##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
encryption: Implement a slightly improved AesCipher encryption....
marcink -
r281:f41dae1c default
parent child Browse files
Show More

The requested changes are too big and content was truncated. Show full diff

Show file before | Show file after | Hide comments
@@ -1,614 +1,618 b''
1 1 ################################################################################
2 2 ################################################################################
3 3 # RhodeCode Enterprise - configuration file #
4 4 # Built-in functions and variables #
5 5 # The %(here)s variable will be replaced with the parent directory of this file#
6 6 # #
7 7 ################################################################################
8 8
9 9 [DEFAULT]
10 10 debug = true
11 11 ################################################################################
12 12 ## Uncomment and replace with the email address which should receive ##
13 13 ## any error reports after an application crash ##
14 14 ## Additionally these settings will be used by the RhodeCode mailing system ##
15 15 ################################################################################
16 16 #email_to = admin@localhost
17 17 #error_email_from = paste_error@localhost
18 18 #app_email_from = rhodecode-noreply@localhost
19 19 #error_message =
20 20 #email_prefix = [RhodeCode]
21 21
22 22 #smtp_server = mail.server.com
23 23 #smtp_username =
24 24 #smtp_password =
25 25 #smtp_port =
26 26 #smtp_use_tls = false
27 27 #smtp_use_ssl = true
28 28 ## Specify available auth parameters here (e.g. LOGIN PLAIN CRAM-MD5, etc.)
29 29 #smtp_auth =
30 30
31 31 [server:main]
32 32 ## COMMON ##
33 33 host = 127.0.0.1
34 34 port = 5000
35 35
36 36 ##################################
37 37 ## WAITRESS WSGI SERVER ##
38 38 ## Recommended for Development ##
39 39 ##################################
40 40 use = egg:waitress#main
41 41 ## number of worker threads
42 42 threads = 5
43 43 ## MAX BODY SIZE 100GB
44 44 max_request_body_size = 107374182400
45 45 ## Use poll instead of select, fixes file descriptors limits problems.
46 46 ## May not work on old windows systems.
47 47 asyncore_use_poll = true
48 48
49 49
50 50 ##########################
51 51 ## GUNICORN WSGI SERVER ##
52 52 ##########################
53 53 ## run with gunicorn --log-config <inifile.ini> --paste <inifile.ini>
54 54 #use = egg:gunicorn#main
55 55 ## Sets the number of process workers. You must set `instance_id = *`
56 56 ## when this option is set to more than one worker, recommended
57 57 ## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers
58 58 ## The `instance_id = *` must be set in the [app:main] section below
59 59 #workers = 2
60 60 ## number of threads for each of the worker, must be set to 1 for gevent
61 61 ## generally recommened to be at 1
62 62 #threads = 1
63 63 ## process name
64 64 #proc_name = rhodecode
65 65 ## type of worker class, one of sync, gevent
66 66 ## recommended for bigger setup is using of of other than sync one
67 67 #worker_class = sync
68 68 ## The maximum number of simultaneous clients. Valid only for Gevent
69 69 #worker_connections = 10
70 70 ## max number of requests that worker will handle before being gracefully
71 71 ## restarted, could prevent memory leaks
72 72 #max_requests = 1000
73 73 #max_requests_jitter = 30
74 74 ## amount of time a worker can spend with handling a request before it
75 75 ## gets killed and restarted. Set to 6hrs
76 76 #timeout = 21600
77 77
78 78
79 79 ## prefix middleware for RhodeCode, disables force_https flag.
80 80 ## allows to set RhodeCode under a prefix in server.
81 81 ## eg https://server.com/<prefix>. Enable `filter-with =` option below as well.
82 82 #[filter:proxy-prefix]
83 83 #use = egg:PasteDeploy#prefix
84 84 #prefix = /<your-prefix>
85 85
86 86 [app:main]
87 87 use = egg:rhodecode-enterprise-ce
88 88 ## enable proxy prefix middleware, defined below
89 89 #filter-with = proxy-prefix
90 90
91 91 # During development the we want to have the debug toolbar enabled
92 92 pyramid.includes =
93 93 pyramid_debugtoolbar
94 94 rhodecode.utils.debugtoolbar
95 95 rhodecode.lib.middleware.request_wrapper
96 96
97 97 pyramid.reload_templates = true
98 98
99 99 debugtoolbar.hosts = 0.0.0.0/0
100 100 debugtoolbar.exclude_prefixes =
101 101 /css
102 102 /fonts
103 103 /images
104 104 /js
105 105
106 106 ## RHODECODE PLUGINS ##
107 107 rhodecode.includes =
108 108 rhodecode.api
109 109
110 110
111 111 # api prefix url
112 112 rhodecode.api.url = /_admin/api
113 113
114 114
115 115 ## END RHODECODE PLUGINS ##
116 116
117 117 ## encryption key used to encrypt social plugin tokens,
118 118 ## remote_urls with credentials etc, if not set it defaults to
119 119 ## `beaker.session.secret`
120 120 #rhodecode.encrypted_values.secret =
121 121
122 ## decryption strict mode (enabled by default). It controls if decryption raises
123 ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
124 #rhodecode.encrypted_values.strict = false
125
122 126 full_stack = true
123 127
124 128 ## Serve static files via RhodeCode, disable to serve them via HTTP server
125 129 static_files = true
126 130
127 131 # autogenerate javascript routes file on startup
128 132 generate_js_files = false
129 133
130 134 ## Optional Languages
131 135 ## en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
132 136 lang = en
133 137
134 138 ## perform a full repository scan on each server start, this should be
135 139 ## set to false after first startup, to allow faster server restarts.
136 140 startup.import_repos = false
137 141
138 142 ## Uncomment and set this path to use archive download cache.
139 143 ## Once enabled, generated archives will be cached at this location
140 144 ## and served from the cache during subsequent requests for the same archive of
141 145 ## the repository.
