 _cache_ttl = plugin.AUTH_CACHE_TTL
568 elif plugin_settings.get('auth_cache_ttl'):
568 elif plugin_settings.get('cache_ttl'):
569 _cache_ttl = safe_int(plugin_settings.get('auth_cache_ttl'), 0)
569 _cache_ttl = safe_int(plugin_settings.get('cache_ttl'), 0)
570
570
571 plugin_cache_active = bool(_cache_ttl and _cache_ttl > 0)
571 plugin_cache_active = bool(_cache_ttl and _cache_ttl > 0)
572
572
573 # get instance of cache manager configured for a namespace
573 # get instance of cache manager configured for a namespace
574 cache_manager = get_auth_cache_manager(custom_ttl=_cache_ttl)
574 cache_manager = get_auth_cache_manager(custom_ttl=_cache_ttl)
575
575
576 log.debug('AUTH_CACHE_TTL for plugin `%s` active: %s (TTL: %s)',
576 log.debug('AUTH_CACHE_TTL for plugin `%s` active: %s (TTL: %s)',
577 plugin.get_id(), plugin_cache_active, _cache_ttl)
577 plugin.get_id(), plugin_cache_active, _cache_ttl)
578
578
579 # for environ based password can be empty, but then the validation is
579 # for environ based password can be empty, but then the validation is
580 # on the server that fills in the env data needed for authentication
580 # on the server that fills in the env data needed for authentication
581 _password_hash = md5_safe(plugin.name + username + (password or ''))
581 _password_hash = md5_safe(plugin.name + username + (password or ''))
582
582
583 # _authenticate is a wrapper for .auth() method of plugin.
583 # _authenticate is a wrapper for .auth() method of plugin.
584 # it checks if .auth() sends proper data.
584 # it checks if .auth() sends proper data.
585 # For RhodeCodeExternalAuthPlugin it also maps users to
585 # For RhodeCodeExternalAuthPlugin it also maps users to
586 # Database and maps the attributes returned from .auth()
586 # Database and maps the attributes returned from .auth()
587 # to RhodeCode database. If this function returns data
587 # to RhodeCode database. If this function returns data
588 # then auth is correct.
588 # then auth is correct.
589 start = time.time()
589 start = time.time()
590 log.debug('Running plugin `%s` _authenticate method', plugin.get_id())
590 log.debug('Running plugin `%s` _authenticate method', plugin.get_id())
591
591
592 def auth_func():
592 def auth_func():
593 """
593 """
594 This function is used internally in Cache of Beaker to calculate
594 This function is used internally in Cache of Beaker to calculate
595 Results
595 Results
596 """
596 """
597 return plugin._authenticate(
597 return plugin._authenticate(
598 user, username, password, plugin_settings,
598 user, username, password, plugin_settings,
599 environ=environ or {})
599 environ=environ or {})
600
600
601 if plugin_cache_active:
601 if plugin_cache_active:
602 plugin_user = cache_manager.get(
602 plugin_user = cache_manager.get(
603 _password_hash, createfunc=auth_func)
603 _password_hash, createfunc=auth_func)
604 else:
604 else:
605 plugin_user = auth_func()
605 plugin_user = auth_func()
606
606
607 auth_time = time.time() - start
607 auth_time = time.time() - start
608 log.debug('Authentication for plugin `%s` completed in %.3fs, '
608 log.debug('Authentication for plugin `%s` completed in %.3fs, '
609 'expiration time of fetched cache %.1fs.',
609 'expiration time of fetched cache %.1fs.',
610 plugin.get_id(), auth_time, _cache_ttl)
610 plugin.get_id(), auth_time, _cache_ttl)
611
611
612 log.debug('PLUGIN USER DATA: %s', plugin_user)
612 log.debug('PLUGIN USER DATA: %s', plugin_user)
613
613
614 if plugin_user:
614 if plugin_user:
615 log.debug('Plugin returned proper authentication data')
