##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
core: properly handle new redirections set in decorators....
marcink -
r1499:d130151d default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,495 +1,495 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2017 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 """
22 22 Pylons middleware initialization
23 23 """
24 24 import logging
25 25 from collections import OrderedDict
26 26
27 27 from paste.registry import RegistryManager
28 28 from paste.gzipper import make_gzip_middleware
29 29 from pylons.wsgiapp import PylonsApp
30 30 from pyramid.authorization import ACLAuthorizationPolicy
31 31 from pyramid.config import Configurator
32 32 from pyramid.settings import asbool, aslist
33 33 from pyramid.wsgi import wsgiapp
34 34 from pyramid.httpexceptions import (
35 HTTPError, HTTPInternalServerError, HTTPFound)
35 HTTPException, HTTPError, HTTPInternalServerError, HTTPFound)
36 36 from pyramid.events import ApplicationCreated
37 37 from pyramid.renderers import render_to_response
38 38 from routes.middleware import RoutesMiddleware
39 39 import routes.util
40 40
41 41 import rhodecode
42 42 from rhodecode.model import meta
43 43 from rhodecode.config import patches
44 44 from rhodecode.config.routing import STATIC_FILE_PREFIX
45 45 from rhodecode.config.environment import (
46 46 load_environment, load_pyramid_environment)
47 47 from rhodecode.lib.middleware import csrf
48 48 from rhodecode.lib.middleware.appenlight import wrap_in_appenlight_if_enabled
49 49 from rhodecode.lib.middleware.error_handling import (
50 50 PylonsErrorHandlingMiddleware)
51 51 from rhodecode.lib.middleware.https_fixup import HttpsFixup
52 52 from rhodecode.lib.middleware.vcs import VCSMiddleware
53 53 from rhodecode.lib.plugins.utils import register_rhodecode_plugin
54 54 from rhodecode.lib.utils2 import aslist as rhodecode_aslist
55 55 from rhodecode.subscribers import (
56 56 scan_repositories_if_enabled, write_metadata_if_needed)
57 57
58 58
59 59 log = logging.getLogger(__name__)
60 60
61 61
62 62 # this is used to avoid avoid the route lookup overhead in routesmiddleware
63 63 # for certain routes which won't go to pylons to - eg. static files, debugger
64 64 # it is only needed for the pylons migration and can be removed once complete
65 65 class SkippableRoutesMiddleware(RoutesMiddleware):
66 66 """ Routes middleware that allows you to skip prefixes """
67 67
68 68 def __init__(self, *args, **kw):
69 69 self.skip_prefixes = kw.pop('skip_prefixes', [])
70 70 super(SkippableRoutesMiddleware, self).__init__(*args, **kw)
71 71
72 72 def __call__(self, environ, start_response):
73 73 for prefix in self.skip_prefixes:
74 74 if environ['PATH_INFO'].startswith(prefix):
75 75 # added to avoid the case when a missing /_static route falls
76 76 # through to pylons and causes an exception as pylons is
77 77 # expecting wsgiorg.routingargs to be set in the environ
78 78 # by RoutesMiddleware.
79 79 if 'wsgiorg.routing_args' not in environ:
80 80 environ['wsgiorg.routing_args'] = (None, {})
81 81 return self.app(environ, start_response)
82 82
83 83 return super(SkippableRoutesMiddleware, self).__call__(
84 84 environ, start_response)
85 85
86 86
87 87 def make_app(global_conf, static_files=True, **app_conf):
88 88 """Create a Pylons WSGI application and return it
89 89
90 90 ``global_conf``
91 91 The inherited configuration for this application. Normally from
92 92 the [DEFAULT] section of the Paste ini file.
93 93
94 94 ``app_conf``
95 95 The application's local configuration. Normally specified in
96 96 the [app:<name>] section of the Paste ini file (where <name>
97 97 defaults to main).
98 98
99 99 """
100 100 # Apply compatibility patches
101 101 patches.kombu_1_5_1_python_2_7_11()
102 102 patches.inspect_getargspec()
103 103
104 104 # Configure the Pylons environment
105 105 config = load_environment(global_conf, app_conf)
106 106
107 107 # The Pylons WSGI app
108 108 app = PylonsApp(config=config)
109 109 if rhodecode.is_test:
110 110 app = csrf.CSRFDetector(app)
111 111
112 112 expected_origin = config.get('expected_origin')
113 113 if expected_origin:
114 114 # The API can be accessed from other Origins.
115 115 app = csrf.OriginChecker(app, expected_origin,
116 116 skip_urls=[routes.util.url_for('api')])
117 117
118 118 # Establish the Registry for this application
119 119 app = RegistryManager(app)
120 120
121 121 app.config = config
122 122
123 123 return app
124 124
125 125
126 126 def make_pyramid_app(global_config, **settings):
127 127 """
128 128 Constructs the WSGI application based on Pyramid and wraps the Pylons based
129 129 application.
130 130
131 131 Specials:
132 132
133 133 * We migrate from Pylons to Pyramid. While doing this, we keep both
134 134 frameworks functional. This involves moving some WSGI middlewares around
135 135 and providing access to some data internals, so that the old code is
136 136 still functional.
137 137
138 138 * The application can also be integrated like a plugin via the call to
139 139 `includeme`. This is accompanied with the other utility functions which
140 140 are called. Changing this should be done with great care to not break
141 141 cases when these fragments are assembled from another place.
142 142
143 143 """
144 144 # The edition string should be available in pylons too, so we add it here
145 145 # before copying the settings.
146 146 settings.setdefault('rhodecode.edition', 'Community Edition')
147 147
148 148 # As long as our Pylons application does expect "unprepared" settings, make
149 149 # sure that we keep an unmodified copy. This avoids unintentional change of
150 150 # behavior in the old application.
151 151 settings_pylons = settings.copy()
152 152
153 153 sanitize_settings_and_apply_defaults(settings)
154 154 config = Configurator(settings=settings)
155 155 add_pylons_compat_data(config.registry, global_config, settings_pylons)
156 156
157 157 load_pyramid_environment(global_config, settings)
158 158
159 159 includeme_first(config)
160 160 includeme(config)
161 161 pyramid_app = config.make_wsgi_app()
162 162 pyramid_app = wrap_app_in_wsgi_middlewares(pyramid_app, config)
163 163 pyramid_app.config = config
164 164
165 165 # creating the app uses a connection - return it after we are done
166 166 meta.Session.remove()
167 167
168 168 return pyramid_app
169 169
170 170
171 171 def make_not_found_view(config):
172 172 """
173 173 This creates the view which should be registered as not-found-view to
174 174 pyramid. Basically it contains of the old pylons app, converted to a view.
175 175 Additionally it is wrapped by some other middlewares.
176 176 """
177 177 settings = config.registry.settings
178 178 vcs_server_enabled = settings['vcs.server.enable']
179 179
180 180 # Make pylons app from unprepared settings.
181 181 pylons_app = make_app(
182 182 config.registry._pylons_compat_global_config,
183 183 **config.registry._pylons_compat_settings)
184 184 config.registry._pylons_compat_config = pylons_app.config
185 185
186 186 # Appenlight monitoring.
187 187 pylons_app, appenlight_client = wrap_in_appenlight_if_enabled(
188 188 pylons_app, settings)
189 189
190 190 # The pylons app is executed inside of the pyramid 404 exception handler.
191 191 # Exceptions which are raised inside of it are not handled by pyramid
192 192 # again. Therefore we add a middleware that invokes the error handler in
193 193 # case of an exception or error response. This way we return proper error
194 194 # HTML pages in case of an error.
195 195 reraise = (settings.get('debugtoolbar.enabled', False) or
196 196 rhodecode.disable_error_handler)
197 197 pylons_app = PylonsErrorHandlingMiddleware(
198 198 pylons_app, error_handler, reraise)
199 199
200 200 # The VCSMiddleware shall operate like a fallback if pyramid doesn't find a
201 201 # view to handle the request. Therefore it is wrapped around the pylons
202 202 # app. It has to be outside of the error handling otherwise error responses
203 203 # from the vcsserver are converted to HTML error pages. This confuses the
204 204 # command line tools and the user won't get a meaningful error message.
205 205 if vcs_server_enabled:
206 206 pylons_app = VCSMiddleware(
207 207 pylons_app, settings, appenlight_client, registry=config.registry)
208 208
209 209 # Convert WSGI app to pyramid view and return it.
210 210 return wsgiapp(pylons_app)
211 211
212 212
213 213 def add_pylons_compat_data(registry, global_config, settings):
214 214 """
215 215 Attach data to the registry to support the Pylons integration.
216 216 """
217 217 registry._pylons_compat_global_config = global_config
218 218 registry._pylons_compat_settings = settings
219 219
220 220
221 221 def error_handler(exception, request):
222 222 import rhodecode
223 223 from rhodecode.lib.utils2 import AttributeDict
224 224
225 225 rhodecode_title = rhodecode.CONFIG.get('rhodecode_title') or 'RhodeCode'
226 226
227 227 base_response = HTTPInternalServerError()
228 228 # prefer original exception for the response since it may have headers set
229 if isinstance(exception, HTTPError):
229 if isinstance(exception, HTTPException):
230 230 base_response = exception
231 231
232 232 def is_http_error(response):
233 233 # error which should have traceback
234 234 return response.status_code > 499
235 235
236 236 if is_http_error(base_response):
237 237 log.exception(
238 238 'error occurred handling this request for path: %s', request.path)
239 239
240 240 c = AttributeDict()
241 241 c.error_message = base_response.status
242 242 c.error_explanation = base_response.explanation or str(base_response)
243 243 c.visual = AttributeDict()
244 244
245 245 c.visual.rhodecode_support_url = (
246 246 request.registry.settings.get('rhodecode_support_url') or
247 247 request.route_url('rhodecode_support')
248 248 )
249 249 c.redirect_time = 0
250 250 c.rhodecode_name = rhodecode_title
251 251 if not c.rhodecode_name:
252 252 c.rhodecode_name = 'Rhodecode'
253 253
254 254 c.causes = []
255 255 if hasattr(base_response, 'causes'):
256 256 c.causes = base_response.causes
257 257
258 258 response = render_to_response(
259 259 '/errors/error_document.mako', {'c': c}, request=request,
260 260 response=base_response)
261 261
262 262 return response
263 263
264 264
265 265 def includeme(config):
266 266 settings = config.registry.settings
267 267
268 268 # plugin information
269 269 config.registry.rhodecode_plugins = OrderedDict()
270 270
271 271 config.add_directive(
272 272 'register_rhodecode_plugin', register_rhodecode_plugin)
273 273
274 274 if asbool(settings.get('appenlight', 'false')):
275 275 config.include('appenlight_client.ext.pyramid_tween')
276 276
277 277 # Includes which are required. The application would fail without them.
278 278 config.include('pyramid_mako')
279 279 config.include('pyramid_beaker')
280 280 config.include('rhodecode.channelstream')
281 281 config.include('rhodecode.admin')
282 282 config.include('rhodecode.authentication')
283 283 config.include('rhodecode.integrations')
284 284 config.include('rhodecode.login')
285 285 config.include('rhodecode.tweens')
286 286 config.include('rhodecode.api')
287 287 config.include('rhodecode.svn_support')
288 288 config.add_route(
289 289 'rhodecode_support', 'https://rhodecode.com/help/', static=True)
290 290
291 291 config.add_translation_dirs('rhodecode:i18n/')
292 292 settings['default_locale_name'] = settings.get('lang', 'en')
293 293
294 294 # Add subscribers.
295 295 config.add_subscriber(scan_repositories_if_enabled, ApplicationCreated)
296 296 config.add_subscriber(write_metadata_if_needed, ApplicationCreated)
297 297
298 298 # Set the authorization policy.
299 299 authz_policy = ACLAuthorizationPolicy()
300 300 config.set_authorization_policy(authz_policy)
301 301
302 302 # Set the default renderer for HTML templates to mako.
303 303 config.add_mako_renderer('.html')
304 304
305 305 # include RhodeCode plugins
306 306 includes = aslist(settings.get('rhodecode.includes', []))
307 307 for inc in includes:
308 308 config.include(inc)
309 309
310 310 # This is the glue which allows us to migrate in chunks. By registering the
311 311 # pylons based application as the "Not Found" view in Pyramid, we will
312 312 # fallback to the old application each time the new one does not yet know
313 313 # how to handle a request.
