This diff has been collapsed as it changes many lines, (4933 lines changed)
Show them
Hide them
|
|
@@
-0,0
+1,4933
|
|
|
|
|
1
|
# -*- coding: utf-8 -*-
|
|
|
|
|
2
|
|
|
|
|
|
3
|
# Copyright (C) 2010-2019 RhodeCode GmbH
|
|
|
|
|
4
|
#
|
|
|
|
|
5
|
# This program is free software: you can redistribute it and/or modify
|
|
|
|
|
6
|
# it under the terms of the GNU Affero General Public License, version 3
|
|
|
|
|
7
|
# (only), as published by the Free Software Foundation.
|
|
|
|
|
8
|
#
|
|
|
|
|
9
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
|
10
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
11
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
12
|
# GNU General Public License for more details.
|
|
|
|
|
13
|
#
|
|
|
|
|
14
|
# You should have received a copy of the GNU Affero General Public License
|
|
|
|
|
15
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
16
|
#
|
|
|
|
|
17
|
# This program is dual-licensed. If you wish to learn more about the
|
|
|
|
|
18
|
# RhodeCode Enterprise Edition, including its added features, Support services,
|
|
|
|
|
19
|
# and proprietary license terms, please see https://rhodecode.com/licenses/
|
|
|
|
|
20
|
|
|
|
|
|
21
|
"""
|
|
|
|
|
22
|
Database Models for RhodeCode Enterprise
|
|
|
|
|
23
|
"""
|
|
|
|
|
24
|
|
|
|
|
|
25
|
import re
|
|
|
|
|
26
|
import os
|
|
|
|
|
27
|
import time
|
|
|
|
|
28
|
import hashlib
|
|
|
|
|
29
|
import logging
|
|
|
|
|
30
|
import datetime
|
|
|
|
|
31
|
import warnings
|
|
|
|
|
32
|
import ipaddress
|
|
|
|
|
33
|
import functools
|
|
|
|
|
34
|
import traceback
|
|
|
|
|
35
|
import collections
|
|
|
|
|
36
|
|
|
|
|
|
37
|
from sqlalchemy import (
|
|
|
|
|
38
|
or_, and_, not_, func, TypeDecorator, event,
|
|
|
|
|
39
|
Index, Sequence, UniqueConstraint, ForeignKey, CheckConstraint, Column,
|
|
|
|
|
40
|
Boolean, String, Unicode, UnicodeText, DateTime, Integer, LargeBinary,
|
|
|
|
|
41
|
Text, Float, PickleType)
|
|
|
|
|
42
|
from sqlalchemy.sql.expression import true, false
|
|
|
|
|
43
|
from sqlalchemy.sql.functions import coalesce, count # pragma: no cover
|
|
|
|
|
44
|
from sqlalchemy.orm import (
|
|
|
|
|
45
|
relationship, joinedload, class_mapper, validates, aliased)
|
|
|
|
|
46
|
from sqlalchemy.ext.declarative import declared_attr
|
|
|
|
|
47
|
from sqlalchemy.ext.hybrid import hybrid_property
|
|
|
|
|
48
|
from sqlalchemy.exc import IntegrityError # pragma: no cover
|
|
|
|
|
49
|
from sqlalchemy.dialects.mysql import LONGTEXT
|
|
|
|
|
50
|
from zope.cachedescriptors.property import Lazy as LazyProperty
|
|
|
|
|
51
|
from pyramid import compat
|
|
|
|
|
52
|
from pyramid.threadlocal import get_current_request
|
|
|
|
|
53
|
|
|
|
|
|
54
|
from rhodecode.translation import _
|
|
|
|
|
55
|
from rhodecode.lib.vcs import get_vcs_instance
|
|
|
|
|
56
|
from rhodecode.lib.vcs.backends.base import EmptyCommit, Reference
|
|
|
|
|
57
|
from rhodecode.lib.utils2 import (
|
|
|
|
|
58
|
str2bool, safe_str, get_commit_safe, safe_unicode, sha1_safe,
|
|
|
|
|
59
|
time_to_datetime, aslist, Optional, safe_int, get_clone_url, AttributeDict,
|
|
|
|
|
60
|
glob2re, StrictAttributeDict, cleaned_uri)
|
|
|
|
|
61
|
from rhodecode.lib.jsonalchemy import MutationObj, MutationList, JsonType, \
|
|
|
|
|
62
|
JsonRaw
|
|
|
|
|
63
|
from rhodecode.lib.ext_json import json
|
|
|
|
|
64
|
from rhodecode.lib.caching_query import FromCache
|
|
|
|
|
65
|
from rhodecode.lib.encrypt import AESCipher
|
|
|
|
|
66
|
|
|
|
|
|
67
|
from rhodecode.model.meta import Base, Session
|
|
|
|
|
68
|
|
|
|
|
|
69
|
URL_SEP = '/'
|
|
|
|
|
70
|
log = logging.getLogger(__name__)