615 log.debug('Plugin returned proper authentication data')
616 return plugin_user
616 return plugin_user
617 # we failed to Auth because .auth() method didn't return proper user
617 # we failed to Auth because .auth() method didn't return proper user
618 log.debug("User `%s` failed to authenticate against %s",
618 log.debug("User `%s` failed to authenticate against %s",
619 display_user, plugin.get_id())
619 display_user, plugin.get_id())
620 return None
620 return None
@@ -1,201 +1,201 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2010-2016 RhodeCode GmbH
3 # Copyright (C) 2010-2016 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 import pytest
21 import pytest
22
22
23 from rhodecode.tests import assert_session_flash
23 from rhodecode.tests import assert_session_flash
24 from rhodecode.tests.utils import AssertResponse
24 from rhodecode.tests.utils import AssertResponse
25 from rhodecode.model.db import Session
25 from rhodecode.model.db import Session
26 from rhodecode.model.settings import SettingsModel
26 from rhodecode.model.settings import SettingsModel
27
27
28
28
29 def assert_auth_settings_updated(response):
29 def assert_auth_settings_updated(response):
30 assert response.status_int == 302, 'Expected response HTTP Found 302'
30 assert response.status_int == 302, 'Expected response HTTP Found 302'
31 assert_session_flash(response, 'Auth settings updated successfully')
31 assert_session_flash(response, 'Auth settings updated successfully')
32
32
33
33
34 @pytest.mark.usefixtures("autologin_user", "app")
34 @pytest.mark.usefixtures("autologin_user", "app")
35 class TestAuthSettingsController(object):
35 class TestAuthSettingsController(object):
36
36
37 def _enable_plugins(self, plugins_list, csrf_token, override=None,
37 def _enable_plugins(self, plugins_list, csrf_token, override=None,
38 verify_response=False):
38 verify_response=False):
39 test_url = '/_admin/auth'
39 test_url = '/_admin/auth'
40 params = {
40 params = {
41 'auth_plugins': plugins_list,
41 'auth_plugins': plugins_list,
42 'csrf_token': csrf_token,
42 'csrf_token': csrf_token,
43 }
43 }
44 if override:
44 if override:
45 params.update(override)
45 params.update(override)
46 _enabled_plugins = []
46 _enabled_plugins = []
47 for plugin in plugins_list.split(','):
47 for plugin in plugins_list.split(','):
48 plugin_name = plugin.partition('#')[-1]
48 plugin_name = plugin.partition('#')[-1]
49 enabled_plugin = '%s_enabled' % plugin_name
49 enabled_plugin = '%s_enabled' % plugin_name
50 cache_ttl = '%s_auth_cache_ttl' % plugin_name
50 cache_ttl = '%s_cache_ttl' % plugin_name
51
51
52 # default params that are needed for each plugin,
52 # default params that are needed for each plugin,
53 # `enabled` and `auth_cache_ttl`
53 # `enabled` and `cache_ttl`
54 params.update({
54 params.update({
55 enabled_plugin: True,
55 enabled_plugin: True,
56 cache_ttl: 0
56 cache_ttl: 0
57 })
57 })
58 _enabled_plugins.append(enabled_plugin)
58 _enabled_plugins.append(enabled_plugin)
59
59
60 # we need to clean any enabled plugin before, since they require
60 # we need to clean any enabled plugin before, since they require
61 # form params to be present
61 # form params to be present
62 db_plugin = SettingsModel().get_setting_by_name('auth_plugins')
62 db_plugin = SettingsModel().get_setting_by_name('auth_plugins')
63 db_plugin.app_settings_value = \
63 db_plugin.app_settings_value = \
64 'egg:rhodecode-enterprise-ce#rhodecode'
64 'egg:rhodecode-enterprise-ce#rhodecode'
65 Session().add(db_plugin)