314 314 config.add_notfound_view(make_not_found_view(config))
315 315
316 316 if not settings.get('debugtoolbar.enabled', False):
317 317 # if no toolbar, then any exception gets caught and rendered
318 318 config.add_view(error_handler, context=Exception)
319 319
320 320 config.add_view(error_handler, context=HTTPError)
321 321
322 322
323 323 def includeme_first(config):
324 324 # redirect automatic browser favicon.ico requests to correct place
325 325 def favicon_redirect(context, request):
326 326 return HTTPFound(
327 327 request.static_path('rhodecode:public/images/favicon.ico'))
328 328
329 329 config.add_view(favicon_redirect, route_name='favicon')
330 330 config.add_route('favicon', '/favicon.ico')
331 331
332 332 def robots_redirect(context, request):
333 333 return HTTPFound(
334 334 request.static_path('rhodecode:public/robots.txt'))
335 335
336 336 config.add_view(robots_redirect, route_name='robots')
337 337 config.add_route('robots', '/robots.txt')
338 338
339 339 config.add_static_view(
340 340 '_static/deform', 'deform:static')
341 341 config.add_static_view(
342 342 '_static/rhodecode', path='rhodecode:public', cache_max_age=3600 * 24)
343 343
344 344
345 345 def wrap_app_in_wsgi_middlewares(pyramid_app, config):
346 346 """
347 347 Apply outer WSGI middlewares around the application.
348 348
349 349 Part of this has been moved up from the Pylons layer, so that the
350 350 data is also available if old Pylons code is hit through an already ported
351 351 view.
352 352 """
353 353 settings = config.registry.settings
354 354
355 355 # enable https redirects based on HTTP_X_URL_SCHEME set by proxy
356 356 pyramid_app = HttpsFixup(pyramid_app, settings)
357 357
358 358 # Add RoutesMiddleware to support the pylons compatibility tween during
359 359 # migration to pyramid.
360 360 pyramid_app = SkippableRoutesMiddleware(
361 361 pyramid_app, config.registry._pylons_compat_config['routes.map'],
362 362 skip_prefixes=(STATIC_FILE_PREFIX, '/_debug_toolbar'))
363 363
364 364 pyramid_app, _ = wrap_in_appenlight_if_enabled(pyramid_app, settings)
365 365
366 366 if settings['gzip_responses']:
367 367 pyramid_app = make_gzip_middleware(
368 368 pyramid_app, settings, compress_level=1)
369 369
370 370 # this should be the outer most middleware in the wsgi stack since
371 371 # middleware like Routes make database calls
372 372 def pyramid_app_with_cleanup(environ, start_response):
373 373 try:
374 374 return pyramid_app(environ, start_response)
375 375 finally:
376 376 # Dispose current database session and rollback uncommitted
377 377 # transactions.
378 378 meta.Session.remove()
379 379
380 380 # In a single threaded mode server, on non sqlite db we should have
381 381 # '0 Current Checked out connections' at the end of a request,
382 382 # if not, then something, somewhere is leaving a connection open
383 383 pool = meta.Base.metadata.bind.engine.pool
384 384 log.debug('sa pool status: %s', pool.status())
385 385
386 386
387 387 return pyramid_app_with_cleanup
388 388
389 389
390 390 def sanitize_settings_and_apply_defaults(settings):
391 391 """
392 392 Applies settings defaults and does all type conversion.
393 393
394 394 We would move all settings parsing and preparation into this place, so that
395 395 we have only one place left which deals with this part. The remaining parts
396 396 of the application would start to rely fully on well prepared settings.
397 397
398 398 This piece would later be split up per topic to avoid a big fat monster
399 399 function.
400 400 """
401 401
402 402 # Pyramid's mako renderer has to search in the templates folder so that the
403 403 # old templates still work. Ported and new templates are expected to use
404 404 # real asset specifications for the includes.
405 405 mako_directories = settings.setdefault('mako.directories', [
406 406 # Base templates of the original Pylons application
407 407 'rhodecode:templates',
408 408 ])
409 409 log.debug(
410 410 "Using the following Mako template directories: %s",
411 411 mako_directories)
412 412
413 413 # Default includes, possible to change as a user
414 414 pyramid_includes = settings.setdefault('pyramid.includes', [
415 415 'rhodecode.lib.middleware.request_wrapper',
416 416 ])
417 417 log.debug(
418 418 "Using the following pyramid.includes: %s",
419 419 pyramid_includes)
420 420
421 421 # TODO: johbo: Re-think this, usually the call to config.include
422 422 # should allow to pass in a prefix.
423 423 settings.setdefault('rhodecode.api.url', '/_admin/api')
424 424
425 425 # Sanitize generic settings.
426 426 _list_setting(settings, 'default_encoding', 'UTF-8')
427 427 _bool_setting(settings, 'is_test', 'false')
428 428 _bool_setting(settings, 'gzip_responses', 'false')
429 429
430 430 # Call split out functions that sanitize settings for each topic.
431 431 _sanitize_appenlight_settings(settings)
432 432 _sanitize_vcs_settings(settings)
433 433
434 434 return settings
435 435
436 436
437 437 def _sanitize_appenlight_settings(settings):
438 438 _bool_setting(settings, 'appenlight', 'false')
439 439
440 440
441 441 def _sanitize_vcs_settings(settings):
442 442 """
443 443 Applies settings defaults and does type conversion for all VCS related
444 444 settings.
445 445 """
446 446 _string_setting(settings, 'vcs.svn.compatible_version', '')
447 447 _string_setting(settings, 'git_rev_filter', '--all')
448 448 _string_setting(settings, 'vcs.hooks.protocol', 'http')
449 449 _string_setting(settings, 'vcs.scm_app_implementation', 'http')
450 450 _string_setting(settings, 'vcs.server', '')
451 451 _string_setting(settings, 'vcs.server.log_level', 'debug')
452 452 _string_setting(settings, 'vcs.server.protocol', 'http')
453 453 _bool_setting(settings, 'startup.import_repos', 'false')
454 454 _bool_setting(settings, 'vcs.hooks.direct_calls', 'false')
455 455 _bool_setting(settings, 'vcs.server.enable', 'true')
456 456 _bool_setting(settings, 'vcs.start_server', 'false')
457 457 _list_setting(settings, 'vcs.backends', 'hg, git, svn')
458 458 _int_setting(settings, 'vcs.connection_timeout', 3600)
459 459
460 460 # Support legacy values of vcs.scm_app_implementation. Legacy
461 461 # configurations may use 'rhodecode.lib.middleware.utils.scm_app_http'
462 462 # which is now mapped to 'http'.
463 463 scm_app_impl = settings['vcs.scm_app_implementation']
464 464 if scm_app_impl == 'rhodecode.lib.middleware.utils.scm_app_http':
465 465 settings['vcs.scm_app_implementation'] = 'http'
466 466
467 467
468 468 def _int_setting(settings, name, default):
469 469 settings[name] = int(settings.get(name, default))
470 470
471 471
472 472 def _bool_setting(settings, name, default):
473 473 input = settings.get(name, default)
474 474 if isinstance(input, unicode):
475 475 input = input.encode('utf8')
476 476 settings[name] = asbool(input)
477 477
478 478
479 479 def _list_setting(settings, name, default):
480 480 raw_value = settings.get(name, default)
481 481
482 482 old_separator = ','
483 483 if old_separator in raw_value:
484 484 # If we get a comma separated list, pass it to our own function.
485 485 settings[name] = rhodecode_aslist(raw_value, sep=old_separator)
486 486 else:
487 487 # Otherwise we assume it uses pyramids space/newline separation.
488 488 settings[name] = aslist(raw_value)
489 489
490 490
491 491 def _string_setting(settings, name, default, lower=True):
492 492 value = settings.get(name, default)
493 493 if lower:
494 494 value = value.lower()
495 495 settings[name] = value
Show file before | Show file after | Hide comments
@@ -1,1972 +1,1973 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2017 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 """
22 22 authentication and permission libraries
23 23 """
24 24
25 25 import os
26 26 import inspect
27 27 import collections
28 28 import fnmatch
29 29 import hashlib
30 30 import itertools
31 31 import logging
32 32 import random
33 33 import traceback
34 34 from functools import wraps
35 35
36 36 import ipaddress
37 37 from pyramid.httpexceptions import HTTPForbidden, HTTPFound
38 38 from pylons import url, request
39 39 from pylons.controllers.util import abort, redirect
40 40 from pylons.i18n.translation import _
41 41 from sqlalchemy.orm.exc import ObjectDeletedError
42 42 from sqlalchemy.orm import joinedload
43 43 from zope.cachedescriptors.property import Lazy as LazyProperty
44 44
45 45 import rhodecode
46 46 from rhodecode.model import meta
47 47 from rhodecode.model.meta import Session
48 48 from rhodecode.model.user import UserModel
49 49 from rhodecode.model.db import (
50 50 User, Repository, Permission, UserToPerm, UserGroupToPerm, UserGroupMember,
51 51 UserIpMap, UserApiKeys, RepoGroup)
52 52 from rhodecode.lib import caches
53 53 from rhodecode.lib.utils2 import safe_unicode, aslist, safe_str, md5
54 54 from rhodecode.lib.utils import (
55 55 get_repo_slug, get_repo_group_slug, get_user_group_slug)
56 56 from rhodecode.lib.caching_query import FromCache
57 57
58 58
59 59 if rhodecode.is_unix:
60 60 import bcrypt
61 61
62 62 log = logging.getLogger(__name__)
63 63
64 64 csrf_token_key = "csrf_token"
65 65
66 66
67 67 class PasswordGenerator(object):
68 68 """
69 69 This is a simple class for generating password from different sets of
70 70 characters
71 71 usage::
72 72
73 73 passwd_gen = PasswordGenerator()
74 74 #print 8-letter password containing only big and small letters
75 75 of alphabet
76 76 passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
77 77 """
78 78 ALPHABETS_NUM = r'''1234567890'''
79 79 ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''
80 80 ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''
81 81 ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''
82 82 ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \
83 83 + ALPHABETS_NUM + ALPHABETS_SPECIAL
84 84 ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM
85 85 ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
86 86 ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM
87 87 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM
88 88
89 89 def __init__(self, passwd=''):
90 90 self.passwd = passwd
91 91
92 92 def gen_password(self, length, type_=None):
93 93 if type_ is None:
94 94 type_ = self.ALPHABETS_FULL
95 95 self.passwd = ''.join([random.choice(type_) for _ in xrange(length)])
96 96 return self.passwd
97 97
98 98
99 99 class _RhodeCodeCryptoBase(object):
100 100 ENC_PREF = None
101 101
102 102 def hash_create(self, str_):
103 103 """
104 104 hash the string using
105 105
106 106 :param str_: password to hash
107 107 """
108 108 raise NotImplementedError
109 109
110 110 def hash_check_with_upgrade(self, password, hashed):
111 111 """
112 112 Returns tuple in which first element is boolean that states that
113 113 given password matches it's hashed version, and the second is new hash
114 114 of the password, in case this password should be migrated to new
115 115 cipher.
116 116 """
117 117 checked_hash = self.hash_check(password, hashed)
118 118 return checked_hash, None
119 119
120 120 def hash_check(self, password, hashed):
121 121 """
122 122 Checks matching password with it's hashed value.
123 123
124 124 :param password: password
125 125 :param hashed: password in hashed form
126 126 """
127 127 raise NotImplementedError
128 128
129 129 def _assert_bytes(self, value):
130 130 """
131 131 Passing in an `unicode` object can lead to hard to detect issues
132 132 if passwords contain non-ascii characters. Doing a type check
133 133 during runtime, so that such mistakes are detected early on.
134 134 """
135 135 if not isinstance(value, str):
136 136 raise TypeError(
137 137 "Bytestring required as input, got %r." % (value, ))
138 138
139 139
140 140 class _RhodeCodeCryptoBCrypt(_RhodeCodeCryptoBase):
141 141 ENC_PREF = '$2a$10'
142 142
143 143 def hash_create(self, str_):
144 144 self._assert_bytes(str_)
145 145 return bcrypt.hashpw(str_, bcrypt.gensalt(10))
146 146
147 147 def hash_check_with_upgrade(self, password, hashed):
148 148 """
149 149 Returns tuple in which first element is boolean that states that
150 150 given password matches it's hashed version, and the second is new hash
151 151 of the password, in case this password should be migrated to new
152 152 cipher.
153 153
154 154 This implements special upgrade logic which works like that:
155 155 - check if the given password == bcrypted hash, if yes then we
156 156 properly used password and it was already in bcrypt. Proceed
157 157 without any changes
158 158 - if bcrypt hash check is not working try with sha256. If hash compare
159 159 is ok, it means we using correct but old hashed password. indicate
160 160 hash change and proceed
161 161 """
162 162
163 163 new_hash = None
164 164
165 165 # regular pw check
166 166 password_match_bcrypt = self.hash_check(password, hashed)
167 167
168 168 # now we want to know if the password was maybe from sha256
169 169 # basically calling _RhodeCodeCryptoSha256().hash_check()
170 170 if not password_match_bcrypt:
171 171 if _RhodeCodeCryptoSha256().hash_check(password, hashed):
172 172 new_hash = self.hash_create(password) # make new bcrypt hash
173 173 password_match_bcrypt = True
174 174
175 175 return password_match_bcrypt, new_hash
176 176
177 177 def hash_check(self, password, hashed):
178 178 """
179 179 Checks matching password with it's hashed value.