|
|
|
|
|
71
|
|
|
|
|
|
72
|
# =============================================================================
|
|
|
|
|
73
|
# BASE CLASSES
|
|
|
|
|
74
|
# =============================================================================
|
|
|
|
|
75
|
|
|
|
|
|
76
|
# this is propagated from .ini file rhodecode.encrypted_values.secret or
|
|
|
|
|
77
|
# beaker.session.secret if first is not set.
|
|
|
|
|
78
|
# and initialized at environment.py
|
|
|
|
|
79
|
ENCRYPTION_KEY = None
|
|
|
|
|
80
|
|
|
|
|
|
81
|
# used to sort permissions by types, '#' used here is not allowed to be in
|
|
|
|
|
82
|
# usernames, and it's very early in sorted string.printable table.
|
|
|
|
|
83
|
PERMISSION_TYPE_SORT = {
|
|
|
|
|
84
|
'admin': '####',
|
|
|
|
|
85
|
'write': '###',
|
|
|
|
|
86
|
'read': '##',
|
|
|
|
|
87
|
'none': '#',
|
|
|
|
|
88
|
}
|
|
|
|
|
89
|
|
|
|
|
|
90
|
|
|
|
|
|
91
|
def display_user_sort(obj):
|
|
|
|
|
92
|
"""
|
|
|
|
|
93
|
Sort function used to sort permissions in .permissions() function of
|
|
|
|
|
94
|
Repository, RepoGroup, UserGroup. Also it put the default user in front
|
|
|
|
|
95
|
of all other resources
|
|
|
|
|
96
|
"""
|
|
|
|
|
97
|
|
|
|
|
|
98
|
if obj.username == User.DEFAULT_USER:
|
|
|
|
|
99
|
return '#####'
|
|
|
|
|
100
|
prefix = PERMISSION_TYPE_SORT.get(obj.permission.split('.')[-1], '')
|
|
|
|
|
101
|
return prefix + obj.username
|
|
|
|
|
102
|
|
|
|
|
|
103
|
|
|
|
|
|
104
|
def display_user_group_sort(obj):
|
|
|
|
|
105
|
"""
|
|
|
|
|
106
|
Sort function used to sort permissions in .permissions() function of
|
|
|
|
|
107
|
Repository, RepoGroup, UserGroup. Also it put the default user in front
|
|
|
|
|
108
|
of all other resources
|
|
|
|
|
109
|
"""
|
|
|
|
|
110
|
|
|
|
|
|
111
|
prefix = PERMISSION_TYPE_SORT.get(obj.permission.split('.')[-1], '')
|
|
|
|
|
112
|
return prefix + obj.users_group_name
|
|
|
|
|
113
|
|
|
|
|
|
114
|
|
|
|
|
|
115
|
def _hash_key(k):
|
|
|
|
|
116
|
return sha1_safe(k)
|
|
|
|
|
117
|
|
|
|
|
|
118
|
|
|
|
|
|
119
|
def in_filter_generator(qry, items, limit=500):
|
|
|
|
|
120
|
"""
|
|
|
|
|
121
|
Splits IN() into multiple with OR
|
|
|
|
|
122
|
e.g.::
|
|
|
|
|
123
|
cnt = Repository.query().filter(
|
|
|
|
|
124
|
or_(
|
|
|
|
|
125
|
*in_filter_generator(Repository.repo_id, range(100000))
|
|
|
|
|
126
|
)).count()
|
|
|
|
|
127
|
"""
|
|
|
|
|
128
|
if not items:
|
|
|
|
|
129
|
# empty list will cause empty query which might cause security issues
|
|
|
|
|
130
|
# this can lead to hidden unpleasant results
|
|
|
|
|
131
|
items = [-1]
|
|
|
|
|
132
|
|
|
|
|
|
133
|
parts = []
|
|
|
|
|
134
|
for chunk in xrange(0, len(items), limit):
|
|
|
|
|
135
|
parts.append(
|
|
|
|
|
136
|
qry.in_(items[chunk: chunk + limit])
|
|
|
|
|
137
|
)
|
|
|
|
|
138
|
|
|
|
|
|
139
|
return parts
|
|
|
|
|
140
|
|
|
|
|
|
141
|
|
|
|
|
|
142
|
base_table_args = {
|
|
|
|
|
143
|
'extend_existing': True,
|
|
|
|
|
144
|
'mysql_engine': 'InnoDB',
|
|
|
|
|
145
|
'mysql_charset': 'utf8',
|
|
|
|
|
146
|
'sqlite_autoincrement': True
|
|
|
|
|
147
|
}
|
|
|
|
|
148
|
|
|
|
|
|
149
|
|
|
|
|
|
150
|
class EncryptedTextValue(TypeDecorator):
|
|
|
|
|
151
|
"""
|
|
|
|
|
152
|
Special column for encrypted long text data, use like::
|
|
|
|
|
153
|
|
|
|
|
|
154
|
value = Column("encrypted_value", EncryptedValue(), nullable=False)
|
|
|
|
|
155
|
|
|
|
|
|
156
|
This column is intelligent so if value is in unencrypted form it return
|
|
|
|
|
157
|
unencrypted form, but on save it always encrypts
|
|
|
|
|
158
|
"""
|
|
|
|
|
159
|
impl = Text
|
|
|
|
|
160
|
|
|
|
|
|
161
|
def process_bind_param(self, value, dialect):
|
|
|
|
|
162
|
if not value:
|
|
|
|
|
163
|
return value
|
|
|
|
|
164
|
if value.startswith('enc$aes$') or value.startswith('enc$aes_hmac$'):
|
|
|
|
|
165
|
# protect against double encrypting if someone manually starts
|
|
|
|
|
166
|
# doing
|
|
|
|
|
167
|
raise ValueError('value needs to be in unencrypted format, ie. '
|
|
|
|
|
168
|
'not starting with enc$aes')
|
|
|
|
|
169
|
return 'enc$aes_hmac$%s' % AESCipher(
|
|
|
|
|
170
|
ENCRYPTION_KEY, hmac=True).encrypt(value)
|
|
|
|
|
171
|
|
|
|
|
|
172
|
def process_result_value(self, value, dialect):
|
|
|
|
|
173
|
import rhodecode
|
|
|
|
|
174
|
|
|
|
|
|
175
|
if not value:
|
|
|
|
|
176
|
return value
|
|
|
|
|
177
|
|
|
|
|
|
178
|
parts = value.split('$', 3)
|
|
|
|
|
179
|
if not len(parts) == 3:
|
|
|
|
|
180
|
# probably not encrypted values
|
|
|
|
|
181
|
return value
|
|
|
|
|
182
|
else:
|
|
|
|
|
183
|
if parts[0] != 'enc':
