##// END OF EJS Templates
encryption: Implement a slightly improved AesCipher encryption....
marcink -
r281:f41dae1c default
parent child Browse files
Show More

The requested changes are too big and content was truncated. Show full diff

@@ -1,614 +1,618 b''
1 ################################################################################
1 ################################################################################
2 ################################################################################
2 ################################################################################
3 # RhodeCode Enterprise - configuration file #
3 # RhodeCode Enterprise - configuration file #
4 # Built-in functions and variables #
4 # Built-in functions and variables #
5 # The %(here)s variable will be replaced with the parent directory of this file#
5 # The %(here)s variable will be replaced with the parent directory of this file#
6 # #
6 # #
7 ################################################################################
7 ################################################################################
8
8
9 [DEFAULT]
9 [DEFAULT]
10 debug = true
10 debug = true
11 ################################################################################
11 ################################################################################
12 ## Uncomment and replace with the email address which should receive ##
12 ## Uncomment and replace with the email address which should receive ##
13 ## any error reports after an application crash ##
13 ## any error reports after an application crash ##
14 ## Additionally these settings will be used by the RhodeCode mailing system ##
14 ## Additionally these settings will be used by the RhodeCode mailing system ##
15 ################################################################################
15 ################################################################################
16 #email_to = admin@localhost
16 #email_to = admin@localhost
17 #error_email_from = paste_error@localhost
17 #error_email_from = paste_error@localhost
18 #app_email_from = rhodecode-noreply@localhost
18 #app_email_from = rhodecode-noreply@localhost
19 #error_message =
19 #error_message =
20 #email_prefix = [RhodeCode]
20 #email_prefix = [RhodeCode]
21
21
22 #smtp_server = mail.server.com
22 #smtp_server = mail.server.com
23 #smtp_username =
23 #smtp_username =
24 #smtp_password =
24 #smtp_password =
25 #smtp_port =
25 #smtp_port =
26 #smtp_use_tls = false
26 #smtp_use_tls = false
27 #smtp_use_ssl = true
27 #smtp_use_ssl = true
28 ## Specify available auth parameters here (e.g. LOGIN PLAIN CRAM-MD5, etc.)
28 ## Specify available auth parameters here (e.g. LOGIN PLAIN CRAM-MD5, etc.)
29 #smtp_auth =
29 #smtp_auth =
30
30
31 [server:main]
31 [server:main]
32 ## COMMON ##
32 ## COMMON ##
33 host = 127.0.0.1
33 host = 127.0.0.1
34 port = 5000
34 port = 5000
35
35
36 ##################################
36 ##################################
37 ## WAITRESS WSGI SERVER ##
37 ## WAITRESS WSGI SERVER ##
38 ## Recommended for Development ##
38 ## Recommended for Development ##
39 ##################################
39 ##################################
40 use = egg:waitress#main
40 use = egg:waitress#main
41 ## number of worker threads
41 ## number of worker threads
42 threads = 5
42 threads = 5
43 ## MAX BODY SIZE 100GB
43 ## MAX BODY SIZE 100GB
44 max_request_body_size = 107374182400
44 max_request_body_size = 107374182400
45 ## Use poll instead of select, fixes file descriptors limits problems.
45 ## Use poll instead of select, fixes file descriptors limits problems.
46 ## May not work on old windows systems.
46 ## May not work on old windows systems.
47 asyncore_use_poll = true
47 asyncore_use_poll = true
48
48
49
49
50 ##########################
50 ##########################
51 ## GUNICORN WSGI SERVER ##
51 ## GUNICORN WSGI SERVER ##
52 ##########################
52 ##########################
53 ## run with gunicorn --log-config <inifile.ini> --paste <inifile.ini>
53 ## run with gunicorn --log-config <inifile.ini> --paste <inifile.ini>
54 #use = egg:gunicorn#main
54 #use = egg:gunicorn#main
55 ## Sets the number of process workers. You must set `instance_id = *`
55 ## Sets the number of process workers. You must set `instance_id = *`
56 ## when this option is set to more than one worker, recommended
56 ## when this option is set to more than one worker, recommended
57 ## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers
57 ## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers
58 ## The `instance_id = *` must be set in the [app:main] section below
58 ## The `instance_id = *` must be set in the [app:main] section below
59 #workers = 2
59 #workers = 2
60 ## number of threads for each of the worker, must be set to 1 for gevent
60 ## number of threads for each of the worker, must be set to 1 for gevent
61 ## generally recommened to be at 1
61 ## generally recommened to be at 1
62 #threads = 1
62 #threads = 1
63 ## process name
63 ## process name
64 #proc_name = rhodecode
64 #proc_name = rhodecode
65 ## type of worker class, one of sync, gevent
65 ## type of worker class, one of sync, gevent
66 ## recommended for bigger setup is using of of other than sync one
66 ## recommended for bigger setup is using of of other than sync one
67 #worker_class = sync
67 #worker_class = sync
68 ## The maximum number of simultaneous clients. Valid only for Gevent
68 ## The maximum number of simultaneous clients. Valid only for Gevent
69 #worker_connections = 10
69 #worker_connections = 10
70 ## max number of requests that worker will handle before being gracefully
70 ## max number of requests that worker will handle before being gracefully
71 ## restarted, could prevent memory leaks
71 ## restarted, could prevent memory leaks
72 #max_requests = 1000
72 #max_requests = 1000
73 #max_requests_jitter = 30
73 #max_requests_jitter = 30
74 ## amount of time a worker can spend with handling a request before it
74 ## amount of time a worker can spend with handling a request before it
75 ## gets killed and restarted. Set to 6hrs
75 ## gets killed and restarted. Set to 6hrs
76 #timeout = 21600
76 #timeout = 21600
77
77
78
78
79 ## prefix middleware for RhodeCode, disables force_https flag.
79 ## prefix middleware for RhodeCode, disables force_https flag.
80 ## allows to set RhodeCode under a prefix in server.
80 ## allows to set RhodeCode under a prefix in server.
81 ## eg https://server.com/<prefix>. Enable `filter-with =` option below as well.
81 ## eg https://server.com/<prefix>. Enable `filter-with =` option below as well.
82 #[filter:proxy-prefix]
82 #[filter:proxy-prefix]
83 #use = egg:PasteDeploy#prefix
83 #use = egg:PasteDeploy#prefix
84 #prefix = /<your-prefix>
84 #prefix = /<your-prefix>
85
85
86 [app:main]
86 [app:main]
87 use = egg:rhodecode-enterprise-ce
87 use = egg:rhodecode-enterprise-ce
88 ## enable proxy prefix middleware, defined below
88 ## enable proxy prefix middleware, defined below
89 #filter-with = proxy-prefix
89 #filter-with = proxy-prefix
90
90
91 # During development the we want to have the debug toolbar enabled
91 # During development the we want to have the debug toolbar enabled
92 pyramid.includes =
92 pyramid.includes =
93 pyramid_debugtoolbar
93 pyramid_debugtoolbar
94 rhodecode.utils.debugtoolbar
94 rhodecode.utils.debugtoolbar
95 rhodecode.lib.middleware.request_wrapper
95 rhodecode.lib.middleware.request_wrapper
96
96
97 pyramid.reload_templates = true
97 pyramid.reload_templates = true
98
98
99 debugtoolbar.hosts = 0.0.0.0/0
99 debugtoolbar.hosts = 0.0.0.0/0
100 debugtoolbar.exclude_prefixes =
100 debugtoolbar.exclude_prefixes =
101 /css
101 /css
102 /fonts
102 /fonts
103 /images
103 /images
104 /js
104 /js
105
105
106 ## RHODECODE PLUGINS ##
106 ## RHODECODE PLUGINS ##
107 rhodecode.includes =
107 rhodecode.includes =
108 rhodecode.api
108 rhodecode.api
109
109
110
110
111 # api prefix url
111 # api prefix url
112 rhodecode.api.url = /_admin/api
112 rhodecode.api.url = /_admin/api
113
113
114
114
115 ## END RHODECODE PLUGINS ##
115 ## END RHODECODE PLUGINS ##
116
116
117 ## encryption key used to encrypt social plugin tokens,
117 ## encryption key used to encrypt social plugin tokens,
118 ## remote_urls with credentials etc, if not set it defaults to
118 ## remote_urls with credentials etc, if not set it defaults to
119 ## `beaker.session.secret`
119 ## `beaker.session.secret`
120 #rhodecode.encrypted_values.secret =
120 #rhodecode.encrypted_values.secret =
121
121
122 ## decryption strict mode (enabled by default). It controls if decryption raises
123 ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
124 #rhodecode.encrypted_values.strict = false
125
122 full_stack = true
126 full_stack = true
123
127
124 ## Serve static files via RhodeCode, disable to serve them via HTTP server
128 ## Serve static files via RhodeCode, disable to serve them via HTTP server
125 static_files = true
129 static_files = true
126
130
127 # autogenerate javascript routes file on startup
131 # autogenerate javascript routes file on startup
128 generate_js_files = false
132 generate_js_files = false
129
133
130 ## Optional Languages
134 ## Optional Languages
131 ## en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
135 ## en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
132 lang = en
136 lang = en
133
137
134 ## perform a full repository scan on each server start, this should be
138 ## perform a full repository scan on each server start, this should be
135 ## set to false after first startup, to allow faster server restarts.
139 ## set to false after first startup, to allow faster server restarts.
136 startup.import_repos = false
140 startup.import_repos = false
137
141
138 ## Uncomment and set this path to use archive download cache.
142 ## Uncomment and set this path to use archive download cache.
139 ## Once enabled, generated archives will be cached at this location
143 ## Once enabled, generated archives will be cached at this location
140 ## and served from the cache during subsequent requests for the same archive of
144 ## and served from the cache during subsequent requests for the same archive of
141 ## the repository.
145 ## the repository.
142 #archive_cache_dir = /tmp/tarballcache
146 #archive_cache_dir = /tmp/tarballcache
143
147
144 ## change this to unique ID for security
148 ## change this to unique ID for security
145 app_instance_uuid = rc-production
149 app_instance_uuid = rc-production
146
150
147 ## cut off limit for large diffs (size in bytes)
151 ## cut off limit for large diffs (size in bytes)
148 cut_off_limit_diff = 1024000
152 cut_off_limit_diff = 1024000
149 cut_off_limit_file = 256000
153 cut_off_limit_file = 256000
150
154
151 ## use cache version of scm repo everywhere
155 ## use cache version of scm repo everywhere
152 vcs_full_cache = true
156 vcs_full_cache = true
153
157
154 ## force https in RhodeCode, fixes https redirects, assumes it's always https
158 ## force https in RhodeCode, fixes https redirects, assumes it's always https
155 ## Normally this is controlled by proper http flags sent from http server
159 ## Normally this is controlled by proper http flags sent from http server
156 force_https = false
160 force_https = false
157
161
158 ## use Strict-Transport-Security headers
162 ## use Strict-Transport-Security headers
159 use_htsts = false
163 use_htsts = false
160
164
161 ## number of commits stats will parse on each iteration
165 ## number of commits stats will parse on each iteration
162 commit_parse_limit = 25
166 commit_parse_limit = 25
163
167
164 ## git rev filter option, --all is the default filter, if you need to
168 ## git rev filter option, --all is the default filter, if you need to
165 ## hide all refs in changelog switch this to --branches --tags
169 ## hide all refs in changelog switch this to --branches --tags
166 git_rev_filter = --branches --tags
170 git_rev_filter = --branches --tags
167
171
168 # Set to true if your repos are exposed using the dumb protocol
172 # Set to true if your repos are exposed using the dumb protocol
169 git_update_server_info = false
173 git_update_server_info = false
170
174
171 ## RSS/ATOM feed options
175 ## RSS/ATOM feed options
172 rss_cut_off_limit = 256000
176 rss_cut_off_limit = 256000
173 rss_items_per_page = 10
177 rss_items_per_page = 10
174 rss_include_diff = false
178 rss_include_diff = false
175
179
176 ## gist URL alias, used to create nicer urls for gist. This should be an
180 ## gist URL alias, used to create nicer urls for gist. This should be an
177 ## url that does rewrites to _admin/gists/<gistid>.
181 ## url that does rewrites to _admin/gists/<gistid>.
178 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
182 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
179 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/<gistid>
183 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/<gistid>
180 gist_alias_url =
184 gist_alias_url =
181
185
182 ## List of controllers (using glob pattern syntax) that AUTH TOKENS could be
186 ## List of controllers (using glob pattern syntax) that AUTH TOKENS could be
183 ## used for access.
187 ## used for access.
184 ## Adding ?auth_token = <token> to the url authenticates this request as if it
188 ## Adding ?auth_token = <token> to the url authenticates this request as if it
185 ## came from the the logged in user who own this authentication token.
189 ## came from the the logged in user who own this authentication token.
186 ##
190 ##
187 ## Syntax is <ControllerClass>:<function_pattern>.
191 ## Syntax is <ControllerClass>:<function_pattern>.
188 ## To enable access to raw_files put `FilesController:raw`.
192 ## To enable access to raw_files put `FilesController:raw`.
189 ## To enable access to patches add `ChangesetController:changeset_patch`.
193 ## To enable access to patches add `ChangesetController:changeset_patch`.
190 ## The list should be "," separated and on a single line.
194 ## The list should be "," separated and on a single line.
191 ##
195 ##
192 ## Recommended controllers to enable:
196 ## Recommended controllers to enable:
193 # ChangesetController:changeset_patch,
197 # ChangesetController:changeset_patch,
194 # ChangesetController:changeset_raw,
198 # ChangesetController:changeset_raw,
195 # FilesController:raw,
199 # FilesController:raw,
196 # FilesController:archivefile,
200 # FilesController:archivefile,
197 # GistsController:*,
201 # GistsController:*,
198 api_access_controllers_whitelist =
202 api_access_controllers_whitelist =
199
203
200 ## default encoding used to convert from and to unicode
204 ## default encoding used to convert from and to unicode
201 ## can be also a comma separated list of encoding in case of mixed encodings
205 ## can be also a comma separated list of encoding in case of mixed encodings
202 default_encoding = UTF-8
206 default_encoding = UTF-8
203
207
204 ## instance-id prefix
208 ## instance-id prefix
205 ## a prefix key for this instance used for cache invalidation when running
209 ## a prefix key for this instance used for cache invalidation when running
206 ## multiple instances of rhodecode, make sure it's globally unique for
210 ## multiple instances of rhodecode, make sure it's globally unique for
207 ## all running rhodecode instances. Leave empty if you don't use it
211 ## all running rhodecode instances. Leave empty if you don't use it
208 instance_id =
212 instance_id =
209
213
210 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
214 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
211 ## of an authentication plugin also if it is disabled by it's settings.
215 ## of an authentication plugin also if it is disabled by it's settings.
212 ## This could be useful if you are unable to log in to the system due to broken
216 ## This could be useful if you are unable to log in to the system due to broken
213 ## authentication settings. Then you can enable e.g. the internal rhodecode auth
217 ## authentication settings. Then you can enable e.g. the internal rhodecode auth
214 ## module to log in again and fix the settings.
218 ## module to log in again and fix the settings.
215 ##
219 ##
216 ## Available builtin plugin IDs (hash is part of the ID):
220 ## Available builtin plugin IDs (hash is part of the ID):
217 ## egg:rhodecode-enterprise-ce#rhodecode
221 ## egg:rhodecode-enterprise-ce#rhodecode
218 ## egg:rhodecode-enterprise-ce#pam
222 ## egg:rhodecode-enterprise-ce#pam
219 ## egg:rhodecode-enterprise-ce#ldap
223 ## egg:rhodecode-enterprise-ce#ldap
220 ## egg:rhodecode-enterprise-ce#jasig_cas
224 ## egg:rhodecode-enterprise-ce#jasig_cas
221 ## egg:rhodecode-enterprise-ce#headers
225 ## egg:rhodecode-enterprise-ce#headers
222 ## egg:rhodecode-enterprise-ce#crowd
226 ## egg:rhodecode-enterprise-ce#crowd
223 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
227 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
224
228
225 ## alternative return HTTP header for failed authentication. Default HTTP
229 ## alternative return HTTP header for failed authentication. Default HTTP
226 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
230 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
227 ## handling that causing a series of failed authentication calls.
231 ## handling that causing a series of failed authentication calls.
228 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
232 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
229 ## This will be served instead of default 401 on bad authnetication
233 ## This will be served instead of default 401 on bad authnetication
230 auth_ret_code =
234 auth_ret_code =
231
235
232 ## use special detection method when serving auth_ret_code, instead of serving
236 ## use special detection method when serving auth_ret_code, instead of serving
233 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
237 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
234 ## and then serve auth_ret_code to clients
238 ## and then serve auth_ret_code to clients
235 auth_ret_code_detection = false
239 auth_ret_code_detection = false
236
240
237 ## locking return code. When repository is locked return this HTTP code. 2XX
241 ## locking return code. When repository is locked return this HTTP code. 2XX
238 ## codes don't break the transactions while 4XX codes do
242 ## codes don't break the transactions while 4XX codes do
239 lock_ret_code = 423
243 lock_ret_code = 423
240
244
241 ## allows to change the repository location in settings page
245 ## allows to change the repository location in settings page
242 allow_repo_location_change = true
246 allow_repo_location_change = true
243
247
244 ## allows to setup custom hooks in settings page
248 ## allows to setup custom hooks in settings page
245 allow_custom_hooks_settings = true
249 allow_custom_hooks_settings = true
246
250
247 ## generated license token, goto license page in RhodeCode settings to obtain
251 ## generated license token, goto license page in RhodeCode settings to obtain
248 ## new token
252 ## new token
249 license_token =
253 license_token =
250
254
251 ## supervisor connection uri, for managing supervisor and logs.