65 Session().add(db_plugin)
66 Session().commit()
66 Session().commit()
67 for _plugin in _enabled_plugins:
67 for _plugin in _enabled_plugins:
68 db_plugin = SettingsModel().get_setting_by_name(_plugin)
68 db_plugin = SettingsModel().get_setting_by_name(_plugin)
69 if db_plugin:
69 if db_plugin:
70 Session.delete(db_plugin)
70 Session.delete(db_plugin)
71 Session().commit()
71 Session().commit()
72
72
73 response = self.app.post(url=test_url, params=params)
73 response = self.app.post(url=test_url, params=params)
74
74
75 if verify_response:
75 if verify_response:
76 assert_auth_settings_updated(response)
76 assert_auth_settings_updated(response)
77 return params
77 return params
78
78
79 def _post_ldap_settings(self, params, override=None, force=False):
79 def _post_ldap_settings(self, params, override=None, force=False):
80
80
81 params.update({
81 params.update({
82 'filter': 'user',
82 'filter': 'user',
83 'user_member_of': '',
83 'user_member_of': '',
84 'user_search_base': '',
84 'user_search_base': '',
85 'user_search_filter': 'test_filter',
85 'user_search_filter': 'test_filter',
86
86
87 'host': 'dc.example.com',
87 'host': 'dc.example.com',
88 'port': '999',
88 'port': '999',
89 'tls_kind': 'PLAIN',
89 'tls_kind': 'PLAIN',
90 'tls_reqcert': 'NEVER',
90 'tls_reqcert': 'NEVER',
91
91
92 'dn_user': 'test_user',
92 'dn_user': 'test_user',
93 'dn_pass': 'test_pass',
93 'dn_pass': 'test_pass',
94 'base_dn': 'test_base_dn',
94 'base_dn': 'test_base_dn',
95 'search_scope': 'BASE',
95 'search_scope': 'BASE',
96 'attr_login': 'test_attr_login',
96 'attr_login': 'test_attr_login',
97 'attr_firstname': 'ima',
97 'attr_firstname': 'ima',
98 'attr_lastname': 'tester',
98 'attr_lastname': 'tester',
99 'attr_email': 'test@example.com',
99 'attr_email': 'test@example.com',
100 'auth_cache_ttl': '0',
100 'cache_ttl': '0',
101 })
101 })
102 if force:
102 if force:
103 params = {}
103 params = {}
104 params.update(override or {})
104 params.update(override or {})
105
105
106 test_url = '/_admin/auth/ldap/'
106 test_url = '/_admin/auth/ldap/'
107
107
108 response = self.app.post(url=test_url, params=params)
108 response = self.app.post(url=test_url, params=params)
109 return response
109 return response
110
110
111 def test_index(self):
111 def test_index(self):
112 response = self.app.get('/_admin/auth')
112 response = self.app.get('/_admin/auth')
113 response.mustcontain('Authentication Plugins')
113 response.mustcontain('Authentication Plugins')
114
114
115 @pytest.mark.parametrize("disable_plugin, needs_import", [
115 @pytest.mark.parametrize("disable_plugin, needs_import", [
116 ('egg:rhodecode-enterprise-ce#headers', None),
116 ('egg:rhodecode-enterprise-ce#headers', None),
117 ('egg:rhodecode-enterprise-ce#crowd', None),
117 ('egg:rhodecode-enterprise-ce#crowd', None),
118 ('egg:rhodecode-enterprise-ce#jasig_cas', None),
118 ('egg:rhodecode-enterprise-ce#jasig_cas', None),
119 ('egg:rhodecode-enterprise-ce#ldap', None),
119 ('egg:rhodecode-enterprise-ce#ldap', None),
120 ('egg:rhodecode-enterprise-ce#pam', "pam"),
120 ('egg:rhodecode-enterprise-ce#pam', "pam"),
121 ])
121 ])
122 def test_disable_plugin(self, csrf_token, disable_plugin, needs_import):
122 def test_disable_plugin(self, csrf_token, disable_plugin, needs_import):
123 # TODO: johbo: "pam" is currently not available on darwin,
123 # TODO: johbo: "pam" is currently not available on darwin,
124 # although the docs state that it should work on darwin.
124 # although the docs state that it should work on darwin.