142 146 #archive_cache_dir = /tmp/tarballcache
143 147
144 148 ## change this to unique ID for security
145 149 app_instance_uuid = rc-production
146 150
147 151 ## cut off limit for large diffs (size in bytes)
148 152 cut_off_limit_diff = 1024000
149 153 cut_off_limit_file = 256000
150 154
151 155 ## use cache version of scm repo everywhere
152 156 vcs_full_cache = true
153 157
154 158 ## force https in RhodeCode, fixes https redirects, assumes it's always https
155 159 ## Normally this is controlled by proper http flags sent from http server
156 160 force_https = false
157 161
158 162 ## use Strict-Transport-Security headers
159 163 use_htsts = false
160 164
161 165 ## number of commits stats will parse on each iteration
162 166 commit_parse_limit = 25
163 167
164 168 ## git rev filter option, --all is the default filter, if you need to
165 169 ## hide all refs in changelog switch this to --branches --tags
166 170 git_rev_filter = --branches --tags
167 171
168 172 # Set to true if your repos are exposed using the dumb protocol
169 173 git_update_server_info = false
170 174
171 175 ## RSS/ATOM feed options
172 176 rss_cut_off_limit = 256000
173 177 rss_items_per_page = 10
174 178 rss_include_diff = false
175 179
176 180 ## gist URL alias, used to create nicer urls for gist. This should be an
177 181 ## url that does rewrites to _admin/gists/<gistid>.
178 182 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
179 183 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/<gistid>
180 184 gist_alias_url =
181 185
182 186 ## List of controllers (using glob pattern syntax) that AUTH TOKENS could be
183 187 ## used for access.
184 188 ## Adding ?auth_token = <token> to the url authenticates this request as if it
185 189 ## came from the the logged in user who own this authentication token.
186 190 ##
187 191 ## Syntax is <ControllerClass>:<function_pattern>.
188 192 ## To enable access to raw_files put `FilesController:raw`.
189 193 ## To enable access to patches add `ChangesetController:changeset_patch`.
190 194 ## The list should be "," separated and on a single line.
191 195 ##
192 196 ## Recommended controllers to enable:
193 197 # ChangesetController:changeset_patch,
194 198 # ChangesetController:changeset_raw,
195 199 # FilesController:raw,
196 200 # FilesController:archivefile,
197 201 # GistsController:*,
198 202 api_access_controllers_whitelist =
199 203
200 204 ## default encoding used to convert from and to unicode
201 205 ## can be also a comma separated list of encoding in case of mixed encodings
202 206 default_encoding = UTF-8
203 207
204 208 ## instance-id prefix
205 209 ## a prefix key for this instance used for cache invalidation when running
206 210 ## multiple instances of rhodecode, make sure it's globally unique for
207 211 ## all running rhodecode instances. Leave empty if you don't use it
208 212 instance_id =
209 213
210 214 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
211 215 ## of an authentication plugin also if it is disabled by it's settings.
212 216 ## This could be useful if you are unable to log in to the system due to broken
213 217 ## authentication settings. Then you can enable e.g. the internal rhodecode auth
214 218 ## module to log in again and fix the settings.
215 219 ##
216 220 ## Available builtin plugin IDs (hash is part of the ID):
217 221 ## egg:rhodecode-enterprise-ce#rhodecode
218 222 ## egg:rhodecode-enterprise-ce#pam
219 223 ## egg:rhodecode-enterprise-ce#ldap
220 224 ## egg:rhodecode-enterprise-ce#jasig_cas
221 225 ## egg:rhodecode-enterprise-ce#headers
222 226 ## egg:rhodecode-enterprise-ce#crowd
223 227 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
224 228
225 229 ## alternative return HTTP header for failed authentication. Default HTTP
226 230 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
227 231 ## handling that causing a series of failed authentication calls.
228 232 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
229 233 ## This will be served instead of default 401 on bad authnetication
230 234 auth_ret_code =
231 235
232 236 ## use special detection method when serving auth_ret_code, instead of serving
233 237 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
234 238 ## and then serve auth_ret_code to clients
235 239 auth_ret_code_detection = false
236 240
237 241 ## locking return code. When repository is locked return this HTTP code. 2XX
238 242 ## codes don't break the transactions while 4XX codes do
239 243 lock_ret_code = 423
240 244
241 245 ## allows to change the repository location in settings page
242 246 allow_repo_location_change = true
243 247
244 248 ## allows to setup custom hooks in settings page
245 249 allow_custom_hooks_settings = true
246 250
247 251 ## generated license token, goto license page in RhodeCode settings to obtain
248 252 ## new token
249 253 license_token =
250 254
251 255 ## supervisor connection uri, for managing supervisor and logs.
252 256 supervisor.uri =
253 257 ## supervisord group name/id we only want this RC instance to handle
254 258 supervisor.group_id = dev
255 259
256 260 ## Display extended labs settings
257 261 labs_settings_active = true
258 262
259 263 ####################################
260 264 ### CELERY CONFIG ####
261 265 ####################################
262 266 use_celery = false
263 267 broker.host = localhost
264 268 broker.vhost = rabbitmqhost
265 269 broker.port = 5672
266 270 broker.user = rabbitmq
267 271 broker.password = qweqwe
268 272
269 273 celery.imports = rhodecode.lib.celerylib.tasks
270 274
271 275 celery.result.backend = amqp
272 276 celery.result.dburi = amqp://
273 277 celery.result.serialier = json
274 278
275 279 #celery.send.task.error.emails = true
276 280 #celery.amqp.task.result.expires = 18000
277 281
278 282 celeryd.concurrency = 2
279 283 #celeryd.log.file = celeryd.log
280 284 celeryd.log.level = debug
281 285 celeryd.max.tasks.per.child = 1
282 286
283 287 ## tasks will never be sent to the queue, but executed locally instead.