|
|
|
|
|
184
|
# parts ok but without our header ?
|
|
|
|
|
185
|
return value
|
|
|
|
|
186
|
enc_strict_mode = str2bool(rhodecode.CONFIG.get(
|
|
|
|
|
187
|
'rhodecode.encrypted_values.strict') or True)
|
|
|
|
|
188
|
# at that stage we know it's our encryption
|
|
|
|
|
189
|
if parts[1] == 'aes':
|
|
|
|
|
190
|
decrypted_data = AESCipher(ENCRYPTION_KEY).decrypt(parts[2])
|
|
|
|
|
191
|
elif parts[1] == 'aes_hmac':
|
|
|
|
|
192
|
decrypted_data = AESCipher(
|
|
|
|
|
193
|
ENCRYPTION_KEY, hmac=True,
|
|
|
|
|
194
|
strict_verification=enc_strict_mode).decrypt(parts[2])
|
|
|
|
|
195
|
else:
|
|
|
|
|
196
|
raise ValueError(
|
|
|
|
|
197
|
'Encryption type part is wrong, must be `aes` '
|
|
|
|
|
198
|
'or `aes_hmac`, got `%s` instead' % (parts[1]))
|
|
|
|
|
199
|
return decrypted_data
|
|
|
|
|
200
|
|
|
|
|
|
201
|
|
|
|
|
|
202
|
class BaseModel(object):
|
|
|
|
|
203
|
"""
|
|
|
|
|
204
|
Base Model for all classes
|
|
|
|
|
205
|
"""
|
|
|
|
|
206
|
|
|
|
|
|
207
|
@classmethod
|
|
|
|
|
208
|
def _get_keys(cls):
|
|
|
|
|
209
|
"""return column names for this model """
|
|
|
|
|
210
|
return class_mapper(cls).c.keys()
|
|
|
|
|
211
|
|
|
|
|
|
212
|
def get_dict(self):
|
|
|
|
|
213
|
"""
|
|
|
|
|
214
|
return dict with keys and values corresponding
|
|
|
|
|
215
|
to this model data """
|
|
|
|
|
216
|
|
|
|
|
|
217
|
d = {}
|
|
|
|
|
218
|
for k in self._get_keys():
|
|
|
|
|
219
|
d[k] = getattr(self, k)
|
|
|
|
|
220
|
|
|
|
|
|
221
|
# also use __json__() if present to get additional fields
|
|
|
|
|
222
|
_json_attr = getattr(self, '__json__', None)
|
|
|
|
|
223
|
if _json_attr:
|
|
|
|
|
224
|
# update with attributes from __json__
|
|
|
|
|
225
|
if callable(_json_attr):
|
|
|
|
|
226
|
_json_attr = _json_attr()
|
|
|
|
|
227
|
for k, val in _json_attr.iteritems():
|
|
|
|
|
228
|
d[k] = val
|
|
|
|
|
229
|
return d
|
|
|
|
|
230
|
|
|
|
|
|
231
|
def get_appstruct(self):
|
|
|
|
|
232
|
"""return list with keys and values tuples corresponding
|
|
|
|
|
233
|
to this model data """
|
|
|
|
|
234
|
|
|
|
|
|
235
|
lst = []
|
|
|
|
|
236
|
for k in self._get_keys():
|
|
|
|
|
237
|
lst.append((k, getattr(self, k),))
|
|
|
|
|
238
|
return lst
|
|
|
|
|
239
|
|
|
|
|
|
240
|
def populate_obj(self, populate_dict):
|
|
|
|
|
241
|
"""populate model with data from given populate_dict"""
|
|
|
|
|
242
|
|
|
|
|
|
243
|
for k in self._get_keys():
|
|
|
|
|
244
|
if k in populate_dict:
|
|
|
|
|
245
|
setattr(self, k, populate_dict[k])
|
|
|
|
|
246
|
|
|
|
|
|
247
|
@classmethod
|
|
|
|
|
248
|
def query(cls):
|
|
|
|
|
249
|
return Session().query(cls)
|
|
|
|
|
250
|
|
|
|
|
|
251
|
@classmethod
|
|
|
|
|
252
|
def get(cls, id_):
|
|
|
|
|
253
|
if id_:
|
|
|
|
|
254
|
return cls.query().get(id_)
|
|
|
|
|
255
|
|
|
|
|
|
256
|
@classmethod
|
|
|
|
|
257
|
def get_or_404(cls, id_):
|
|
|
|
|
258
|
from pyramid.httpexceptions import HTTPNotFound
|
|
|
|
|
259
|
|
|
|
|
|
260
|
try:
|
|
|
|
|
261
|
id_ = int(id_)
|
|
|
|
|
262
|
except (TypeError, ValueError):
|
|
|
|
|
263
|
raise HTTPNotFound()
|
|
|
|
|
264
|
|
|
|
|
|
265
|
res = cls.query().get(id_)
|
|
|
|
|
266
|
if not res:
|
|
|
|
|
267
|
raise HTTPNotFound()
|
|
|
|
|
268
|
return res
|
|
|
|
|
269
|
|
|
|
|
|
270
|
@classmethod
|
|
|
|
|
271
|
def getAll(cls):
|
|
|
|
|
272
|
# deprecated and left for backward compatibility
|
|
|
|
|
273
|
return cls.get_all()
|
|
|
|
|
274
|
|
|
|
|
|
275
|
@classmethod
|
|
|
|
|
276
|
def get_all(cls):
|
|
|
|
|
277
|
return cls.query().all()
|
|
|
|
|
278
|
|
|
|
|
|
279
|
@classmethod
|
|
|
|
|
280
|
def delete(cls, id_):
|
|
|
|
|
281
|
obj = cls.query().get(id_)
|
|
|
|
|
282
|
Session().delete(obj)
|
|
|
|
|
283
|
|
|
|
|
|
284
|
@classmethod
|
|
|
|
|
285
|
def identity_cache(cls, session, attr_name, value):
|
|
|
|
|
286
|
exist_in_session = []
|
|
|
|
|
287
|
for (item_cls, pkey), instance in session.identity_map.items():
|
|
|
|
|
288
|
if cls == item_cls and getattr(instance, attr_name) == value:
|
|
|
|
|
289
|
exist_in_session.append(instance)
|
|
|
|
|
290
|
if exist_in_session:
|
|
|
|
|
291
|
if len(exist_in_session) == 1:
|
|
|
|
|
292
|
return exist_in_session[0]
|
|
|
|
|
293
|
log.exception(
|
|
|
|
|
294
|
'multiple objects with attr %s and '
|
|
|
|
|
295
|
'value %s found with same name: %r',
|
|
|
|
|
296
|
attr_name, value, exist_in_session)
|
|
|
|
|
297
|
|
|
|
|
|
298
|
def __repr__(self):
|
|
|
|
|
299
|
if hasattr(self, '__unicode__'):
|
|
|
|
|
300
|
# python repr needs to return str
|
|
|
|
|
301
|
try:
|
|
|
|
|
302
|
return safe_str(self.__unicode__())
|
|
|