125 if needs_import:
125 if needs_import:
126 pytest.importorskip(needs_import)
126 pytest.importorskip(needs_import)
127
127
128 self._enable_plugins(
128 self._enable_plugins(
129 'egg:rhodecode-enterprise-ce#rhodecode,' + disable_plugin,
129 'egg:rhodecode-enterprise-ce#rhodecode,' + disable_plugin,
130 csrf_token, verify_response=True)
130 csrf_token, verify_response=True)
131
131
132 self._enable_plugins(
132 self._enable_plugins(
133 'egg:rhodecode-enterprise-ce#rhodecode', csrf_token,
133 'egg:rhodecode-enterprise-ce#rhodecode', csrf_token,
134 verify_response=True)
134 verify_response=True)
135
135
136 def test_ldap_save_settings(self, csrf_token):
136 def test_ldap_save_settings(self, csrf_token):
137 params = self._enable_plugins(
137 params = self._enable_plugins(
138 'egg:rhodecode-enterprise-ce#rhodecode,'
138 'egg:rhodecode-enterprise-ce#rhodecode,'
139 'egg:rhodecode-enterprise-ce#ldap',
139 'egg:rhodecode-enterprise-ce#ldap',
140 csrf_token)
140 csrf_token)
141 response = self._post_ldap_settings(params)
141 response = self._post_ldap_settings(params)
142 assert_auth_settings_updated(response)
142 assert_auth_settings_updated(response)
143
143
144 new_settings = SettingsModel().get_auth_settings()
144 new_settings = SettingsModel().get_auth_settings()
145 assert new_settings['auth_ldap_host'] == u'dc.example.com', \
145 assert new_settings['auth_ldap_host'] == u'dc.example.com', \
146 'fail db write compare'
146 'fail db write compare'
147
147
148 def test_ldap_error_form_wrong_port_number(self, csrf_token):
148 def test_ldap_error_form_wrong_port_number(self, csrf_token):
149 params = self._enable_plugins(
149 params = self._enable_plugins(
150 'egg:rhodecode-enterprise-ce#rhodecode,'
150 'egg:rhodecode-enterprise-ce#rhodecode,'
151 'egg:rhodecode-enterprise-ce#ldap',
151 'egg:rhodecode-enterprise-ce#ldap',
152 csrf_token)
152 csrf_token)
153 invalid_port_value = 'invalid-port-number'
153 invalid_port_value = 'invalid-port-number'
154 response = self._post_ldap_settings(params, override={
154 response = self._post_ldap_settings(params, override={
155 'port': invalid_port_value,
155 'port': invalid_port_value,
156 })
156 })
157 assertr = AssertResponse(response)
157 assertr = AssertResponse(response)
158 assertr.element_contains(
158 assertr.element_contains(
159 '.form .field #port ~ .error-message',
159 '.form .field #port ~ .error-message',
160 invalid_port_value)
160 invalid_port_value)
161
161
162 def test_ldap_error_form(self, csrf_token):
162 def test_ldap_error_form(self, csrf_token):
163 params = self._enable_plugins(
163 params = self._enable_plugins(
164 'egg:rhodecode-enterprise-ce#rhodecode,'
164 'egg:rhodecode-enterprise-ce#rhodecode,'
165 'egg:rhodecode-enterprise-ce#ldap',
165 'egg:rhodecode-enterprise-ce#ldap',
166 csrf_token)
166 csrf_token)
167 response = self._post_ldap_settings(params, override={
167 response = self._post_ldap_settings(params, override={
168 'attr_login': '',
168 'attr_login': '',
169 })
169 })
170 response.mustcontain("""<span class="error-message">The LDAP Login"""
170 response.mustcontain("""<span class="error-message">The LDAP Login"""
171 """ attribute of the CN must be specified""")
171 """ attribute of the CN must be specified""")
172
172
173 def test_post_ldap_group_settings(self, csrf_token):
173 def test_post_ldap_group_settings(self, csrf_token):
174 params = self._enable_plugins(
174 params = self._enable_plugins(
175 'egg:rhodecode-enterprise-ce#rhodecode,'
175 'egg:rhodecode-enterprise-ce#rhodecode,'
176 'egg:rhodecode-enterprise-ce#ldap',
176 'egg:rhodecode-enterprise-ce#ldap',
177 csrf_token)
177 csrf_token)
178
178
179 response = self._post_ldap_settings(params, override={
179 response = self._post_ldap_settings(params, override={
180 'host': 'dc-legacy.example.com',
180 'host': 'dc-legacy.example.com',
181 'port': '999',
181 'port': '999',
182 'tls_kind': 'PLAIN',
182 'tls_kind': 'PLAIN',
183 'tls_reqcert': 'NEVER',
183 'tls_reqcert': 'NEVER',
184 'dn_user': 'test_user',
184 'dn_user': 'test_user',
185 'dn_pass': 'test_pass',
185 'dn_pass': 'test_pass',
186 'base_dn': 'test_base_dn',
186 'base_dn': 'test_base_dn',
187 'filter': 'test_filter',
187 'filter': 'test_filter',
188 'search_scope': 'BASE',
188 'search_scope': 'BASE',
189 'attr_login': 'test_attr_login',
189 'attr_login': 'test_attr_login',
190 'attr_firstname': 'ima',
190 'attr_firstname': 'ima',
191 'attr_lastname': 'tester',
191 'attr_lastname': 'tester',
192 'attr_email': 'test@example.com',
192 'attr_email': 'test@example.com',
193 'auth_cache_ttl': '60',
193 'cache_ttl': '60',
194 'csrf_token': csrf_token,
194 'csrf_token': csrf_token,
195 }
195 }
196 )
196 )
197 assert_auth_settings_updated(response)
197 assert_auth_settings_updated(response)
198
198
199 new_settings = SettingsModel().get_auth_settings()
199 new_settings = SettingsModel().get_auth_settings()
200 assert new_settings['auth_ldap_host'] == u'dc-legacy.example.com', \
200 assert new_settings['auth_ldap_host'] == u'dc-legacy.example.com', \
201 'fail db write compare'
201 'fail db write compare'
@@ -1,257 +1,257 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2010-2016 RhodeCode GmbH
3 # Copyright (C) 2010-2016 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 """
21 """
22 py.test config for test suite for making push/pull operations.