284 288 celery.always.eager = false
285 289
286 290 ####################################
287 291 ### BEAKER CACHE ####
288 292 ####################################
289 293 # default cache dir for templates. Putting this into a ramdisk
290 294 ## can boost performance, eg. %(here)s/data_ramdisk
291 295 cache_dir = %(here)s/data
292 296
293 297 ## locking and default file storage for Beaker. Putting this into a ramdisk
294 298 ## can boost performance, eg. %(here)s/data_ramdisk/cache/beaker_data
295 299 beaker.cache.data_dir = %(here)s/data/cache/beaker_data
296 300 beaker.cache.lock_dir = %(here)s/data/cache/beaker_lock
297 301
298 302 beaker.cache.regions = super_short_term, short_term, long_term, sql_cache_short, auth_plugins, repo_cache_long
299 303
300 304 beaker.cache.super_short_term.type = memory
301 305 beaker.cache.super_short_term.expire = 10
302 306 beaker.cache.super_short_term.key_length = 256
303 307
304 308 beaker.cache.short_term.type = memory
305 309 beaker.cache.short_term.expire = 60
306 310 beaker.cache.short_term.key_length = 256
307 311
308 312 beaker.cache.long_term.type = memory
309 313 beaker.cache.long_term.expire = 36000
310 314 beaker.cache.long_term.key_length = 256
311 315
312 316 beaker.cache.sql_cache_short.type = memory
313 317 beaker.cache.sql_cache_short.expire = 10
314 318 beaker.cache.sql_cache_short.key_length = 256
315 319
316 320 # default is memory cache, configure only if required
317 321 # using multi-node or multi-worker setup
318 322 #beaker.cache.auth_plugins.type = ext:database
319 323 #beaker.cache.auth_plugins.lock_dir = %(here)s/data/cache/auth_plugin_lock
320 324 #beaker.cache.auth_plugins.url = postgresql://postgres:secret@localhost/rhodecode
321 325 #beaker.cache.auth_plugins.url = mysql://root:secret@127.0.0.1/rhodecode
322 326 #beaker.cache.auth_plugins.sa.pool_recycle = 3600
323 327 #beaker.cache.auth_plugins.sa.pool_size = 10
324 328 #beaker.cache.auth_plugins.sa.max_overflow = 0
325 329
326 330 beaker.cache.repo_cache_long.type = memorylru_base
327 331 beaker.cache.repo_cache_long.max_items = 4096
328 332 beaker.cache.repo_cache_long.expire = 2592000
329 333
330 334 # default is memorylru_base cache, configure only if required
331 335 # using multi-node or multi-worker setup
332 336 #beaker.cache.repo_cache_long.type = ext:memcached
333 337 #beaker.cache.repo_cache_long.url = localhost:11211
334 338 #beaker.cache.repo_cache_long.expire = 1209600
335 339 #beaker.cache.repo_cache_long.key_length = 256
336 340
337 341 ####################################
338 342 ### BEAKER SESSION ####
339 343 ####################################
340 344
341 345 ## .session.type is type of storage options for the session, current allowed
342 346 ## types are file, ext:memcached, ext:database, and memory (default).
343 347 beaker.session.type = file
344 348 beaker.session.data_dir = %(here)s/data/sessions/data
345 349
346 350 ## db based session, fast, and allows easy management over logged in users ##
347 351 #beaker.session.type = ext:database
348 352 #beaker.session.table_name = db_session
349 353 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
350 354 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
351 355 #beaker.session.sa.pool_recycle = 3600
352 356 #beaker.session.sa.echo = false
353 357
354 358 beaker.session.key = rhodecode
355 359 beaker.session.secret = develop-rc-uytcxaz
356 360 beaker.session.lock_dir = %(here)s/data/sessions/lock
357 361
358 362 ## Secure encrypted cookie. Requires AES and AES python libraries
359 363 ## you must disable beaker.session.secret to use this
360 364 #beaker.session.encrypt_key = <key_for_encryption>
361 365 #beaker.session.validate_key = <validation_key>
362 366
363 367 ## sets session as invalid(also logging out user) if it haven not been
364 368 ## accessed for given amount of time in seconds
365 369 beaker.session.timeout = 2592000
366 370 beaker.session.httponly = true
367 371 #beaker.session.cookie_path = /<your-prefix>
368 372
369 373 ## uncomment for https secure cookie
370 374 beaker.session.secure = false
371 375
372 376 ## auto save the session to not to use .save()
373 377 beaker.session.auto = false
374 378
375 379 ## default cookie expiration time in seconds, set to `true` to set expire
376 380 ## at browser close
377 381 #beaker.session.cookie_expires = 3600
378 382
379 383 ###################################
380 384 ## SEARCH INDEXING CONFIGURATION ##
381 385 ###################################
382 386 ## Full text search indexer is available in rhodecode-tools under
383 387 ## `rhodecode-tools index` command
384 388
385 389 # WHOOSH Backend, doesn't require additional services to run
386 390 # it works good with few dozen repos
387 391 search.module = rhodecode.lib.index.whoosh
388 392 search.location = %(here)s/data/index
389 393
390 394 ###################################
391 395 ## APPENLIGHT CONFIG ##
392 396 ###################################
393 397
394 398 ## Appenlight is tailored to work with RhodeCode, see
395 399 ## http://appenlight.com for details how to obtain an account
396 400
397 401 ## appenlight integration enabled
398 402 appenlight = false
399 403
400 404 appenlight.server_url = https://api.appenlight.com
401 405 appenlight.api_key = YOUR_API_KEY
402 406 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
403 407
404 408 # used for JS client
405 409 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
406 410
407 411 ## TWEAK AMOUNT OF INFO SENT HERE
408 412
409 413 ## enables 404 error logging (default False)
410 414 appenlight.report_404 = false
411 415
412 416 ## time in seconds after request is considered being slow (default 1)
413 417 appenlight.slow_request_time = 1
414 418
415 419 ## record slow requests in application
416 420 ## (needs to be enabled for slow datastore recording and time tracking)
417 421 appenlight.slow_requests = true
418 422
419 423 ## enable hooking to application loggers
420 424 appenlight.logging = true
421 425
422 426 ## minimum log level for log capture
423 427 appenlight.logging.level = WARNING
424 428
425 429 ## send logs only from erroneous/slow requests
426 430 ## (saves API quota for intensive logging)
427 431 appenlight.logging_on_error = false
428 432
429 433 ## list of additonal keywords that should be grabbed from environ object
430 434 ## can be string with comma separated list of words in lowercase
431 435 ## (by default client will always send following info:
432 436 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
433 437 ## start with HTTP* this list be extended with additional keywords here
434 438 appenlight.environ_keys_whitelist =
435 439
436 440 ## list of keywords that should be blanked from request object
437 441 ## can be string with comma separated list of words in lowercase
438 442 ## (by default client will always blank keys that contain following words
439 443 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
440 444 ## this list be extended with additional keywords set here
441 445 appenlight.request_keys_blacklist =
442 446
443 447 ## list of namespaces that should be ignores when gathering log entries
444 448 ## can be string with comma separated list of namespaces
445 449 ## (by default the client ignores own entries: appenlight_client.client)
446 450 appenlight.log_namespace_blacklist =
447 451
448 452
449 453 ################################################################################
450 454 ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT* ##
451 455 ## Debug mode will enable the interactive debugging tool, allowing ANYONE to ##
452 456 ## execute malicious code after an exception is raised. ##
453 457 ################################################################################
454 458 #set debug = false
455 459
456 460
457 461 ##############
458 462 ## STYLING ##
459 463 ##############
460 464 debug_style = true
461 465
462 466 #########################################################
463 467 ### DB CONFIGS - EACH DB WILL HAVE IT'S OWN CONFIG ###
464 468 #########################################################
465 469 sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
466 470 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
467 471 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode
468 472
469 473 # see sqlalchemy docs for other advanced settings
470 474
471 475 ## print the sql statements to output
472 476 sqlalchemy.db1.echo = false
473 477 ## recycle the connections after this ammount of seconds
474 478 sqlalchemy.db1.pool_recycle = 3600
475 479 sqlalchemy.db1.convert_unicode = true
476 480
477 481 ## the number of connections to keep open inside the connection pool.