255 ## supervisor connection uri, for managing supervisor and logs.
252 supervisor.uri =
256 supervisor.uri =
253 ## supervisord group name/id we only want this RC instance to handle
257 ## supervisord group name/id we only want this RC instance to handle
254 supervisor.group_id = dev
258 supervisor.group_id = dev
255
259
256 ## Display extended labs settings
260 ## Display extended labs settings
257 labs_settings_active = true
261 labs_settings_active = true
258
262
259 ####################################
263 ####################################
260 ### CELERY CONFIG ####
264 ### CELERY CONFIG ####
261 ####################################
265 ####################################
262 use_celery = false
266 use_celery = false
263 broker.host = localhost
267 broker.host = localhost
264 broker.vhost = rabbitmqhost
268 broker.vhost = rabbitmqhost
265 broker.port = 5672
269 broker.port = 5672
266 broker.user = rabbitmq
270 broker.user = rabbitmq
267 broker.password = qweqwe
271 broker.password = qweqwe
268
272
269 celery.imports = rhodecode.lib.celerylib.tasks
273 celery.imports = rhodecode.lib.celerylib.tasks
270
274
271 celery.result.backend = amqp
275 celery.result.backend = amqp
272 celery.result.dburi = amqp://
276 celery.result.dburi = amqp://
273 celery.result.serialier = json
277 celery.result.serialier = json
274
278
275 #celery.send.task.error.emails = true
279 #celery.send.task.error.emails = true
276 #celery.amqp.task.result.expires = 18000
280 #celery.amqp.task.result.expires = 18000
277
281
278 celeryd.concurrency = 2
282 celeryd.concurrency = 2
279 #celeryd.log.file = celeryd.log
283 #celeryd.log.file = celeryd.log
280 celeryd.log.level = debug
284 celeryd.log.level = debug
281 celeryd.max.tasks.per.child = 1
285 celeryd.max.tasks.per.child = 1
282
286
283 ## tasks will never be sent to the queue, but executed locally instead.
287 ## tasks will never be sent to the queue, but executed locally instead.
284 celery.always.eager = false
288 celery.always.eager = false
285
289
286 ####################################
290 ####################################
287 ### BEAKER CACHE ####
291 ### BEAKER CACHE ####
288 ####################################
292 ####################################
289 # default cache dir for templates. Putting this into a ramdisk
293 # default cache dir for templates. Putting this into a ramdisk
290 ## can boost performance, eg. %(here)s/data_ramdisk
294 ## can boost performance, eg. %(here)s/data_ramdisk
291 cache_dir = %(here)s/data
295 cache_dir = %(here)s/data
292
296
293 ## locking and default file storage for Beaker. Putting this into a ramdisk
297 ## locking and default file storage for Beaker. Putting this into a ramdisk
294 ## can boost performance, eg. %(here)s/data_ramdisk/cache/beaker_data
298 ## can boost performance, eg. %(here)s/data_ramdisk/cache/beaker_data
295 beaker.cache.data_dir = %(here)s/data/cache/beaker_data
299 beaker.cache.data_dir = %(here)s/data/cache/beaker_data
296 beaker.cache.lock_dir = %(here)s/data/cache/beaker_lock
300 beaker.cache.lock_dir = %(here)s/data/cache/beaker_lock
297
301
298 beaker.cache.regions = super_short_term, short_term, long_term, sql_cache_short, auth_plugins, repo_cache_long
302 beaker.cache.regions = super_short_term, short_term, long_term, sql_cache_short, auth_plugins, repo_cache_long
299
303
300 beaker.cache.super_short_term.type = memory
304 beaker.cache.super_short_term.type = memory
301 beaker.cache.super_short_term.expire = 10
305 beaker.cache.super_short_term.expire = 10
302 beaker.cache.super_short_term.key_length = 256
306 beaker.cache.super_short_term.key_length = 256
303
307
304 beaker.cache.short_term.type = memory
308 beaker.cache.short_term.type = memory
305 beaker.cache.short_term.expire = 60
309 beaker.cache.short_term.expire = 60
306 beaker.cache.short_term.key_length = 256
310 beaker.cache.short_term.key_length = 256
307
311
308 beaker.cache.long_term.type = memory
312 beaker.cache.long_term.type = memory
309 beaker.cache.long_term.expire = 36000
313 beaker.cache.long_term.expire = 36000
310 beaker.cache.long_term.key_length = 256
314 beaker.cache.long_term.key_length = 256
311
315
312 beaker.cache.sql_cache_short.type = memory
316 beaker.cache.sql_cache_short.type = memory
313 beaker.cache.sql_cache_short.expire = 10
317 beaker.cache.sql_cache_short.expire = 10
314 beaker.cache.sql_cache_short.key_length = 256
318 beaker.cache.sql_cache_short.key_length = 256
315
319
316 # default is memory cache, configure only if required
320 # default is memory cache, configure only if required
317 # using multi-node or multi-worker setup
321 # using multi-node or multi-worker setup
318 #beaker.cache.auth_plugins.type = ext:database
322 #beaker.cache.auth_plugins.type = ext:database
319 #beaker.cache.auth_plugins.lock_dir = %(here)s/data/cache/auth_plugin_lock
323 #beaker.cache.auth_plugins.lock_dir = %(here)s/data/cache/auth_plugin_lock
320 #beaker.cache.auth_plugins.url = postgresql://postgres:secret@localhost/rhodecode
324 #beaker.cache.auth_plugins.url = postgresql://postgres:secret@localhost/rhodecode
321 #beaker.cache.auth_plugins.url = mysql://root:secret@127.0.0.1/rhodecode
325 #beaker.cache.auth_plugins.url = mysql://root:secret@127.0.0.1/rhodecode
322 #beaker.cache.auth_plugins.sa.pool_recycle = 3600
326 #beaker.cache.auth_plugins.sa.pool_recycle = 3600
323 #beaker.cache.auth_plugins.sa.pool_size = 10
327 #beaker.cache.auth_plugins.sa.pool_size = 10
324 #beaker.cache.auth_plugins.sa.max_overflow = 0
328 #beaker.cache.auth_plugins.sa.max_overflow = 0
325
329
326 beaker.cache.repo_cache_long.type = memorylru_base
330 beaker.cache.repo_cache_long.type = memorylru_base
327 beaker.cache.repo_cache_long.max_items = 4096
331 beaker.cache.repo_cache_long.max_items = 4096
328 beaker.cache.repo_cache_long.expire = 2592000
332 beaker.cache.repo_cache_long.expire = 2592000
329
333
330 # default is memorylru_base cache, configure only if required
334 # default is memorylru_base cache, configure only if required
331 # using multi-node or multi-worker setup
335 # using multi-node or multi-worker setup
332 #beaker.cache.repo_cache_long.type = ext:memcached
336 #beaker.cache.repo_cache_long.type = ext:memcached
333 #beaker.cache.repo_cache_long.url = localhost:11211
337 #beaker.cache.repo_cache_long.url = localhost:11211
334 #beaker.cache.repo_cache_long.expire = 1209600
338 #beaker.cache.repo_cache_long.expire = 1209600
335 #beaker.cache.repo_cache_long.key_length = 256
339 #beaker.cache.repo_cache_long.key_length = 256
336
340
337 ####################################
341 ####################################
338 ### BEAKER SESSION ####
342 ### BEAKER SESSION ####
339 ####################################
343 ####################################
340
344
341 ## .session.type is type of storage options for the session, current allowed
345 ## .session.type is type of storage options for the session, current allowed
342 ## types are file, ext:memcached, ext:database, and memory (default).
346 ## types are file, ext:memcached, ext:database, and memory (default).
343 beaker.session.type = file
347 beaker.session.type = file
344 beaker.session.data_dir = %(here)s/data/sessions/data
348 beaker.session.data_dir = %(here)s/data/sessions/data
345
349
346 ## db based session, fast, and allows easy management over logged in users ##
350 ## db based session, fast, and allows easy management over logged in users ##
347 #beaker.session.type = ext:database
351 #beaker.session.type = ext:database
348 #beaker.session.table_name = db_session
352 #beaker.session.table_name = db_session
349 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
353 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
350 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
354 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
351 #beaker.session.sa.pool_recycle = 3600
355 #beaker.session.sa.pool_recycle = 3600
352 #beaker.session.sa.echo = false
356 #beaker.session.sa.echo = false
353
357
354 beaker.session.key = rhodecode
358 beaker.session.key = rhodecode
355 beaker.session.secret = develop-rc-uytcxaz
359 beaker.session.secret = develop-rc-uytcxaz
356 beaker.session.lock_dir = %(here)s/data/sessions/lock
360 beaker.session.lock_dir = %(here)s/data/sessions/lock
357
361
358 ## Secure encrypted cookie. Requires AES and AES python libraries
362 ## Secure encrypted cookie. Requires AES and AES python libraries
359 ## you must disable beaker.session.secret to use this
363 ## you must disable beaker.session.secret to use this
360 #beaker.session.encrypt_key = <key_for_encryption>
364 #beaker.session.encrypt_key = <key_for_encryption>
361 #beaker.session.validate_key = <validation_key>
365 #beaker.session.validate_key = <validation_key>
362
366
363 ## sets session as invalid(also logging out user) if it haven not been
367 ## sets session as invalid(also logging out user) if it haven not been
364 ## accessed for given amount of time in seconds
368 ## accessed for given amount of time in seconds
365 beaker.session.timeout = 2592000
369 beaker.session.timeout = 2592000
366 beaker.session.httponly = true
370 beaker.session.httponly = true
367 #beaker.session.cookie_path = /<your-prefix>
371 #beaker.session.cookie_path = /<your-prefix>
368
372
369 ## uncomment for https secure cookie
373 ## uncomment for https secure cookie
370 beaker.session.secure = false
374 beaker.session.secure = false
371
375
372 ## auto save the session to not to use .save()
376 ## auto save the session to not to use .save()
373 beaker.session.auto = false
377 beaker.session.auto = false
374
378
375 ## default cookie expiration time in seconds, set to `true` to set expire
379 ## default cookie expiration time in seconds, set to `true` to set expire
376 ## at browser close
380 ## at browser close
377 #beaker.session.cookie_expires = 3600
381 #beaker.session.cookie_expires = 3600
378
382
379 ###################################
383 ###################################
380 ## SEARCH INDEXING CONFIGURATION ##
384 ## SEARCH INDEXING CONFIGURATION ##
381 ###################################
385 ###################################
382 ## Full text search indexer is available in rhodecode-tools under
386 ## Full text search indexer is available in rhodecode-tools under
383 ## `rhodecode-tools index` command
387 ## `rhodecode-tools index` command
384
388
385 # WHOOSH Backend, doesn't require additional services to run
389 # WHOOSH Backend, doesn't require additional services to run
386 # it works good with few dozen repos
390 # it works good with few dozen repos
387 search.module = rhodecode.lib.index.whoosh
391 search.module = rhodecode.lib.index.whoosh
388 search.location = %(here)s/data/index
392 search.location = %(here)s/data/index
389
393
390 ###################################
394 ###################################
391 ## APPENLIGHT CONFIG ##
395 ## APPENLIGHT CONFIG ##
392 ###################################
396 ###################################
393
397
394 ## Appenlight is tailored to work with RhodeCode, see
398 ## Appenlight is tailored to work with RhodeCode, see
395 ## http://appenlight.com for details how to obtain an account
399 ## http://appenlight.com for details how to obtain an account
396
400
397 ## appenlight integration enabled
401 ## appenlight integration enabled
398 appenlight = false
402 appenlight = false
399
403
400 appenlight.server_url = https://api.appenlight.com
404 appenlight.server_url = https://api.appenlight.com
401 appenlight.api_key = YOUR_API_KEY
405 appenlight.api_key = YOUR_API_KEY
402 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
406 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
403
407
404 # used for JS client
408 # used for JS client
405 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
409 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
406
410
407 ## TWEAK AMOUNT OF INFO SENT HERE
411 ## TWEAK AMOUNT OF INFO SENT HERE
408
412
409 ## enables 404 error logging (default False)
413 ## enables 404 error logging (default False)
410 appenlight.report_404 = false
414 appenlight.report_404 = false
411
415
412 ## time in seconds after request is considered being slow (default 1)
416 ## time in seconds after request is considered being slow (default 1)
413 appenlight.slow_request_time = 1
417 appenlight.slow_request_time = 1
414
418
415 ## record slow requests in application
419 ## record slow requests in application
416 ## (needs to be enabled for slow datastore recording and time tracking)
420 ## (needs to be enabled for slow datastore recording and time tracking)
417 appenlight.slow_requests = true
421 appenlight.slow_requests = true
418
422
419 ## enable hooking to application loggers
423 ## enable hooking to application loggers
420 appenlight.logging = true
424 appenlight.logging = true
421
425
422 ## minimum log level for log capture
426 ## minimum log level for log capture
423 appenlight.logging.level = WARNING
427 appenlight.logging.level = WARNING
424
428
425 ## send logs only from erroneous/slow requests
429 ## send logs only from erroneous/slow requests
426 ## (saves API quota for intensive logging)
430 ## (saves API quota for intensive logging)
427 appenlight.logging_on_error = false
431 appenlight.logging_on_error = false
428
432
429 ## list of additonal keywords that should be grabbed from environ object
433 ## list of additonal keywords that should be grabbed from environ object
430 ## can be string with comma separated list of words in lowercase
434 ## can be string with comma separated list of words in lowercase
431 ## (by default client will always send following info:
435 ## (by default client will always send following info:
432 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
436 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
433 ## start with HTTP* this list be extended with additional keywords here
437 ## start with HTTP* this list be extended with additional keywords here
434 appenlight.environ_keys_whitelist =
438 appenlight.environ_keys_whitelist =
435
439
436 ## list of keywords that should be blanked from request object
440 ## list of keywords that should be blanked from request object
437 ## can be string with comma separated list of words in lowercase
441 ## can be string with comma separated list of words in lowercase
438 ## (by default client will always blank keys that contain following words
442 ## (by default client will always blank keys that contain following words
439 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
443 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
440 ## this list be extended with additional keywords set here
444 ## this list be extended with additional keywords set here
441 appenlight.request_keys_blacklist =
445 appenlight.request_keys_blacklist =
442
446
443 ## list of namespaces that should be ignores when gathering log entries
447 ## list of namespaces that should be ignores when gathering log entries
444 ## can be string with comma separated list of namespaces
448 ## can be string with comma separated list of namespaces
445 ## (by default the client ignores own entries: appenlight_client.client)
449 ## (by default the client ignores own entries: appenlight_client.client)
446 appenlight.log_namespace_blacklist =
450 appenlight.log_namespace_blacklist =
447
451
448
452
449 ################################################################################
453 ################################################################################
450 ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT* ##
454 ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT* ##
451 ## Debug mode will enable the interactive debugging tool, allowing ANYONE to ##
455 ## Debug mode will enable the interactive debugging tool, allowing ANYONE to ##
452 ## execute malicious code after an exception is raised. ##
456 ## execute malicious code after an exception is raised. ##
453 ################################################################################
457 ################################################################################
454 #set debug = false
458 #set debug = false
455
459
456
460
457 ##############
461 ##############
458 ## STYLING ##
462 ## STYLING ##
459 ##############
463 ##############
460 debug_style = true
464 debug_style = true
461
465
462 #########################################################
466 #########################################################
463 ### DB CONFIGS - EACH DB WILL HAVE IT'S OWN CONFIG ###
467 ### DB CONFIGS - EACH DB WILL HAVE IT'S OWN CONFIG ###
464 #########################################################
468 #########################################################
465 sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
469 sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
466 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
470 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
467 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode
471 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode
468
472
469 # see sqlalchemy docs for other advanced settings
473 # see sqlalchemy docs for other advanced settings
470
474
471 ## print the sql statements to output
475 ## print the sql statements to output
472 sqlalchemy.db1.echo = false
476 sqlalchemy.db1.echo = false
473 ## recycle the connections after this ammount of seconds
477 ## recycle the connections after this ammount of seconds
474 sqlalchemy.db1.pool_recycle = 3600
478 sqlalchemy.db1.pool_recycle = 3600
475 sqlalchemy.db1.convert_unicode = true
479 sqlalchemy.db1.convert_unicode = true
476
480
477 ## the number of connections to keep open inside the connection pool.
481 ## the number of connections to keep open inside the connection pool.
478 ## 0 indicates no limit
482 ## 0 indicates no limit
479 #sqlalchemy.db1.pool_size = 5
483 #sqlalchemy.db1.pool_size = 5
480
484
481 ## the number of connections to allow in connection pool "overflow", that is
485 ## the number of connections to allow in connection pool "overflow", that is
482 ## connections that can be opened above and beyond the pool_size setting,
486 ## connections that can be opened above and beyond the pool_size setting,
483 ## which defaults to five.
487 ## which defaults to five.