22 py.test config for test suite for making push/pull operations.
23
23
24 .. important::
24 .. important::
25
25
26 You must have git >= 1.8.5 for tests to work fine. With 68b939b git started
26 You must have git >= 1.8.5 for tests to work fine. With 68b939b git started
27 to redirect things to stderr instead of stdout.
27 to redirect things to stderr instead of stdout.
28 """
28 """
29
29
30 import ConfigParser
30 import ConfigParser
31 import os
31 import os
32 import subprocess
32 import subprocess
33 import tempfile
33 import tempfile
34 import textwrap
34 import textwrap
35 import pytest
35 import pytest
36
36
37 import rhodecode
37 import rhodecode
38 from rhodecode.model.db import Repository
38 from rhodecode.model.db import Repository
39 from rhodecode.model.meta import Session
39 from rhodecode.model.meta import Session
40 from rhodecode.model.settings import SettingsModel
40 from rhodecode.model.settings import SettingsModel
41 from rhodecode.tests import (
41 from rhodecode.tests import (
42 GIT_REPO, HG_REPO, TEST_USER_ADMIN_LOGIN, TEST_USER_ADMIN_PASS,)
42 GIT_REPO, HG_REPO, TEST_USER_ADMIN_LOGIN, TEST_USER_ADMIN_PASS,)
43 from rhodecode.tests.fixture import Fixture
43 from rhodecode.tests.fixture import Fixture
44 from rhodecode.tests.utils import (
44 from rhodecode.tests.utils import (
45 set_anonymous_access, is_url_reachable, wait_for_url)
45 set_anonymous_access, is_url_reachable, wait_for_url)
46
46
47 RC_LOG = os.path.join(tempfile.gettempdir(), 'rc.log')
47 RC_LOG = os.path.join(tempfile.gettempdir(), 'rc.log')
48 REPO_GROUP = 'a_repo_group'
48 REPO_GROUP = 'a_repo_group'
49 HG_REPO_WITH_GROUP = '%s/%s' % (REPO_GROUP, HG_REPO)
49 HG_REPO_WITH_GROUP = '%s/%s' % (REPO_GROUP, HG_REPO)
50 GIT_REPO_WITH_GROUP = '%s/%s' % (REPO_GROUP, GIT_REPO)
50 GIT_REPO_WITH_GROUP = '%s/%s' % (REPO_GROUP, GIT_REPO)
51
51
52
52
53 def assert_no_running_instance(url):
53 def assert_no_running_instance(url):
54 if is_url_reachable(url):
54 if is_url_reachable(url):
55 print("Hint: Usually this means another instance of Enterprise "
55 print("Hint: Usually this means another instance of Enterprise "
56 "is running in the background.")
56 "is running in the background.")
57 pytest.fail(
57 pytest.fail(
58 "Port is not free at %s, cannot start web interface" % url)
58 "Port is not free at %s, cannot start web interface" % url)
59
59
60
60
61 def get_host_url(pylons_config):
61 def get_host_url(pylons_config):
62 """Construct the host url using the port in the test configuration."""
62 """Construct the host url using the port in the test configuration."""