478 482 ## 0 indicates no limit
479 483 #sqlalchemy.db1.pool_size = 5
480 484
481 485 ## the number of connections to allow in connection pool "overflow", that is
482 486 ## connections that can be opened above and beyond the pool_size setting,
483 487 ## which defaults to five.
484 488 #sqlalchemy.db1.max_overflow = 10
485 489
486 490
487 491 ##################
488 492 ### VCS CONFIG ###
489 493 ##################
490 494 vcs.server.enable = true
491 495 vcs.server = localhost:9900
492 496
493 497 ## Web server connectivity protocol, responsible for web based VCS operatations
494 498 ## Available protocols are:
495 499 ## `pyro4` - using pyro4 server
496 500 ## `http` - using http-rpc backend
497 501 #vcs.server.protocol = http
498 502
499 503 ## Push/Pull operations protocol, available options are:
500 504 ## `pyro4` - using pyro4 server
501 505 ## `rhodecode.lib.middleware.utils.scm_app_http` - Http based, recommended
502 506 ## `vcsserver.scm_app` - internal app (EE only)
503 507 #vcs.scm_app_implementation = rhodecode.lib.middleware.utils.scm_app_http
504 508
505 509 ## Push/Pull operations hooks protocol, available options are:
506 510 ## `pyro4` - using pyro4 server
507 511 ## `http` - using http-rpc backend
508 512 #vcs.hooks.protocol = http
509 513
510 514 vcs.server.log_level = debug
511 515 ## Start VCSServer with this instance as a subprocess, usefull for development
512 516 vcs.start_server = true
513 517 vcs.backends = hg, git, svn
514 518 vcs.connection_timeout = 3600
515 519 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
516 520 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible
517 521 #vcs.svn.compatible_version = pre-1.8-compatible
518 522
519 523 ################################
520 524 ### LOGGING CONFIGURATION ####
521 525 ################################
522 526 [loggers]
523 527 keys = root, routes, rhodecode, sqlalchemy, beaker, pyro4, templates, whoosh_indexer
524 528
525 529 [handlers]
526 530 keys = console, console_sql
527 531
528 532 [formatters]
529 533 keys = generic, color_formatter, color_formatter_sql
530 534
531 535 #############
532 536 ## LOGGERS ##
533 537 #############
534 538 [logger_root]
535 539 level = NOTSET
536 540 handlers = console
537 541
538 542 [logger_routes]
539 543 level = DEBUG
540 544 handlers =
541 545 qualname = routes.middleware
542 546 ## "level = DEBUG" logs the route matched and routing variables.
543 547 propagate = 1
544 548
545 549 [logger_beaker]
546 550 level = DEBUG
547 551 handlers =
548 552 qualname = beaker.container
549 553 propagate = 1
550 554
551 555 [logger_pyro4]
552 556 level = DEBUG
553 557 handlers =
554 558 qualname = Pyro4
555 559 propagate = 1
556 560
557 561 [logger_templates]
558 562 level = INFO
559 563 handlers =
560 564 qualname = pylons.templating
561 565 propagate = 1
562 566
563 567 [logger_rhodecode]
564 568 level = DEBUG
565 569 handlers =
566 570 qualname = rhodecode
567 571 propagate = 1
568 572
569 573 [logger_sqlalchemy]
570 574 level = INFO
571 575 handlers = console_sql
572 576 qualname = sqlalchemy.engine
573 577 propagate = 0
574 578
575 579 [logger_whoosh_indexer]
576 580 level = DEBUG
577 581 handlers =
578 582 qualname = whoosh_indexer
579 583 propagate = 1
580 584
581 585 ##############
582 586 ## HANDLERS ##
583 587 ##############
584 588
585 589 [handler_console]
586 590 class = StreamHandler
587 591 args = (sys.stderr,)
588 592 level = DEBUG
589 593 formatter = color_formatter
590 594
591 595 [handler_console_sql]
592 596 class = StreamHandler
593 597 args = (sys.stderr,)
594 598 level = DEBUG
595 599 formatter = color_formatter_sql
596 600
597 601 ################
598 602 ## FORMATTERS ##
599 603 ################
600 604
601 605 [formatter_generic]
602 606 class = rhodecode.lib.logging_formatter.Pyro4AwareFormatter
603 607 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
604 608 datefmt = %Y-%m-%d %H:%M:%S
605 609
606 610 [formatter_color_formatter]
607 611 class = rhodecode.lib.logging_formatter.ColorFormatter
608 612 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
609 613 datefmt = %Y-%m-%d %H:%M:%S
610 614
611 615 [formatter_color_formatter_sql]
612 616 class = rhodecode.lib.logging_formatter.ColorFormatterSql
613 617 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
614 618 datefmt = %Y-%m-%d %H:%M:%S
Show file before | Show file after | Hide comments
@@ -1,583 +1,587 b''
1 1 ################################################################################
2 2 ################################################################################
3 3 # RhodeCode Enterprise - configuration file #
4 4 # Built-in functions and variables #
5 5 # The %(here)s variable will be replaced with the parent directory of this file#
6 6 # #
7 7 ################################################################################
8 8
9 9 [DEFAULT]
10 10 debug = true
11 11 ################################################################################
12 12 ## Uncomment and replace with the email address which should receive ##
13 13 ## any error reports after an application crash ##
14 14 ## Additionally these settings will be used by the RhodeCode mailing system ##
15 15 ################################################################################
16 16 #email_to = admin@localhost
17 17 #error_email_from = paste_error@localhost
18 18 #app_email_from = rhodecode-noreply@localhost
19 19 #error_message =
20 20 #email_prefix = [RhodeCode]
21 21
22 22 #smtp_server = mail.server.com
23 23 #smtp_username =
24 24 #smtp_password =
25 25 #smtp_port =
26 26 #smtp_use_tls = false
27 27 #smtp_use_ssl = true
28 28 ## Specify available auth parameters here (e.g. LOGIN PLAIN CRAM-MD5, etc.)