|
|
303
|
except UnicodeDecodeError:
|
|
|
|
|
304
|
pass
|
|
|
|
|
305
|
return '<DB:%s>' % (self.__class__.__name__)
|
|
|
|
|
306
|
|
|
|
|
|
307
|
|
|
|
|
|
308
|
class RhodeCodeSetting(Base, BaseModel):
|
|
|
|
|
309
|
__tablename__ = 'rhodecode_settings'
|
|
|
|
|
310
|
__table_args__ = (
|
|
|
|
|
311
|
UniqueConstraint('app_settings_name'),
|
|
|
|
|
312
|
base_table_args
|
|
|
|
|
313
|
)
|
|
|
|
|
314
|
|
|
|
|
|
315
|
SETTINGS_TYPES = {
|
|
|
|
|
316
|
'str': safe_str,
|
|
|
|
|
317
|
'int': safe_int,
|
|
|
|
|
318
|
'unicode': safe_unicode,
|
|
|
|
|
319
|
'bool': str2bool,
|
|
|
|
|
320
|
'list': functools.partial(aslist, sep=',')
|
|
|
|
|
321
|
}
|
|
|
|
|
322
|
DEFAULT_UPDATE_URL = 'https://rhodecode.com/api/v1/info/versions'
|
|
|
|
|
323
|
GLOBAL_CONF_KEY = 'app_settings'
|
|
|
|
|
324
|
|
|
|
|
|
325
|
app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
|
|
|
|
|
326
|
app_settings_name = Column("app_settings_name", String(255), nullable=True, unique=None, default=None)
|
|
|
|
|
327
|
_app_settings_value = Column("app_settings_value", String(4096), nullable=True, unique=None, default=None)
|
|
|
|
|
328
|
_app_settings_type = Column("app_settings_type", String(255), nullable=True, unique=None, default=None)
|
|
|
|
|
329
|
|
|
|
|
|
330
|
def __init__(self, key='', val='', type='unicode'):
|
|
|
|
|
331
|
self.app_settings_name = key
|
|
|
|
|
332
|
self.app_settings_type = type
|
|
|
|
|
333
|
self.app_settings_value = val
|
|
|
|
|
334
|
|
|
|
|
|
335
|
@validates('_app_settings_value')
|
|
|
|
|
336
|
def validate_settings_value(self, key, val):
|
|
|
|
|
337
|
assert type(val) == unicode
|
|
|
|
|
338
|
return val
|
|
|
|
|
339
|
|
|
|
|
|
340
|
@hybrid_property
|
|
|
|
|
341
|
def app_settings_value(self):
|
|
|
|
|
342
|
v = self._app_settings_value
|
|
|
|
|
343
|
_type = self.app_settings_type
|
|
|
|
|
344
|
if _type:
|
|
|
|
|
345
|
_type = self.app_settings_type.split('.')[0]
|
|
|
|
|
346
|
# decode the encrypted value
|
|
|
|
|
347
|
if 'encrypted' in self.app_settings_type:
|
|
|
|
|
348
|
cipher = EncryptedTextValue()
|
|
|
|
|
349
|
v = safe_unicode(cipher.process_result_value(v, None))
|
|
|
|
|
350
|
|
|
|
|
|
351
|
converter = self.SETTINGS_TYPES.get(_type) or \
|
|
|
|
|
352
|
self.SETTINGS_TYPES['unicode']
|
|
|
|
|
353
|
return converter(v)
|
|
|
|
|
354
|
|
|
|
|
|
355
|
@app_settings_value.setter
|
|
|
|
|
356
|
def app_settings_value(self, val):
|
|
|
|
|
357
|
"""
|
|
|
|
|
358
|
Setter that will always make sure we use unicode in app_settings_value
|
|
|
|
|
359
|
|
|
|
|
|
360
|
:param val:
|
|
|
|
|
361
|
"""
|
|
|
|
|
362
|
val = safe_unicode(val)
|
|
|
|
|
363
|
# encode the encrypted value
|
|
|
|
|
364
|
if 'encrypted' in self.app_settings_type:
|
|
|
|
|
365
|
cipher = EncryptedTextValue()
|
|
|
|
|
366
|
val = safe_unicode(cipher.process_bind_param(val, None))
|
|
|
|
|
367
|
self._app_settings_value = val
|
|
|
|
|
368
|
|
|
|
|
|
369
|
@hybrid_property
|
|
|
|
|
370
|
def app_settings_type(self):
|
|
|
|
|
371
|
return self._app_settings_type
|
|
|
|
|
372
|
|
|
|
|
|
373
|
@app_settings_type.setter
|
|
|
|
|
374
|
def app_settings_type(self, val):
|
|
|
|
|
375
|
if val.split('.')[0] not in self.SETTINGS_TYPES:
|
|
|
|
|
376
|
raise Exception('type must be one of %s got %s'
|
|
|
|
|
377
|
% (self.SETTINGS_TYPES.keys(), val))
|
|
|
|
|
378
|
self._app_settings_type = val
|
|
|
|
|
379
|
|
|
|
|
|
380
|
@classmethod
|
|
|
|
|
381
|
def get_by_prefix(cls, prefix):
|
|
|
|
|
382
|
return RhodeCodeSetting.query()\
|
|
|
|
|
383
|
.filter(RhodeCodeSetting.app_settings_name.startswith(prefix))\
|
|
|
|
|
384
|
.all()
|
|
|
|
|
385
|
|
|
|
|
|
386
|
def __unicode__(self):
|
|
|
|
|
387
|
return u"<%s('%s:%s[%s]')>" % (
|
|
|
|
|
388
|
self.__class__.__name__,
|
|
|
|
|
389
|
self.app_settings_name, self.app_settings_value,
|
|
|
|
|
390
|
self.app_settings_type
|
|
|
|
|
391
|
)
|
|
|
|
|
392
|
|
|
|
|
|
393
|
|
|
|
|
|
394
|
class RhodeCodeUi(Base, BaseModel):
|
|
|
|
|
395
|
__tablename__ = 'rhodecode_ui'
|
|
|
|
|
396
|
__table_args__ = (
|
|
|
|
|
397
|
UniqueConstraint('ui_key'),
|
|
|
|
|
398
|
base_table_args
|
|
|
|
|
399
|
)
|
|
|
|
|
400
|
|
|
|
|
|
401
|
HOOK_REPO_SIZE = 'changegroup.repo_size'
|
|
|
|
|
402
|
# HG
|
|
|
|
|
403
|
HOOK_PRE_PULL = 'preoutgoing.pre_pull'
|
|
|
|
|
404
|
HOOK_PULL = 'outgoing.pull_logger'
|
|
|
|
|
405
|
HOOK_PRE_PUSH = 'prechangegroup.pre_push'
|
|
|
|
|
406
|
HOOK_PRETX_PUSH = 'pretxnchangegroup.pre_push'
|
|
|
|
|
407
|
HOOK_PUSH = 'changegroup.push_logger'
|
|
|
|
|
408
|
HOOK_PUSH_KEY = 'pushkey.key_push'