180 180
181 181 :param password: password
182 182 :param hashed: password in hashed form
183 183 """
184 184 self._assert_bytes(password)
185 185 try:
186 186 return bcrypt.hashpw(password, hashed) == hashed
187 187 except ValueError as e:
188 188 # we're having a invalid salt here probably, we should not crash
189 189 # just return with False as it would be a wrong password.
190 190 log.debug('Failed to check password hash using bcrypt %s',
191 191 safe_str(e))
192 192
193 193 return False
194 194
195 195
196 196 class _RhodeCodeCryptoSha256(_RhodeCodeCryptoBase):
197 197 ENC_PREF = '_'
198 198
199 199 def hash_create(self, str_):
200 200 self._assert_bytes(str_)
201 201 return hashlib.sha256(str_).hexdigest()
202 202
203 203 def hash_check(self, password, hashed):
204 204 """
205 205 Checks matching password with it's hashed value.
206 206
207 207 :param password: password
208 208 :param hashed: password in hashed form
209 209 """
210 210 self._assert_bytes(password)
211 211 return hashlib.sha256(password).hexdigest() == hashed
212 212
213 213
214 214 class _RhodeCodeCryptoMd5(_RhodeCodeCryptoBase):
215 215 ENC_PREF = '_'
216 216
217 217 def hash_create(self, str_):
218 218 self._assert_bytes(str_)
219 219 return hashlib.md5(str_).hexdigest()
220 220
221 221 def hash_check(self, password, hashed):
222 222 """
223 223 Checks matching password with it's hashed value.
224 224
225 225 :param password: password
226 226 :param hashed: password in hashed form
227 227 """
228 228 self._assert_bytes(password)
229 229 return hashlib.md5(password).hexdigest() == hashed
230 230
231 231
232 232 def crypto_backend():
233 233 """
234 234 Return the matching crypto backend.
235 235
236 236 Selection is based on if we run tests or not, we pick md5 backend to run
237 237 tests faster since BCRYPT is expensive to calculate
238 238 """
239 239 if rhodecode.is_test:
240 240 RhodeCodeCrypto = _RhodeCodeCryptoMd5()
241 241 else:
242 242 RhodeCodeCrypto = _RhodeCodeCryptoBCrypt()
243 243
244 244 return RhodeCodeCrypto
245 245
246 246
247 247 def get_crypt_password(password):
248 248 """
249 249 Create the hash of `password` with the active crypto backend.
250 250
251 251 :param password: The cleartext password.
252 252 :type password: unicode
253 253 """
254 254 password = safe_str(password)
255 255 return crypto_backend().hash_create(password)
256 256
257 257
258 258 def check_password(password, hashed):
259 259 """
260 260 Check if the value in `password` matches the hash in `hashed`.
261 261
262 262 :param password: The cleartext password.
263 263 :type password: unicode
264 264
265 265 :param hashed: The expected hashed version of the password.
266 266 :type hashed: The hash has to be passed in in text representation.
267 267 """
268 268 password = safe_str(password)
269 269 return crypto_backend().hash_check(password, hashed)
270 270
271 271
272 272 def generate_auth_token(data, salt=None):
273 273 """
274 274 Generates API KEY from given string
275 275 """
276 276
277 277 if salt is None:
278 278 salt = os.urandom(16)
279 279 return hashlib.sha1(safe_str(data) + salt).hexdigest()
280 280
281 281
282 282 class CookieStoreWrapper(object):
283 283
284 284 def __init__(self, cookie_store):
285 285 self.cookie_store = cookie_store
286 286
287 287 def __repr__(self):
288 288 return 'CookieStore<%s>' % (self.cookie_store)
289 289
290 290 def get(self, key, other=None):
291 291 if isinstance(self.cookie_store, dict):
292 292 return self.cookie_store.get(key, other)
293 293 elif isinstance(self.cookie_store, AuthUser):
294 294 return self.cookie_store.__dict__.get(key, other)
295 295
296 296
297 297 def _cached_perms_data(user_id, scope, user_is_admin,
298 298 user_inherit_default_permissions, explicit, algo):
299 299
300 300 permissions = PermissionCalculator(
301 301 user_id, scope, user_is_admin, user_inherit_default_permissions,
302 302 explicit, algo)
303 303 return permissions.calculate()
304 304
305 305 class PermOrigin:
306 306 ADMIN = 'superadmin'
307 307
308 308 REPO_USER = 'user:%s'
309 309 REPO_USERGROUP = 'usergroup:%s'
310 310 REPO_OWNER = 'repo.owner'
311 311 REPO_DEFAULT = 'repo.default'
312 312 REPO_PRIVATE = 'repo.private'
313 313
314 314 REPOGROUP_USER = 'user:%s'
315 315 REPOGROUP_USERGROUP = 'usergroup:%s'
316 316 REPOGROUP_OWNER = 'group.owner'
317 317 REPOGROUP_DEFAULT = 'group.default'
318 318
319 319 USERGROUP_USER = 'user:%s'
320 320 USERGROUP_USERGROUP = 'usergroup:%s'
321 321 USERGROUP_OWNER = 'usergroup.owner'
322 322 USERGROUP_DEFAULT = 'usergroup.default'
323 323
324 324
325 325 class PermOriginDict(dict):
326 326 """
327 327 A special dict used for tracking permissions along with their origins.
328 328
329 329 `__setitem__` has been overridden to expect a tuple(perm, origin)
330 330 `__getitem__` will return only the perm
331 331 `.perm_origin_stack` will return the stack of (perm, origin) set per key
332 332
333 333 >>> perms = PermOriginDict()
334 334 >>> perms['resource'] = 'read', 'default'
335 335 >>> perms['resource']
336 336 'read'
337 337 >>> perms['resource'] = 'write', 'admin'
338 338 >>> perms['resource']
339 339 'write'
340 340 >>> perms.perm_origin_stack
341 341 {'resource': [('read', 'default'), ('write', 'admin')]}
342 342 """
343 343
344 344
345 345 def __init__(self, *args, **kw):
346 346 dict.__init__(self, *args, **kw)
347 347 self.perm_origin_stack = {}
348 348
349 349 def __setitem__(self, key, (perm, origin)):
350 350 self.perm_origin_stack.setdefault(key, []).append((perm, origin))
351 351 dict.__setitem__(self, key, perm)
352 352
353 353
354 354 class PermissionCalculator(object):
355 355
356 356 def __init__(
357 357 self, user_id, scope, user_is_admin,
358 358 user_inherit_default_permissions, explicit, algo):
359 359 self.user_id = user_id
360 360 self.user_is_admin = user_is_admin
361 361 self.inherit_default_permissions = user_inherit_default_permissions
362 362 self.explicit = explicit
363 363 self.algo = algo
364 364
365 365 scope = scope or {}
366 366 self.scope_repo_id = scope.get('repo_id')
367 367 self.scope_repo_group_id = scope.get('repo_group_id')
368 368 self.scope_user_group_id = scope.get('user_group_id')
369 369
370 370 self.default_user_id = User.get_default_user(cache=True).user_id
371 371
372 372 self.permissions_repositories = PermOriginDict()
373 373 self.permissions_repository_groups = PermOriginDict()
374 374 self.permissions_user_groups = PermOriginDict()
375 375 self.permissions_global = set()
376 376
377 377 self.default_repo_perms = Permission.get_default_repo_perms(
378 378 self.default_user_id, self.scope_repo_id)
379 379 self.default_repo_groups_perms = Permission.get_default_group_perms(
380 380 self.default_user_id, self.scope_repo_group_id)
381 381 self.default_user_group_perms = \
382 382 Permission.get_default_user_group_perms(
383 383 self.default_user_id, self.scope_user_group_id)
384 384
385 385 def calculate(self):
386 386 if self.user_is_admin:
387 387 return self._admin_permissions()
388 388
389 389 self._calculate_global_default_permissions()
390 390 self._calculate_global_permissions()
391 391 self._calculate_default_permissions()
392 392 self._calculate_repository_permissions()
393 393 self._calculate_repository_group_permissions()
394 394 self._calculate_user_group_permissions()
395 395 return self._permission_structure()
396 396
397 397 def _admin_permissions(self):
398 398 """
399 399 admin user have all default rights for repositories
400 400 and groups set to admin
401 401 """
402 402 self.permissions_global.add('hg.admin')
403 403 self.permissions_global.add('hg.create.write_on_repogroup.true')
404 404
405 405 # repositories
406 406 for perm in self.default_repo_perms:
407 407 r_k = perm.UserRepoToPerm.repository.repo_name
408 408 p = 'repository.admin'
409 409 self.permissions_repositories[r_k] = p, PermOrigin.ADMIN
410 410
411 411 # repository groups
412 412 for perm in self.default_repo_groups_perms:
413 413 rg_k = perm.UserRepoGroupToPerm.group.group_name
414 414 p = 'group.admin'
415 415 self.permissions_repository_groups[rg_k] = p, PermOrigin.ADMIN
416 416
417 417 # user groups
418 418 for perm in self.default_user_group_perms:
419 419 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
420 420 p = 'usergroup.admin'
421 421 self.permissions_user_groups[u_k] = p, PermOrigin.ADMIN
422 422
423 423 return self._permission_structure()
424 424
425 425 def _calculate_global_default_permissions(self):
426 426 """
427 427 global permissions taken from the default user
428 428 """
429 429 default_global_perms = UserToPerm.query()\
430 430 .filter(UserToPerm.user_id == self.default_user_id)\
431 431 .options(joinedload(UserToPerm.permission))
432 432
433 433 for perm in default_global_perms:
434 434 self.permissions_global.add(perm.permission.permission_name)
435 435
436 436 def _calculate_global_permissions(self):
437 437 """
438 438 Set global system permissions with user permissions or permissions
439 439 taken from the user groups of the current user.
440 440
441 441 The permissions include repo creating, repo group creating, forking
442 442 etc.
443 443 """
444 444
445 445 # now we read the defined permissions and overwrite what we have set
446 446 # before those can be configured from groups or users explicitly.
447 447
448 448 # TODO: johbo: This seems to be out of sync, find out the reason
449 449 # for the comment below and update it.
450 450
451 451 # In case we want to extend this list we should be always in sync with
452 452 # User.DEFAULT_USER_PERMISSIONS definitions
453 453 _configurable = frozenset([
454 454 'hg.fork.none', 'hg.fork.repository',
455 455 'hg.create.none', 'hg.create.repository',
456 456 'hg.usergroup.create.false', 'hg.usergroup.create.true',
457 457 'hg.repogroup.create.false', 'hg.repogroup.create.true',
458 458 'hg.create.write_on_repogroup.false',
459 459 'hg.create.write_on_repogroup.true',
460 460 'hg.inherit_default_perms.false', 'hg.inherit_default_perms.true'
461 461 ])
462 462
463 463 # USER GROUPS comes first user group global permissions
464 464 user_perms_from_users_groups = Session().query(UserGroupToPerm)\
465 465 .options(joinedload(UserGroupToPerm.permission))\
466 466 .join((UserGroupMember, UserGroupToPerm.users_group_id ==
467 467 UserGroupMember.users_group_id))\
468 468 .filter(UserGroupMember.user_id == self.user_id)\
469 469 .order_by(UserGroupToPerm.users_group_id)\
470 470 .all()
471 471
472 472 # need to group here by groups since user can be in more than
473 473 # one group, so we get all groups
474 474 _explicit_grouped_perms = [
475 475 [x, list(y)] for x, y in
476 476 itertools.groupby(user_perms_from_users_groups,
477 477 lambda _x: _x.users_group)]
478 478
479 479 for gr, perms in _explicit_grouped_perms:
480 480 # since user can be in multiple groups iterate over them and
481 481 # select the lowest permissions first (more explicit)
482 482 # TODO: marcink: do this^^
483 483
484 484 # group doesn't inherit default permissions so we actually set them
485 485 if not gr.inherit_default_permissions:
486 486 # NEED TO IGNORE all previously set configurable permissions
487 487 # and replace them with explicitly set from this user
488 488 # group permissions
489 489 self.permissions_global = self.permissions_global.difference(
490 490 _configurable)
491 491 for perm in perms:
492 492 self.permissions_global.add(perm.permission.permission_name)
493 493
494 494 # user explicit global permissions
495 495 user_perms = Session().query(UserToPerm)\
496 496 .options(joinedload(UserToPerm.permission))\
497 497 .filter(UserToPerm.user_id == self.user_id).all()
498 498
499 499 if not self.inherit_default_permissions:
500 500 # NEED TO IGNORE all configurable permissions and
501 501 # replace them with explicitly set from this user permissions
502 502 self.permissions_global = self.permissions_global.difference(
503 503 _configurable)
504 504 for perm in user_perms:
505 505 self.permissions_global.add(perm.permission.permission_name)
506 506
507 507 def _calculate_default_permissions(self):
508 508 """
509 509 Set default user permissions for repositories, repository groups
510 510 taken from the default user.