63 config = ConfigParser.ConfigParser()
63 config = ConfigParser.ConfigParser()
64 config.read(pylons_config)
64 config.read(pylons_config)
65
65
66 return '127.0.0.1:%s' % config.get('server:main', 'port')
66 return '127.0.0.1:%s' % config.get('server:main', 'port')
67
67
68
68
69 class RcWebServer(object):
69 class RcWebServer(object):
70 """
70 """
71 Represents a running RCE web server used as a test fixture.
71 Represents a running RCE web server used as a test fixture.
72 """
72 """
73 def __init__(self, pylons_config):
73 def __init__(self, pylons_config):
74 self.pylons_config = pylons_config
74 self.pylons_config = pylons_config
75
75
76 def repo_clone_url(self, repo_name, **kwargs):
76 def repo_clone_url(self, repo_name, **kwargs):
77 params = {
77 params = {
78 'user': TEST_USER_ADMIN_LOGIN,
78 'user': TEST_USER_ADMIN_LOGIN,
79 'passwd': TEST_USER_ADMIN_PASS,
79 'passwd': TEST_USER_ADMIN_PASS,
80 'host': get_host_url(self.pylons_config),
80 'host': get_host_url(self.pylons_config),
81 'cloned_repo': repo_name,
81 'cloned_repo': repo_name,
82 }
82 }
83 params.update(**kwargs)
83 params.update(**kwargs)
84 _url = 'http://%(user)s:%(passwd)s@%(host)s/%(cloned_repo)s' % params
84 _url = 'http://%(user)s:%(passwd)s@%(host)s/%(cloned_repo)s' % params
85 return _url
85 return _url
86
86
87
87
88 @pytest.fixture(scope="module")
88 @pytest.fixture(scope="module")
89 def rcextensions(request, pylonsapp, tmpdir_factory):
89 def rcextensions(request, pylonsapp, tmpdir_factory):
90 """
90 """
91 Installs a testing rcextensions pack to ensure they work as expected.
91 Installs a testing rcextensions pack to ensure they work as expected.
92 """
92 """
93 init_content = textwrap.dedent("""
93 init_content = textwrap.dedent("""
94 # Forward import the example rcextensions to make it
94 # Forward import the example rcextensions to make it
95 # active for our tests.
95 # active for our tests.
96 from rhodecode.tests.other.example_rcextensions import *
96 from rhodecode.tests.other.example_rcextensions import *
97 """)
97 """)
98
98
99 # Note: rcextensions are looked up based on the path of the ini file
99 # Note: rcextensions are looked up based on the path of the ini file
100 root_path = tmpdir_factory.getbasetemp()
100 root_path = tmpdir_factory.getbasetemp()
101 rcextensions_path = root_path.join('rcextensions')
101 rcextensions_path = root_path.join('rcextensions')
102 init_path = rcextensions_path.join('__init__.py')
102 init_path = rcextensions_path.join('__init__.py')
103
103
104 if rcextensions_path.check():
104 if rcextensions_path.check():
105 pytest.fail(
105 pytest.fail(
106 "Path for rcextensions already exists, please clean up before "
106 "Path for rcextensions already exists, please clean up before "
107 "test run this path: %s" % (rcextensions_path, ))
107 "test run this path: %s" % (rcextensions_path, ))
108 return
108 return
109
109
110 request.addfinalizer(rcextensions_path.remove)
110 request.addfinalizer(rcextensions_path.remove)
111 init_path.write_binary(init_content, ensure=True)
111 init_path.write_binary(init_content, ensure=True)
112
112
113
113
114 @pytest.fixture(scope="module")
114 @pytest.fixture(scope="module")
115 def repos(request, pylonsapp):
115 def repos(request, pylonsapp):
116 """Create a copy of each test repo in a repo group."""
116 """Create a copy of each test repo in a repo group."""
117 fixture = Fixture()
117 fixture = Fixture()
118 repo_group = fixture.create_repo_group(REPO_GROUP)
118 repo_group = fixture.create_repo_group(REPO_GROUP)
119 repo_group_id = repo_group.group_id
119 repo_group_id = repo_group.group_id
120 fixture.create_fork(HG_REPO, HG_REPO,
120 fixture.create_fork(HG_REPO, HG_REPO,
121 repo_name_full=HG_REPO_WITH_GROUP,
121 repo_name_full=HG_REPO_WITH_GROUP,
122 repo_group=repo_group_id)
122 repo_group=repo_group_id)
123 fixture.create_fork(GIT_REPO, GIT_REPO,
123 fixture.create_fork(GIT_REPO, GIT_REPO,
124 repo_name_full=GIT_REPO_WITH_GROUP,
124 repo_name_full=GIT_REPO_WITH_GROUP,
125 repo_group=repo_group_id)
125 repo_group=repo_group_id)
126
126
127 @request.addfinalizer
127 @request.addfinalizer
128 def cleanup():
128 def cleanup():
129 fixture.destroy_repo(HG_REPO_WITH_GROUP)
129 fixture.destroy_repo(HG_REPO_WITH_GROUP)
130 fixture.destroy_repo(GIT_REPO_WITH_GROUP)
130 fixture.destroy_repo(GIT_REPO_WITH_GROUP)
131 fixture.destroy_repo_group(repo_group_id)
131 fixture.destroy_repo_group(repo_group_id)
132
132
133
133
134 @pytest.fixture(scope="module")
134 @pytest.fixture(scope="module")
135 def rc_web_server_config(pylons_config):
135 def rc_web_server_config(pylons_config):
136 """
136 """