484 #sqlalchemy.db1.max_overflow = 10
488 #sqlalchemy.db1.max_overflow = 10
485
489
486
490
487 ##################
491 ##################
488 ### VCS CONFIG ###
492 ### VCS CONFIG ###
489 ##################
493 ##################
490 vcs.server.enable = true
494 vcs.server.enable = true
491 vcs.server = localhost:9900
495 vcs.server = localhost:9900
492
496
493 ## Web server connectivity protocol, responsible for web based VCS operatations
497 ## Web server connectivity protocol, responsible for web based VCS operatations
494 ## Available protocols are:
498 ## Available protocols are:
495 ## `pyro4` - using pyro4 server
499 ## `pyro4` - using pyro4 server
496 ## `http` - using http-rpc backend
500 ## `http` - using http-rpc backend
497 #vcs.server.protocol = http
501 #vcs.server.protocol = http
498
502
499 ## Push/Pull operations protocol, available options are:
503 ## Push/Pull operations protocol, available options are:
500 ## `pyro4` - using pyro4 server
504 ## `pyro4` - using pyro4 server
501 ## `rhodecode.lib.middleware.utils.scm_app_http` - Http based, recommended
505 ## `rhodecode.lib.middleware.utils.scm_app_http` - Http based, recommended
502 ## `vcsserver.scm_app` - internal app (EE only)
506 ## `vcsserver.scm_app` - internal app (EE only)
503 #vcs.scm_app_implementation = rhodecode.lib.middleware.utils.scm_app_http
507 #vcs.scm_app_implementation = rhodecode.lib.middleware.utils.scm_app_http
504
508
505 ## Push/Pull operations hooks protocol, available options are:
509 ## Push/Pull operations hooks protocol, available options are:
506 ## `pyro4` - using pyro4 server
510 ## `pyro4` - using pyro4 server
507 ## `http` - using http-rpc backend
511 ## `http` - using http-rpc backend
508 #vcs.hooks.protocol = http
512 #vcs.hooks.protocol = http
509
513
510 vcs.server.log_level = debug
514 vcs.server.log_level = debug
511 ## Start VCSServer with this instance as a subprocess, usefull for development
515 ## Start VCSServer with this instance as a subprocess, usefull for development
512 vcs.start_server = true
516 vcs.start_server = true
513 vcs.backends = hg, git, svn
517 vcs.backends = hg, git, svn
514 vcs.connection_timeout = 3600
518 vcs.connection_timeout = 3600
515 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
519 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
516 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible
520 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible
517 #vcs.svn.compatible_version = pre-1.8-compatible
521 #vcs.svn.compatible_version = pre-1.8-compatible
518
522
519 ################################
523 ################################
520 ### LOGGING CONFIGURATION ####
524 ### LOGGING CONFIGURATION ####
521 ################################
525 ################################
522 [loggers]
526 [loggers]
523 keys = root, routes, rhodecode, sqlalchemy, beaker, pyro4, templates, whoosh_indexer
527 keys = root, routes, rhodecode, sqlalchemy, beaker, pyro4, templates, whoosh_indexer
524
528
525 [handlers]
529 [handlers]
526 keys = console, console_sql
530 keys = console, console_sql
527
531
528 [formatters]
532 [formatters]
529 keys = generic, color_formatter, color_formatter_sql
533 keys = generic, color_formatter, color_formatter_sql
530
534
531 #############
535 #############
532 ## LOGGERS ##
536 ## LOGGERS ##
533 #############
537 #############
534 [logger_root]
538 [logger_root]
535 level = NOTSET
539 level = NOTSET
536 handlers = console
540 handlers = console
537
541
538 [logger_routes]
542 [logger_routes]
539 level = DEBUG
543 level = DEBUG
540 handlers =
544 handlers =
541 qualname = routes.middleware
545 qualname = routes.middleware
542 ## "level = DEBUG" logs the route matched and routing variables.
546 ## "level = DEBUG" logs the route matched and routing variables.
543 propagate = 1
547 propagate = 1
544
548
545 [logger_beaker]
549 [logger_beaker]
546 level = DEBUG
550 level = DEBUG
547 handlers =
551 handlers =
548 qualname = beaker.container
552 qualname = beaker.container
549 propagate = 1
553 propagate = 1
550
554
551 [logger_pyro4]
555 [logger_pyro4]
552 level = DEBUG
556 level = DEBUG
553 handlers =
557 handlers =
554 qualname = Pyro4
558 qualname = Pyro4
555 propagate = 1
559 propagate = 1
556
560
557 [logger_templates]
561 [logger_templates]
558 level = INFO
562 level = INFO
559 handlers =
563 handlers =
560 qualname = pylons.templating
564 qualname = pylons.templating
561 propagate = 1
565 propagate = 1
562
566
563 [logger_rhodecode]
567 [logger_rhodecode]
564 level = DEBUG
568 level = DEBUG
565 handlers =
569 handlers =
566 qualname = rhodecode
570 qualname = rhodecode
567 propagate = 1
571 propagate = 1
568
572
569 [logger_sqlalchemy]
573 [logger_sqlalchemy]
570 level = INFO
574 level = INFO
571 handlers = console_sql
575 handlers = console_sql
572 qualname = sqlalchemy.engine
576 qualname = sqlalchemy.engine
573 propagate = 0
577 propagate = 0
574
578
575 [logger_whoosh_indexer]
579 [logger_whoosh_indexer]
576 level = DEBUG
580 level = DEBUG
577 handlers =
581 handlers =
578 qualname = whoosh_indexer
582 qualname = whoosh_indexer
579 propagate = 1
583 propagate = 1
580
584
581 ##############
585 ##############
582 ## HANDLERS ##
586 ## HANDLERS ##
583 ##############
587 ##############
584
588
585 [handler_console]
589 [handler_console]
586 class = StreamHandler
590 class = StreamHandler
587 args = (sys.stderr,)
591 args = (sys.stderr,)
588 level = DEBUG
592 level = DEBUG
589 formatter = color_formatter
593 formatter = color_formatter
590
594
591 [handler_console_sql]
595 [handler_console_sql]
592 class = StreamHandler
596 class = StreamHandler
593 args = (sys.stderr,)
597 args = (sys.stderr,)
594 level = DEBUG
598 level = DEBUG
595 formatter = color_formatter_sql
599 formatter = color_formatter_sql
596
600
597 ################
601 ################
598 ## FORMATTERS ##
602 ## FORMATTERS ##
599 ################
603 ################
600
604
601 [formatter_generic]
605 [formatter_generic]
602 class = rhodecode.lib.logging_formatter.Pyro4AwareFormatter
606 class = rhodecode.lib.logging_formatter.Pyro4AwareFormatter
603 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
607 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
604 datefmt = %Y-%m-%d %H:%M:%S
608 datefmt = %Y-%m-%d %H:%M:%S
605
609
606 [formatter_color_formatter]
610 [formatter_color_formatter]
607 class = rhodecode.lib.logging_formatter.ColorFormatter
611 class = rhodecode.lib.logging_formatter.ColorFormatter
608 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
612 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
609 datefmt = %Y-%m-%d %H:%M:%S
613 datefmt = %Y-%m-%d %H:%M:%S
610
614
611 [formatter_color_formatter_sql]
615 [formatter_color_formatter_sql]
612 class = rhodecode.lib.logging_formatter.ColorFormatterSql
616 class = rhodecode.lib.logging_formatter.ColorFormatterSql
613 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
617 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
614 datefmt = %Y-%m-%d %H:%M:%S
618 datefmt = %Y-%m-%d %H:%M:%S
@@ -1,583 +1,587 b''
1 ################################################################################
1 ################################################################################
2 ################################################################################
2 ################################################################################
3 # RhodeCode Enterprise - configuration file #
3 # RhodeCode Enterprise - configuration file #
4 # Built-in functions and variables #
4 # Built-in functions and variables #
5 # The %(here)s variable will be replaced with the parent directory of this file#
5 # The %(here)s variable will be replaced with the parent directory of this file#
6 # #
6 # #
7 ################################################################################
7 ################################################################################
8
8
9 [DEFAULT]
9 [DEFAULT]
10 debug = true
10 debug = true
11 ################################################################################
11 ################################################################################
12 ## Uncomment and replace with the email address which should receive ##
12 ## Uncomment and replace with the email address which should receive ##
13 ## any error reports after an application crash ##
13 ## any error reports after an application crash ##
14 ## Additionally these settings will be used by the RhodeCode mailing system ##
14 ## Additionally these settings will be used by the RhodeCode mailing system ##
15 ################################################################################
15 ################################################################################
16 #email_to = admin@localhost
16 #email_to = admin@localhost
17 #error_email_from = paste_error@localhost
17 #error_email_from = paste_error@localhost
18 #app_email_from = rhodecode-noreply@localhost
18 #app_email_from = rhodecode-noreply@localhost
19 #error_message =
19 #error_message =
20 #email_prefix = [RhodeCode]
20 #email_prefix = [RhodeCode]
21
21
22 #smtp_server = mail.server.com
22 #smtp_server = mail.server.com
23 #smtp_username =
23 #smtp_username =
24 #smtp_password =
24 #smtp_password =
25 #smtp_port =
25 #smtp_port =
26 #smtp_use_tls = false
26 #smtp_use_tls = false
27 #smtp_use_ssl = true
27 #smtp_use_ssl = true
28 ## Specify available auth parameters here (e.g. LOGIN PLAIN CRAM-MD5, etc.)
28 ## Specify available auth parameters here (e.g. LOGIN PLAIN CRAM-MD5, etc.)
29 #smtp_auth =
29 #smtp_auth =
30
30
31 [server:main]
31 [server:main]
32 ## COMMON ##
32 ## COMMON ##
33 host = 127.0.0.1
33 host = 127.0.0.1
34 port = 5000
34 port = 5000
35
35
36 ##################################
36 ##################################
37 ## WAITRESS WSGI SERVER ##
37 ## WAITRESS WSGI SERVER ##
38 ## Recommended for Development ##
38 ## Recommended for Development ##
39 ##################################
39 ##################################
40 #use = egg:waitress#main
40 #use = egg:waitress#main
41 ## number of worker threads
41 ## number of worker threads
42 #threads = 5
42 #threads = 5
43 ## MAX BODY SIZE 100GB
43 ## MAX BODY SIZE 100GB
44 #max_request_body_size = 107374182400
44 #max_request_body_size = 107374182400
45 ## Use poll instead of select, fixes file descriptors limits problems.
45 ## Use poll instead of select, fixes file descriptors limits problems.
46 ## May not work on old windows systems.
46 ## May not work on old windows systems.
47 #asyncore_use_poll = true
47 #asyncore_use_poll = true
48
48
49
49
50 ##########################
50 ##########################
51 ## GUNICORN WSGI SERVER ##
51 ## GUNICORN WSGI SERVER ##
52 ##########################
52 ##########################
53 ## run with gunicorn --log-config <inifile.ini> --paste <inifile.ini>
53 ## run with gunicorn --log-config <inifile.ini> --paste <inifile.ini>
54 use = egg:gunicorn#main
54 use = egg:gunicorn#main
55 ## Sets the number of process workers. You must set `instance_id = *`
55 ## Sets the number of process workers. You must set `instance_id = *`
56 ## when this option is set to more than one worker, recommended
56 ## when this option is set to more than one worker, recommended
57 ## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers
57 ## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers
58 ## The `instance_id = *` must be set in the [app:main] section below
58 ## The `instance_id = *` must be set in the [app:main] section below
59 workers = 2
59 workers = 2
60 ## number of threads for each of the worker, must be set to 1 for gevent
60 ## number of threads for each of the worker, must be set to 1 for gevent
61 ## generally recommened to be at 1
61 ## generally recommened to be at 1
62 #threads = 1
62 #threads = 1
63 ## process name
63 ## process name
64 proc_name = rhodecode
64 proc_name = rhodecode
65 ## type of worker class, one of sync, gevent
65 ## type of worker class, one of sync, gevent
66 ## recommended for bigger setup is using of of other than sync one
66 ## recommended for bigger setup is using of of other than sync one
67 worker_class = sync
67 worker_class = sync
68 ## The maximum number of simultaneous clients. Valid only for Gevent
68 ## The maximum number of simultaneous clients. Valid only for Gevent
69 #worker_connections = 10
69 #worker_connections = 10
70 ## max number of requests that worker will handle before being gracefully
70 ## max number of requests that worker will handle before being gracefully
71 ## restarted, could prevent memory leaks
71 ## restarted, could prevent memory leaks
72 max_requests = 1000
72 max_requests = 1000
73 max_requests_jitter = 30
73 max_requests_jitter = 30
74 ## amount of time a worker can spend with handling a request before it
74 ## amount of time a worker can spend with handling a request before it
75 ## gets killed and restarted. Set to 6hrs
75 ## gets killed and restarted. Set to 6hrs
76 timeout = 21600
76 timeout = 21600
77
77
78
78
79 ## prefix middleware for RhodeCode, disables force_https flag.
79 ## prefix middleware for RhodeCode, disables force_https flag.
80 ## allows to set RhodeCode under a prefix in server.
80 ## allows to set RhodeCode under a prefix in server.
81 ## eg https://server.com/<prefix>. Enable `filter-with =` option below as well.
81 ## eg https://server.com/<prefix>. Enable `filter-with =` option below as well.
82 #[filter:proxy-prefix]
82 #[filter:proxy-prefix]
83 #use = egg:PasteDeploy#prefix
83 #use = egg:PasteDeploy#prefix
84 #prefix = /<your-prefix>
84 #prefix = /<your-prefix>
85
85
86 [app:main]
86 [app:main]
87 use = egg:rhodecode-enterprise-ce
87 use = egg:rhodecode-enterprise-ce
88 ## enable proxy prefix middleware, defined below
88 ## enable proxy prefix middleware, defined below
89 #filter-with = proxy-prefix
89 #filter-with = proxy-prefix
90
90
91 ## encryption key used to encrypt social plugin tokens,
91 ## encryption key used to encrypt social plugin tokens,
92 ## remote_urls with credentials etc, if not set it defaults to
92 ## remote_urls with credentials etc, if not set it defaults to
93 ## `beaker.session.secret`
93 ## `beaker.session.secret`
94 #rhodecode.encrypted_values.secret =
94 #rhodecode.encrypted_values.secret =
95
95
96 ## decryption strict mode (enabled by default). It controls if decryption raises
97 ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
98 #rhodecode.encrypted_values.strict = false
99
96 full_stack = true
100 full_stack = true
97
101
98 ## Serve static files via RhodeCode, disable to serve them via HTTP server
102 ## Serve static files via RhodeCode, disable to serve them via HTTP server
99 static_files = true
103 static_files = true
100
104
101 # autogenerate javascript routes file on startup
105 # autogenerate javascript routes file on startup
102 generate_js_files = false
106 generate_js_files = false
103
107
104 ## Optional Languages
108 ## Optional Languages
105 ## en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
109 ## en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
106 lang = en
110 lang = en
107
111
108 ## perform a full repository scan on each server start, this should be
112 ## perform a full repository scan on each server start, this should be
109 ## set to false after first startup, to allow faster server restarts.
113 ## set to false after first startup, to allow faster server restarts.
110 startup.import_repos = false
114 startup.import_repos = false
111
115
112 ## Uncomment and set this path to use archive download cache.
116 ## Uncomment and set this path to use archive download cache.
113 ## Once enabled, generated archives will be cached at this location
117 ## Once enabled, generated archives will be cached at this location
114 ## and served from the cache during subsequent requests for the same archive of
118 ## and served from the cache during subsequent requests for the same archive of
115 ## the repository.
119 ## the repository.
116 #archive_cache_dir = /tmp/tarballcache
120 #archive_cache_dir = /tmp/tarballcache
117
121
118 ## change this to unique ID for security
122 ## change this to unique ID for security
119 app_instance_uuid = rc-production
123 app_instance_uuid = rc-production
120
124
121 ## cut off limit for large diffs (size in bytes)
125 ## cut off limit for large diffs (size in bytes)
122 cut_off_limit_diff = 1024000
126 cut_off_limit_diff = 1024000
123 cut_off_limit_file = 256000
127 cut_off_limit_file = 256000
124
128
125 ## use cache version of scm repo everywhere
129 ## use cache version of scm repo everywhere
126 vcs_full_cache = true
130 vcs_full_cache = true
127
131
128 ## force https in RhodeCode, fixes https redirects, assumes it's always https
132 ## force https in RhodeCode, fixes https redirects, assumes it's always https
129 ## Normally this is controlled by proper http flags sent from http server
133 ## Normally this is controlled by proper http flags sent from http server
130 force_https = false
134 force_https = false
131
135
132 ## use Strict-Transport-Security headers
136 ## use Strict-Transport-Security headers
133 use_htsts = false
137 use_htsts = false
134
138
135 ## number of commits stats will parse on each iteration
139 ## number of commits stats will parse on each iteration
136 commit_parse_limit = 25
140 commit_parse_limit = 25
137
141
138 ## git rev filter option, --all is the default filter, if you need to
142 ## git rev filter option, --all is the default filter, if you need to
139 ## hide all refs in changelog switch this to --branches --tags
143 ## hide all refs in changelog switch this to --branches --tags
140 git_rev_filter = --branches --tags
144 git_rev_filter = --branches --tags
141
145
142 # Set to true if your repos are exposed using the dumb protocol
146 # Set to true if your repos are exposed using the dumb protocol
143 git_update_server_info = false
147 git_update_server_info = false
144
148
145 ## RSS/ATOM feed options
149 ## RSS/ATOM feed options
146 rss_cut_off_limit = 256000
150 rss_cut_off_limit = 256000
147 rss_items_per_page = 10
151 rss_items_per_page = 10
148 rss_include_diff = false
152 rss_include_diff = false
149
153
150 ## gist URL alias, used to create nicer urls for gist. This should be an
154 ## gist URL alias, used to create nicer urls for gist. This should be an
151 ## url that does rewrites to _admin/gists/<gistid>.
155 ## url that does rewrites to _admin/gists/<gistid>.
152 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
156 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
153 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/<gistid>
157 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/<gistid>
154 gist_alias_url =
158 gist_alias_url =
155
159
156 ## List of controllers (using glob pattern syntax) that AUTH TOKENS could be
160 ## List of controllers (using glob pattern syntax) that AUTH TOKENS could be
157 ## used for access.