511 511
512 512 Calculate inheritance of object permissions based on what we have now
513 513 in GLOBAL permissions. We check if .false is in GLOBAL since this is
514 514 explicitly set. Inherit is the opposite of .false being there.
515 515
516 516 .. note::
517 517
518 518 the syntax is little bit odd but what we need to check here is
519 519 the opposite of .false permission being in the list so even for
520 520 inconsistent state when both .true/.false is there
521 521 .false is more important
522 522
523 523 """
524 524 user_inherit_object_permissions = not ('hg.inherit_default_perms.false'
525 525 in self.permissions_global)
526 526
527 527 # defaults for repositories, taken from `default` user permissions
528 528 # on given repo
529 529 for perm in self.default_repo_perms:
530 530 r_k = perm.UserRepoToPerm.repository.repo_name
531 531 o = PermOrigin.REPO_DEFAULT
532 532 if perm.Repository.private and not (
533 533 perm.Repository.user_id == self.user_id):
534 534 # disable defaults for private repos,
535 535 p = 'repository.none'
536 536 o = PermOrigin.REPO_PRIVATE
537 537 elif perm.Repository.user_id == self.user_id:
538 538 # set admin if owner
539 539 p = 'repository.admin'
540 540 o = PermOrigin.REPO_OWNER
541 541 else:
542 542 p = perm.Permission.permission_name
543 543 # if we decide this user isn't inheriting permissions from
544 544 # default user we set him to .none so only explicit
545 545 # permissions work
546 546 if not user_inherit_object_permissions:
547 547 p = 'repository.none'
548 548 self.permissions_repositories[r_k] = p, o
549 549
550 550 # defaults for repository groups taken from `default` user permission
551 551 # on given group
552 552 for perm in self.default_repo_groups_perms:
553 553 rg_k = perm.UserRepoGroupToPerm.group.group_name
554 554 o = PermOrigin.REPOGROUP_DEFAULT
555 555 if perm.RepoGroup.user_id == self.user_id:
556 556 # set admin if owner
557 557 p = 'group.admin'
558 558 o = PermOrigin.REPOGROUP_OWNER
559 559 else:
560 560 p = perm.Permission.permission_name
561 561
562 562 # if we decide this user isn't inheriting permissions from default
563 563 # user we set him to .none so only explicit permissions work
564 564 if not user_inherit_object_permissions:
565 565 p = 'group.none'
566 566 self.permissions_repository_groups[rg_k] = p, o
567 567
568 568 # defaults for user groups taken from `default` user permission
569 569 # on given user group
570 570 for perm in self.default_user_group_perms:
571 571 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
572 572 o = PermOrigin.USERGROUP_DEFAULT
573 573 if perm.UserGroup.user_id == self.user_id:
574 574 # set admin if owner
575 575 p = 'usergroup.admin'
576 576 o = PermOrigin.USERGROUP_OWNER
577 577 else:
578 578 p = perm.Permission.permission_name
579 579
580 580 # if we decide this user isn't inheriting permissions from default
581 581 # user we set him to .none so only explicit permissions work
582 582 if not user_inherit_object_permissions:
583 583 p = 'usergroup.none'
584 584 self.permissions_user_groups[u_k] = p, o
585 585
586 586 def _calculate_repository_permissions(self):
587 587 """
588 588 Repository permissions for the current user.
589 589
590 590 Check if the user is part of user groups for this repository and
591 591 fill in the permission from it. `_choose_permission` decides of which
592 592 permission should be selected based on selected method.
593 593 """
594 594
595 595 # user group for repositories permissions
596 596 user_repo_perms_from_user_group = Permission\
597 597 .get_default_repo_perms_from_user_group(
598 598 self.user_id, self.scope_repo_id)
599 599
600 600 multiple_counter = collections.defaultdict(int)
601 601 for perm in user_repo_perms_from_user_group:
602 602 r_k = perm.UserGroupRepoToPerm.repository.repo_name
603 603 ug_k = perm.UserGroupRepoToPerm.users_group.users_group_name
604 604 multiple_counter[r_k] += 1
605 605 p = perm.Permission.permission_name
606 606 o = PermOrigin.REPO_USERGROUP % ug_k
607 607
608 608 if perm.Repository.user_id == self.user_id:
609 609 # set admin if owner
610 610 p = 'repository.admin'
611 611 o = PermOrigin.REPO_OWNER
612 612 else:
613 613 if multiple_counter[r_k] > 1:
614 614 cur_perm = self.permissions_repositories[r_k]
615 615 p = self._choose_permission(p, cur_perm)
616 616 self.permissions_repositories[r_k] = p, o
617 617
618 618 # user explicit permissions for repositories, overrides any specified
619 619 # by the group permission
620 620 user_repo_perms = Permission.get_default_repo_perms(
621 621 self.user_id, self.scope_repo_id)
622 622 for perm in user_repo_perms:
623 623 r_k = perm.UserRepoToPerm.repository.repo_name
624 624 o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username
625 625 # set admin if owner
626 626 if perm.Repository.user_id == self.user_id:
627 627 p = 'repository.admin'
628 628 o = PermOrigin.REPO_OWNER
629 629 else:
630 630 p = perm.Permission.permission_name
631 631 if not self.explicit:
632 632 cur_perm = self.permissions_repositories.get(
633 633 r_k, 'repository.none')
634 634 p = self._choose_permission(p, cur_perm)
635 635 self.permissions_repositories[r_k] = p, o
636 636
637 637 def _calculate_repository_group_permissions(self):
638 638 """
639 639 Repository group permissions for the current user.
640 640
641 641 Check if the user is part of user groups for repository groups and
642 642 fill in the permissions from it. `_choose_permmission` decides of which
643 643 permission should be selected based on selected method.
644 644 """
645 645 # user group for repo groups permissions
646 646 user_repo_group_perms_from_user_group = Permission\
647 647 .get_default_group_perms_from_user_group(
648 648 self.user_id, self.scope_repo_group_id)
649 649
650 650 multiple_counter = collections.defaultdict(int)
651 651 for perm in user_repo_group_perms_from_user_group:
652 652 g_k = perm.UserGroupRepoGroupToPerm.group.group_name
653 653 ug_k = perm.UserGroupRepoGroupToPerm.users_group.users_group_name
654 654 o = PermOrigin.REPOGROUP_USERGROUP % ug_k
655 655 multiple_counter[g_k] += 1
656 656 p = perm.Permission.permission_name
657 657 if perm.RepoGroup.user_id == self.user_id:
658 658 # set admin if owner, even for member of other user group
659 659 p = 'group.admin'
660 660 o = PermOrigin.REPOGROUP_OWNER
661 661 else:
662 662 if multiple_counter[g_k] > 1:
663 663 cur_perm = self.permissions_repository_groups[g_k]
664 664 p = self._choose_permission(p, cur_perm)
665 665 self.permissions_repository_groups[g_k] = p, o
666 666
667 667 # user explicit permissions for repository groups
668 668 user_repo_groups_perms = Permission.get_default_group_perms(
669 669 self.user_id, self.scope_repo_group_id)
670 670 for perm in user_repo_groups_perms:
671 671 rg_k = perm.UserRepoGroupToPerm.group.group_name
672 672 u_k = perm.UserRepoGroupToPerm.user.username
673 673 o = PermOrigin.REPOGROUP_USER % u_k
674 674
675 675 if perm.RepoGroup.user_id == self.user_id:
676 676 # set admin if owner
677 677 p = 'group.admin'
678 678 o = PermOrigin.REPOGROUP_OWNER
679 679 else:
680 680 p = perm.Permission.permission_name
681 681 if not self.explicit:
682 682 cur_perm = self.permissions_repository_groups.get(
683 683 rg_k, 'group.none')
684 684 p = self._choose_permission(p, cur_perm)
685 685 self.permissions_repository_groups[rg_k] = p, o
686 686
687 687 def _calculate_user_group_permissions(self):
688 688 """
689 689 User group permissions for the current user.
690 690 """
691 691 # user group for user group permissions
692 692 user_group_from_user_group = Permission\
693 693 .get_default_user_group_perms_from_user_group(
694 694 self.user_id, self.scope_user_group_id)
695 695
696 696 multiple_counter = collections.defaultdict(int)
697 697 for perm in user_group_from_user_group:
698 698 g_k = perm.UserGroupUserGroupToPerm\
699 699 .target_user_group.users_group_name
700 700 u_k = perm.UserGroupUserGroupToPerm\
701 701 .user_group.users_group_name
702 702 o = PermOrigin.USERGROUP_USERGROUP % u_k
703 703 multiple_counter[g_k] += 1
704 704 p = perm.Permission.permission_name
705 705
706 706 if perm.UserGroup.user_id == self.user_id:
707 707 # set admin if owner, even for member of other user group
708 708 p = 'usergroup.admin'
709 709 o = PermOrigin.USERGROUP_OWNER
710 710 else:
711 711 if multiple_counter[g_k] > 1:
712 712 cur_perm = self.permissions_user_groups[g_k]
713 713 p = self._choose_permission(p, cur_perm)
714 714 self.permissions_user_groups[g_k] = p, o
715 715
716 716 # user explicit permission for user groups
717 717 user_user_groups_perms = Permission.get_default_user_group_perms(
718 718 self.user_id, self.scope_user_group_id)
719 719 for perm in user_user_groups_perms:
720 720 ug_k = perm.UserUserGroupToPerm.user_group.users_group_name
721 721 u_k = perm.UserUserGroupToPerm.user.username
722 722 o = PermOrigin.USERGROUP_USER % u_k
723 723
724 724 if perm.UserGroup.user_id == self.user_id:
725 725 # set admin if owner
726 726 p = 'usergroup.admin'
727 727 o = PermOrigin.USERGROUP_OWNER
728 728 else:
729 729 p = perm.Permission.permission_name
730 730 if not self.explicit:
731 731 cur_perm = self.permissions_user_groups.get(
732 732 ug_k, 'usergroup.none')
733 733 p = self._choose_permission(p, cur_perm)
734 734 self.permissions_user_groups[ug_k] = p, o
735 735
736 736 def _choose_permission(self, new_perm, cur_perm):
737 737 new_perm_val = Permission.PERM_WEIGHTS[new_perm]
738 738 cur_perm_val = Permission.PERM_WEIGHTS[cur_perm]
739 739 if self.algo == 'higherwin':
740 740 if new_perm_val > cur_perm_val:
741 741 return new_perm
742 742 return cur_perm
743 743 elif self.algo == 'lowerwin':
744 744 if new_perm_val < cur_perm_val:
745 745 return new_perm
746 746 return cur_perm
747 747
748 748 def _permission_structure(self):
749 749 return {
750 750 'global': self.permissions_global,
751 751 'repositories': self.permissions_repositories,
752 752 'repositories_groups': self.permissions_repository_groups,
753 753 'user_groups': self.permissions_user_groups,
754 754 }
755 755
756 756
757 757 def allowed_auth_token_access(controller_name, whitelist=None, auth_token=None):
758 758 """
759 759 Check if given controller_name is in whitelist of auth token access
760 760 """
761 761 if not whitelist:
762 762 from rhodecode import CONFIG
763 763 whitelist = aslist(
764 764 CONFIG.get('api_access_controllers_whitelist'), sep=',')
765 765 log.debug(
766 766 'Allowed controllers for AUTH TOKEN access: %s' % (whitelist,))
767 767
768 768 auth_token_access_valid = False
769 769 for entry in whitelist:
770 770 if fnmatch.fnmatch(controller_name, entry):
771 771 auth_token_access_valid = True
772 772 break
773 773
774 774 if auth_token_access_valid:
775 775 log.debug('controller:%s matches entry in whitelist'
776 776 % (controller_name,))
777 777 else:
778 778 msg = ('controller: %s does *NOT* match any entry in whitelist'
779 779 % (controller_name,))
780 780 if auth_token:
781 781 # if we use auth token key and don't have access it's a warning
782 782 log.warning(msg)
783 783 else:
784 784 log.debug(msg)
785 785
786 786 return auth_token_access_valid
787 787
788 788
789 789 class AuthUser(object):
790 790 """
791 791 A simple object that handles all attributes of user in RhodeCode
792 792
793 793 It does lookup based on API key,given user, or user present in session
794 794 Then it fills all required information for such user. It also checks if
795 795 anonymous access is enabled and if so, it returns default user as logged in
796 796 """
797 797 GLOBAL_PERMS = [x[0] for x in Permission.PERMS]
798 798
799 799 def __init__(self, user_id=None, api_key=None, username=None, ip_addr=None):
800 800
801 801 self.user_id = user_id
802 802 self._api_key = api_key
803 803
804 804 self.api_key = None
805 805 self.feed_token = ''
806 806 self.username = username
807 807 self.ip_addr = ip_addr
808 808 self.name = ''
809 809 self.lastname = ''
810 810 self.email = ''
811 811 self.is_authenticated = False
812 812 self.admin = False
813 813 self.inherit_default_permissions = False
814 814 self.password = ''
815 815
816 816 self.anonymous_user = None # propagated on propagate_data
817 817 self.propagate_data()
818 818 self._instance = None
819 819 self._permissions_scoped_cache = {} # used to bind scoped calculation
820 820
821 821 @LazyProperty
822 822 def permissions(self):
823 823 return self.get_perms(user=self, cache=False)
824 824
825 825 def permissions_with_scope(self, scope):
826 826 """
827 827 Call the get_perms function with scoped data. The scope in that function
828 828 narrows the SQL calls to the given ID of objects resulting in fetching
829 829 Just particular permission we want to obtain. If scope is an empty dict
830 830 then it basically narrows the scope to GLOBAL permissions only.