29 29 #smtp_auth =
30 30
31 31 [server:main]
32 32 ## COMMON ##
33 33 host = 127.0.0.1
34 34 port = 5000
35 35
36 36 ##################################
37 37 ## WAITRESS WSGI SERVER ##
38 38 ## Recommended for Development ##
39 39 ##################################
40 40 #use = egg:waitress#main
41 41 ## number of worker threads
42 42 #threads = 5
43 43 ## MAX BODY SIZE 100GB
44 44 #max_request_body_size = 107374182400
45 45 ## Use poll instead of select, fixes file descriptors limits problems.
46 46 ## May not work on old windows systems.
47 47 #asyncore_use_poll = true
48 48
49 49
50 50 ##########################
51 51 ## GUNICORN WSGI SERVER ##
52 52 ##########################
53 53 ## run with gunicorn --log-config <inifile.ini> --paste <inifile.ini>
54 54 use = egg:gunicorn#main
55 55 ## Sets the number of process workers. You must set `instance_id = *`
56 56 ## when this option is set to more than one worker, recommended
57 57 ## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers
58 58 ## The `instance_id = *` must be set in the [app:main] section below
59 59 workers = 2
60 60 ## number of threads for each of the worker, must be set to 1 for gevent
61 61 ## generally recommened to be at 1
62 62 #threads = 1
63 63 ## process name
64 64 proc_name = rhodecode
65 65 ## type of worker class, one of sync, gevent
66 66 ## recommended for bigger setup is using of of other than sync one
67 67 worker_class = sync
68 68 ## The maximum number of simultaneous clients. Valid only for Gevent
69 69 #worker_connections = 10
70 70 ## max number of requests that worker will handle before being gracefully
71 71 ## restarted, could prevent memory leaks
72 72 max_requests = 1000
73 73 max_requests_jitter = 30
74 74 ## amount of time a worker can spend with handling a request before it
75 75 ## gets killed and restarted. Set to 6hrs
76 76 timeout = 21600
77 77
78 78
79 79 ## prefix middleware for RhodeCode, disables force_https flag.
80 80 ## allows to set RhodeCode under a prefix in server.
81 81 ## eg https://server.com/<prefix>. Enable `filter-with =` option below as well.
82 82 #[filter:proxy-prefix]
83 83 #use = egg:PasteDeploy#prefix
84 84 #prefix = /<your-prefix>
85 85
86 86 [app:main]
87 87 use = egg:rhodecode-enterprise-ce
88 88 ## enable proxy prefix middleware, defined below
89 89 #filter-with = proxy-prefix
90 90
91 91 ## encryption key used to encrypt social plugin tokens,
92 92 ## remote_urls with credentials etc, if not set it defaults to
93 93 ## `beaker.session.secret`
94 94 #rhodecode.encrypted_values.secret =
95 95
96 ## decryption strict mode (enabled by default). It controls if decryption raises
97 ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
98 #rhodecode.encrypted_values.strict = false
99
96 100 full_stack = true
97 101
98 102 ## Serve static files via RhodeCode, disable to serve them via HTTP server
99 103 static_files = true
100 104
101 105 # autogenerate javascript routes file on startup
102 106 generate_js_files = false
103 107
104 108 ## Optional Languages
105 109 ## en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
106 110 lang = en
107 111
108 112 ## perform a full repository scan on each server start, this should be
109 113 ## set to false after first startup, to allow faster server restarts.
110 114 startup.import_repos = false
111 115
112 116 ## Uncomment and set this path to use archive download cache.
113 117 ## Once enabled, generated archives will be cached at this location
114 118 ## and served from the cache during subsequent requests for the same archive of
115 119 ## the repository.
116 120 #archive_cache_dir = /tmp/tarballcache
117 121
118 122 ## change this to unique ID for security
119 123 app_instance_uuid = rc-production
120 124
121 125 ## cut off limit for large diffs (size in bytes)
122 126 cut_off_limit_diff = 1024000
123 127 cut_off_limit_file = 256000
124 128
125 129 ## use cache version of scm repo everywhere
126 130 vcs_full_cache = true
127 131
128 132 ## force https in RhodeCode, fixes https redirects, assumes it's always https
129 133 ## Normally this is controlled by proper http flags sent from http server
130 134 force_https = false
131 135
132 136 ## use Strict-Transport-Security headers
133 137 use_htsts = false
134 138
135 139 ## number of commits stats will parse on each iteration
136 140 commit_parse_limit = 25
137 141
138 142 ## git rev filter option, --all is the default filter, if you need to
139 143 ## hide all refs in changelog switch this to --branches --tags
140 144 git_rev_filter = --branches --tags
141 145
142 146 # Set to true if your repos are exposed using the dumb protocol
143 147 git_update_server_info = false
144 148
145 149 ## RSS/ATOM feed options
146 150 rss_cut_off_limit = 256000
147 151 rss_items_per_page = 10
148 152 rss_include_diff = false
149 153
150 154 ## gist URL alias, used to create nicer urls for gist. This should be an
151 155 ## url that does rewrites to _admin/gists/<gistid>.
152 156 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
153 157 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/<gistid>
154 158 gist_alias_url =
155 159
156 160 ## List of controllers (using glob pattern syntax) that AUTH TOKENS could be
157 161 ## used for access.
158 162 ## Adding ?auth_token = <token> to the url authenticates this request as if it
159 163 ## came from the the logged in user who own this authentication token.
160 164 ##
161 165 ## Syntax is <ControllerClass>:<function_pattern>.
162 166 ## To enable access to raw_files put `FilesController:raw`.