161 ## used for access.
158 ## Adding ?auth_token = <token> to the url authenticates this request as if it
162 ## Adding ?auth_token = <token> to the url authenticates this request as if it
159 ## came from the the logged in user who own this authentication token.
163 ## came from the the logged in user who own this authentication token.
160 ##
164 ##
161 ## Syntax is <ControllerClass>:<function_pattern>.
165 ## Syntax is <ControllerClass>:<function_pattern>.
162 ## To enable access to raw_files put `FilesController:raw`.
166 ## To enable access to raw_files put `FilesController:raw`.
163 ## To enable access to patches add `ChangesetController:changeset_patch`.
167 ## To enable access to patches add `ChangesetController:changeset_patch`.
164 ## The list should be "," separated and on a single line.
168 ## The list should be "," separated and on a single line.
165 ##
169 ##
166 ## Recommended controllers to enable:
170 ## Recommended controllers to enable:
167 # ChangesetController:changeset_patch,
171 # ChangesetController:changeset_patch,
168 # ChangesetController:changeset_raw,
172 # ChangesetController:changeset_raw,
169 # FilesController:raw,
173 # FilesController:raw,
170 # FilesController:archivefile,
174 # FilesController:archivefile,
171 # GistsController:*,
175 # GistsController:*,
172 api_access_controllers_whitelist =
176 api_access_controllers_whitelist =
173
177
174 ## default encoding used to convert from and to unicode
178 ## default encoding used to convert from and to unicode
175 ## can be also a comma separated list of encoding in case of mixed encodings
179 ## can be also a comma separated list of encoding in case of mixed encodings
176 default_encoding = UTF-8
180 default_encoding = UTF-8
177
181
178 ## instance-id prefix
182 ## instance-id prefix
179 ## a prefix key for this instance used for cache invalidation when running
183 ## a prefix key for this instance used for cache invalidation when running
180 ## multiple instances of rhodecode, make sure it's globally unique for
184 ## multiple instances of rhodecode, make sure it's globally unique for
181 ## all running rhodecode instances. Leave empty if you don't use it
185 ## all running rhodecode instances. Leave empty if you don't use it
182 instance_id =
186 instance_id =
183
187
184 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
188 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
185 ## of an authentication plugin also if it is disabled by it's settings.
189 ## of an authentication plugin also if it is disabled by it's settings.
186 ## This could be useful if you are unable to log in to the system due to broken
190 ## This could be useful if you are unable to log in to the system due to broken
187 ## authentication settings. Then you can enable e.g. the internal rhodecode auth
191 ## authentication settings. Then you can enable e.g. the internal rhodecode auth
188 ## module to log in again and fix the settings.
192 ## module to log in again and fix the settings.
189 ##
193 ##
190 ## Available builtin plugin IDs (hash is part of the ID):
194 ## Available builtin plugin IDs (hash is part of the ID):
191 ## egg:rhodecode-enterprise-ce#rhodecode
195 ## egg:rhodecode-enterprise-ce#rhodecode
192 ## egg:rhodecode-enterprise-ce#pam
196 ## egg:rhodecode-enterprise-ce#pam
193 ## egg:rhodecode-enterprise-ce#ldap
197 ## egg:rhodecode-enterprise-ce#ldap
194 ## egg:rhodecode-enterprise-ce#jasig_cas
198 ## egg:rhodecode-enterprise-ce#jasig_cas
195 ## egg:rhodecode-enterprise-ce#headers
199 ## egg:rhodecode-enterprise-ce#headers
196 ## egg:rhodecode-enterprise-ce#crowd
200 ## egg:rhodecode-enterprise-ce#crowd
197 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
201 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
198
202
199 ## alternative return HTTP header for failed authentication. Default HTTP
203 ## alternative return HTTP header for failed authentication. Default HTTP
200 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
204 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
201 ## handling that causing a series of failed authentication calls.
205 ## handling that causing a series of failed authentication calls.
202 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
206 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
203 ## This will be served instead of default 401 on bad authnetication
207 ## This will be served instead of default 401 on bad authnetication
204 auth_ret_code =
208 auth_ret_code =
205
209
206 ## use special detection method when serving auth_ret_code, instead of serving
210 ## use special detection method when serving auth_ret_code, instead of serving
207 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
211 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
208 ## and then serve auth_ret_code to clients
212 ## and then serve auth_ret_code to clients
209 auth_ret_code_detection = false
213 auth_ret_code_detection = false
210
214
211 ## locking return code. When repository is locked return this HTTP code. 2XX
215 ## locking return code. When repository is locked return this HTTP code. 2XX
212 ## codes don't break the transactions while 4XX codes do
216 ## codes don't break the transactions while 4XX codes do
213 lock_ret_code = 423
217 lock_ret_code = 423
214
218
215 ## allows to change the repository location in settings page
219 ## allows to change the repository location in settings page
216 allow_repo_location_change = true
220 allow_repo_location_change = true
217
221
218 ## allows to setup custom hooks in settings page
222 ## allows to setup custom hooks in settings page
219 allow_custom_hooks_settings = true
223 allow_custom_hooks_settings = true
220
224
221 ## generated license token, goto license page in RhodeCode settings to obtain
225 ## generated license token, goto license page in RhodeCode settings to obtain
222 ## new token
226 ## new token
223 license_token =
227 license_token =
224
228
225 ## supervisor connection uri, for managing supervisor and logs.
229 ## supervisor connection uri, for managing supervisor and logs.
226 supervisor.uri =
230 supervisor.uri =
227 ## supervisord group name/id we only want this RC instance to handle
231 ## supervisord group name/id we only want this RC instance to handle
228 supervisor.group_id = prod
232 supervisor.group_id = prod
229
233
230 ## Display extended labs settings
234 ## Display extended labs settings
231 labs_settings_active = true
235 labs_settings_active = true
232
236
233 ####################################
237 ####################################
234 ### CELERY CONFIG ####
238 ### CELERY CONFIG ####
235 ####################################
239 ####################################
236 use_celery = false
240 use_celery = false
237 broker.host = localhost
241 broker.host = localhost
238 broker.vhost = rabbitmqhost
242 broker.vhost = rabbitmqhost
239 broker.port = 5672
243 broker.port = 5672
240 broker.user = rabbitmq
244 broker.user = rabbitmq
241 broker.password = qweqwe
245 broker.password = qweqwe
242
246
243 celery.imports = rhodecode.lib.celerylib.tasks
247 celery.imports = rhodecode.lib.celerylib.tasks
244
248
245 celery.result.backend = amqp
249 celery.result.backend = amqp
246 celery.result.dburi = amqp://
250 celery.result.dburi = amqp://
247 celery.result.serialier = json
251 celery.result.serialier = json
248
252
249 #celery.send.task.error.emails = true
253 #celery.send.task.error.emails = true
250 #celery.amqp.task.result.expires = 18000
254 #celery.amqp.task.result.expires = 18000
251
255
252 celeryd.concurrency = 2
256 celeryd.concurrency = 2
253 #celeryd.log.file = celeryd.log
257 #celeryd.log.file = celeryd.log
254 celeryd.log.level = debug
258 celeryd.log.level = debug
255 celeryd.max.tasks.per.child = 1
259 celeryd.max.tasks.per.child = 1
256
260
257 ## tasks will never be sent to the queue, but executed locally instead.
261 ## tasks will never be sent to the queue, but executed locally instead.
258 celery.always.eager = false
262 celery.always.eager = false
259
263
260 ####################################
264 ####################################
261 ### BEAKER CACHE ####
265 ### BEAKER CACHE ####
262 ####################################
266 ####################################
263 # default cache dir for templates. Putting this into a ramdisk
267 # default cache dir for templates. Putting this into a ramdisk
264 ## can boost performance, eg. %(here)s/data_ramdisk
268 ## can boost performance, eg. %(here)s/data_ramdisk
265 cache_dir = %(here)s/data
269 cache_dir = %(here)s/data
266
270
267 ## locking and default file storage for Beaker. Putting this into a ramdisk
271 ## locking and default file storage for Beaker. Putting this into a ramdisk
268 ## can boost performance, eg. %(here)s/data_ramdisk/cache/beaker_data
272 ## can boost performance, eg. %(here)s/data_ramdisk/cache/beaker_data
269 beaker.cache.data_dir = %(here)s/data/cache/beaker_data
273 beaker.cache.data_dir = %(here)s/data/cache/beaker_data
270 beaker.cache.lock_dir = %(here)s/data/cache/beaker_lock
274 beaker.cache.lock_dir = %(here)s/data/cache/beaker_lock
271
275
272 beaker.cache.regions = super_short_term, short_term, long_term, sql_cache_short, auth_plugins, repo_cache_long
276 beaker.cache.regions = super_short_term, short_term, long_term, sql_cache_short, auth_plugins, repo_cache_long
273
277
274 beaker.cache.super_short_term.type = memory
278 beaker.cache.super_short_term.type = memory
275 beaker.cache.super_short_term.expire = 10
279 beaker.cache.super_short_term.expire = 10
276 beaker.cache.super_short_term.key_length = 256
280 beaker.cache.super_short_term.key_length = 256
277
281
278 beaker.cache.short_term.type = memory
282 beaker.cache.short_term.type = memory
279 beaker.cache.short_term.expire = 60
283 beaker.cache.short_term.expire = 60
280 beaker.cache.short_term.key_length = 256
284 beaker.cache.short_term.key_length = 256
281
285
282 beaker.cache.long_term.type = memory
286 beaker.cache.long_term.type = memory
283 beaker.cache.long_term.expire = 36000
287 beaker.cache.long_term.expire = 36000
284 beaker.cache.long_term.key_length = 256
288 beaker.cache.long_term.key_length = 256
285
289
286 beaker.cache.sql_cache_short.type = memory
290 beaker.cache.sql_cache_short.type = memory
287 beaker.cache.sql_cache_short.expire = 10
291 beaker.cache.sql_cache_short.expire = 10
288 beaker.cache.sql_cache_short.key_length = 256
292 beaker.cache.sql_cache_short.key_length = 256
289
293
290 # default is memory cache, configure only if required
294 # default is memory cache, configure only if required
291 # using multi-node or multi-worker setup
295 # using multi-node or multi-worker setup
292 #beaker.cache.auth_plugins.type = ext:database
296 #beaker.cache.auth_plugins.type = ext:database
293 #beaker.cache.auth_plugins.lock_dir = %(here)s/data/cache/auth_plugin_lock
297 #beaker.cache.auth_plugins.lock_dir = %(here)s/data/cache/auth_plugin_lock
294 #beaker.cache.auth_plugins.url = postgresql://postgres:secret@localhost/rhodecode
298 #beaker.cache.auth_plugins.url = postgresql://postgres:secret@localhost/rhodecode
295 #beaker.cache.auth_plugins.url = mysql://root:secret@127.0.0.1/rhodecode
299 #beaker.cache.auth_plugins.url = mysql://root:secret@127.0.0.1/rhodecode
296 #beaker.cache.auth_plugins.sa.pool_recycle = 3600
300 #beaker.cache.auth_plugins.sa.pool_recycle = 3600
297 #beaker.cache.auth_plugins.sa.pool_size = 10
301 #beaker.cache.auth_plugins.sa.pool_size = 10
298 #beaker.cache.auth_plugins.sa.max_overflow = 0
302 #beaker.cache.auth_plugins.sa.max_overflow = 0
299
303
300 beaker.cache.repo_cache_long.type = memorylru_base
304 beaker.cache.repo_cache_long.type = memorylru_base
301 beaker.cache.repo_cache_long.max_items = 4096
305 beaker.cache.repo_cache_long.max_items = 4096
302 beaker.cache.repo_cache_long.expire = 2592000
306 beaker.cache.repo_cache_long.expire = 2592000
303
307
304 # default is memorylru_base cache, configure only if required
308 # default is memorylru_base cache, configure only if required
305 # using multi-node or multi-worker setup
309 # using multi-node or multi-worker setup
306 #beaker.cache.repo_cache_long.type = ext:memcached
310 #beaker.cache.repo_cache_long.type = ext:memcached
307 #beaker.cache.repo_cache_long.url = localhost:11211
311 #beaker.cache.repo_cache_long.url = localhost:11211
308 #beaker.cache.repo_cache_long.expire = 1209600
312 #beaker.cache.repo_cache_long.expire = 1209600
309 #beaker.cache.repo_cache_long.key_length = 256
313 #beaker.cache.repo_cache_long.key_length = 256
310
314
311 ####################################
315 ####################################
312 ### BEAKER SESSION ####
316 ### BEAKER SESSION ####
313 ####################################
317 ####################################
314
318
315 ## .session.type is type of storage options for the session, current allowed
319 ## .session.type is type of storage options for the session, current allowed
316 ## types are file, ext:memcached, ext:database, and memory (default).
320 ## types are file, ext:memcached, ext:database, and memory (default).
317 beaker.session.type = file
321 beaker.session.type = file
318 beaker.session.data_dir = %(here)s/data/sessions/data
322 beaker.session.data_dir = %(here)s/data/sessions/data
319
323
320 ## db based session, fast, and allows easy management over logged in users ##
324 ## db based session, fast, and allows easy management over logged in users ##
321 #beaker.session.type = ext:database
325 #beaker.session.type = ext:database
322 #beaker.session.table_name = db_session
326 #beaker.session.table_name = db_session
323 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
327 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
324 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
328 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
325 #beaker.session.sa.pool_recycle = 3600
329 #beaker.session.sa.pool_recycle = 3600
326 #beaker.session.sa.echo = false
330 #beaker.session.sa.echo = false
327
331
328 beaker.session.key = rhodecode
332 beaker.session.key = rhodecode
329 beaker.session.secret = production-rc-uytcxaz
333 beaker.session.secret = production-rc-uytcxaz
330 beaker.session.lock_dir = %(here)s/data/sessions/lock
334 beaker.session.lock_dir = %(here)s/data/sessions/lock
331
335
332 ## Secure encrypted cookie. Requires AES and AES python libraries
336 ## Secure encrypted cookie. Requires AES and AES python libraries
333 ## you must disable beaker.session.secret to use this
337 ## you must disable beaker.session.secret to use this
334 #beaker.session.encrypt_key = <key_for_encryption>
338 #beaker.session.encrypt_key = <key_for_encryption>
335 #beaker.session.validate_key = <validation_key>
339 #beaker.session.validate_key = <validation_key>
336
340
337 ## sets session as invalid(also logging out user) if it haven not been
341 ## sets session as invalid(also logging out user) if it haven not been
338 ## accessed for given amount of time in seconds
342 ## accessed for given amount of time in seconds
339 beaker.session.timeout = 2592000
343 beaker.session.timeout = 2592000
340 beaker.session.httponly = true
344 beaker.session.httponly = true
341 #beaker.session.cookie_path = /<your-prefix>
345 #beaker.session.cookie_path = /<your-prefix>
342
346
343 ## uncomment for https secure cookie
347 ## uncomment for https secure cookie
344 beaker.session.secure = false
348 beaker.session.secure = false
345
349
346 ## auto save the session to not to use .save()
350 ## auto save the session to not to use .save()
347 beaker.session.auto = false
351 beaker.session.auto = false
348
352
349 ## default cookie expiration time in seconds, set to `true` to set expire
353 ## default cookie expiration time in seconds, set to `true` to set expire
350 ## at browser close
354 ## at browser close
351 #beaker.session.cookie_expires = 3600
355 #beaker.session.cookie_expires = 3600
352
356
353 ###################################
357 ###################################
354 ## SEARCH INDEXING CONFIGURATION ##
358 ## SEARCH INDEXING CONFIGURATION ##
355 ###################################
359 ###################################
356 ## Full text search indexer is available in rhodecode-tools under
360 ## Full text search indexer is available in rhodecode-tools under
357 ## `rhodecode-tools index` command
361 ## `rhodecode-tools index` command
358
362
359 # WHOOSH Backend, doesn't require additional services to run
363 # WHOOSH Backend, doesn't require additional services to run
360 # it works good with few dozen repos
364 # it works good with few dozen repos
361 search.module = rhodecode.lib.index.whoosh
365 search.module = rhodecode.lib.index.whoosh
362 search.location = %(here)s/data/index
366 search.location = %(here)s/data/index
363
367
364 ###################################
368 ###################################
365 ## APPENLIGHT CONFIG ##
369 ## APPENLIGHT CONFIG ##
366 ###################################
370 ###################################
367
371
368 ## Appenlight is tailored to work with RhodeCode, see
372 ## Appenlight is tailored to work with RhodeCode, see
369 ## http://appenlight.com for details how to obtain an account
373 ## http://appenlight.com for details how to obtain an account
370
374
371 ## appenlight integration enabled
375 ## appenlight integration enabled
372 appenlight = false
376 appenlight = false
373
377
374 appenlight.server_url = https://api.appenlight.com
378 appenlight.server_url = https://api.appenlight.com
375 appenlight.api_key = YOUR_API_KEY
379 appenlight.api_key = YOUR_API_KEY
376 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
380 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
377
381
378 # used for JS client
382 # used for JS client
379 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
383 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
380
384
381 ## TWEAK AMOUNT OF INFO SENT HERE
385 ## TWEAK AMOUNT OF INFO SENT HERE
382
386
383 ## enables 404 error logging (default False)
387 ## enables 404 error logging (default False)
384 appenlight.report_404 = false
388 appenlight.report_404 = false
385
389
386 ## time in seconds after request is considered being slow (default 1)
390 ## time in seconds after request is considered being slow (default 1)
387 appenlight.slow_request_time = 1
391 appenlight.slow_request_time = 1
388
392
389 ## record slow requests in application
393 ## record slow requests in application
390 ## (needs to be enabled for slow datastore recording and time tracking)
394 ## (needs to be enabled for slow datastore recording and time tracking)
391 appenlight.slow_requests = true
395 appenlight.slow_requests = true
392
396
393 ## enable hooking to application loggers
397 ## enable hooking to application loggers
394 appenlight.logging = true
398 appenlight.logging = true
395
399
396 ## minimum log level for log capture
400 ## minimum log level for log capture
397 appenlight.logging.level = WARNING
401 appenlight.logging.level = WARNING
398
402
399 ## send logs only from erroneous/slow requests
403 ## send logs only from erroneous/slow requests
400 ## (saves API quota for intensive logging)
404 ## (saves API quota for intensive logging)
401 appenlight.logging_on_error = false
405 appenlight.logging_on_error = false
402
406
403 ## list of additonal keywords that should be grabbed from environ object
407 ## list of additonal keywords that should be grabbed from environ object
404 ## can be string with comma separated list of words in lowercase
408 ## can be string with comma separated list of words in lowercase
405 ## (by default client will always send following info:
409 ## (by default client will always send following info:
406 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
410 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
407 ## start with HTTP* this list be extended with additional keywords here
411 ## start with HTTP* this list be extended with additional keywords here
408 appenlight.environ_keys_whitelist =
412 appenlight.environ_keys_whitelist =
409
413
410 ## list of keywords that should be blanked from request object
414 ## list of keywords that should be blanked from request object
411 ## can be string with comma separated list of words in lowercase
415 ## can be string with comma separated list of words in lowercase
412 ## (by default client will always blank keys that contain following words
416 ## (by default client will always blank keys that contain following words
413 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
417 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
414 ## this list be extended with additional keywords set here
418 ## this list be extended with additional keywords set here
415 appenlight.request_keys_blacklist =
419 appenlight.request_keys_blacklist =
416
420
417 ## list of namespaces that should be ignores when gathering log entries
421 ## list of namespaces that should be ignores when gathering log entries
418 ## can be string with comma separated list of namespaces
422 ## can be string with comma separated list of namespaces
419 ## (by default the client ignores own entries: appenlight_client.client)
423 ## (by default the client ignores own entries: appenlight_client.client)
420 appenlight.log_namespace_blacklist =
424 appenlight.log_namespace_blacklist =
421
425
422
426
423 ################################################################################
427 ################################################################################
424 ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT* ##
428 ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT* ##
425 ## Debug mode will enable the interactive debugging tool, allowing ANYONE to ##
429 ## Debug mode will enable the interactive debugging tool, allowing ANYONE to ##
426 ## execute malicious code after an exception is raised. ##
430 ## execute malicious code after an exception is raised. ##
427 ################################################################################
431 ################################################################################
428 set debug = false
432 set debug = false
429
433
430
434
431 #########################################################
435 #########################################################
432 ### DB CONFIGS - EACH DB WILL HAVE IT'S OWN CONFIG ###
436 ### DB CONFIGS - EACH DB WILL HAVE IT'S OWN CONFIG ###
433 #########################################################
437 #########################################################
434 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
438 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
435 sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
439 sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
436 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode
440 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode
437
441
438 # see sqlalchemy docs for other advanced settings
442 # see sqlalchemy docs for other advanced settings
439
443
440 ## print the sql statements to output
444 ## print the sql statements to output
441 sqlalchemy.db1.echo = false
445 sqlalchemy.db1.echo = false
442 ## recycle the connections after this ammount of seconds
446 ## recycle the connections after this ammount of seconds
443 sqlalchemy.db1.pool_recycle = 3600
447 sqlalchemy.db1.pool_recycle = 3600
444 sqlalchemy.db1.convert_unicode = true
448 sqlalchemy.db1.convert_unicode = true
445
449
446 ## the number of connections to keep open inside the connection pool.