137 Configuration file used for the fixture `rc_web_server`.
137 Configuration file used for the fixture `rc_web_server`.
138 """
138 """
139 return pylons_config
139 return pylons_config
140
140
141
141
142 @pytest.fixture(scope="module")
142 @pytest.fixture(scope="module")
143 def rc_web_server(
143 def rc_web_server(
144 request, pylonsapp, rc_web_server_config, repos, rcextensions):
144 request, pylonsapp, rc_web_server_config, repos, rcextensions):
145 """
145 """
146 Run the web server as a subprocess.
146 Run the web server as a subprocess.
147
147
148 Since we have already a running vcsserver, this is not spawned again.
148 Since we have already a running vcsserver, this is not spawned again.
149 """
149 """
150 env = os.environ.copy()
150 env = os.environ.copy()
151 env['RC_NO_TMP_PATH'] = '1'
151 env['RC_NO_TMP_PATH'] = '1'
152
152
153 server_out = open(RC_LOG, 'w')
153 server_out = open(RC_LOG, 'w')
154
154
155 # TODO: Would be great to capture the output and err of the subprocess
155 # TODO: Would be great to capture the output and err of the subprocess
156 # and make it available in a section of the py.test report in case of an
156 # and make it available in a section of the py.test report in case of an
157 # error.
157 # error.
158
158
159 host_url = 'http://' + get_host_url(rc_web_server_config)
159 host_url = 'http://' + get_host_url(rc_web_server_config)
160 assert_no_running_instance(host_url)
160 assert_no_running_instance(host_url)
161 command = ['rcserver', rc_web_server_config]
161 command = ['rcserver', rc_web_server_config]
162
162
163 print('Starting rcserver: {}'.format(host_url))
163 print('Starting rcserver: {}'.format(host_url))
164 print('Command: {}'.format(command))
164 print('Command: {}'.format(command))
165 print('Logfile: {}'.format(RC_LOG))
165 print('Logfile: {}'.format(RC_LOG))
166
166
167 proc = subprocess.Popen(
167 proc = subprocess.Popen(
168 command, bufsize=0, env=env, stdout=server_out, stderr=server_out)
168 command, bufsize=0, env=env, stdout=server_out, stderr=server_out)
169
169
170 wait_for_url(host_url, timeout=30)
170 wait_for_url(host_url, timeout=30)
171
171
172 @request.addfinalizer
172 @request.addfinalizer
173 def stop_web_server():
173 def stop_web_server():
174 # TODO: Find out how to integrate with the reporting of py.test to
174 # TODO: Find out how to integrate with the reporting of py.test to
175 # make this information available.
175 # make this information available.
176 print "\nServer log file written to %s" % (RC_LOG, )
176 print "\nServer log file written to %s" % (RC_LOG, )
177 proc.kill()
177 proc.kill()
178 server_out.close()
178 server_out.close()
179
179
180 return RcWebServer(rc_web_server_config)
180 return RcWebServer(rc_web_server_config)
181
181
182
182
183 @pytest.fixture(scope='class', autouse=True)
183 @pytest.fixture(scope='class', autouse=True)
184 def disable_anonymous_user_access(pylonsapp):
184 def disable_anonymous_user_access(pylonsapp):
185 set_anonymous_access(False)
185 set_anonymous_access(False)
186
186
187
187
188 @pytest.fixture
188 @pytest.fixture
189 def disable_locking(pylonsapp):
189 def disable_locking(pylonsapp):
190 r = Repository.get_by_repo_name(GIT_REPO)
190 r = Repository.get_by_repo_name(GIT_REPO)
191 Repository.unlock(r)
191 Repository.unlock(r)
192 r.enable_locking = False
192 r.enable_locking = False
193 Session().add(r)
193 Session().add(r)
194 Session().commit()
194 Session().commit()
195
195
196 r = Repository.get_by_repo_name(HG_REPO)
196 r = Repository.get_by_repo_name(HG_REPO)
197 Repository.unlock(r)
197 Repository.unlock(r)
198 r.enable_locking = False
198 r.enable_locking = False
199 Session().add(r)
199 Session().add(r)
200 Session().commit()
200 Session().commit()
201
201
202
202
203 @pytest.fixture
203 @pytest.fixture
204 def enable_auth_plugins(request, pylonsapp, csrf_token):
204 def enable_auth_plugins(request, pylonsapp, csrf_token):
205 """
205 """
206 Return a factory object that when called, allows to control which
206 Return a factory object that when called, allows to control which
207 authentication plugins are enabled.