831 831
832 832 :param scope: dict
833 833 """
834 834 if 'repo_name' in scope:
835 835 obj = Repository.get_by_repo_name(scope['repo_name'])
836 836 if obj:
837 837 scope['repo_id'] = obj.repo_id
838 838 _scope = {
839 839 'repo_id': -1,
840 840 'user_group_id': -1,
841 841 'repo_group_id': -1,
842 842 }
843 843 _scope.update(scope)
844 844 cache_key = "_".join(map(safe_str, reduce(lambda a, b: a+b,
845 845 _scope.items())))
846 846 if cache_key not in self._permissions_scoped_cache:
847 847 # store in cache to mimic how the @LazyProperty works,
848 848 # the difference here is that we use the unique key calculated
849 849 # from params and values
850 850 res = self.get_perms(user=self, cache=False, scope=_scope)
851 851 self._permissions_scoped_cache[cache_key] = res
852 852 return self._permissions_scoped_cache[cache_key]
853 853
854 854 def get_instance(self):
855 855 return User.get(self.user_id)
856 856
857 857 def update_lastactivity(self):
858 858 if self.user_id:
859 859 User.get(self.user_id).update_lastactivity()
860 860
861 861 def propagate_data(self):
862 862 """
863 863 Fills in user data and propagates values to this instance. Maps fetched
864 864 user attributes to this class instance attributes
865 865 """
866 866 log.debug('starting data propagation for new potential AuthUser')
867 867 user_model = UserModel()
868 868 anon_user = self.anonymous_user = User.get_default_user(cache=True)
869 869 is_user_loaded = False
870 870
871 871 # lookup by userid
872 872 if self.user_id is not None and self.user_id != anon_user.user_id:
873 873 log.debug('Trying Auth User lookup by USER ID: `%s`' % self.user_id)
874 874 is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
875 875
876 876 # try go get user by api key
877 877 elif self._api_key and self._api_key != anon_user.api_key:
878 878 log.debug('Trying Auth User lookup by API KEY: `%s`' % self._api_key)
879 879 is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
880 880
881 881 # lookup by username
882 882 elif self.username:
883 883 log.debug('Trying Auth User lookup by USER NAME: `%s`' % self.username)
884 884 is_user_loaded = user_model.fill_data(self, username=self.username)
885 885 else:
886 886 log.debug('No data in %s that could been used to log in' % self)
887 887
888 888 if not is_user_loaded:
889 889 log.debug('Failed to load user. Fallback to default user')
890 890 # if we cannot authenticate user try anonymous
891 891 if anon_user.active:
892 892 user_model.fill_data(self, user_id=anon_user.user_id)
893 893 # then we set this user is logged in
894 894 self.is_authenticated = True
895 895 else:
896 896 # in case of disabled anonymous user we reset some of the
897 897 # parameters so such user is "corrupted", skipping the fill_data
898 898 for attr in ['user_id', 'username', 'admin', 'active']:
899 899 setattr(self, attr, None)
900 900 self.is_authenticated = False
901 901
902 902 if not self.username:
903 903 self.username = 'None'
904 904
905 905 log.debug('Auth User is now %s' % self)
906 906
907 907 def get_perms(self, user, scope=None, explicit=True, algo='higherwin',
908 908 cache=False):
909 909 """
910 910 Fills user permission attribute with permissions taken from database
911 911 works for permissions given for repositories, and for permissions that
912 912 are granted to groups
913 913
914 914 :param user: instance of User object from database
915 915 :param explicit: In case there are permissions both for user and a group
916 916 that user is part of, explicit flag will defiine if user will
917 917 explicitly override permissions from group, if it's False it will
918 918 make decision based on the algo
919 919 :param algo: algorithm to decide what permission should be choose if
920 920 it's multiple defined, eg user in two different groups. It also
921 921 decides if explicit flag is turned off how to specify the permission
922 922 for case when user is in a group + have defined separate permission
923 923 """
924 924 user_id = user.user_id
925 925 user_is_admin = user.is_admin
926 926
927 927 # inheritance of global permissions like create repo/fork repo etc
928 928 user_inherit_default_permissions = user.inherit_default_permissions
929 929
930 930 log.debug('Computing PERMISSION tree for scope %s' % (scope, ))
931 931 compute = caches.conditional_cache(
932 932 'short_term', 'cache_desc',
933 933 condition=cache, func=_cached_perms_data)
934 934 result = compute(user_id, scope, user_is_admin,
935 935 user_inherit_default_permissions, explicit, algo)
936 936
937 937 result_repr = []
938 938 for k in result:
939 939 result_repr.append((k, len(result[k])))
940 940
941 941 log.debug('PERMISSION tree computed %s' % (result_repr,))
942 942 return result
943 943
944 944 @property
945 945 def is_default(self):
946 946 return self.username == User.DEFAULT_USER
947 947
948 948 @property
949 949 def is_admin(self):
950 950 return self.admin
951 951
952 952 @property
953 953 def is_user_object(self):
954 954 return self.user_id is not None
955 955
956 956 @property
957 957 def repositories_admin(self):
958 958 """
959 959 Returns list of repositories you're an admin of
960 960 """
961 961 return [
962 962 x[0] for x in self.permissions['repositories'].iteritems()
963 963 if x[1] == 'repository.admin']
964 964
965 965 @property
966 966 def repository_groups_admin(self):
967 967 """
968 968 Returns list of repository groups you're an admin of
969 969 """
970 970 return [
971 971 x[0] for x in self.permissions['repositories_groups'].iteritems()
972 972 if x[1] == 'group.admin']
973 973
974 974 @property
975 975 def user_groups_admin(self):
976 976 """
977 977 Returns list of user groups you're an admin of
978 978 """
979 979 return [
980 980 x[0] for x in self.permissions['user_groups'].iteritems()
981 981 if x[1] == 'usergroup.admin']
982 982
983 983 @property
984 984 def ip_allowed(self):
985 985 """
986 986 Checks if ip_addr used in constructor is allowed from defined list of
987 987 allowed ip_addresses for user
988 988
989 989 :returns: boolean, True if ip is in allowed ip range
990 990 """
991 991 # check IP
992 992 inherit = self.inherit_default_permissions
993 993 return AuthUser.check_ip_allowed(self.user_id, self.ip_addr,
994 994 inherit_from_default=inherit)
995 995 @property
996 996 def personal_repo_group(self):
997 997 return RepoGroup.get_user_personal_repo_group(self.user_id)
998 998
999 999 @classmethod
1000 1000 def check_ip_allowed(cls, user_id, ip_addr, inherit_from_default):
1001 1001 allowed_ips = AuthUser.get_allowed_ips(
1002 1002 user_id, cache=True, inherit_from_default=inherit_from_default)
1003 1003 if check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips):
1004 1004 log.debug('IP:%s is in range of %s' % (ip_addr, allowed_ips))
1005 1005 return True
1006 1006 else:
1007 1007 log.info('Access for IP:%s forbidden, '
1008 1008 'not in %s' % (ip_addr, allowed_ips))
1009 1009 return False
1010 1010
1011 1011 def __repr__(self):
1012 1012 return "<AuthUser('id:%s[%s] ip:%s auth:%s')>"\
1013 1013 % (self.user_id, self.username, self.ip_addr, self.is_authenticated)
1014 1014
1015 1015 def set_authenticated(self, authenticated=True):
1016 1016 if self.user_id != self.anonymous_user.user_id:
1017 1017 self.is_authenticated = authenticated
1018 1018
1019 1019 def get_cookie_store(self):
1020 1020 return {
1021 1021 'username': self.username,
1022 1022 'password': md5(self.password),
1023 1023 'user_id': self.user_id,
1024 1024 'is_authenticated': self.is_authenticated
1025 1025 }
1026 1026
1027 1027 @classmethod
1028 1028 def from_cookie_store(cls, cookie_store):
1029 1029 """
1030 1030 Creates AuthUser from a cookie store
1031 1031
1032 1032 :param cls:
1033 1033 :param cookie_store:
1034 1034 """
1035 1035 user_id = cookie_store.get('user_id')
1036 1036 username = cookie_store.get('username')
1037 1037 api_key = cookie_store.get('api_key')
1038 1038 return AuthUser(user_id, api_key, username)
1039 1039
1040 1040 @classmethod
1041 1041 def get_allowed_ips(cls, user_id, cache=False, inherit_from_default=False):
1042 1042 _set = set()
1043 1043
1044 1044 if inherit_from_default:
1045 1045 default_ips = UserIpMap.query().filter(
1046 1046 UserIpMap.user == User.get_default_user(cache=True))
1047 1047 if cache:
1048 1048 default_ips = default_ips.options(FromCache("sql_cache_short",
1049 1049 "get_user_ips_default"))
1050 1050
1051 1051 # populate from default user
1052 1052 for ip in default_ips:
1053 1053 try:
1054 1054 _set.add(ip.ip_addr)
1055 1055 except ObjectDeletedError:
1056 1056 # since we use heavy caching sometimes it happens that
1057 1057 # we get deleted objects here, we just skip them
1058 1058 pass
1059 1059
1060 1060 user_ips = UserIpMap.query().filter(UserIpMap.user_id == user_id)
1061 1061 if cache:
1062 1062 user_ips = user_ips.options(FromCache("sql_cache_short",
1063 1063 "get_user_ips_%s" % user_id))
1064 1064
1065 1065 for ip in user_ips:
1066 1066 try:
1067 1067 _set.add(ip.ip_addr)
1068 1068 except ObjectDeletedError:
1069 1069 # since we use heavy caching sometimes it happens that we get
1070 1070 # deleted objects here, we just skip them
1071 1071 pass
1072 1072 return _set or set(['0.0.0.0/0', '::/0'])
1073 1073
1074 1074
1075 1075 def set_available_permissions(config):
1076 1076 """
1077 1077 This function will propagate pylons globals with all available defined
1078 1078 permission given in db. We don't want to check each time from db for new
1079 1079 permissions since adding a new permission also requires application restart
1080 1080 ie. to decorate new views with the newly created permission
1081 1081
1082 1082 :param config: current pylons config instance
1083 1083
1084 1084 """
1085 1085 log.info('getting information about all available permissions')
1086 1086 try:
1087 1087 sa = meta.Session
1088 1088 all_perms = sa.query(Permission).all()
1089 1089 config['available_permissions'] = [x.permission_name for x in all_perms]
1090 1090 except Exception:
1091 1091 log.error(traceback.format_exc())
1092 1092 finally:
1093 1093 meta.Session.remove()
1094 1094
1095 1095
1096 1096 def get_csrf_token(session=None, force_new=False, save_if_missing=True):
1097 1097 """
1098 1098 Return the current authentication token, creating one if one doesn't
1099 1099 already exist and the save_if_missing flag is present.
1100 1100
1101 1101 :param session: pass in the pylons session, else we use the global ones
1102 1102 :param force_new: force to re-generate the token and store it in session
1103 1103 :param save_if_missing: save the newly generated token if it's missing in
1104 1104 session
1105 1105 """
1106 1106 if not session:
1107 1107 from pylons import session
1108 1108
1109 1109 if (csrf_token_key not in session and save_if_missing) or force_new:
1110 1110 token = hashlib.sha1(str(random.getrandbits(128))).hexdigest()
1111 1111 session[csrf_token_key] = token
1112 1112 if hasattr(session, 'save'):
1113 1113 session.save()
1114 1114 return session.get(csrf_token_key)
1115 1115
1116 1116
1117 1117 # CHECK DECORATORS
1118 1118 class CSRFRequired(object):
1119 1119 """
1120 1120 Decorator for authenticating a form
1121 1121
1122 1122 This decorator uses an authorization token stored in the client's
1123 1123 session for prevention of certain Cross-site request forgery (CSRF)
1124 1124 attacks (See
1125 1125 http://en.wikipedia.org/wiki/Cross-site_request_forgery for more
1126 1126 information).
1127 1127
1128 1128 For use with the ``webhelpers.secure_form`` helper functions.