450 ## the number of connections to keep open inside the connection pool.
447 ## 0 indicates no limit
451 ## 0 indicates no limit
448 #sqlalchemy.db1.pool_size = 5
452 #sqlalchemy.db1.pool_size = 5
449
453
450 ## the number of connections to allow in connection pool "overflow", that is
454 ## the number of connections to allow in connection pool "overflow", that is
451 ## connections that can be opened above and beyond the pool_size setting,
455 ## connections that can be opened above and beyond the pool_size setting,
452 ## which defaults to five.
456 ## which defaults to five.
453 #sqlalchemy.db1.max_overflow = 10
457 #sqlalchemy.db1.max_overflow = 10
454
458
455
459
456 ##################
460 ##################
457 ### VCS CONFIG ###
461 ### VCS CONFIG ###
458 ##################
462 ##################
459 vcs.server.enable = true
463 vcs.server.enable = true
460 vcs.server = localhost:9900
464 vcs.server = localhost:9900
461
465
462 ## Web server connectivity protocol, responsible for web based VCS operatations
466 ## Web server connectivity protocol, responsible for web based VCS operatations
463 ## Available protocols are:
467 ## Available protocols are:
464 ## `pyro4` - using pyro4 server
468 ## `pyro4` - using pyro4 server
465 ## `http` - using http-rpc backend
469 ## `http` - using http-rpc backend
466 #vcs.server.protocol = http
470 #vcs.server.protocol = http
467
471
468 ## Push/Pull operations protocol, available options are:
472 ## Push/Pull operations protocol, available options are:
469 ## `pyro4` - using pyro4 server
473 ## `pyro4` - using pyro4 server
470 ## `rhodecode.lib.middleware.utils.scm_app_http` - Http based, recommended
474 ## `rhodecode.lib.middleware.utils.scm_app_http` - Http based, recommended
471 ## `vcsserver.scm_app` - internal app (EE only)
475 ## `vcsserver.scm_app` - internal app (EE only)
472 #vcs.scm_app_implementation = rhodecode.lib.middleware.utils.scm_app_http
476 #vcs.scm_app_implementation = rhodecode.lib.middleware.utils.scm_app_http
473
477
474 ## Push/Pull operations hooks protocol, available options are:
478 ## Push/Pull operations hooks protocol, available options are:
475 ## `pyro4` - using pyro4 server
479 ## `pyro4` - using pyro4 server
476 ## `http` - using http-rpc backend
480 ## `http` - using http-rpc backend
477 #vcs.hooks.protocol = http
481 #vcs.hooks.protocol = http
478
482
479 vcs.server.log_level = info
483 vcs.server.log_level = info
480 ## Start VCSServer with this instance as a subprocess, usefull for development
484 ## Start VCSServer with this instance as a subprocess, usefull for development
481 vcs.start_server = false
485 vcs.start_server = false
482 vcs.backends = hg, git, svn
486 vcs.backends = hg, git, svn
483 vcs.connection_timeout = 3600
487 vcs.connection_timeout = 3600
484 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
488 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
485 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible
489 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible
486 #vcs.svn.compatible_version = pre-1.8-compatible
490 #vcs.svn.compatible_version = pre-1.8-compatible
487
491
488 ################################
492 ################################
489 ### LOGGING CONFIGURATION ####
493 ### LOGGING CONFIGURATION ####
490 ################################
494 ################################
491 [loggers]
495 [loggers]
492 keys = root, routes, rhodecode, sqlalchemy, beaker, pyro4, templates, whoosh_indexer
496 keys = root, routes, rhodecode, sqlalchemy, beaker, pyro4, templates, whoosh_indexer
493
497
494 [handlers]
498 [handlers]
495 keys = console, console_sql
499 keys = console, console_sql
496
500
497 [formatters]
501 [formatters]
498 keys = generic, color_formatter, color_formatter_sql
502 keys = generic, color_formatter, color_formatter_sql
499
503
500 #############
504 #############
501 ## LOGGERS ##
505 ## LOGGERS ##
502 #############
506 #############
503 [logger_root]
507 [logger_root]
504 level = NOTSET
508 level = NOTSET
505 handlers = console
509 handlers = console
506
510
507 [logger_routes]
511 [logger_routes]
508 level = DEBUG
512 level = DEBUG
509 handlers =
513 handlers =
510 qualname = routes.middleware
514 qualname = routes.middleware
511 ## "level = DEBUG" logs the route matched and routing variables.
515 ## "level = DEBUG" logs the route matched and routing variables.
512 propagate = 1
516 propagate = 1
513
517
514 [logger_beaker]
518 [logger_beaker]
515 level = DEBUG
519 level = DEBUG
516 handlers =
520 handlers =
517 qualname = beaker.container
521 qualname = beaker.container
518 propagate = 1
522 propagate = 1
519
523
520 [logger_pyro4]
524 [logger_pyro4]
521 level = DEBUG
525 level = DEBUG
522 handlers =
526 handlers =
523 qualname = Pyro4
527 qualname = Pyro4
524 propagate = 1
528 propagate = 1
525
529
526 [logger_templates]
530 [logger_templates]
527 level = INFO
531 level = INFO
528 handlers =
532 handlers =
529 qualname = pylons.templating
533 qualname = pylons.templating
530 propagate = 1
534 propagate = 1
531
535
532 [logger_rhodecode]
536 [logger_rhodecode]
533 level = DEBUG
537 level = DEBUG
534 handlers =
538 handlers =
535 qualname = rhodecode
539 qualname = rhodecode
536 propagate = 1
540 propagate = 1
537
541
538 [logger_sqlalchemy]
542 [logger_sqlalchemy]
539 level = INFO
543 level = INFO
540 handlers = console_sql
544 handlers = console_sql
541 qualname = sqlalchemy.engine
545 qualname = sqlalchemy.engine
542 propagate = 0
546 propagate = 0
543
547
544 [logger_whoosh_indexer]
548 [logger_whoosh_indexer]
545 level = DEBUG
549 level = DEBUG
546 handlers =
550 handlers =
547 qualname = whoosh_indexer
551 qualname = whoosh_indexer
548 propagate = 1
552 propagate = 1
549
553
550 ##############
554 ##############
551 ## HANDLERS ##
555 ## HANDLERS ##
552 ##############
556 ##############
553
557
554 [handler_console]
558 [handler_console]
555 class = StreamHandler
559 class = StreamHandler
556 args = (sys.stderr,)
560 args = (sys.stderr,)
557 level = INFO
561 level = INFO
558 formatter = generic
562 formatter = generic
559
563
560 [handler_console_sql]
564 [handler_console_sql]
561 class = StreamHandler
565 class = StreamHandler
562 args = (sys.stderr,)
566 args = (sys.stderr,)
563 level = WARN
567 level = WARN
564 formatter = generic
568 formatter = generic
565
569
566 ################
570 ################
567 ## FORMATTERS ##
571 ## FORMATTERS ##
568 ################
572 ################
569
573
570 [formatter_generic]
574 [formatter_generic]
571 class = rhodecode.lib.logging_formatter.Pyro4AwareFormatter
575 class = rhodecode.lib.logging_formatter.Pyro4AwareFormatter
572 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
576 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
573 datefmt = %Y-%m-%d %H:%M:%S
577 datefmt = %Y-%m-%d %H:%M:%S
574
578
575 [formatter_color_formatter]
579 [formatter_color_formatter]
576 class = rhodecode.lib.logging_formatter.ColorFormatter
580 class = rhodecode.lib.logging_formatter.ColorFormatter
577 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
581 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
578 datefmt = %Y-%m-%d %H:%M:%S
582 datefmt = %Y-%m-%d %H:%M:%S
579
583
580 [formatter_color_formatter_sql]
584 [formatter_color_formatter_sql]
581 class = rhodecode.lib.logging_formatter.ColorFormatterSql
585 class = rhodecode.lib.logging_formatter.ColorFormatterSql
582 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
586 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
583 datefmt = %Y-%m-%d %H:%M:%S
587 datefmt = %Y-%m-%d %H:%M:%S
@@ -1,61 +1,114 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2014-2016 RhodeCode GmbH
3 # Copyright (C) 2014-2016 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21
21
22 """
22 """
23 Generic encryption library for RhodeCode
23 Generic encryption library for RhodeCode
24 """
24 """
25
25
26 import hashlib
27 import base64
26 import base64
28
27
29 from Crypto.Cipher import AES
28 from Crypto.Cipher import AES
30 from Crypto import Random
29 from Crypto import Random
30 from Crypto.Hash import HMAC, SHA256
31
31
32 from rhodecode.lib.utils2 import safe_str
32 from rhodecode.lib.utils2 import safe_str
33
33
34
34
35 class SignatureVerificationError(Exception):
36 pass
37
38
39 class InvalidDecryptedValue(str):
40
41 def __new__(cls, content):
42 """
43 This will generate something like this::
44 <InvalidDecryptedValue(QkWusFgLJXR6m42v...)>
45 And represent a safe indicator that encryption key is broken
46 """
47 content = '<{}({}...)>'.format(cls.__name__, content[:16])
48 return str.__new__(cls, content)
49
50
35 class AESCipher(object):
51 class AESCipher(object):
36 def __init__(self, key):
52 def __init__(self, key, hmac=False, strict_verification=True):
37 # create padding, trim to long enc key
38 if not key:
53 if not key:
39 raise ValueError('passed key variable is empty')
54 raise ValueError('passed key variable is empty')
55 self.strict_verification = strict_verification
40 self.block_size = 32
56 self.block_size = 32
41 self.key = hashlib.sha256(safe_str(key)).digest()
57 self.hmac_size = 32
58 self.hmac = hmac
59
60 self.key = SHA256.new(safe_str(key)).digest()
61 self.hmac_key = SHA256.new(self.key).digest()
62
63 def verify_hmac_signature(self, raw_data):
64 org_hmac_signature = raw_data[-self.hmac_size:]
65 data_without_sig = raw_data[:-self.hmac_size]
66 recomputed_hmac = HMAC.new(
67 self.hmac_key, data_without_sig, digestmod=SHA256).digest()
68 return org_hmac_signature == recomputed_hmac
42
69
43 def encrypt(self, raw):
70 def encrypt(self, raw):
44 raw = self._pad(raw)
71 raw = self._pad(raw)
45 iv = Random.new().read(AES.block_size)
72 iv = Random.new().read(AES.block_size)
46 cipher = AES.new(self.key, AES.MODE_CBC, iv)
73 cipher = AES.new(self.key, AES.MODE_CBC, iv)
47 return base64.b64encode(iv + cipher.encrypt(raw))
74 enc_value = cipher.encrypt(raw)
75
76 hmac_signature = ''
77 if self.hmac:
78 # compute hmac+sha256 on iv + enc text, we use
79 # encrypt then mac method to create the signature
80 hmac_signature = HMAC.new(
81 self.hmac_key, iv + enc_value, digestmod=SHA256).digest()
82
83 return base64.b64encode(iv + enc_value + hmac_signature)
48
84
49 def decrypt(self, enc):
85 def decrypt(self, enc):
86 enc_org = enc
50 enc = base64.b64decode(enc)
87 enc = base64.b64decode(enc)
88
89 if self.hmac and len(enc) > self.hmac_size:
90 if self.verify_hmac_signature(enc):
91 # cut off the HMAC verification digest
92 enc = enc[:-self.hmac_size]
93 else:
94 if self.strict_verification:
95 raise SignatureVerificationError(
96 "Encryption signature verification failed. "
97 "Please check your secret key, and/or encrypted value. "
98 "Secret key is stored as "
99 "`rhodecode.encrypted_values.secret` or "
100 "`beaker.session.secret` inside .ini file")
101
102 return InvalidDecryptedValue(enc_org)
103
51 iv = enc[:AES.block_size]
104 iv = enc[:AES.block_size]
52 cipher = AES.new(self.key, AES.MODE_CBC, iv)
105 cipher = AES.new(self.key, AES.MODE_CBC, iv)
53 return self._unpad(cipher.decrypt(enc[AES.block_size:]))
106 return self._unpad(cipher.decrypt(enc[AES.block_size:]))
54
107
55 def _pad(self, s):
108 def _pad(self, s):
56 return (s + (self.block_size - len(s) % self.block_size)
109 return (s + (self.block_size - len(s) % self.block_size)
57 * chr(self.block_size - len(s) % self.block_size))
110 * chr(self.block_size - len(s) % self.block_size))
58
111
59 @staticmethod
112 @staticmethod
60 def _unpad(s):
113 def _unpad(s):
61 return s[:-ord(s[len(s)-1:])] No newline at end of file
114 return s[:-ord(s[len(s)-1:])]
1 NO CONTENT: modified file
NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff
@@ -1,655 +1,655 b''
1 ## -*- coding: utf-8 -*-
1 ## -*- coding: utf-8 -*-
2 <%inherit file="root.html"/>
2 <%inherit file="root.html"/>
3
3
4 <div class="outerwrapper">
4 <div class="outerwrapper">
5 <!-- HEADER -->
5 <!-- HEADER -->
6 <div class="header">
6 <div class="header">
7 <div id="header-inner" class="wrapper">
7 <div id="header-inner" class="wrapper">
8 <div id="logo">
8 <div id="logo">
9 <div class="logo-wrapper">
9 <div class="logo-wrapper">
10 <a href="${h.url('home')}"><img src="${h.url('/images/rhodecode-logo-white-216x60.png')}" alt="RhodeCode"/></a>
10 <a href="${h.url('home')}"><img src="${h.url('/images/rhodecode-logo-white-216x60.png')}" alt="RhodeCode"/></a>
11 </div>
11 </div>
12 %if c.rhodecode_name:
12 %if c.rhodecode_name:
13 <div class="branding">- ${h.branding(c.rhodecode_name)}</div>
13 <div class="branding">- ${h.branding(c.rhodecode_name)}</div>
14 %endif
14 %endif
15 </div>
15 </div>
16 <!-- MENU BAR NAV -->
16 <!-- MENU BAR NAV -->
17 ${self.menu_bar_nav()}
17 ${self.menu_bar_nav()}
18 <!-- END MENU BAR NAV -->
18 <!-- END MENU BAR NAV -->
19 ${self.body()}
19 ${self.body()}
20 </div>
20 </div>
21 </div>
21 </div>
22 ${self.menu_bar_subnav()}
22 ${self.menu_bar_subnav()}
23 <!-- END HEADER -->
23 <!-- END HEADER -->
24
24
25 <!-- CONTENT -->
25 <!-- CONTENT -->
26 <div id="content" class="wrapper">
26 <div id="content" class="wrapper">
27 ${self.flash_msg()}
27 ${self.flash_msg()}
28 <div class="main">
28 <div class="main">
29 ${next.main()}
29 ${next.main()}
30 </div>
30 </div>
31 </div>
31 </div>
32 <!-- END CONTENT -->
32 <!-- END CONTENT -->
33
33
34 </div>
34 </div>
35 <!-- FOOTER -->
35 <!-- FOOTER -->
36 <div id="footer">
36 <div id="footer">
37 <div id="footer-inner" class="title wrapper">
37 <div id="footer-inner" class="title wrapper">
38 <div>
38 <div>
39 <p class="footer-link-right">
39 <p class="footer-link-right">
40 % if c.visual.show_version:
40 % if c.visual.show_version:
41 RhodeCode Enterprise ${c.rhodecode_version} ${c.rhodecode_edition}
41 RhodeCode Enterprise ${c.rhodecode_version} ${c.rhodecode_edition}
42 % endif
42 % endif
43 &copy; 2010-${h.datetime.today().year}, <a href="${h.url('rhodecode_official')}" target="_blank">RhodeCode GmbH</a>. All rights reserved.