163 167 ## To enable access to patches add `ChangesetController:changeset_patch`.
164 168 ## The list should be "," separated and on a single line.
165 169 ##
166 170 ## Recommended controllers to enable:
167 171 # ChangesetController:changeset_patch,
168 172 # ChangesetController:changeset_raw,
169 173 # FilesController:raw,
170 174 # FilesController:archivefile,
171 175 # GistsController:*,
172 176 api_access_controllers_whitelist =
173 177
174 178 ## default encoding used to convert from and to unicode
175 179 ## can be also a comma separated list of encoding in case of mixed encodings
176 180 default_encoding = UTF-8
177 181
178 182 ## instance-id prefix
179 183 ## a prefix key for this instance used for cache invalidation when running
180 184 ## multiple instances of rhodecode, make sure it's globally unique for
181 185 ## all running rhodecode instances. Leave empty if you don't use it
182 186 instance_id =
183 187
184 188 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
185 189 ## of an authentication plugin also if it is disabled by it's settings.
186 190 ## This could be useful if you are unable to log in to the system due to broken
187 191 ## authentication settings. Then you can enable e.g. the internal rhodecode auth
188 192 ## module to log in again and fix the settings.
189 193 ##
190 194 ## Available builtin plugin IDs (hash is part of the ID):
191 195 ## egg:rhodecode-enterprise-ce#rhodecode
192 196 ## egg:rhodecode-enterprise-ce#pam
193 197 ## egg:rhodecode-enterprise-ce#ldap
194 198 ## egg:rhodecode-enterprise-ce#jasig_cas
195 199 ## egg:rhodecode-enterprise-ce#headers
196 200 ## egg:rhodecode-enterprise-ce#crowd
197 201 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
198 202
199 203 ## alternative return HTTP header for failed authentication. Default HTTP
200 204 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
201 205 ## handling that causing a series of failed authentication calls.
202 206 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
203 207 ## This will be served instead of default 401 on bad authnetication
204 208 auth_ret_code =
205 209
206 210 ## use special detection method when serving auth_ret_code, instead of serving
207 211 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
208 212 ## and then serve auth_ret_code to clients
209 213 auth_ret_code_detection = false
210 214
211 215 ## locking return code. When repository is locked return this HTTP code. 2XX
212 216 ## codes don't break the transactions while 4XX codes do
213 217 lock_ret_code = 423
214 218
215 219 ## allows to change the repository location in settings page
216 220 allow_repo_location_change = true
217 221
218 222 ## allows to setup custom hooks in settings page
219 223 allow_custom_hooks_settings = true
220 224
221 225 ## generated license token, goto license page in RhodeCode settings to obtain
222 226 ## new token
223 227 license_token =
224 228
225 229 ## supervisor connection uri, for managing supervisor and logs.
226 230 supervisor.uri =
227 231 ## supervisord group name/id we only want this RC instance to handle
228 232 supervisor.group_id = prod
229 233
230 234 ## Display extended labs settings
231 235 labs_settings_active = true
232 236
233 237 ####################################
234 238 ### CELERY CONFIG ####
235 239 ####################################
236 240 use_celery = false
237 241 broker.host = localhost
238 242 broker.vhost = rabbitmqhost
239 243 broker.port = 5672
240 244 broker.user = rabbitmq
241 245 broker.password = qweqwe
242 246
243 247 celery.imports = rhodecode.lib.celerylib.tasks
244 248
245 249 celery.result.backend = amqp
246 250 celery.result.dburi = amqp://
247 251 celery.result.serialier = json
248 252
249 253 #celery.send.task.error.emails = true
250 254 #celery.amqp.task.result.expires = 18000
251 255
252 256 celeryd.concurrency = 2
253 257 #celeryd.log.file = celeryd.log
254 258 celeryd.log.level = debug
255 259 celeryd.max.tasks.per.child = 1
256 260
257 261 ## tasks will never be sent to the queue, but executed locally instead.
258 262 celery.always.eager = false
259 263
260 264 ####################################
261 265 ### BEAKER CACHE ####
262 266 ####################################
263 267 # default cache dir for templates. Putting this into a ramdisk
264 268 ## can boost performance, eg. %(here)s/data_ramdisk
265 269 cache_dir = %(here)s/data
266 270
267 271 ## locking and default file storage for Beaker. Putting this into a ramdisk
268 272 ## can boost performance, eg. %(here)s/data_ramdisk/cache/beaker_data
269 273 beaker.cache.data_dir = %(here)s/data/cache/beaker_data
270 274 beaker.cache.lock_dir = %(here)s/data/cache/beaker_lock
271 275
272 276 beaker.cache.regions = super_short_term, short_term, long_term, sql_cache_short, auth_plugins, repo_cache_long
273 277
274 278 beaker.cache.super_short_term.type = memory
275 279 beaker.cache.super_short_term.expire = 10
276 280 beaker.cache.super_short_term.key_length = 256
277 281
278 282 beaker.cache.short_term.type = memory
279 283 beaker.cache.short_term.expire = 60
280 284 beaker.cache.short_term.key_length = 256
281 285
282 286 beaker.cache.long_term.type = memory
283 287 beaker.cache.long_term.expire = 36000
284 288 beaker.cache.long_term.key_length = 256
285 289
286 290 beaker.cache.sql_cache_short.type = memory
287 291 beaker.cache.sql_cache_short.expire = 10
288 292 beaker.cache.sql_cache_short.key_length = 256
289 293
290 294 # default is memory cache, configure only if required
291 295 # using multi-node or multi-worker setup
292 296 #beaker.cache.auth_plugins.type = ext:database
293 297 #beaker.cache.auth_plugins.lock_dir = %(here)s/data/cache/auth_plugin_lock
294 298 #beaker.cache.auth_plugins.url = postgresql://postgres:secret@localhost/rhodecode
295 299 #beaker.cache.auth_plugins.url = mysql://root:secret@127.0.0.1/rhodecode
296 300 #beaker.cache.auth_plugins.sa.pool_recycle = 3600
297 301 #beaker.cache.auth_plugins.sa.pool_size = 10
298 302 #beaker.cache.auth_plugins.sa.max_overflow = 0
299 303
300 304 beaker.cache.repo_cache_long.type = memorylru_base
301 305 beaker.cache.repo_cache_long.max_items = 4096
302 306 beaker.cache.repo_cache_long.expire = 2592000
303 307
304 308 # default is memorylru_base cache, configure only if required
305 309 # using multi-node or multi-worker setup
306 310 #beaker.cache.repo_cache_long.type = ext:memcached
307 311 #beaker.cache.repo_cache_long.url = localhost:11211
308 312 #beaker.cache.repo_cache_long.expire = 1209600
309 313 #beaker.cache.repo_cache_long.key_length = 256
310 314
311 315 ####################################
312 316 ### BEAKER SESSION ####
313 317 ####################################
314 318
315 319 ## .session.type is type of storage options for the session, current allowed
316 320 ## types are file, ext:memcached, ext:database, and memory (default).