|
|
|
|
|
409
|
|
|
|
|
|
410
|
# TODO: johbo: Unify way how hooks are configured for git and hg,
|
|
|
|
|
411
|
# git part is currently hardcoded.
|
|
|
|
|
412
|
|
|
|
|
|
413
|
# SVN PATTERNS
|
|
|
|
|
414
|
SVN_BRANCH_ID = 'vcs_svn_branch'
|
|
|
|
|
415
|
SVN_TAG_ID = 'vcs_svn_tag'
|
|
|
|
|
416
|
|
|
|
|
|
417
|
ui_id = Column(
|
|
|
|
|
418
|
"ui_id", Integer(), nullable=False, unique=True, default=None,
|
|
|
|
|
419
|
primary_key=True)
|
|
|
|
|
420
|
ui_section = Column(
|
|
|
|
|
421
|
"ui_section", String(255), nullable=True, unique=None, default=None)
|
|
|
|
|
422
|
ui_key = Column(
|
|
|
|
|
423
|
"ui_key", String(255), nullable=True, unique=None, default=None)
|
|
|
|
|
424
|
ui_value = Column(
|
|
|
|
|
425
|
"ui_value", String(255), nullable=True, unique=None, default=None)
|
|
|
|
|
426
|
ui_active = Column(
|
|
|
|
|
427
|
"ui_active", Boolean(), nullable=True, unique=None, default=True)
|
|
|
|
|
428
|
|
|
|
|
|
429
|
def __repr__(self):
|
|
|
|
|
430
|
return '<%s[%s]%s=>%s]>' % (self.__class__.__name__, self.ui_section,
|
|
|
|
|
431
|
self.ui_key, self.ui_value)
|
|
|
|
|
432
|
|
|
|
|
|
433
|
|
|
|
|
|
434
|
class RepoRhodeCodeSetting(Base, BaseModel):
|
|
|
|
|
435
|
__tablename__ = 'repo_rhodecode_settings'
|
|
|
|
|
436
|
__table_args__ = (
|
|
|
|
|
437
|
UniqueConstraint(
|
|
|
|
|
438
|
'app_settings_name', 'repository_id',
|
|
|
|
|
439
|
name='uq_repo_rhodecode_setting_name_repo_id'),
|
|
|
|
|
440
|
base_table_args
|
|
|
|
|
441
|
)
|
|
|
|
|
442
|
|
|
|
|
|
443
|
repository_id = Column(
|
|
|
|
|
444
|
"repository_id", Integer(), ForeignKey('repositories.repo_id'),
|
|
|
|
|
445
|
nullable=False)
|
|
|
|
|
446
|
app_settings_id = Column(
|
|
|
|
|
447
|
"app_settings_id", Integer(), nullable=False, unique=True,
|
|
|
|
|
448
|
default=None, primary_key=True)
|
|
|
|
|
449
|
app_settings_name = Column(
|
|
|
|
|
450
|
"app_settings_name", String(255), nullable=True, unique=None,
|
|
|
|
|
451
|
default=None)
|
|
|
|
|
452
|
_app_settings_value = Column(
|
|
|
|
|
453
|
"app_settings_value", String(4096), nullable=True, unique=None,
|
|
|
|
|
454
|
default=None)
|
|
|
|
|
455
|
_app_settings_type = Column(
|
|
|
|
|
456
|
"app_settings_type", String(255), nullable=True, unique=None,
|
|
|
|
|
457
|
default=None)
|
|
|
|
|
458
|
|
|
|
|
|
459
|
repository = relationship('Repository')
|
|
|
|
|
460
|
|
|
|
|
|
461
|
def __init__(self, repository_id, key='', val='', type='unicode'):
|
|
|
|
|
462
|
self.repository_id = repository_id
|
|
|
|
|
463
|
self.app_settings_name = key
|
|
|
|
|
464
|
self.app_settings_type = type
|
|
|
|
|
465
|
self.app_settings_value = val
|
|
|
|
|
466
|
|
|
|
|
|
467
|
@validates('_app_settings_value')
|
|
|
|
|
468
|
def validate_settings_value(self, key, val):
|
|
|
|
|
469
|
assert type(val) == unicode
|
|
|
|
|
470
|
return val
|
|
|
|
|
471
|
|
|
|
|
|
472
|
@hybrid_property
|
|
|
|
|
473
|
def app_settings_value(self):
|
|
|
|
|
474
|
v = self._app_settings_value
|
|
|
|
|
475
|
type_ = self.app_settings_type
|
|
|
|
|
476
|
SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
|
|
|
|
|
477
|
converter = SETTINGS_TYPES.get(type_) or SETTINGS_TYPES['unicode']
|
|
|
|
|
478
|
return converter(v)
|
|
|
|
|
479
|
|
|
|
|
|
480
|
@app_settings_value.setter
|
|
|
|
|
481
|
def app_settings_value(self, val):
|
|
|
|
|
482
|
"""
|
|
|
|
|
483
|
Setter that will always make sure we use unicode in app_settings_value
|
|
|
|
|
484
|
|
|
|
|
|
485
|
:param val:
|
|
|
|
|
486
|
"""
|
|
|
|
|
487
|
self._app_settings_value = safe_unicode(val)
|
|
|
|
|
488
|
|
|
|
|
|
489
|
@hybrid_property
|
|
|
|
|
490
|
def app_settings_type(self):
|
|
|
|
|
491
|
return self._app_settings_type
|
|
|
|
|
492
|
|
|
|
|
|
493
|
@app_settings_type.setter
|
|
|
|
|
494
|
def app_settings_type(self, val):
|
|
|
|
|
495
|
SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
|
|
|
|
|
496
|
if val not in SETTINGS_TYPES:
|
|
|
|
|
497
|
raise Exception('type must be one of %s got %s'
|
|
|
|
|
498
|
% (SETTINGS_TYPES.keys(), val))
|
|
|
|
|
499
|
self._app_settings_type = val
|
|
|
|
|
500
|
|
|
|
|
|
501
|
def __unicode__(self):
|
|
|
|
|
502
|
return u"<%s('%s:%s:%s[%s]')>" % (
|
|
|
|