207 authentication plugins are enabled.
208 """
208 """
209 def _enable_plugins(plugins_list, override=None):
209 def _enable_plugins(plugins_list, override=None):
210 override = override or {}
210 override = override or {}
211 params = {
211 params = {
212 'auth_plugins': ','.join(plugins_list),
212 'auth_plugins': ','.join(plugins_list),
213 'csrf_token': csrf_token,
213 'csrf_token': csrf_token,
214 }
214 }
215
215
216 for module in plugins_list:
216 for module in plugins_list:
217 plugin = rhodecode.authentication.base.loadplugin(module)
217 plugin = rhodecode.authentication.base.loadplugin(module)
218 plugin_name = plugin.name
218 plugin_name = plugin.name
219 enabled_plugin = 'auth_%s_enabled' % plugin_name
219 enabled_plugin = 'auth_%s_enabled' % plugin_name
220 cache_ttl = 'auth_%s_auth_cache_ttl' % plugin_name
220 cache_ttl = 'auth_%s_cache_ttl' % plugin_name
221
221
222 # default params that are needed for each plugin,
222 # default params that are needed for each plugin,
223 # `enabled` and `auth_cache_ttl`
223 # `enabled` and `cache_ttl`
224 params.update({
224 params.update({
225 enabled_plugin: True,
225 enabled_plugin: True,
226 cache_ttl: 0
226 cache_ttl: 0
227 })
227 })
228 if override.get:
228 if override.get:
229 params.update(override.get(module, {}))
229 params.update(override.get(module, {}))
230
230
231 validated_params = params
231 validated_params = params
232 for k, v in validated_params.items():
232 for k, v in validated_params.items():
233 setting = SettingsModel().create_or_update_setting(k, v)
233 setting = SettingsModel().create_or_update_setting(k, v)
234 Session().add(setting)
234 Session().add(setting)
235 Session().commit()
235 Session().commit()
236
236
237 def cleanup():
237 def cleanup():
238 _enable_plugins(['egg:rhodecode-enterprise-ce#rhodecode'])
238 _enable_plugins(['egg:rhodecode-enterprise-ce#rhodecode'])
239
239
240 request.addfinalizer(cleanup)
240 request.addfinalizer(cleanup)
241
241
242 return _enable_plugins
242 return _enable_plugins
243
243
244
244
245 @pytest.fixture
245 @pytest.fixture
246 def fs_repo_only(request, rhodecode_fixtures):
246 def fs_repo_only(request, rhodecode_fixtures):
247 def fs_repo_fabric(repo_name, repo_type):
247 def fs_repo_fabric(repo_name, repo_type):
248 rhodecode_fixtures.create_repo(repo_name, repo_type=repo_type)
248 rhodecode_fixtures.create_repo(repo_name, repo_type=repo_type)
249 rhodecode_fixtures.destroy_repo(repo_name, fs_remove=False)
249 rhodecode_fixtures.destroy_repo(repo_name, fs_remove=False)
250
250
251 def cleanup():
251 def cleanup():
252 rhodecode_fixtures.destroy_repo(repo_name, fs_remove=True)
252 rhodecode_fixtures.destroy_repo(repo_name, fs_remove=True)
253 rhodecode_fixtures.destroy_repo_on_filesystem(repo_name)
253 rhodecode_fixtures.destroy_repo_on_filesystem(repo_name)
254
254
255 request.addfinalizer(cleanup)
255 request.addfinalizer(cleanup)
256
256
257 return fs_repo_fabric
257 return fs_repo_fabric
General Comments 0
You need to be logged in to leave comments. Login now