43 &copy; 2010-${h.datetime.today().year}, <a href="${h.url('rhodecode_official')}" target="_blank">RhodeCode GmbH</a>. All rights reserved.
44 % if c.visual.rhodecode_support_url:
44 % if c.visual.rhodecode_support_url:
45 <a href="${c.visual.rhodecode_support_url}" target="_blank">${_('Support')}</a>
45 <a href="${c.visual.rhodecode_support_url}" target="_blank">${_('Support')}</a>
46 % endif
46 % endif
47 </p>
47 </p>
48 <% sid = 'block' if request.GET.get('showrcid') else 'none' %>
48 <% sid = 'block' if request.GET.get('showrcid') else 'none' %>
49 <p class="server-instance" style="display:${sid}">
49 <p class="server-instance" style="display:${sid}">
50 ## display hidden instance ID if specially defined
50 ## display hidden instance ID if specially defined
51 % if c.rhodecode_instanceid:
51 % if c.rhodecode_instanceid:
52 ${_('RhodeCode instance id: %s') % c.rhodecode_instanceid}
52 ${_('RhodeCode instance id: %s') % c.rhodecode_instanceid}
53 % endif
53 % endif
54 </p>
54 </p>
55 </div>
55 </div>
56 </div>
56 </div>
57 </div>
57 </div>
58
58
59 <!-- END FOOTER -->
59 <!-- END FOOTER -->
60
60
61 ### MAKO DEFS ###
61 ### MAKO DEFS ###
62
62
63 <%def name="menu_bar_subnav()">
63 <%def name="menu_bar_subnav()">
64 </%def>
64 </%def>
65
65
66 <%def name="flash_msg()">
66 <%def name="flash_msg()">
67 <%include file="/base/flash_msg.html"/>
67 <%include file="/base/flash_msg.html"/>
68 </%def>
68 </%def>
69
69
70 <%def name="breadcrumbs(class_='breadcrumbs')">
70 <%def name="breadcrumbs(class_='breadcrumbs')">
71 <div class="${class_}">
71 <div class="${class_}">
72 ${self.breadcrumbs_links()}
72 ${self.breadcrumbs_links()}
73 </div>
73 </div>
74 </%def>
74 </%def>
75
75
76 <%def name="admin_menu()">
76 <%def name="admin_menu()">
77 <ul class="admin_menu submenu">
77 <ul class="admin_menu submenu">
78 <li><a href="${h.url('admin_home')}">${_('Admin journal')}</a></li>
78 <li><a href="${h.url('admin_home')}">${_('Admin journal')}</a></li>
79 <li><a href="${h.url('repos')}">${_('Repositories')}</a></li>
79 <li><a href="${h.url('repos')}">${_('Repositories')}</a></li>
80 <li><a href="${h.url('repo_groups')}">${_('Repository groups')}</a></li>
80 <li><a href="${h.url('repo_groups')}">${_('Repository groups')}</a></li>
81 <li><a href="${h.url('users')}">${_('Users')}</a></li>
81 <li><a href="${h.url('users')}">${_('Users')}</a></li>
82 <li><a href="${h.url('users_groups')}">${_('User groups')}</a></li>
82 <li><a href="${h.url('users_groups')}">${_('User groups')}</a></li>
83 <li><a href="${h.url('admin_permissions_application')}">${_('Permissions')}</a></li>
83 <li><a href="${h.url('admin_permissions_application')}">${_('Permissions')}</a></li>
84 <li><a href="${h.route_path('auth_home', traverse='')}">${_('Authentication')}</a></li>
84 <li><a href="${h.route_path('auth_home', traverse='')}">${_('Authentication')}</a></li>
85 <li><a href="${h.url('admin_defaults_repositories')}">${_('Defaults')}</a></li>
85 <li><a href="${h.url('admin_defaults_repositories')}">${_('Defaults')}</a></li>
86 <li class="last"><a href="${h.url('admin_settings')}">${_('Settings')}</a></li>
86 <li class="last"><a href="${h.url('admin_settings')}">${_('Settings')}</a></li>
87 </ul>
87 </ul>
88 </%def>
88 </%def>
89
89
90
90
91 <%def name="dt_info_panel(elements)">
91 <%def name="dt_info_panel(elements)">
92 <dl class="dl-horizontal">
92 <dl class="dl-horizontal">
93 %for dt, dd, title, show_items in elements:
93 %for dt, dd, title, show_items in elements:
94 <dt>${dt}:</dt>
94 <dt>${dt}:</dt>
95 <dd title="${title}">
95 <dd title="${title}">
96 %if callable(dd):
96 %if callable(dd):
97 ## allow lazy evaluation of elements
97 ## allow lazy evaluation of elements
98 ${dd()}
98 ${dd()}
99 %else:
99 %else:
100 ${dd}
100 ${dd}
101 %endif
101 %endif
102 %if show_items:
102 %if show_items:
103 <span class="btn-collapse" data-toggle="item-${h.md5(dt)[:6]}-details">${_('Show More')} </span>
103 <span class="btn-collapse" data-toggle="item-${h.md5(dt)[:6]}-details">${_('Show More')} </span>
104 %endif
104 %endif
105 </dd>
105 </dd>
106
106
107 %if show_items:
107 %if show_items:
108 <div class="collapsable-content" data-toggle="item-${h.md5(dt)[:6]}-details" style="display: none">
108 <div class="collapsable-content" data-toggle="item-${h.md5(dt)[:6]}-details" style="display: none">
109 %for item in show_items:
109 %for item in show_items:
110 <dt></dt>
110 <dt></dt>
111 <dd>${item}</dd>
111 <dd>${item}</dd>
112 %endfor
112 %endfor
113 </div>
113 </div>
114 %endif
114 %endif
115
115
116 %endfor
116 %endfor
117 </dl>
117 </dl>
118 </%def>
118 </%def>
119
119
120
120
121 <%def name="gravatar(email, size=16)">
121 <%def name="gravatar(email, size=16)">
122 <%
122 <%
123 if (size > 16):
123 if (size > 16):
124 gravatar_class = 'gravatar gravatar-large'
124 gravatar_class = 'gravatar gravatar-large'
125 else:
125 else:
126 gravatar_class = 'gravatar'
126 gravatar_class = 'gravatar'
127 %>
127 %>
128 <%doc>
128 <%doc>
129 TODO: johbo: For now we serve double size images to make it smooth
129 TODO: johbo: For now we serve double size images to make it smooth
130 for retina. This is how it worked until now. Should be replaced
130 for retina. This is how it worked until now. Should be replaced
131 with a better solution at some point.
131 with a better solution at some point.
132 </%doc>
132 </%doc>
133 <img class="${gravatar_class}" src="${h.gravatar_url(email, size * 2)}" height="${size}" width="${size}">
133 <img class="${gravatar_class}" src="${h.gravatar_url(email, size * 2)}" height="${size}" width="${size}">
134 </%def>
134 </%def>
135
135
136
136
137 <%def name="gravatar_with_user(contact, size=16, show_disabled=False)">
137 <%def name="gravatar_with_user(contact, size=16, show_disabled=False)">
138 <div class="rc-user tooltip" title="${contact}">
138 <div class="rc-user tooltip" title="${contact}">
139 ${self.gravatar(h.email_or_none(contact), size)}
139 ${self.gravatar(h.email_or_none(contact), size)}
140 <span class="${'user user-disabled' if show_disabled else 'user'}"> ${h.link_to_user(contact)}</span>
140 <span class="${'user user-disabled' if show_disabled else 'user'}"> ${h.link_to_user(contact)}</span>
141 </div>
141 </div>
142 </%def>
142 </%def>
143
143
144
144
145 ## admin menu used for people that have some admin resources
145 ## admin menu used for people that have some admin resources
146 <%def name="admin_menu_simple(repositories=None, repository_groups=None, user_groups=None)">
146 <%def name="admin_menu_simple(repositories=None, repository_groups=None, user_groups=None)">
147 <ul class="submenu">
147 <ul class="submenu">
148 %if repositories:
148 %if repositories:
149 <li><a href="${h.url('repos')}">${_('Repositories')}</a></li>
149 <li><a href="${h.url('repos')}">${_('Repositories')}</a></li>
150 %endif
150 %endif
151 %if repository_groups:
151 %if repository_groups:
152 <li><a href="${h.url('repo_groups')}">${_('Repository groups')}</a></li>
152 <li><a href="${h.url('repo_groups')}">${_('Repository groups')}</a></li>
153 %endif
153 %endif
154 %if user_groups:
154 %if user_groups:
155 <li><a href="${h.url('users_groups')}">${_('User groups')}</a></li>
155 <li><a href="${h.url('users_groups')}">${_('User groups')}</a></li>
156 %endif
156 %endif
157 </ul>
157 </ul>
158 </%def>
158 </%def>
159
159
160 <%def name="repo_page_title(repo_instance)">
160 <%def name="repo_page_title(repo_instance)">
161 <div class="title-content">
161 <div class="title-content">
162 <div class="title-main">
162 <div class="title-main">
163 ## SVN/HG/GIT icons
163 ## SVN/HG/GIT icons
164 %if h.is_hg(repo_instance):
164 %if h.is_hg(repo_instance):
165 <i class="icon-hg"></i>
165 <i class="icon-hg"></i>
166 %endif
166 %endif
167 %if h.is_git(repo_instance):
167 %if h.is_git(repo_instance):
168 <i class="icon-git"></i>
168 <i class="icon-git"></i>
169 %endif
169 %endif
170 %if h.is_svn(repo_instance):
170 %if h.is_svn(repo_instance):
171 <i class="icon-svn"></i>
171 <i class="icon-svn"></i>
172 %endif
172 %endif
173
173
174 ## public/private
174 ## public/private
175 %if repo_instance.private:
175 %if repo_instance.private:
176 <i class="icon-repo-private"></i>
176 <i class="icon-repo-private"></i>
177 %else:
177 %else:
178 <i class="icon-repo-public"></i>
178 <i class="icon-repo-public"></i>
179 %endif
179 %endif
180
180
181 ## repo name with group name
181 ## repo name with group name
182 ${h.breadcrumb_repo_link(c.rhodecode_db_repo)}
182 ${h.breadcrumb_repo_link(c.rhodecode_db_repo)}
183
183
184 </div>
184 </div>
185
185
186 ## FORKED
186 ## FORKED
187 %if repo_instance.fork:
187 %if repo_instance.fork:
188 <p>
188 <p>
189 <i class="icon-code-fork"></i> ${_('Fork of')}
189 <i class="icon-code-fork"></i> ${_('Fork of')}
190 <a href="${h.url('summary_home',repo_name=repo_instance.fork.repo_name)}">${repo_instance.fork.repo_name}</a>
190 <a href="${h.url('summary_home',repo_name=repo_instance.fork.repo_name)}">${repo_instance.fork.repo_name}</a>
191 </p>
191 </p>
192 %endif
192 %endif
193
193
194 ## IMPORTED FROM REMOTE
194 ## IMPORTED FROM REMOTE
195 %if repo_instance.clone_uri:
195 %if repo_instance.clone_uri:
196 <p>
196 <p>
197 <i class="icon-code-fork"></i> ${_('Clone from')}
197 <i class="icon-code-fork"></i> ${_('Clone from')}
198 <a href="${h.url(str(h.hide_credentials(repo_instance.clone_uri)))}">${h.hide_credentials(repo_instance.clone_uri)}</a>
198 <a href="${h.url(h.safe_str(h.hide_credentials(repo_instance.clone_uri)))}">${h.hide_credentials(repo_instance.clone_uri)}</a>
199 </p>
199 </p>
200 %endif
200 %endif
201
201
202 ## LOCKING STATUS
202 ## LOCKING STATUS
203 %if repo_instance.locked[0]:
203 %if repo_instance.locked[0]:
204 <p class="locking_locked">
204 <p class="locking_locked">
205 <i class="icon-repo-lock"></i>
205 <i class="icon-repo-lock"></i>
206 ${_('Repository locked by %(user)s') % {'user': h.person_by_id(repo_instance.locked[0])}}
206 ${_('Repository locked by %(user)s') % {'user': h.person_by_id(repo_instance.locked[0])}}
207 </p>
207 </p>
208 %elif repo_instance.enable_locking:
208 %elif repo_instance.enable_locking:
209 <p class="locking_unlocked">
209 <p class="locking_unlocked">
210 <i class="icon-repo-unlock"></i>
210 <i class="icon-repo-unlock"></i>
211 ${_('Repository not locked. Pull repository to lock it.')}
211 ${_('Repository not locked. Pull repository to lock it.')}
212 </p>
212 </p>
213 %endif
213 %endif
214
214
215 </div>
215 </div>
216 </%def>
216 </%def>
217
217
218 <%def name="repo_menu(active=None)">
218 <%def name="repo_menu(active=None)">
219 <%
219 <%
220 def is_active(selected):
220 def is_active(selected):
221 if selected == active:
221 if selected == active:
222 return "active"
222 return "active"
223 %>
223 %>
224
224
225 <!--- CONTEXT BAR -->
225 <!--- CONTEXT BAR -->
226 <div id="context-bar">
226 <div id="context-bar">
227 <div class="wrapper">
227 <div class="wrapper">
228 <ul id="context-pages" class="horizontal-list navigation">
228 <ul id="context-pages" class="horizontal-list navigation">
229 <li class="${is_active('summary')}"><a class="menulink" href="${h.url('summary_home', repo_name=c.repo_name)}"><div class="menulabel">${_('Summary')}</div></a></li>
229 <li class="${is_active('summary')}"><a class="menulink" href="${h.url('summary_home', repo_name=c.repo_name)}"><div class="menulabel">${_('Summary')}</div></a></li>
230 <li class="${is_active('changelog')}"><a class="menulink" href="${h.url('changelog_home', repo_name=c.repo_name)}"><div class="menulabel">${_('Changelog')}</div></a></li>
230 <li class="${is_active('changelog')}"><a class="menulink" href="${h.url('changelog_home', repo_name=c.repo_name)}"><div class="menulabel">${_('Changelog')}</div></a></li>
231 <li class="${is_active('files')}"><a class="menulink" href="${h.url('files_home', repo_name=c.repo_name, revision=c.rhodecode_db_repo.landing_rev[1])}"><div class="menulabel">${_('Files')}</div></a></li>
231 <li class="${is_active('files')}"><a class="menulink" href="${h.url('files_home', repo_name=c.repo_name, revision=c.rhodecode_db_repo.landing_rev[1])}"><div class="menulabel">${_('Files')}</div></a></li>
232 <li class="${is_active('compare')}">
232 <li class="${is_active('compare')}">
233 <a class="menulink" href="${h.url('compare_home',repo_name=c.repo_name)}"><div class="menulabel">${_('Compare')}</div></a>
233 <a class="menulink" href="${h.url('compare_home',repo_name=c.repo_name)}"><div class="menulabel">${_('Compare')}</div></a>
234 </li>
234 </li>
235 ## TODO: anderson: ideally it would have a function on the scm_instance "enable_pullrequest() and enable_fork()"
235 ## TODO: anderson: ideally it would have a function on the scm_instance "enable_pullrequest() and enable_fork()"
236 %if c.rhodecode_db_repo.repo_type in ['git','hg']:
236 %if c.rhodecode_db_repo.repo_type in ['git','hg']:
237 <li class="${is_active('showpullrequest')}">
237 <li class="${is_active('showpullrequest')}">
238 <a class="menulink" href="${h.url('pullrequest_show_all',repo_name=c.repo_name)}" title="${_('Show Pull Requests for %s') % c.repo_name}">
238 <a class="menulink" href="${h.url('pullrequest_show_all',repo_name=c.repo_name)}" title="${_('Show Pull Requests for %s') % c.repo_name}">
239 %if c.repository_pull_requests:
239 %if c.repository_pull_requests:
240 <span class="pr_notifications">${c.repository_pull_requests}</span>
240 <span class="pr_notifications">${c.repository_pull_requests}</span>
241 %endif
241 %endif
242 <div class="menulabel">${_('Pull Requests')}</div>
242 <div class="menulabel">${_('Pull Requests')}</div>
243 </a>
243 </a>
244 </li>
244 </li>
245 %endif
245 %endif
246 <li class="${is_active('options')}">
246 <li class="${is_active('options')}">
247 <a class="menulink" href="#" class="dropdown"><div class="menulabel">${_('Options')} <div class="show_more"></div></div></a>
247 <a class="menulink" href="#" class="dropdown"><div class="menulabel">${_('Options')} <div class="show_more"></div></div></a>
248 <ul class="submenu">
248 <ul class="submenu">
249 %if h.HasRepoPermissionAll('repository.admin')(c.repo_name):
249 %if h.HasRepoPermissionAll('repository.admin')(c.repo_name):
250 <li><a href="${h.url('edit_repo',repo_name=c.repo_name)}">${_('Settings')}</a></li>
250 <li><a href="${h.url('edit_repo',repo_name=c.repo_name)}">${_('Settings')}</a></li>
251 %endif
251 %endif
252 %if c.rhodecode_db_repo.fork:
252 %if c.rhodecode_db_repo.fork:
253 <li><a href="${h.url('compare_url',repo_name=c.rhodecode_db_repo.fork.repo_name,source_ref_type=c.rhodecode_db_repo.landing_rev[0],source_ref=c.rhodecode_db_repo.landing_rev[1], target_repo=c.repo_name,target_ref_type='branch' if request.GET.get('branch') else c.rhodecode_db_repo.landing_rev[0],target_ref=request.GET.get('branch') or c.rhodecode_db_repo.landing_rev[1], merge=1)}">
253 <li><a href="${h.url('compare_url',repo_name=c.rhodecode_db_repo.fork.repo_name,source_ref_type=c.rhodecode_db_repo.landing_rev[0],source_ref=c.rhodecode_db_repo.landing_rev[1], target_repo=c.repo_name,target_ref_type='branch' if request.GET.get('branch') else c.rhodecode_db_repo.landing_rev[0],target_ref=request.GET.get('branch') or c.rhodecode_db_repo.landing_rev[1], merge=1)}">
254 ${_('Compare fork')}</a></li>
254 ${_('Compare fork')}</a></li>
255 %endif
255 %endif
256
256
257 <li><a href="${h.url('search_repo_home',repo_name=c.repo_name)}">${_('Search')}</a></li>
257 <li><a href="${h.url('search_repo_home',repo_name=c.repo_name)}">${_('Search')}</a></li>
258
258
259 %if h.HasRepoPermissionAny('repository.write','repository.admin')(c.repo_name) and c.rhodecode_db_repo.enable_locking:
259 %if h.HasRepoPermissionAny('repository.write','repository.admin')(c.repo_name) and c.rhodecode_db_repo.enable_locking:
260 %if c.rhodecode_db_repo.locked[0]:
260 %if c.rhodecode_db_repo.locked[0]:
261 <li><a class="locking_del" href="${h.url('toggle_locking',repo_name=c.repo_name)}">${_('Unlock')}</a></li>
261 <li><a class="locking_del" href="${h.url('toggle_locking',repo_name=c.repo_name)}">${_('Unlock')}</a></li>
262 %else:
262 %else:
263 <li><a class="locking_add" href="${h.url('toggle_locking',repo_name=c.repo_name)}">${_('Lock')}</a></li>
263 <li><a class="locking_add" href="${h.url('toggle_locking',repo_name=c.repo_name)}">${_('Lock')}</a></li>
264 %endif
264 %endif
265 %endif
265 %endif
266 %if c.rhodecode_user.username != h.DEFAULT_USER:
266 %if c.rhodecode_user.username != h.DEFAULT_USER:
267 %if c.rhodecode_db_repo.repo_type in ['git','hg']:
267 %if c.rhodecode_db_repo.repo_type in ['git','hg']:
268 <li><a href="${h.url('repo_fork_home',repo_name=c.repo_name)}">${_('Fork')}</a></li>
268 <li><a href="${h.url('repo_fork_home',repo_name=c.repo_name)}">${_('Fork')}</a></li>
269 <li><a href="${h.url('pullrequest_home',repo_name=c.repo_name)}">${_('Create Pull Request')}</a></li>
269 <li><a href="${h.url('pullrequest_home',repo_name=c.repo_name)}">${_('Create Pull Request')}</a></li>
270 %endif
270 %endif
271 %endif
271 %endif
272 </ul>
272 </ul>
273 </li>
273 </li>
274 </ul>
274 </ul>
275 </div>
275 </div>
276 <div class="clear"></div>
276 <div class="clear"></div>
277 </div>
277 </div>
278 <!--- END CONTEXT BAR -->
278 <!--- END CONTEXT BAR -->
279
279
280 </%def>
280 </%def>
281
281
282 <%def name="usermenu()">
282 <%def name="usermenu()">
283 ## USER MENU
283 ## USER MENU
284 <li id="quick_login_li">
284 <li id="quick_login_li">
285 <a id="quick_login_link" class="menulink childs">
285 <a id="quick_login_link" class="menulink childs">
286 ${gravatar(c.rhodecode_user.email, 20)}
286 ${gravatar(c.rhodecode_user.email, 20)}
287 <span class="user">
287 <span class="user">
288 %if c.rhodecode_user.username != h.DEFAULT_USER:
288 %if c.rhodecode_user.username != h.DEFAULT_USER:
289 <span class="menu_link_user">${c.rhodecode_user.username}</span><div class="show_more"></div>
289 <span class="menu_link_user">${c.rhodecode_user.username}</span><div class="show_more"></div>
290 %else:
290 %else:
291 <span>${_('Sign in')}</span>
291 <span>${_('Sign in')}</span>
292 %endif
292 %endif
293 </span>
293 </span>
294 </a>
294 </a>
295
295
296 <div class="user-menu submenu">
296 <div class="user-menu submenu">
297 <div id="quick_login">
297 <div id="quick_login">
298 %if c.rhodecode_user.username == h.DEFAULT_USER:
298 %if c.rhodecode_user.username == h.DEFAULT_USER:
299 <h4>${_('Sign in to your account')}</h4>
299 <h4>${_('Sign in to your account')}</h4>
300 ${h.form(h.route_path('login', _query={'came_from': h.url.current()}), needs_csrf_token=False)}
300 ${h.form(h.route_path('login', _query={'came_from': h.url.current()}), needs_csrf_token=False)}
301 <div class="form form-vertical">
301 <div class="form form-vertical">
302 <div class="fields">
302 <div class="fields">
303 <div class="field">
303 <div class="field">
304 <div class="label">
304 <div class="label">
305 <label for="username">${_('Username')}:</label>
305 <label for="username">${_('Username')}:</label>
306 </div>
306 </div>
307 <div class="input">
307 <div class="input">
308 ${h.text('username',class_='focus',tabindex=1)}
308 ${h.text('username',class_='focus',tabindex=1)}
309 </div>
309 </div>
310
310
311 </div>
311 </div>
312 <div class="field">
312 <div class="field">
313 <div class="label">
313 <div class="label">
314 <label for="password">${_('Password')}:</label>
314 <label for="password">${_('Password')}:</label>
315 <span class="forgot_password">${h.link_to(_('(Forgot password?)'),h.route_path('reset_password'))}</span>
315 <span class="forgot_password">${h.link_to(_('(Forgot password?)'),h.route_path('reset_password'))}</span>
316 </div>
316 </div>
317 <div class="input">
317 <div class="input">
318 ${h.password('password',class_='focus',tabindex=2)}
318 ${h.password('password',class_='focus',tabindex=2)}
319 </div>
319 </div>
320 </div>
320 </div>
321 <div class="buttons">
321 <div class="buttons">
322 <div class="register">
322 <div class="register">
323 %if h.HasPermissionAny('hg.admin', 'hg.register.auto_activate', 'hg.register.manual_activate')():
323 %if h.HasPermissionAny('hg.admin', 'hg.register.auto_activate', 'hg.register.manual_activate')():
324 ${h.link_to(_("Don't have an account ?"),h.route_path('register'))}
324 ${h.link_to(_("Don't have an account ?"),h.route_path('register'))}
325 %endif
325 %endif
326 </div>
326 </div>
327 <div class="submit">
327 <div class="submit">
328 ${h.submit('sign_in',_('Sign In'),class_="btn btn-small",tabindex=3)}
328 ${h.submit('sign_in',_('Sign In'),class_="btn btn-small",tabindex=3)}
329 </div>
329 </div>
330 </div>
330 </div>
331 </div>
331 </div>
332 </div>
332 </div>
333 ${h.end_form()}
333 ${h.end_form()}
334 %else:
334 %else:
335 <div class="">
335 <div class="">
336 <div class="big_gravatar">${gravatar(c.rhodecode_user.email, 48)}</div>
336 <div class="big_gravatar">${gravatar(c.rhodecode_user.email, 48)}</div>
337 <div class="full_name">${c.rhodecode_user.full_name_or_username}</div>
337 <div class="full_name">${c.rhodecode_user.full_name_or_username}</div>
338 <div class="email">${c.rhodecode_user.email}</div>
338 <div class="email">${c.rhodecode_user.email}</div>
339 </div>
339 </div>
340 <div class="">
340 <div class="">
341 <ol class="links">
341 <ol class="links">
342 <li>${h.link_to(_(u'My account'),h.url('my_account'))}</li>
342 <li>${h.link_to(_(u'My account'),h.url('my_account'))}</li>
343 <li class="logout">
343 <li class="logout">
344 ${h.secure_form(h.route_path('logout'))}
344 ${h.secure_form(h.route_path('logout'))}
345 ${h.submit('log_out', _(u'Sign Out'),class_="btn btn-primary")}
345 ${h.submit('log_out', _(u'Sign Out'),class_="btn btn-primary")}
346 ${h.end_form()}
346 ${h.end_form()}
347 </li>
347 </li>
348 </ol>
348 </ol>
349 </div>
349 </div>
350 %endif
350 %endif
351 </div>
351 </div>
352 </div>
352 </div>
353 %if c.rhodecode_user.username != h.DEFAULT_USER:
353 %if c.rhodecode_user.username != h.DEFAULT_USER:
354 <div class="pill_container">
354 <div class="pill_container">
355 % if c.unread_notifications == 0:
355 % if c.unread_notifications == 0:
356 <a class="menu_link_notifications empty" href="${h.url('notifications')}">${c.unread_notifications}</a>
356 <a class="menu_link_notifications empty" href="${h.url('notifications')}">${c.unread_notifications}</a>
357 % else:
357 % else:
358 <a class="menu_link_notifications" href="${h.url('notifications')}">${c.unread_notifications}</a>
358 <a class="menu_link_notifications" href="${h.url('notifications')}">${c.unread_notifications}</a>
359 % endif
359 % endif
360 </div>
360 </div>
361 % endif
361 % endif
362 </li>
362 </li>
363 </%def>
363 </%def>
364
364
365 <%def name="menu_items(active=None)">
365 <%def name="menu_items(active=None)">
366 <%
366 <%
367 def is_active(selected):
367 def is_active(selected):
368 if selected == active:
368 if selected == active:
369 return "active"
369 return "active"
370 return ""
370 return ""
371 %>
371 %>
372 <ul id="quick" class="main_nav navigation horizontal-list">
372 <ul id="quick" class="main_nav navigation horizontal-list">
373 <!-- repo switcher -->
373 <!-- repo switcher -->
374 <li class="${is_active('repositories')} repo_switcher_li has_select2">
374 <li class="${is_active('repositories')} repo_switcher_li has_select2">
375 <input id="repo_switcher" name="repo_switcher" type="hidden">
375 <input id="repo_switcher" name="repo_switcher" type="hidden">
376 </li>
376 </li>
377
377
378 ## ROOT MENU
378 ## ROOT MENU
379 %if c.rhodecode_user.username != h.DEFAULT_USER:
379 %if c.rhodecode_user.username != h.DEFAULT_USER:
380 <li class="${is_active('journal')}">
380 <li class="${is_active('journal')}">
381 <a class="menulink" title="${_('Show activity journal')}" href="${h.url('journal')}">
381 <a class="menulink" title="${_('Show activity journal')}" href="${h.url('journal')}">
382 <div class="menulabel">${_('Journal')}</div>
382 <div class="menulabel">${_('Journal')}</div>
383 </a>
383 </a>
384 </li>
384 </li>
385 %else:
385 %else:
386 <li class="${is_active('journal')}">
386 <li class="${is_active('journal')}">
387 <a class="menulink" title="${_('Show Public activity journal')}" href="${h.url('public_journal')}">
387 <a class="menulink" title="${_('Show Public activity journal')}" href="${h.url('public_journal')}">
388 <div class="menulabel">${_('Public journal')}</div>
388 <div class="menulabel">${_('Public journal')}</div>
389 </a>
389 </a>
390 </li>
390 </li>
391 %endif
391 %endif
392 <li class="${is_active('gists')}">
392 <li class="${is_active('gists')}">
393 <a class="menulink childs" title="${_('Show Gists')}" href="${h.url('gists')}">
393 <a class="menulink childs" title="${_('Show Gists')}" href="${h.url('gists')}">
394 <div class="menulabel">${_('Gists')}</div>
394 <div class="menulabel">${_('Gists')}</div>
395 </a>
395 </a>
396 </li>
396 </li>
397 <li class="${is_active('search')}">
397 <li class="${is_active('search')}">
398 <a class="menulink" title="${_('Search in repositories you have access to')}" href="${h.url('search')}">
398 <a class="menulink" title="${_('Search in repositories you have access to')}" href="${h.url('search')}">
399 <div class="menulabel">${_('Search')}</div>
399 <div class="menulabel">${_('Search')}</div>
400 </a>
400 </a>
401 </li>
401 </li>
402 % if h.HasPermissionAll('hg.admin')('access admin main page'):
402 % if h.HasPermissionAll('hg.admin')('access admin main page'):
403 <li class="${is_active('admin')}">
403 <li class="${is_active('admin')}">
404 <a class="menulink childs" title="${_('Admin settings')}" href="#" onclick="return false;">
404 <a class="menulink childs" title="${_('Admin settings')}" href="#" onclick="return false;">
405 <div class="menulabel">${_('Admin')} <div class="show_more"></div></div>
405 <div class="menulabel">${_('Admin')} <div class="show_more"></div></div>
406 </a>
406 </a>
407 ${admin_menu()}
407 ${admin_menu()}
408 </li>
408 </li>
409 % elif c.rhodecode_user.repositories_admin or c.rhodecode_user.repository_groups_admin or c.rhodecode_user.user_groups_admin:
409 % elif c.rhodecode_user.repositories_admin or c.rhodecode_user.repository_groups_admin or c.rhodecode_user.user_groups_admin:
410 <li class="${is_active('admin')}">
410 <li class="${is_active('admin')}">
411 <a class="menulink childs" title="${_('Delegated Admin settings')}">
411 <a class="menulink childs" title="${_('Delegated Admin settings')}">
412 <div class="menulabel">${_('Admin')} <div class="show_more"></div></div>
412 <div class="menulabel">${_('Admin')} <div class="show_more"></div></div>
413 </a>
413 </a>
414 ${admin_menu_simple(c.rhodecode_user.repositories_admin,
414 ${admin_menu_simple(c.rhodecode_user.repositories_admin,
415 c.rhodecode_user.repository_groups_admin,
415 c.rhodecode_user.repository_groups_admin,
416 c.rhodecode_user.user_groups_admin or h.HasPermissionAny('hg.usergroup.create.true')())}
416 c.rhodecode_user.user_groups_admin or h.HasPermissionAny('hg.usergroup.create.true')())}
417 </li>
417 </li>
418 % endif
418 % endif
419 % if c.debug_style:
419 % if c.debug_style:
420 <li class="${is_active('debug_style')}">
420 <li class="${is_active('debug_style')}">
421 <a class="menulink" title="${_('Style')}" href="${h.url('debug_style_home')}">
421 <a class="menulink" title="${_('Style')}" href="${h.url('debug_style_home')}">
422 <div class="menulabel">${_('Style')}</div>
422 <div class="menulabel">${_('Style')}</div>
423 </a>
423 </a>
424 </li>
424 </li>
425 % endif
425 % endif
426 ## render extra user menu
426 ## render extra user menu
427 ${usermenu()}
427 ${usermenu()}
428 </ul>
428 </ul>
429
429
430 <script type="text/javascript">
430 <script type="text/javascript">
431 var visual_show_public_icon = "${c.visual.show_public_icon}" == "True";
431 var visual_show_public_icon = "${c.visual.show_public_icon}" == "True";
432
432
433 /*format the look of items in the list*/
433 /*format the look of items in the list*/
434 var format = function(state, escapeMarkup){
434 var format = function(state, escapeMarkup){
435 if (!state.id){
435 if (!state.id){
436 return state.text; // optgroup
436 return state.text; // optgroup
437 }
437 }
438 var obj_dict = state.obj;
438 var obj_dict = state.obj;
439 var tmpl = '';
439 var tmpl = '';
440
440
441 if(obj_dict && state.type == 'repo'){
441 if(obj_dict && state.type == 'repo'){
442 if(obj_dict['repo_type'] === 'hg'){
442 if(obj_dict['repo_type'] === 'hg'){
443 tmpl += '<i class="icon-hg"></i> ';
443 tmpl += '<i class="icon-hg"></i> ';
444 }
444 }
445 else if(obj_dict['repo_type'] === 'git'){
445 else if(obj_dict['repo_type'] === 'git'){
446 tmpl += '<i class="icon-git"></i> ';
446 tmpl += '<i class="icon-git"></i> ';
447 }
447 }
448 else if(obj_dict['repo_type'] === 'svn'){
448 else if(obj_dict['repo_type'] === 'svn'){
449 tmpl += '<i class="icon-svn"></i> ';
449 tmpl += '<i class="icon-svn"></i> ';
450 }
450 }
451 if(obj_dict['private']){
451 if(obj_dict['private']){