317 321 beaker.session.type = file
318 322 beaker.session.data_dir = %(here)s/data/sessions/data
319 323
320 324 ## db based session, fast, and allows easy management over logged in users ##
321 325 #beaker.session.type = ext:database
322 326 #beaker.session.table_name = db_session
323 327 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
324 328 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
325 329 #beaker.session.sa.pool_recycle = 3600
326 330 #beaker.session.sa.echo = false
327 331
328 332 beaker.session.key = rhodecode
329 333 beaker.session.secret = production-rc-uytcxaz
330 334 beaker.session.lock_dir = %(here)s/data/sessions/lock
331 335
332 336 ## Secure encrypted cookie. Requires AES and AES python libraries
333 337 ## you must disable beaker.session.secret to use this
334 338 #beaker.session.encrypt_key = <key_for_encryption>
335 339 #beaker.session.validate_key = <validation_key>
336 340
337 341 ## sets session as invalid(also logging out user) if it haven not been
338 342 ## accessed for given amount of time in seconds
339 343 beaker.session.timeout = 2592000
340 344 beaker.session.httponly = true
341 345 #beaker.session.cookie_path = /<your-prefix>
342 346
343 347 ## uncomment for https secure cookie
344 348 beaker.session.secure = false
345 349
346 350 ## auto save the session to not to use .save()
347 351 beaker.session.auto = false
348 352
349 353 ## default cookie expiration time in seconds, set to `true` to set expire
350 354 ## at browser close
351 355 #beaker.session.cookie_expires = 3600
352 356
353 357 ###################################
354 358 ## SEARCH INDEXING CONFIGURATION ##
355 359 ###################################
356 360 ## Full text search indexer is available in rhodecode-tools under
357 361 ## `rhodecode-tools index` command
358 362
359 363 # WHOOSH Backend, doesn't require additional services to run
360 364 # it works good with few dozen repos
361 365 search.module = rhodecode.lib.index.whoosh
362 366 search.location = %(here)s/data/index
363 367
364 368 ###################################
365 369 ## APPENLIGHT CONFIG ##
366 370 ###################################
367 371
368 372 ## Appenlight is tailored to work with RhodeCode, see
369 373 ## http://appenlight.com for details how to obtain an account
370 374
371 375 ## appenlight integration enabled
372 376 appenlight = false
373 377
374 378 appenlight.server_url = https://api.appenlight.com
375 379 appenlight.api_key = YOUR_API_KEY
376 380 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
377 381
378 382 # used for JS client
379 383 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
380 384
381 385 ## TWEAK AMOUNT OF INFO SENT HERE
382 386
383 387 ## enables 404 error logging (default False)
384 388 appenlight.report_404 = false
385 389
386 390 ## time in seconds after request is considered being slow (default 1)
387 391 appenlight.slow_request_time = 1
388 392
389 393 ## record slow requests in application
390 394 ## (needs to be enabled for slow datastore recording and time tracking)
391 395 appenlight.slow_requests = true
392 396
393 397 ## enable hooking to application loggers
394 398 appenlight.logging = true
395 399
396 400 ## minimum log level for log capture
397 401 appenlight.logging.level = WARNING
398 402
399 403 ## send logs only from erroneous/slow requests
400 404 ## (saves API quota for intensive logging)
401 405 appenlight.logging_on_error = false
402 406
403 407 ## list of additonal keywords that should be grabbed from environ object
404 408 ## can be string with comma separated list of words in lowercase
405 409 ## (by default client will always send following info:
406 410 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
407 411 ## start with HTTP* this list be extended with additional keywords here
408 412 appenlight.environ_keys_whitelist =
409 413
410 414 ## list of keywords that should be blanked from request object
411 415 ## can be string with comma separated list of words in lowercase
412 416 ## (by default client will always blank keys that contain following words
413 417 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
414 418 ## this list be extended with additional keywords set here
415 419 appenlight.request_keys_blacklist =
416 420
417 421 ## list of namespaces that should be ignores when gathering log entries
418 422 ## can be string with comma separated list of namespaces
419 423 ## (by default the client ignores own entries: appenlight_client.client)
420 424 appenlight.log_namespace_blacklist =
421 425
422 426
423 427 ################################################################################
424 428 ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT* ##
425 429 ## Debug mode will enable the interactive debugging tool, allowing ANYONE to ##
426 430 ## execute malicious code after an exception is raised. ##
427 431 ################################################################################
428 432 set debug = false
429 433
430 434
431 435 #########################################################
432 436 ### DB CONFIGS - EACH DB WILL HAVE IT'S OWN CONFIG ###
433 437 #########################################################
434 438 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
435 439 sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
436 440 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode
437 441
438 442 # see sqlalchemy docs for other advanced settings
439 443
440 444 ## print the sql statements to output
441 445 sqlalchemy.db1.echo = false
442 446 ## recycle the connections after this ammount of seconds
443 447 sqlalchemy.db1.pool_recycle = 3600
444 448 sqlalchemy.db1.convert_unicode = true
445 449
446 450 ## the number of connections to keep open inside the connection pool.
447 451 ## 0 indicates no limit
448 452 #sqlalchemy.db1.pool_size = 5
449 453
450 454 ## the number of connections to allow in connection pool "overflow", that is
451 455 ## connections that can be opened above and beyond the pool_size setting,
452 456 ## which defaults to five.