|
503
|
self.__class__.__name__, self.repository.repo_name,
|
|
|
|
|
504
|
self.app_settings_name, self.app_settings_value,
|
|
|
|
|
505
|
self.app_settings_type
|
|
|
|
|
506
|
)
|
|
|
|
|
507
|
|
|
|
|
|
508
|
|
|
|
|
|
509
|
class RepoRhodeCodeUi(Base, BaseModel):
|
|
|
|
|
510
|
__tablename__ = 'repo_rhodecode_ui'
|
|
|
|
|
511
|
__table_args__ = (
|
|
|
|
|
512
|
UniqueConstraint(
|
|
|
|
|
513
|
'repository_id', 'ui_section', 'ui_key',
|
|
|
|
|
514
|
name='uq_repo_rhodecode_ui_repository_id_section_key'),
|
|
|
|
|
515
|
base_table_args
|
|
|
|
|
516
|
)
|
|
|
|
|
517
|
|
|
|
|
|
518
|
repository_id = Column(
|
|
|
|
|
519
|
"repository_id", Integer(), ForeignKey('repositories.repo_id'),
|
|
|
|
|
520
|
nullable=False)
|
|
|
|
|
521
|
ui_id = Column(
|
|
|
|
|
522
|
"ui_id", Integer(), nullable=False, unique=True, default=None,
|
|
|
|
|
523
|
primary_key=True)
|
|
|
|
|
524
|
ui_section = Column(
|
|
|
|
|
525
|
"ui_section", String(255), nullable=True, unique=None, default=None)
|
|
|
|
|
526
|
ui_key = Column(
|
|
|
|
|
527
|
"ui_key", String(255), nullable=True, unique=None, default=None)
|
|
|
|
|
528
|
ui_value = Column(
|
|
|
|
|
529
|
"ui_value", String(255), nullable=True, unique=None, default=None)
|
|
|
|
|
530
|
ui_active = Column(
|
|
|
|
|
531
|
"ui_active", Boolean(), nullable=True, unique=None, default=True)
|
|
|
|
|
532
|
|
|
|
|
|
533
|
repository = relationship('Repository')
|
|
|
|
|
534
|
|
|
|
|
|
535
|
def __repr__(self):
|
|
|
|
|
536
|
return '<%s[%s:%s]%s=>%s]>' % (
|
|
|
|
|
537
|
self.__class__.__name__, self.repository.repo_name,
|
|
|
|
|
538
|
self.ui_section, self.ui_key, self.ui_value)
|
|
|
|
|
539
|
|
|
|
|
|
540
|
|
|
|
|
|
541
|
class User(Base, BaseModel):
|
|
|
|
|
542
|
__tablename__ = 'users'
|
|
|
|
|
543
|
__table_args__ = (
|
|
|
|
|
544
|
UniqueConstraint('username'), UniqueConstraint('email'),
|
|
|
|
|
545
|
Index('u_username_idx', 'username'),
|
|
|
|
|
546
|
Index('u_email_idx', 'email'),
|
|
|
|
|
547
|
base_table_args
|
|
|
|
|
548
|
)
|
|
|
|
|
549
|
|
|
|
|
|
550
|
DEFAULT_USER = 'default'
|
|
|
|
|
551
|
DEFAULT_USER_EMAIL = 'anonymous@rhodecode.org'
|
|
|
|
|
552
|
DEFAULT_GRAVATAR_URL = 'https://secure.gravatar.com/avatar/{md5email}?d=identicon&s={size}'
|
|
|
|
|
553
|
|
|
|
|
|
554
|
user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
|
|
|
|
|
555
|
username = Column("username", String(255), nullable=True, unique=None, default=None)
|
|
|
|
|
556
|
password = Column("password", String(255), nullable=True, unique=None, default=None)
|
|
|
|
|
557
|
active = Column("active", Boolean(), nullable=True, unique=None, default=True)
|
|
|
|
|
558
|
admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)
|
|
|
|
|
559
|
name = Column("firstname", String(255), nullable=True, unique=None, default=None)
|
|
|
|
|
560
|
lastname = Column("lastname", String(255), nullable=True, unique=None, default=None)
|
|
|
|
|
561
|
_email = Column("email", String(255), nullable=True, unique=None, default=None)
|
|
|
|
|
562
|
last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)
|
|
|
|
|
563
|
last_activity = Column('last_activity', DateTime(timezone=False), nullable=True, unique=None, default=None)
|
|
|
|
|
564
|
|
|
|
|
|
565
|
extern_type = Column("extern_type", String(255), nullable=True, unique=None, default=None)
|
|
|
|
|
566
|
extern_name = Column("extern_name", String(255), nullable=True, unique=None, default=None)
|
|
|
|
|
567
|
_api_key = Column("api_key", String(255), nullable=True, unique=None, default=None)
|
|
|
|
|
568
|
inherit_default_permissions = Column("inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
|
|
|
|
|
569
|
created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
|
|
|
|
|
570
|
_user_data = Column("user_data", LargeBinary(), nullable=True) # JSON data
|
|
|
|
|
571
|
|
|
|
|
|
572
|
user_log = relationship('UserLog')
|
|
|
|
|
573
|
user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')
|
|
|
|
|
574
|
|
|
|
|
|
575
|
repositories = relationship('Repository')
|
|
|
|
|
576
|
repository_groups = relationship('RepoGroup')
|
|
|
|
|
577
|
user_groups = relationship('UserGroup')
|
|
|
|
|
578
|
|
|
|
|
|
579
|