452 tmpl += '<i class="icon-lock" ></i> ';
452 tmpl += '<i class="icon-lock" ></i> ';
453 }
453 }
454 else if(visual_show_public_icon){
454 else if(visual_show_public_icon){
455 tmpl += '<i class="icon-unlock-alt"></i> ';
455 tmpl += '<i class="icon-unlock-alt"></i> ';
456 }
456 }
457 }
457 }
458 if(obj_dict && state.type == 'commit') {
458 if(obj_dict && state.type == 'commit') {
459 tmpl += '<i class="icon-tag"></i>';
459 tmpl += '<i class="icon-tag"></i>';
460 }
460 }
461 if(obj_dict && state.type == 'group'){
461 if(obj_dict && state.type == 'group'){
462 tmpl += '<i class="icon-folder-close"></i> ';
462 tmpl += '<i class="icon-folder-close"></i> ';
463 }
463 }
464 tmpl += escapeMarkup(state.text);
464 tmpl += escapeMarkup(state.text);
465 return tmpl;
465 return tmpl;
466 };
466 };
467
467
468 var formatResult = function(result, container, query, escapeMarkup) {
468 var formatResult = function(result, container, query, escapeMarkup) {
469 return format(result, escapeMarkup);
469 return format(result, escapeMarkup);
470 };
470 };
471
471
472 var formatSelection = function(data, container, escapeMarkup) {
472 var formatSelection = function(data, container, escapeMarkup) {
473 return format(data, escapeMarkup);
473 return format(data, escapeMarkup);
474 };
474 };
475
475
476 $("#repo_switcher").select2({
476 $("#repo_switcher").select2({
477 cachedDataSource: {},
477 cachedDataSource: {},
478 minimumInputLength: 2,
478 minimumInputLength: 2,
479 placeholder: '<div class="menulabel">${_('Go to')} <div class="show_more"></div></div>',
479 placeholder: '<div class="menulabel">${_('Go to')} <div class="show_more"></div></div>',
480 dropdownAutoWidth: true,
480 dropdownAutoWidth: true,
481 formatResult: formatResult,
481 formatResult: formatResult,
482 formatSelection: formatSelection,
482 formatSelection: formatSelection,
483 containerCssClass: "repo-switcher",
483 containerCssClass: "repo-switcher",
484 dropdownCssClass: "repo-switcher-dropdown",
484 dropdownCssClass: "repo-switcher-dropdown",
485 escapeMarkup: function(m){
485 escapeMarkup: function(m){
486 // don't escape our custom placeholder
486 // don't escape our custom placeholder
487 if(m.substr(0,23) == '<div class="menulabel">'){
487 if(m.substr(0,23) == '<div class="menulabel">'){
488 return m;
488 return m;
489 }
489 }
490
490
491 return Select2.util.escapeMarkup(m);
491 return Select2.util.escapeMarkup(m);
492 },
492 },
493 query: $.debounce(250, function(query){
493 query: $.debounce(250, function(query){
494 self = this;
494 self = this;
495 var cacheKey = query.term;
495 var cacheKey = query.term;
496 var cachedData = self.cachedDataSource[cacheKey];
496 var cachedData = self.cachedDataSource[cacheKey];
497
497
498 if (cachedData) {
498 if (cachedData) {
499 query.callback({results: cachedData.results});
499 query.callback({results: cachedData.results});
500 } else {
500 } else {
501 $.ajax({
501 $.ajax({
502 url: "${h.url('goto_switcher_data')}",
502 url: "${h.url('goto_switcher_data')}",
503 data: {'query': query.term},
503 data: {'query': query.term},
504 dataType: 'json',
504 dataType: 'json',
505 type: 'GET',
505 type: 'GET',
506 success: function(data) {
506 success: function(data) {
507 self.cachedDataSource[cacheKey] = data;
507 self.cachedDataSource[cacheKey] = data;
508 query.callback({results: data.results});
508 query.callback({results: data.results});
509 },
509 },
510 error: function(data, textStatus, errorThrown) {
510 error: function(data, textStatus, errorThrown) {
511 alert("Error while fetching entries.\nError code {0} ({1}).".format(data.status, data.statusText));
511 alert("Error while fetching entries.\nError code {0} ({1}).".format(data.status, data.statusText));
512 }
512 }
513 })
513 })
514 }
514 }
515 })
515 })
516 });
516 });
517
517
518 $("#repo_switcher").on('select2-selecting', function(e){
518 $("#repo_switcher").on('select2-selecting', function(e){
519 e.preventDefault();
519 e.preventDefault();
520 window.location = e.choice.url;
520 window.location = e.choice.url;
521 });
521 });
522
522
523 ## Global mouse bindings ##
523 ## Global mouse bindings ##
524
524
525 // general help "?"
525 // general help "?"
526 Mousetrap.bind(['?'], function(e) {
526 Mousetrap.bind(['?'], function(e) {
527 $('#help_kb').modal({})
527 $('#help_kb').modal({})
528 });
528 });
529
529
530 // / open the quick filter
530 // / open the quick filter
531 Mousetrap.bind(['/'], function(e) {
531 Mousetrap.bind(['/'], function(e) {
532 $("#repo_switcher").select2("open");
532 $("#repo_switcher").select2("open");
533
533
534 // return false to prevent default browser behavior
534 // return false to prevent default browser behavior
535 // and stop event from bubbling
535 // and stop event from bubbling
536 return false;
536 return false;
537 });
537 });
538
538
539 // general nav g + action
539 // general nav g + action
540 Mousetrap.bind(['g h'], function(e) {
540 Mousetrap.bind(['g h'], function(e) {
541 window.location = pyroutes.url('home');
541 window.location = pyroutes.url('home');
542 });
542 });
543 Mousetrap.bind(['g g'], function(e) {
543 Mousetrap.bind(['g g'], function(e) {
544 window.location = pyroutes.url('gists', {'private':1});
544 window.location = pyroutes.url('gists', {'private':1});
545 });
545 });
546 Mousetrap.bind(['g G'], function(e) {
546 Mousetrap.bind(['g G'], function(e) {
547 window.location = pyroutes.url('gists', {'public':1});
547 window.location = pyroutes.url('gists', {'public':1});
548 });
548 });
549 Mousetrap.bind(['n g'], function(e) {
549 Mousetrap.bind(['n g'], function(e) {
550 window.location = pyroutes.url('new_gist');
550 window.location = pyroutes.url('new_gist');
551 });
551 });
552 Mousetrap.bind(['n r'], function(e) {
552 Mousetrap.bind(['n r'], function(e) {
553 window.location = pyroutes.url('new_repo');
553 window.location = pyroutes.url('new_repo');
554 });
554 });
555
555
556 % if hasattr(c, 'repo_name') and hasattr(c, 'rhodecode_db_repo'):
556 % if hasattr(c, 'repo_name') and hasattr(c, 'rhodecode_db_repo'):
557 // nav in repo context
557 // nav in repo context
558 Mousetrap.bind(['g s'], function(e) {
558 Mousetrap.bind(['g s'], function(e) {
559 window.location = pyroutes.url('summary_home', {'repo_name': REPO_NAME});
559 window.location = pyroutes.url('summary_home', {'repo_name': REPO_NAME});
560 });
560 });
561 Mousetrap.bind(['g c'], function(e) {
561 Mousetrap.bind(['g c'], function(e) {
562 window.location = pyroutes.url('changelog_home', {'repo_name': REPO_NAME});
562 window.location = pyroutes.url('changelog_home', {'repo_name': REPO_NAME});
563 });
563 });
564 Mousetrap.bind(['g F'], function(e) {
564 Mousetrap.bind(['g F'], function(e) {
565 window.location = pyroutes.url('files_home', {'repo_name': REPO_NAME, 'revision': '${c.rhodecode_db_repo.landing_rev[1]}', 'f_path': '', 'search': '1'});
565 window.location = pyroutes.url('files_home', {'repo_name': REPO_NAME, 'revision': '${c.rhodecode_db_repo.landing_rev[1]}', 'f_path': '', 'search': '1'});
566 });
566 });
567 Mousetrap.bind(['g f'], function(e) {
567 Mousetrap.bind(['g f'], function(e) {
568 window.location = pyroutes.url('files_home', {'repo_name': REPO_NAME, 'revision': '${c.rhodecode_db_repo.landing_rev[1]}', 'f_path': ''});
568 window.location = pyroutes.url('files_home', {'repo_name': REPO_NAME, 'revision': '${c.rhodecode_db_repo.landing_rev[1]}', 'f_path': ''});
569 });
569 });
570 Mousetrap.bind(['g p'], function(e) {
570 Mousetrap.bind(['g p'], function(e) {
571 window.location = pyroutes.url('pullrequest_show_all', {'repo_name': REPO_NAME});
571 window.location = pyroutes.url('pullrequest_show_all', {'repo_name': REPO_NAME});
572 });
572 });
573 Mousetrap.bind(['g o'], function(e) {
573 Mousetrap.bind(['g o'], function(e) {
574 window.location = pyroutes.url('edit_repo', {'repo_name': REPO_NAME});
574 window.location = pyroutes.url('edit_repo', {'repo_name': REPO_NAME});
575 });
575 });
576 Mousetrap.bind(['g O'], function(e) {
576 Mousetrap.bind(['g O'], function(e) {
577 window.location = pyroutes.url('edit_repo_perms', {'repo_name': REPO_NAME});
577 window.location = pyroutes.url('edit_repo_perms', {'repo_name': REPO_NAME});
578 });
578 });
579 % endif
579 % endif
580
580
581 </script>
581 </script>
582 <script src="${h.url('/js/rhodecode/base/keyboard-bindings.js', ver=c.rhodecode_version_hash)}"></script>
582 <script src="${h.url('/js/rhodecode/base/keyboard-bindings.js', ver=c.rhodecode_version_hash)}"></script>
583 </%def>
583 </%def>
584
584
585 <div class="modal" id="help_kb" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
585 <div class="modal" id="help_kb" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
586 <div class="modal-dialog">
586 <div class="modal-dialog">
587 <div class="modal-content">
587 <div class="modal-content">
588 <div class="modal-header">
588 <div class="modal-header">
589 <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
589 <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
590 <h4 class="modal-title" id="myModalLabel">${_('Keyboard shortcuts')}</h4>
590 <h4 class="modal-title" id="myModalLabel">${_('Keyboard shortcuts')}</h4>
591 </div>
591 </div>
592 <div class="modal-body">
592 <div class="modal-body">
593 <div class="block-left">
593 <div class="block-left">
594 <table class="keyboard-mappings">
594 <table class="keyboard-mappings">
595 <tbody>
595 <tbody>
596 <tr>
596 <tr>
597 <th></th>
597 <th></th>
598 <th>${_('Site-wide shortcuts')}</th>
598 <th>${_('Site-wide shortcuts')}</th>
599 </tr>
599 </tr>
600 <%
600 <%
601 elems = [
601 elems = [
602 ('/', 'Open quick search box'),
602 ('/', 'Open quick search box'),
603 ('g h', 'Goto home page'),
603 ('g h', 'Goto home page'),
604 ('g g', 'Goto my private gists page'),
604 ('g g', 'Goto my private gists page'),
605 ('g G', 'Goto my public gists page'),
605 ('g G', 'Goto my public gists page'),
606 ('n r', 'New repository page'),
606 ('n r', 'New repository page'),
607 ('n g', 'New gist page'),
607 ('n g', 'New gist page'),
608 ]
608 ]
609 %>
609 %>
610 %for key, desc in elems:
610 %for key, desc in elems:
611 <tr>
611 <tr>
612 <td class="keys">
612 <td class="keys">
613 <span class="key tag">${key}</span>
613 <span class="key tag">${key}</span>
614 </td>
614 </td>
615 <td>${desc}</td>
615 <td>${desc}</td>
616 </tr>
616 </tr>
617 %endfor
617 %endfor
618 </tbody>
618 </tbody>
619 </table>
619 </table>
620 </div>
620 </div>
621 <div class="block-left">
621 <div class="block-left">
622 <table class="keyboard-mappings">
622 <table class="keyboard-mappings">
623 <tbody>
623 <tbody>
624 <tr>
624 <tr>
625 <th></th>
625 <th></th>
626 <th>${_('Repositories')}</th>
626 <th>${_('Repositories')}</th>
627 </tr>
627 </tr>
628 <%
628 <%
629 elems = [
629 elems = [
630 ('g s', 'Goto summary page'),
630 ('g s', 'Goto summary page'),
631 ('g c', 'Goto changelog page'),
631 ('g c', 'Goto changelog page'),
632 ('g f', 'Goto files page'),
632 ('g f', 'Goto files page'),
633 ('g F', 'Goto files page with file search activated'),
633 ('g F', 'Goto files page with file search activated'),
634 ('g p', 'Goto pull requests page'),
634 ('g p', 'Goto pull requests page'),
635 ('g o', 'Goto repository settings'),
635 ('g o', 'Goto repository settings'),
636 ('g O', 'Goto repository permissions settings'),
636 ('g O', 'Goto repository permissions settings'),
637 ]
637 ]
638 %>
638 %>
639 %for key, desc in elems:
639 %for key, desc in elems:
640 <tr>
640 <tr>
641 <td class="keys">
641 <td class="keys">
642 <span class="key tag">${key}</span>
642 <span class="key tag">${key}</span>
643 </td>
643 </td>
644 <td>${desc}</td>
644 <td>${desc}</td>
645 </tr>
645 </tr>
646 %endfor
646 %endfor
647 </tbody>
647 </tbody>
648 </table>
648 </table>
649 </div>
649 </div>
650 </div>
650 </div>
651 <div class="modal-footer">
651 <div class="modal-footer">
652 </div>
652 </div>
653 </div><!-- /.modal-content -->
653 </div><!-- /.modal-content -->
654 </div><!-- /.modal-dialog -->
654 </div><!-- /.modal-dialog -->
655 </div><!-- /.modal -->
655 </div><!-- /.modal -->
@@ -1,40 +1,76 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2010-2016 RhodeCode GmbH
3 # Copyright (C) 2010-2016 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 import pytest
21 import pytest
22
22
23 from rhodecode.lib.encrypt import AESCipher
23 from rhodecode.lib.encrypt import (
24 AESCipher, SignatureVerificationError, InvalidDecryptedValue)
24
25
25
26
26 class TestEncryptModule(object):
27 class TestEncryptModule(object):
27
28
28 @pytest.mark.parametrize(
29 @pytest.mark.parametrize(
29 "key, text",
30 "key, text",
30 [
31 [
31 ('a', 'short'),
32 ('a', 'short'),
32 ('a'*64, 'too long(trimmed to 32)'),
33 ('a'*64, 'too long(trimmed to 32)'),
33 ('a'*32, 'just enough'),
34 ('a'*32, 'just enough'),
34 ('Δ…Δ‡Δ™Δ‡Δ™', 'non asci'),
35 ('Δ…Δ‡Δ™Δ‡Δ™', 'non asci'),
35 ('$asa$asa', 'special $ used'),
36 ('$asa$asa', 'special $ used'),
36 ]
37 ]
37 )
38 )
38 def test_encryption(self, key, text):
39 def test_encryption(self, key, text):
39 enc = AESCipher(key).encrypt(text)
40 enc = AESCipher(key).encrypt(text)
40 assert AESCipher(key).decrypt(enc) == text
41 assert AESCipher(key).decrypt(enc) == text
42
43 def test_encryption_with_hmac(self):
44 key = 'secret'
45 text = 'ihatemysql'
46 enc = AESCipher(key, hmac=True).encrypt(text)
47 assert AESCipher(key, hmac=True).decrypt(enc) == text
48
49 def test_encryption_with_hmac_with_bad_key(self):
50 key = 'secretstring'
51 text = 'ihatemysql'
52 enc = AESCipher(key, hmac=True).encrypt(text)
53
54 with pytest.raises(SignatureVerificationError) as e:
55 assert AESCipher('differentsecret', hmac=True).decrypt(enc) == ''
56
57 assert 'Encryption signature verification failed' in str(e)
58
59 def test_encryption_with_hmac_with_bad_data(self):
60 key = 'secret'
61 text = 'ihatemysql'
62 enc = AESCipher(key, hmac=True).encrypt(text)
63 enc = 'xyz' + enc[3:]
64 with pytest.raises(SignatureVerificationError) as e:
65 assert AESCipher(key, hmac=True).decrypt(enc) == text
66
67 assert 'Encryption signature verification failed' in str(e)
68
69 def test_encryption_with_hmac_with_bad_key_not_strict(self):
70 key = 'secretstring'
71 text = 'ihatemysql'
72 enc = AESCipher(key, hmac=True).encrypt(text)
73
74 assert isinstance(AESCipher(
75 'differentsecret', hmac=True, strict_verification=False
76 ).decrypt(enc), InvalidDecryptedValue)
General Comments 0
You need to be logged in to leave comments. Login now