1129 1129
1130 1130 """
1131 1131 def __init__(self, token=csrf_token_key, header='X-CSRF-Token',
1132 1132 except_methods=None):
1133 1133 self.token = token
1134 1134 self.header = header
1135 1135 self.except_methods = except_methods or []
1136 1136
1137 1137 def __call__(self, func):
1138 1138 return get_cython_compat_decorator(self.__wrapper, func)
1139 1139
1140 1140 def _get_csrf(self, _request):
1141 1141 return _request.POST.get(self.token, _request.headers.get(self.header))
1142 1142
1143 1143 def check_csrf(self, _request, cur_token):
1144 1144 supplied_token = self._get_csrf(_request)
1145 1145 return supplied_token and supplied_token == cur_token
1146 1146
1147 1147 def __wrapper(self, func, *fargs, **fkwargs):
1148 1148 if request.method in self.except_methods:
1149 1149 return func(*fargs, **fkwargs)
1150 1150
1151 1151 cur_token = get_csrf_token(save_if_missing=False)
1152 1152 if self.check_csrf(request, cur_token):
1153 1153 if request.POST.get(self.token):
1154 1154 del request.POST[self.token]
1155 1155 return func(*fargs, **fkwargs)
1156 1156 else:
1157 1157 reason = 'token-missing'
1158 1158 supplied_token = self._get_csrf(request)
1159 1159 if supplied_token and cur_token != supplied_token:
1160 1160 reason = 'token-mismatch [%s:%s]' % (cur_token or ''[:6],
1161 1161 supplied_token or ''[:6])
1162 1162
1163 1163 csrf_message = \
1164 1164 ("Cross-site request forgery detected, request denied. See "
1165 1165 "http://en.wikipedia.org/wiki/Cross-site_request_forgery for "
1166 1166 "more information.")
1167 1167 log.warn('Cross-site request forgery detected, request %r DENIED: %s '
1168 1168 'REMOTE_ADDR:%s, HEADERS:%s' % (
1169 1169 request, reason, request.remote_addr, request.headers))
1170 1170
1171 1171 raise HTTPForbidden(explanation=csrf_message)
1172 1172
1173 1173
1174 1174 class LoginRequired(object):
1175 1175 """
1176 1176 Must be logged in to execute this function else
1177 1177 redirect to login page
1178 1178
1179 1179 :param api_access: if enabled this checks only for valid auth token
1180 1180 and grants access based on valid token
1181 1181 """
1182 1182 def __init__(self, auth_token_access=None):
1183 1183 self.auth_token_access = auth_token_access
1184 1184
1185 1185 def __call__(self, func):
1186 1186 return get_cython_compat_decorator(self.__wrapper, func)
1187 1187
1188 1188 def __wrapper(self, func, *fargs, **fkwargs):
1189 1189 from rhodecode.lib import helpers as h
1190 1190 cls = fargs[0]
1191 1191 user = cls._rhodecode_user
1192 1192 loc = "%s:%s" % (cls.__class__.__name__, func.__name__)
1193 1193 log.debug('Starting login restriction checks for user: %s' % (user,))
1194 1194 # check if our IP is allowed
1195 1195 ip_access_valid = True
1196 1196 if not user.ip_allowed:
1197 1197 h.flash(h.literal(_('IP %s not allowed' % (user.ip_addr,))),
1198 1198 category='warning')
1199 1199 ip_access_valid = False
1200 1200
1201 1201 # check if we used an APIKEY and it's a valid one
1202 1202 # defined white-list of controllers which API access will be enabled
1203 1203 _auth_token = request.GET.get(
1204 1204 'auth_token', '') or request.GET.get('api_key', '')
1205 1205 auth_token_access_valid = allowed_auth_token_access(
1206 1206 loc, auth_token=_auth_token)
1207 1207
1208 1208 # explicit controller is enabled or API is in our whitelist
1209 1209 if self.auth_token_access or auth_token_access_valid:
1210 1210 log.debug('Checking AUTH TOKEN access for %s' % (cls,))
1211 1211 db_user = user.get_instance()
1212 1212
1213 1213 if db_user:
1214 1214 if self.auth_token_access:
1215 1215 roles = self.auth_token_access
1216 1216 else:
1217 1217 roles = [UserApiKeys.ROLE_HTTP]
1218 1218 token_match = db_user.authenticate_by_token(
1219 1219 _auth_token, roles=roles)
1220 1220 else:
1221 1221 log.debug('Unable to fetch db instance for auth user: %s', user)
1222 1222 token_match = False
1223 1223
1224 1224 if _auth_token and token_match:
1225 1225 auth_token_access_valid = True
1226 1226 log.debug('AUTH TOKEN ****%s is VALID' % (_auth_token[-4:],))
1227 1227 else:
1228 1228 auth_token_access_valid = False
1229 1229 if not _auth_token:
1230 1230 log.debug("AUTH TOKEN *NOT* present in request")
1231 1231 else:
1232 1232 log.warning(
1233 1233 "AUTH TOKEN ****%s *NOT* valid" % _auth_token[-4:])
1234 1234
1235 1235 log.debug('Checking if %s is authenticated @ %s' % (user.username, loc))
1236 1236 reason = 'RHODECODE_AUTH' if user.is_authenticated \
1237 1237 else 'AUTH_TOKEN_AUTH'
1238 1238
1239 1239 if ip_access_valid and (
1240 1240 user.is_authenticated or auth_token_access_valid):
1241 1241 log.info(
1242 1242 'user %s authenticating with:%s IS authenticated on func %s'
1243 1243 % (user, reason, loc))
1244 1244
1245 1245 # update user data to check last activity
1246 1246 user.update_lastactivity()
1247 1247 Session().commit()
1248 1248 return func(*fargs, **fkwargs)
1249 1249 else:
1250 1250 log.warning(
1251 1251 'user %s authenticating with:%s NOT authenticated on '
1252 1252 'func: %s: IP_ACCESS:%s AUTH_TOKEN_ACCESS:%s'
1253 1253 % (user, reason, loc, ip_access_valid,
1254 1254 auth_token_access_valid))
1255 1255 # we preserve the get PARAM
1256 1256 came_from = request.path_qs
1257 1257 log.debug('redirecting to login page with %s' % (came_from,))
1258 1258 return redirect(
1259 1259 h.route_path('login', _query={'came_from': came_from}))
1260 1260
1261 1261
1262 1262 class NotAnonymous(object):
1263 1263 """
1264 1264 Must be logged in to execute this function else
1265 1265 redirect to login page"""
1266 1266
1267 1267 def __call__(self, func):
1268 1268 return get_cython_compat_decorator(self.__wrapper, func)
1269 1269
1270 1270 def __wrapper(self, func, *fargs, **fkwargs):
1271 import rhodecode.lib.helpers as h
1271 1272 cls = fargs[0]
1272 1273 self.user = cls._rhodecode_user
1273 1274
1274 1275 log.debug('Checking if user is not anonymous @%s' % cls)
1275 1276
1276 1277 anonymous = self.user.username == User.DEFAULT_USER
1277 1278
1278 1279 if anonymous:
1279 1280 came_from = request.path_qs
1280
1281 import rhodecode.lib.helpers as h
1282 1281 h.flash(_('You need to be a registered user to '
1283 1282 'perform this action'),
1284 1283 category='warning')
1285 1284 return redirect(
1286 1285 h.route_path('login', _query={'came_from': came_from}))
1287 1286 else:
1288 1287 return func(*fargs, **fkwargs)
1289 1288
1290 1289
1291 1290 class XHRRequired(object):
1292 1291 def __call__(self, func):
1293 1292 return get_cython_compat_decorator(self.__wrapper, func)
1294 1293
1295 1294 def __wrapper(self, func, *fargs, **fkwargs):
1296 1295 log.debug('Checking if request is XMLHttpRequest (XHR)')
1297 1296 xhr_message = 'This is not a valid XMLHttpRequest (XHR) request'
1298 1297 if not request.is_xhr:
1299 1298 abort(400, detail=xhr_message)
1300 1299
1301 1300 return func(*fargs, **fkwargs)
1302 1301
1303 1302
1304 1303 class HasAcceptedRepoType(object):
1305 1304 """
1306 1305 Check if requested repo is within given repo type aliases
1307 1306
1308 1307 TODO: anderson: not sure where to put this decorator
1309 1308 """
1310 1309
1311 1310 def __init__(self, *repo_type_list):
1312 1311 self.repo_type_list = set(repo_type_list)
1313 1312
1314 1313 def __call__(self, func):
1315 1314 return get_cython_compat_decorator(self.__wrapper, func)
1316 1315
1317 1316 def __wrapper(self, func, *fargs, **fkwargs):
1317 import rhodecode.lib.helpers as h
1318 1318 cls = fargs[0]
1319 1319 rhodecode_repo = cls.rhodecode_repo
1320 1320
1321 1321 log.debug('%s checking repo type for %s in %s',
1322 1322 self.__class__.__name__,
1323 1323 rhodecode_repo.alias, self.repo_type_list)
1324 1324
1325 1325 if rhodecode_repo.alias in self.repo_type_list:
1326 1326 return func(*fargs, **fkwargs)
1327 1327 else:
1328 import rhodecode.lib.helpers as h
1329 1328 h.flash(h.literal(
1330 1329 _('Action not supported for %s.' % rhodecode_repo.alias)),
1331 1330 category='warning')
1332 1331 return redirect(
1333 1332 url('summary_home', repo_name=cls.rhodecode_db_repo.repo_name))
1334 1333
1335 1334
1336 1335 class PermsDecorator(object):
1337 1336 """
1338 1337 Base class for controller decorators, we extract the current user from
1339 1338 the class itself, which has it stored in base controllers
1340 1339 """
1341 1340
1342 1341 def __init__(self, *required_perms):
1343 1342 self.required_perms = set(required_perms)
1344 1343
1345 1344 def __call__(self, func):
1346 1345 return get_cython_compat_decorator(self.__wrapper, func)
1347 1346
1348 1347 def _get_request(self):
1349 1348 from pyramid.threadlocal import get_current_request
1350 1349 pyramid_request = get_current_request()
1351 1350 if not pyramid_request:
1352 # return global request of pylons incase pyramid one isn't available
1351 # return global request of pylons in case pyramid isn't available
1353 1352 return request
1354 1353 return pyramid_request
1355 1354
1356 1355 def _get_came_from(self):
1357 1356 _request = self._get_request()
1358 1357
1359 1358 # both pylons/pyramid has this attribute
1360 1359 return _request.path_qs
1361 1360
1362 1361 def __wrapper(self, func, *fargs, **fkwargs):
1362 import rhodecode.lib.helpers as h
1363 1363 cls = fargs[0]
1364 1364 _user = cls._rhodecode_user
1365 1365
1366 1366 log.debug('checking %s permissions %s for %s %s',
1367 1367 self.__class__.__name__, self.required_perms, cls, _user)
1368 1368
1369 1369 if self.check_permissions(_user):
1370 1370 log.debug('Permission granted for %s %s', cls, _user)
1371 1371 return func(*fargs, **fkwargs)
1372 1372
1373 1373 else:
1374 1374 log.debug('Permission denied for %s %s', cls, _user)
1375 1375 anonymous = _user.username == User.DEFAULT_USER
1376 1376
1377 1377 if anonymous:
1378 import rhodecode.lib.helpers as h
1379 1378 came_from = self._get_came_from()
1380 1379 h.flash(_('You need to be signed in to view this page'),
1381 category='warning')
1380 category='warning')
1382 1381 raise HTTPFound(
1383 1382 h.route_path('login', _query={'came_from': came_from}))
1384 1383
1385 1384 else:
1386 1385 # redirect with forbidden ret code
1387 1386 raise HTTPForbidden()
1388 1387
1389 1388 def check_permissions(self, user):
1390 1389 """Dummy function for overriding"""
1391 1390 raise NotImplementedError(
1392 1391 'You have to write this function in child class')
1393 1392
1394 1393
1395 1394 class HasPermissionAllDecorator(PermsDecorator):
1396 1395 """
1397 1396 Checks for access permission for all given predicates. All of them
1398 1397 have to be meet in order to fulfill the request
1399 1398 """
1400 1399
1401 1400 def check_permissions(self, user):
1402 1401 perms = user.permissions_with_scope({})
1403 1402 if self.required_perms.issubset(perms['global']):
1404 1403 return True
1405 1404 return False
1406 1405
1407 1406
1408 1407 class HasPermissionAnyDecorator(PermsDecorator):
1409 1408 """
1410 1409 Checks for access permission for any of given predicates. In order to
1411 1410 fulfill the request any of predicates must be meet
1412 1411 """
1413 1412
1414 1413 def check_permissions(self, user):
1415 1414 perms = user.permissions_with_scope({})
1416 1415 if self.required_perms.intersection(perms['global']):
1417 1416 return True
1418 1417 return False
1419 1418
1420 1419
1421 1420 class HasRepoPermissionAllDecorator(PermsDecorator):
1422 1421 """
1423 1422 Checks for access permission for all given predicates for specific
1424 1423 repository. All of them have to be meet in order to fulfill the request
1425 1424 """
1426 1425 def _get_repo_name(self):
1427 1426 _request = self._get_request()
1428 1427 return get_repo_slug(_request)
1429 1428
1430 1429 def check_permissions(self, user):
1431 1430 perms = user.permissions
1432 1431 repo_name = self._get_repo_name()
1433 1432 try:
1434 1433 user_perms = set([perms['repositories'][repo_name]])
1435 1434 except KeyError:
1436 1435 return False