user_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all')
|
|
|
|
|
580
|
followings = relationship('UserFollowing', primaryjoin='UserFollowing.user_id==User.user_id', cascade='all')
|
|
|
|
|
581
|
|
|
|
|
|
582
|
repo_to_perm = relationship('UserRepoToPerm', primaryjoin='UserRepoToPerm.user_id==User.user_id', cascade='all')
|
|
|
|
|
583
|
repo_group_to_perm = relationship('UserRepoGroupToPerm', primaryjoin='UserRepoGroupToPerm.user_id==User.user_id', cascade='all')
|
|
|
|
|
584
|
user_group_to_perm = relationship('UserUserGroupToPerm', primaryjoin='UserUserGroupToPerm.user_id==User.user_id', cascade='all')
|
|
|
|
|
585
|
|
|
|
|
|
586
|
group_member = relationship('UserGroupMember', cascade='all')
|
|
|
|
|
587
|
|
|
|
|
|
588
|
notifications = relationship('UserNotification', cascade='all')
|
|
|
|
|
589
|
# notifications assigned to this user
|
|
|
|
|
590
|
user_created_notifications = relationship('Notification', cascade='all')
|
|
|
|
|
591
|
# comments created by this user
|
|
|
|
|
592
|
user_comments = relationship('ChangesetComment', cascade='all')
|
|
|
|
|
593
|
# user profile extra info
|
|
|
|
|
594
|
user_emails = relationship('UserEmailMap', cascade='all')
|
|
|
|
|
595
|
user_ip_map = relationship('UserIpMap', cascade='all')
|
|
|
|
|
596
|
user_auth_tokens = relationship('UserApiKeys', cascade='all')
|
|
|
|
|
597
|
user_ssh_keys = relationship('UserSshKeys', cascade='all')
|
|
|
|
|
598
|
|
|
|
|
|
599
|
# gists
|
|
|
|
|
600
|
user_gists = relationship('Gist', cascade='all')
|
|
|
|
|
601
|
# user pull requests
|
|
|
|
|
602
|
user_pull_requests = relationship('PullRequest', cascade='all')
|
|
|
|
|
603
|
# external identities
|
|
|
|
|
604
|
extenal_identities = relationship(
|
|
|
|
|
605
|
'ExternalIdentity',
|
|
|
|
|
606
|
primaryjoin="User.user_id==ExternalIdentity.local_user_id",
|
|
|
|
|
607
|
cascade='all')
|
|
|
|
|
608
|
# review rules
|
|
|
|
|
609
|
user_review_rules = relationship('RepoReviewRuleUser', cascade='all')
|
|
|
|
|
610
|
|
|
|
|
|
611
|
def __unicode__(self):
|
|
|
|
|
612
|
return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
|
|
|
|
|
613
|
self.user_id, self.username)
|
|
|
|
|
614
|
|
|
|
|
|
615
|
@hybrid_property
|
|
|
|
|
616
|
def email(self):
|
|
|
|
|
617
|
return self._email
|
|
|
|
|
618
|
|
|
|
|
|
619
|
@email.setter
|
|
|
|
|
620
|
def email(self, val):
|
|
|
|
|
621
|
self._email = val.lower() if val else None
|
|
|
|
|
622
|
|
|
|
|
|
623
|
@hybrid_property
|
|
|
|
|
624
|
def first_name(self):
|
|
|
|
|
625
|
from rhodecode.lib import helpers as h
|
|
|
|
|
626
|
if self.name:
|
|
|
|
|
627
|
return h.escape(self.name)
|
|
|
|
|
628
|
return self.name
|
|
|
|
|
629
|
|
|
|
|
|
630
|
@hybrid_property
|
|
|
|
|
631
|
def last_name(self):
|
|
|
|
|
632
|
from rhodecode.lib import helpers as h
|
|
|
|
|
633
|
if self.lastname:
|
|
|
|
|
634
|
return h.escape(self.lastname)
|
|
|
|
|
635
|
return self.lastname
|
|
|
|
|
636
|
|
|
|
|
|
637
|
@hybrid_property
|
|
|
|
|
638
|
def api_key(self):
|
|
|
|
|
639
|
"""
|
|
|
|
|
640
|
Fetch if exist an auth-token with role ALL connected to this user
|
|
|
|
|
641
|
"""
|
|
|
|
|
642
|
user_auth_token = UserApiKeys.query()\
|
|
|
|
|
643
|
.filter(UserApiKeys.user_id == self.user_id)\
|
|
|
|
|
644
|
.filter(or_(UserApiKeys.expires == -1,
|
|
|
|
|
645
|
UserApiKeys.expires >= time.time()))\
|
|
|
|
|
646
|
.filter(UserApiKeys.role == UserApiKeys.ROLE_ALL).first()
|
|
|
|
|
647
|
if user_auth_token:
|
|
|
|
|
648
|
user_auth_token = user_auth_token.api_key
|
|
|
|
|
649
|
|
|
|
|
|
650
|
return user_auth_token
|
|
|
|
|
651
|
|
|
|
|
|
652
|
@api_key.setter
|
|
|
|
|
653
|
def api_key(self, val):
|
|
|
|
|
654
|
# don't allow to set API key this is deprecated for now
|
|
|
|
|
655
|
self._api_key = None
|
|
|
|
|
656
|
|
|
|
|
|
657
|
@property
|
|
|
|
|
658
|
def reviewer_pull_requests(self):
|
|
|
|
|
659
|
return PullRequestReviewers.query() \
|
|
|
|
|
660
|
.options(joinedload(PullRequestReviewers.pull_request)) \
|
|
|
|
|
661
|
.filter(PullRequestReviewers.user_id == self.user_id) \
|
|
|
|
|
662
|
.all()
|
|
|
|
|
663
|
|
|
|
|
|
664
|
@property
|
|
|
|
|
665
|
def firstname(self):
|
|
|
|
|
666
|
# alias for future
|
|
|
|
|
667
|
return self.name
|
|
|
|
|
668
|
|
|
|
|
|
669
|
@property
|
|
|
|
|
670
|
def emails(self):
|
|
|
|
|
671
|
other = UserEmailMap.query()\
|
|
|
|
|
672
|
.filter(UserEmailMap.user == self) \
|
|
|
|
|
673
|
.order_by(UserEmailMap.email_id.asc()) \
|
|
|
|
|
674
|
.all()
|
|
|
|
|
675
|
return [self.email] + [x.email for x in other]
|
|
|
|
|
676
|
|
|
|
|
|
677
|
@property
|
|
|
|
|
678
|
def auth_tokens(self):
|
|
|
|
|
679
|
auth_tokens = self.get_auth_tokens()
|
|
|
|
|
680
|
return [x.api_key for x in auth_tokens]
|
|
|
|
|
681
|
|
|
|
|
|
682
|
def get_auth_tokens(self):
|
|
|
|
|
683
|
return UserApiKeys.query()\
|
|
|
|
|
684
|
.filter(UserApiKeys.user == self)\
|
|
|
|
|
685
|
.order_by(UserApiKeys.user_api_key_id.asc())\
|
|
|
|
|
686
|
.all()
|
|
|
|
|
687
|
|
|
|
|
|
688
|
@LazyProperty
|
|
|
|
|
689
|
def feed_token(self):
|
|
|
|
|
690
|
return self.get_feed_token()
|
|
|
|
|
691
|
|
|
|
|
|
692
|
def get_feed_token(self, cache=True):
|
|
|
|
|
693
|
feed_tokens = UserApiKeys.query()\
|
|
|
|
|
694
|
.filter(UserApiKeys.user == self)\
|
|
|
|
|
695
|
.filter(UserApiKeys.role == UserApiKeys.ROLE_FEED)
|
|
|
|
|
696
|
if cache:
|
|
|
|
|
697
|
feed_tokens = feed_tokens.options(
|
|
|
|
|
698
|
FromCache("sql_cache_short", "get_user_feed_token_%s" % self.user_id))
|
|
|
|
|
699
|
|
|
|
|
|
700
|
feed_tokens = feed_tokens.all()
|
|
|
|
|
701
|
if feed_tokens:
|
|
|
|
|
702
|
return feed_tokens[0].api_key
|
|
|
|
|
703
|
return 'NO_FEED_TOKEN_AVAILABLE'
|
|
|
|
|
704
|
|
|
|
|
|
705
|
@classmethod
|
|
|
|
|
706
|
def get(cls, user_id, cache=False):
|
|
|
|
|
707
|
if not user_id:
|
|
|
|
|
708
|
return
|
|
|
|
|
709
|
|
|
|
|
|
710
|
user = cls.query()
|
|
|
|
|
711
|
if cache:
|
|
|
|
|
712
|
user = user.options(
|
|
|
|
|
713
|
FromCache("sql_cache_short", "get_users_%s" % user_id))
|
|
|
|
|
714
|
return user.get(user_id)
|
|
|
|
|
715
|
|
|
|
|
|
716
|
@classmethod
|
|
|
|
|
717
|
def extra_valid_auth_tokens(cls, user, role=None):
|
|
|
|
|
718
|
tokens = UserApiKeys.query().filter(UserApiKeys.user == user)\
|
|
|
|
|
719
|
.filter(or_(UserApiKeys.expires == -1,
|
|
|
|
|
720
|
UserApiKeys.expires >= time.time()))
|
|
|
|
|
721
|
if role:
|
|
|
|
|
722
|
tokens = tokens.filter(or_(UserApiKeys.role == role,
|
|
|
|
|
723
|
UserApiKeys.role == UserApiKeys.ROLE_ALL))
|
|
|
|
|
724
|
return tokens.all()
|
|
|
|
|
725
|
|
|
|
|
|
726
|
def authenticate_by_token(self, auth_token, roles=None, scope_repo_id=None):
|
|
|
|
|
727
|
from rhodecode.lib import auth
|
|
|
|
|
728
|
|
|
|
|
|
729
|
log.debug('Trying to authenticate user: %s via auth-token, '
|
|
|
|
|
730
|
'and roles: %s', self, roles)
|
|
|
|
|
731
|
|
|
|
|
|
732
|
if not auth_token:
|
|
|
|
|
733
|
return False
|
|
|
|
|
734
|
|
|
|
|
|
735
|
crypto_backend = auth.crypto_backend()
|
|
|
|
|
736
|
|
|
|
|
|
737
|
roles = (roles or []) + [UserApiKeys.ROLE_ALL]
|
|
|
|
|
738
|
tokens_q = UserApiKeys.query()\
|
|
|
|
|
739
|
.filter(UserApiKeys.user_id == self.user_id)\
|
|
|
|
|
740
|
.filter(or_(UserApiKeys.expires == -1,
|
|
|
|
|
741
|
UserApiKeys.expires >= time.time()))
|
|
|
|
|
742
|
|
|
|
|
|
743
|
tokens_q = tokens_q.filter(UserApiKeys.role.in_(roles))
|
|
|
|
|
744
|
|
|
|
|
|
745
|
plain_tokens = []
|
|
|
|
|
746
|
hash_tokens = []
|
|
|
|
|
747
|
|
|
|
|
|
748
|
user_tokens = tokens_q.all()
|
|
|
|
|
749
|
log.debug('Found %s user tokens to check for authentication', len(user_tokens))
|
|
|
|
|
750
|
for token in user_tokens:
|
|
|
|
|
751
|
log.debug('AUTH_TOKEN: checking if user token with id `%s` matches',
|
|
|
|
|
752
|
token.user_api_key_id)
|
|
|
|
|
753
|
# verify scope first, since it's way faster than hash calculation of
|
|
|
|
|
754
|
# encrypted tokens
|
|
|
|
|
755
|
if token.repo_id:
|
|
|
|
|
756
|
# token has a scope, we need to verify it
|
|
|
|
|
757
|
if scope_repo_id != token.repo_id:
|
|
|
|
|
758
|
log.debug(
|
|
|
|
|
759
|
'AUTH_TOKEN: scope mismatch, token has a set repo scope: %s, '
|
|
|
|
|
760
|
'and calling scope is:%s, skipping further checks',
|
|
|
|
|
761
|
token.repo, scope_repo_id)
|
|
|
|
|
762
|
# token has a scope, and it doesn't match, skip token
|
|
|
|
|
763
|
continue
|
|
|