1437 1436 if self.required_perms.issubset(user_perms):
1438 1437 return True
1439 1438 return False
1440 1439
1441 1440
1442 1441 class HasRepoPermissionAnyDecorator(PermsDecorator):
1443 1442 """
1444 1443 Checks for access permission for any of given predicates for specific
1445 1444 repository. In order to fulfill the request any of predicates must be meet
1446 1445 """
1447 1446 def _get_repo_name(self):
1448 1447 _request = self._get_request()
1449 1448 return get_repo_slug(_request)
1450 1449
1451 1450 def check_permissions(self, user):
1452 1451 perms = user.permissions
1453 1452 repo_name = self._get_repo_name()
1454 1453 try:
1455 1454 user_perms = set([perms['repositories'][repo_name]])
1456 1455 except KeyError:
1457 1456 return False
1458 1457
1459 1458 if self.required_perms.intersection(user_perms):
1460 1459 return True
1461 1460 return False
1462 1461
1463 1462
1464 1463 class HasRepoGroupPermissionAllDecorator(PermsDecorator):
1465 1464 """
1466 1465 Checks for access permission for all given predicates for specific
1467 1466 repository group. All of them have to be meet in order to
1468 1467 fulfill the request
1469 1468 """
1470 1469 def _get_repo_group_name(self):
1471 1470 _request = self._get_request()
1472 1471 return get_repo_group_slug(_request)
1473 1472
1474 1473 def check_permissions(self, user):
1475 1474 perms = user.permissions
1476 1475 group_name = self._get_repo_group_name()
1477 1476 try:
1478 1477 user_perms = set([perms['repositories_groups'][group_name]])
1479 1478 except KeyError:
1480 1479 return False
1481 1480
1482 1481 if self.required_perms.issubset(user_perms):
1483 1482 return True
1484 1483 return False
1485 1484
1486 1485
1487 1486 class HasRepoGroupPermissionAnyDecorator(PermsDecorator):
1488 1487 """
1489 1488 Checks for access permission for any of given predicates for specific
1490 1489 repository group. In order to fulfill the request any
1491 1490 of predicates must be met
1492 1491 """
1493 1492 def _get_repo_group_name(self):
1494 1493 _request = self._get_request()
1495 1494 return get_repo_group_slug(_request)
1496 1495
1497 1496 def check_permissions(self, user):
1498 1497 perms = user.permissions
1499 1498 group_name = self._get_repo_group_name()
1500 1499 try:
1501 1500 user_perms = set([perms['repositories_groups'][group_name]])
1502 1501 except KeyError:
1503 1502 return False
1504 1503
1505 1504 if self.required_perms.intersection(user_perms):
1506 1505 return True
1507 1506 return False
1508 1507
1509 1508
1510 1509 class HasUserGroupPermissionAllDecorator(PermsDecorator):
1511 1510 """
1512 1511 Checks for access permission for all given predicates for specific
1513 1512 user group. All of them have to be meet in order to fulfill the request
1514 1513 """
1515 1514 def _get_user_group_name(self):
1516 1515 _request = self._get_request()
1517 1516 return get_user_group_slug(_request)
1518 1517
1519 1518 def check_permissions(self, user):
1520 1519 perms = user.permissions
1521 1520 group_name = self._get_user_group_name()
1522 1521 try:
1523 1522 user_perms = set([perms['user_groups'][group_name]])
1524 1523 except KeyError:
1525 1524 return False
1526 1525
1527 1526 if self.required_perms.issubset(user_perms):
1528 1527 return True
1529 1528 return False
1530 1529
1531 1530
1532 1531 class HasUserGroupPermissionAnyDecorator(PermsDecorator):
1533 1532 """
1534 1533 Checks for access permission for any of given predicates for specific
1535 1534 user group. In order to fulfill the request any of predicates must be meet
1536 1535 """
1537 1536 def _get_user_group_name(self):
1538 1537 _request = self._get_request()
1539 1538 return get_user_group_slug(_request)
1540 1539
1541 1540 def check_permissions(self, user):
1542 1541 perms = user.permissions
1543 1542 group_name = self._get_user_group_name()
1544 1543 try:
1545 1544 user_perms = set([perms['user_groups'][group_name]])
1546 1545 except KeyError:
1547 1546 return False
1548 1547
1549 1548 if self.required_perms.intersection(user_perms):
1550 1549 return True
1551 1550 return False
1552 1551
1553 1552
1554 1553 # CHECK FUNCTIONS
1555 1554 class PermsFunction(object):
1556 1555 """Base function for other check functions"""
1557 1556
1558 1557 def __init__(self, *perms):
1559 1558 self.required_perms = set(perms)
1560 1559 self.repo_name = None
1561 1560 self.repo_group_name = None
1562 1561 self.user_group_name = None
1563 1562
1564 1563 def __bool__(self):
1565 1564 frame = inspect.currentframe()
1566 1565 stack_trace = traceback.format_stack(frame)
1567 1566 log.error('Checking bool value on a class instance of perm '
1568 1567 'function is not allowed: %s' % ''.join(stack_trace))
1569 1568 # rather than throwing errors, here we always return False so if by
1570 1569 # accident someone checks truth for just an instance it will always end
1571 1570 # up in returning False
1572 1571 return False
1573 1572 __nonzero__ = __bool__
1574 1573
1575 1574 def __call__(self, check_location='', user=None):
1576 1575 if not user:
1577 1576 log.debug('Using user attribute from global request')
1578 1577 # TODO: remove this someday,put as user as attribute here
1579 1578 user = request.user
1580 1579
1581 1580 # init auth user if not already given
1582 1581 if not isinstance(user, AuthUser):
1583 1582 log.debug('Wrapping user %s into AuthUser', user)
1584 1583 user = AuthUser(user.user_id)
1585 1584
1586 1585 cls_name = self.__class__.__name__
1587 1586 check_scope = self._get_check_scope(cls_name)
1588 1587 check_location = check_location or 'unspecified location'
1589 1588
1590 1589 log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,
1591 1590 self.required_perms, user, check_scope, check_location)
1592 1591 if not user:
1593 1592 log.warning('Empty user given for permission check')
1594 1593 return False
1595 1594
1596 1595 if self.check_permissions(user):
1597 1596 log.debug('Permission to repo:`%s` GRANTED for user:`%s` @ %s',
1598 1597 check_scope, user, check_location)
1599 1598 return True
1600 1599
1601 1600 else:
1602 1601 log.debug('Permission to repo:`%s` DENIED for user:`%s` @ %s',
1603 1602 check_scope, user, check_location)
1604 1603 return False
1605 1604
1606 1605 def _get_request(self):
1607 1606 from pyramid.threadlocal import get_current_request
1608 1607 pyramid_request = get_current_request()
1609 1608 if not pyramid_request:
1610 1609 # return global request of pylons incase pyramid one isn't available
1611 1610 return request
1612 1611 return pyramid_request
1613 1612
1614 1613 def _get_check_scope(self, cls_name):
1615 1614 return {
1616 1615 'HasPermissionAll': 'GLOBAL',
1617 1616 'HasPermissionAny': 'GLOBAL',
1618 1617 'HasRepoPermissionAll': 'repo:%s' % self.repo_name,
1619 1618 'HasRepoPermissionAny': 'repo:%s' % self.repo_name,
1620 1619 'HasRepoGroupPermissionAll': 'repo_group:%s' % self.repo_group_name,
1621 1620 'HasRepoGroupPermissionAny': 'repo_group:%s' % self.repo_group_name,
1622 1621 'HasUserGroupPermissionAll': 'user_group:%s' % self.user_group_name,
1623 1622 'HasUserGroupPermissionAny': 'user_group:%s' % self.user_group_name,
1624 1623 }.get(cls_name, '?:%s' % cls_name)
1625 1624
1626 1625 def check_permissions(self, user):
1627 1626 """Dummy function for overriding"""
1628 1627 raise Exception('You have to write this function in child class')
1629 1628
1630 1629
1631 1630 class HasPermissionAll(PermsFunction):
1632 1631 def check_permissions(self, user):
1633 1632 perms = user.permissions_with_scope({})
1634 1633 if self.required_perms.issubset(perms.get('global')):
1635 1634 return True
1636 1635 return False
1637 1636
1638 1637
1639 1638 class HasPermissionAny(PermsFunction):
1640 1639 def check_permissions(self, user):
1641 1640 perms = user.permissions_with_scope({})
1642 1641 if self.required_perms.intersection(perms.get('global')):
1643 1642 return True
1644 1643 return False
1645 1644
1646 1645
1647 1646 class HasRepoPermissionAll(PermsFunction):
1648 1647 def __call__(self, repo_name=None, check_location='', user=None):
1649 1648 self.repo_name = repo_name
1650 1649 return super(HasRepoPermissionAll, self).__call__(check_location, user)
1651 1650
1652 1651 def _get_repo_name(self):
1653 1652 if not self.repo_name:
1654 1653 _request = self._get_request()
1655 1654 self.repo_name = get_repo_slug(_request)
1656 1655 return self.repo_name
1657 1656
1658 1657 def check_permissions(self, user):
1659 1658 self.repo_name = self._get_repo_name()
1660 1659 perms = user.permissions
1661 1660 try:
1662 1661 user_perms = set([perms['repositories'][self.repo_name]])
1663 1662 except KeyError:
1664 1663 return False
1665 1664 if self.required_perms.issubset(user_perms):
1666 1665 return True
1667 1666 return False
1668 1667
1669 1668
1670 1669 class HasRepoPermissionAny(PermsFunction):
1671 1670 def __call__(self, repo_name=None, check_location='', user=None):
1672 1671 self.repo_name = repo_name
1673 1672 return super(HasRepoPermissionAny, self).__call__(check_location, user)
1674 1673
1675 1674 def _get_repo_name(self):
1676 1675 if not self.repo_name:
1677 1676 self.repo_name = get_repo_slug(request)
1678 1677 return self.repo_name
1679 1678
1680 1679 def check_permissions(self, user):
1681 1680 self.repo_name = self._get_repo_name()
1682 1681 perms = user.permissions
1683 1682 try:
1684 1683 user_perms = set([perms['repositories'][self.repo_name]])
1685 1684 except KeyError:
1686 1685 return False
1687 1686 if self.required_perms.intersection(user_perms):
1688 1687 return True
1689 1688 return False
1690 1689
1691 1690
1692 1691 class HasRepoGroupPermissionAny(PermsFunction):
1693 1692 def __call__(self, group_name=None, check_location='', user=None):
1694 1693 self.repo_group_name = group_name
1695 1694 return super(HasRepoGroupPermissionAny, self).__call__(
1696 1695 check_location, user)
1697 1696
1698 1697 def check_permissions(self, user):
1699 1698 perms = user.permissions
1700 1699 try:
1701 1700 user_perms = set(
1702 1701 [perms['repositories_groups'][self.repo_group_name]])
1703 1702 except KeyError:
1704 1703 return False
1705 1704 if self.required_perms.intersection(user_perms):
1706 1705 return True
1707 1706 return False
1708 1707
1709 1708
1710 1709 class HasRepoGroupPermissionAll(PermsFunction):
1711 1710 def __call__(self, group_name=None, check_location='', user=None):
1712 1711 self.repo_group_name = group_name
1713 1712 return super(HasRepoGroupPermissionAll, self).__call__(
1714 1713 check_location, user)
1715 1714
1716 1715 def check_permissions(self, user):
1717 1716 perms = user.permissions
1718 1717 try:
1719 1718 user_perms = set(
1720 1719 [perms['repositories_groups'][self.repo_group_name]])
1721 1720 except KeyError:
1722 1721 return False
1723 1722 if self.required_perms.issubset(user_perms):
1724 1723 return True
1725 1724 return False
1726 1725
1727 1726
1728 1727 class HasUserGroupPermissionAny(PermsFunction):
1729 1728 def __call__(self, user_group_name=None, check_location='', user=None):
1730 1729 self.user_group_name = user_group_name
1731 1730 return super(HasUserGroupPermissionAny, self).__call__(
1732 1731 check_location, user)
1733 1732
1734 1733 def check_permissions(self, user):
1735 1734 perms = user.permissions
1736 1735 try:
1737 1736 user_perms = set([perms['user_groups'][self.user_group_name]])
1738 1737 except KeyError:
1739 1738 return False
1740 1739 if self.required_perms.intersection(user_perms):
1741 1740 return True
1742 1741 return False
1743 1742
1744 1743
1745 1744 class HasUserGroupPermissionAll(PermsFunction):
1746 1745 def __call__(self, user_group_name=None, check_location='', user=None):
1747 1746 self.user_group_name = user_group_name
1748 1747 return super(HasUserGroupPermissionAll, self).__call__(
1749 1748 check_location, user)
1750 1749
1751 1750 def check_permissions(self, user):
1752 1751 perms = user.permissions
1753 1752 try:
1754 1753 user_perms = set([perms['user_groups'][self.user_group_name]])
1755 1754 except KeyError:
1756 1755 return False
1757 1756 if self.required_perms.issubset(user_perms):
1758 1757 return True
1759 1758 return False
1760 1759
1761 1760
1762 1761 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
1763 1762 class HasPermissionAnyMiddleware(object):
1764 1763 def __init__(self, *perms):
1765 1764 self.required_perms = set(perms)
1766 1765
1767 1766 def __call__(self, user, repo_name):
1768 1767 # repo_name MUST be unicode, since we handle keys in permission
1769 1768 # dict by unicode
1770 1769 repo_name = safe_unicode(repo_name)
1771 1770 user = AuthUser(user.user_id)
1772 1771 log.debug(
1773 1772 'Checking VCS protocol permissions %s for user:%s repo:`%s`',
1774 1773 self.required_perms, user, repo_name)
1775 1774
1776 1775 if self.check_permissions(user, repo_name):
1777 1776 log.debug('Permission to repo:`%s` GRANTED for user:%s @ %s',
1778 1777 repo_name, user, 'PermissionMiddleware')
1779 1778 return True
1780 1779
1781 1780 else:
1782 1781 log.debug('Permission to repo:`%s` DENIED for user:%s @ %s',
1783 1782 repo_name, user, 'PermissionMiddleware')
1784 1783 return False
1785 1784
1786 1785 def check_permissions(self, user, repo_name):
1787 1786 perms = user.permissions_with_scope({'repo_name': repo_name})
1788 1787
1789 1788 try:
1790 1789 user_perms = set([perms['repositories'][repo_name]])
1791 1790 except Exception:
1792 1791 log.exception('Error while accessing user permissions')
1793 1792 return False
1794 1793
1795 1794 if self.required_perms.intersection(user_perms):
1796 1795 return True
1797 1796 return False
1798 1797
1799 1798
1800 1799 # SPECIAL VERSION TO HANDLE API AUTH
1801 1800 class _BaseApiPerm(object):
1802 1801 def __init__(self, *perms):
1803 1802 self.required_perms = set(perms)
1804 1803
1805 1804 def __call__(self, check_location=None, user=None, repo_name=None,
1806 1805 group_name=None, user_group_name=None):
1807 1806 cls_name = self.__class__.__name__
1808 1807 check_scope = 'global:%s' % (self.required_perms,)
1809 1808 if repo_name:
1810 1809 check_scope += ', repo_name:%s' % (repo_name,)
1811 1810
1812 1811 if group_name:
1813 1812 check_scope += ', repo_group_name:%s' % (group_name,)
1814 1813
1815 1814 if user_group_name:
1816 1815 check_scope += ', user_group_name:%s' % (user_group_name,)
1817 1816
1818 1817 log.debug(
1819 1818 'checking cls:%s %s %s @ %s'
1820 1819 % (cls_name, self.required_perms, check_scope, check_location))
1821 1820 if not user:
1822 1821 log.debug('Empty User passed into arguments')
1823 1822 return False
1824 1823
1825 1824 # process user
1826 1825 if not isinstance(user, AuthUser):
1827 1826 user = AuthUser(user.user_id)
1828 1827 if not check_location:
1829 1828 check_location = 'unspecified'
1830 1829 if self.check_permissions(user.permissions, repo_name, group_name,
1831 1830 user_group_name):
1832 1831 log.debug('Permission to repo:`%s` GRANTED for user:`%s` @ %s',
1833 1832 check_scope, user, check_location)
1834 1833 return True
1835 1834
1836 1835 else:
1837 1836 log.debug('Permission to repo:`%s` DENIED for user:`%s` @ %s',
1838 1837 check_scope, user, check_location)
1839 1838 return False
1840 1839
1841 1840 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1842 1841 user_group_name=None):
1843 1842 """
1844 1843 implement in child class should return True if permissions are ok,
1845 1844 False otherwise
1846 1845
1847 1846 :param perm_defs: dict with permission definitions
1848 1847 :param repo_name: repo name
1849 1848 """
1850 1849 raise NotImplementedError()
1851 1850
1852 1851
1853 1852 class HasPermissionAllApi(_BaseApiPerm):
1854 1853 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1855 1854 user_group_name=None):
1856 1855 if self.required_perms.issubset(perm_defs.get('global')):
1857 1856 return True
1858 1857 return False
1859 1858
1860 1859
1861 1860 class HasPermissionAnyApi(_BaseApiPerm):
1862 1861 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1863 1862 user_group_name=None):
1864 1863 if self.required_perms.intersection(perm_defs.get('global')):
1865 1864 return True
1866 1865 return False
1867 1866
1868 1867
1869 1868 class HasRepoPermissionAllApi(_BaseApiPerm):
1870 1869 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1871 1870 user_group_name=None):
1872 1871 try:
1873 1872 _user_perms = set([perm_defs['repositories'][repo_name]])
1874 1873 except KeyError:
1875 1874 log.warning(traceback.format_exc())
1876 1875 return False
1877 1876 if self.required_perms.issubset(_user_perms):
1878 1877 return True
1879 1878 return False
1880 1879
1881 1880
1882 1881 class HasRepoPermissionAnyApi(_BaseApiPerm):
1883 1882 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1884 1883 user_group_name=None):
1885 1884 try:
1886 1885 _user_perms = set([perm_defs['repositories'][repo_name]])
1887 1886 except KeyError:
1888 1887 log.warning(traceback.format_exc())
1889 1888 return False
1890 1889 if self.required_perms.intersection(_user_perms):
1891 1890 return True
1892 1891 return False
1893 1892
1894 1893
1895 1894 class HasRepoGroupPermissionAnyApi(_BaseApiPerm):
1896 1895 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1897 1896 user_group_name=None):
1898 1897 try:
1899 1898 _user_perms = set([perm_defs['repositories_groups'][group_name]])
1900 1899 except KeyError:
1901 1900 log.warning(traceback.format_exc())
1902 1901 return False
1903 1902 if self.required_perms.intersection(_user_perms):
1904 1903 return True
1905 1904 return False
1906 1905
1907 1906
1908 1907 class HasRepoGroupPermissionAllApi(_BaseApiPerm):
1909 1908 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1910 1909 user_group_name=None):
1911 1910 try:
1912 1911 _user_perms = set([perm_defs['repositories_groups'][group_name]])
1913 1912 except KeyError:
1914 1913 log.warning(traceback.format_exc())
1915 1914 return False
1916 1915 if self.required_perms.issubset(_user_perms):
1917 1916 return True
1918 1917 return False
1919 1918
1920 1919
1921 1920 class HasUserGroupPermissionAnyApi(_BaseApiPerm):
1922 1921 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1923 1922 user_group_name=None):
1924 1923 try:
1925 1924 _user_perms = set([perm_defs['user_groups'][user_group_name]])
1926 1925 except KeyError:
1927 1926 log.warning(traceback.format_exc())
1928 1927 return False
1929 1928 if self.required_perms.intersection(_user_perms):
1930 1929 return True
1931 1930 return False
1932 1931
1933 1932
1934 1933 def check_ip_access(source_ip, allowed_ips=None):
1935 1934 """
1936 1935 Checks if source_ip is a subnet of any of allowed_ips.
1937 1936
1938 1937 :param source_ip:
1939 1938 :param allowed_ips: list of allowed ips together with mask
1940 1939 """
1941 1940 log.debug('checking if ip:%s is subnet of %s' % (source_ip, allowed_ips))
1942 1941 source_ip_address = ipaddress.ip_address(source_ip)
1943 1942 if isinstance(allowed_ips, (tuple, list, set)):
1944 1943 for ip in allowed_ips:
1945 1944 try:
1946 1945 network_address = ipaddress.ip_network(ip, strict=False)
1947 1946 if source_ip_address in network_address:
1948 1947 log.debug('IP %s is network %s' %
1949 1948 (source_ip_address, network_address))
1950 1949 return True
1951 1950 # for any case we cannot determine the IP, don't crash just
1952 1951 # skip it and log as error, we want to say forbidden still when
1953 1952 # sending bad IP
1954 1953 except Exception:
1955 1954 log.error(traceback.format_exc())
1956 1955 continue
1957 1956 return False
1958 1957
1959 1958
1960 1959 def get_cython_compat_decorator(wrapper, func):
1961 1960 """
1962 1961 Creates a cython compatible decorator. The previously used
1963 1962 decorator.decorator() function seems to be incompatible with cython.
1964 1963
1965 1964 :param wrapper: __wrapper method of the decorator class
1966 1965 :param func: decorated function
1967 1966 """
1968 1967 @wraps(func)
1969 1968 def local_wrapper(*args, **kwds):
1970 1969 return wrapper(func, *args, **kwds)
1971 1970 local_wrapper.__wrapped__ = func
1972 1971 return local_wrapper
1972
1973
Show file before | Show file after | Hide comments
@@ -1,98 +1,108 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2016-2017 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21
22 22 import logging
23 23 from pyramid import httpexceptions
24 from pyramid.httpexceptions import HTTPError, HTTPInternalServerError
24 from pyramid.httpexceptions import (
25 HTTPRedirection, HTTPError, HTTPInternalServerError)
25 26 from pyramid.threadlocal import get_current_request
26 27
27 28 from rhodecode.lib.exceptions import VCSServerUnavailable
28 29 from rhodecode.lib.vcs.exceptions import VCSCommunicationError
29 30
30 31
31 32 log = logging.getLogger(__name__)
32 33
33 34
34 35 class PylonsErrorHandlingMiddleware(object):
35 36 """
36 37 This middleware is wrapped around the old pylons application to catch
37 38 errors and invoke our error handling view to return a proper error page.
38 39 """
39 40 def __init__(self, app, error_view, reraise=False):
40 41 self.app = app
41 42 self.error_view = error_view
42 43 self._reraise = reraise
43 44
44 45 def __call__(self, environ, start_response):
45 46 # We need to use the pyramid request here instead of creating a custom
46 47 # instance from the environ because this request maybe passed to the
47 48 # error handler view which is a pyramid view and expects a pyramid
48 49 # request which has been processed by the pyramid router.
49 50 request = get_current_request()
50 51
51 52 response = self.handle_request(request)
52 53 return response(environ, start_response)
53 54
54 55 def is_http_error(self, response):
55 56 # webob type error responses
56 return (400 <= response.status_int <= 599)
57 return 400 <= response.status_int <= 599
57 58
58 59 def reraise(self):
59 60 return self._reraise
60 61
61 62 def handle_request(self, request):
62 63 """
63 64 Calls the underlying WSGI app (typically the old RhodeCode pylons app)
64 65 and returns the response if no error happened. In case of an error it
65 66 invokes the error handling view to return a proper error page as
66 67 response.
67 68
68 69 - old webob type exceptions get converted to pyramid exceptions
69 70 - pyramid exceptions are passed to the error handler view
70 71 """
71 72 try:
72 73 response = request.get_response(self.app)
73 74 if self.is_http_error(response):
74 75 response = webob_to_pyramid_http_response(response)
75 76 return self.error_view(response, request)
76 except HTTPError as e: # pyramid type exceptions
77 except HTTPRedirection as e:
78 # pyramid type redirection, with status codes in the 300s
79 log.debug('Handling pyramid HTTPRedirection: %s', e)
80 return e
81 except HTTPError as e:
82 # pyramid type exceptions, with status codes in the 400s and 500s
83 log.debug('Handling pyramid HTTPError: %s', e)
77 84 return self.error_view(e, request)
78 85 except Exception as e:
86 log.debug('Handling general error: %s', e)
79 87
80 88 if self.reraise():
81 89 raise
82 90
83 91 if isinstance(e, VCSCommunicationError):
84 92 return self.error_view(VCSServerUnavailable(), request)
85 93
86 94 return self.error_view(HTTPInternalServerError(), request)
87 95
88 96 return response
89 97
90 98
91 99 def webob_to_pyramid_http_response(webob_response):
100 log.debug('response is webob http error[%s], handling now...',
101 webob_response.status_int)
92 102 ResponseClass = httpexceptions.status_map[webob_response.status_int]
93 103 pyramid_response = ResponseClass(webob_response.status)
94 104 pyramid_response.status = webob_response.status
95 105 pyramid_response.headers.update(webob_response.headers)
96 106 if pyramid_response.headers['content-type'] == 'text/html':
97 107 pyramid_response.headers['content-type'] = 'text/html; charset=UTF-8'
98 108 return pyramid_response
General Comments 0
You need to be logged in to leave comments. Login now