453 457 #sqlalchemy.db1.max_overflow = 10
454 458
455 459
456 460 ##################
457 461 ### VCS CONFIG ###
458 462 ##################
459 463 vcs.server.enable = true
460 464 vcs.server = localhost:9900
461 465
462 466 ## Web server connectivity protocol, responsible for web based VCS operatations
463 467 ## Available protocols are:
464 468 ## `pyro4` - using pyro4 server
465 469 ## `http` - using http-rpc backend
466 470 #vcs.server.protocol = http
467 471
468 472 ## Push/Pull operations protocol, available options are:
469 473 ## `pyro4` - using pyro4 server
470 474 ## `rhodecode.lib.middleware.utils.scm_app_http` - Http based, recommended
471 475 ## `vcsserver.scm_app` - internal app (EE only)
472 476 #vcs.scm_app_implementation = rhodecode.lib.middleware.utils.scm_app_http
473 477
474 478 ## Push/Pull operations hooks protocol, available options are:
475 479 ## `pyro4` - using pyro4 server
476 480 ## `http` - using http-rpc backend
477 481 #vcs.hooks.protocol = http
478 482
479 483 vcs.server.log_level = info
480 484 ## Start VCSServer with this instance as a subprocess, usefull for development
481 485 vcs.start_server = false
482 486 vcs.backends = hg, git, svn
483 487 vcs.connection_timeout = 3600
484 488 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
485 489 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible
486 490 #vcs.svn.compatible_version = pre-1.8-compatible
487 491
488 492 ################################
489 493 ### LOGGING CONFIGURATION ####
490 494 ################################
491 495 [loggers]
492 496 keys = root, routes, rhodecode, sqlalchemy, beaker, pyro4, templates, whoosh_indexer
493 497
494 498 [handlers]
495 499 keys = console, console_sql
496 500
497 501 [formatters]
498 502 keys = generic, color_formatter, color_formatter_sql
499 503
500 504 #############
501 505 ## LOGGERS ##
502 506 #############
503 507 [logger_root]
504 508 level = NOTSET
505 509 handlers = console
506 510
507 511 [logger_routes]
508 512 level = DEBUG
509 513 handlers =
510 514 qualname = routes.middleware
511 515 ## "level = DEBUG" logs the route matched and routing variables.
512 516 propagate = 1
513 517
514 518 [logger_beaker]
515 519 level = DEBUG
516 520 handlers =
517 521 qualname = beaker.container
518 522 propagate = 1
519 523
520 524 [logger_pyro4]
521 525 level = DEBUG
522 526 handlers =
523 527 qualname = Pyro4
524 528 propagate = 1
525 529
526 530 [logger_templates]
527 531 level = INFO
528 532 handlers =
529 533 qualname = pylons.templating
530 534 propagate = 1
531 535
532 536 [logger_rhodecode]
533 537 level = DEBUG
534 538 handlers =
535 539 qualname = rhodecode
536 540 propagate = 1
537 541
538 542 [logger_sqlalchemy]
539 543 level = INFO
540 544 handlers = console_sql
541 545 qualname = sqlalchemy.engine
542 546 propagate = 0
543 547
544 548 [logger_whoosh_indexer]
545 549 level = DEBUG
546 550 handlers =
547 551 qualname = whoosh_indexer
548 552 propagate = 1
549 553
550 554 ##############
551 555 ## HANDLERS ##
552 556 ##############
553 557
554 558 [handler_console]
555 559 class = StreamHandler
556 560 args = (sys.stderr,)
557 561 level = INFO
558 562 formatter = generic
559 563
560 564 [handler_console_sql]
561 565 class = StreamHandler
562 566 args = (sys.stderr,)
563 567 level = WARN
564 568 formatter = generic
565 569
566 570 ################
567 571 ## FORMATTERS ##
568 572 ################
569 573
570 574 [formatter_generic]
571 575 class = rhodecode.lib.logging_formatter.Pyro4AwareFormatter
572 576 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
573 577 datefmt = %Y-%m-%d %H:%M:%S
574 578
575 579 [formatter_color_formatter]
576 580 class = rhodecode.lib.logging_formatter.ColorFormatter
577 581 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
578 582 datefmt = %Y-%m-%d %H:%M:%S
579 583
580 584 [formatter_color_formatter_sql]
581 585 class = rhodecode.lib.logging_formatter.ColorFormatterSql
582 586 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
583 587 datefmt = %Y-%m-%d %H:%M:%S
Show file before | Show file after | Hide comments
@@ -1,61 +1,114 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2014-2016 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21
22 22 """
23 23 Generic encryption library for RhodeCode
24 24 """
25 25
26 import hashlib
27 26 import base64
28 27
29 28 from Crypto.Cipher import AES
30 29 from Crypto import Random
30 from Crypto.Hash import HMAC, SHA256
31 31
32 32 from rhodecode.lib.utils2 import safe_str
33 33
34 34
35 class SignatureVerificationError(Exception):
36 pass
37
38
39 class InvalidDecryptedValue(str):
40
41 def __new__(cls, content):
42 """
43 This will generate something like this::
44 <InvalidDecryptedValue(QkWusFgLJXR6m42v...)>
45 And represent a safe indicator that encryption key is broken
46 """
47 content = '<{}({}...)>'.format(cls.__name__, content[:16])
48 return str.__new__(cls, content)
49
50
35 51 class AESCipher(object):
36 def __init__(self, key):
37 # create padding, trim to long enc key
52 def __init__(self, key, hmac=False, strict_verification=True):
38 53 if not key:
39 54 raise ValueError('passed key variable is empty')
55 self.strict_verification = strict_verification
40 56 self.block_size = 32
41 self.key = hashlib.sha256(safe_str(key)).digest()
57 self.hmac_size = 32
58 self.hmac = hmac
59
60 self.key = SHA256.new(safe_str(key)).digest()
61 self.hmac_key = SHA256.new(self.key).digest()
62
63 def verify_hmac_signature(self, raw_data):
64 org_hmac_signature = raw_data[-self.hmac_size:]
65 data_without_sig = raw_data[:-self.hmac_size]
66 recomputed_hmac = HMAC.new(
67 self.hmac_key, data_without_sig, digestmod=SHA256).digest()
68 return org_hmac_signature == recomputed_hmac
42 69
43 70 def encrypt(self, raw):
44 71 raw = self._pad(raw)
45 72 iv = Random.new().read(AES.block_size)
46 73 cipher = AES.new(self.key, AES.MODE_CBC, iv)
47 return base64.b64encode(iv + cipher.encrypt(raw))
74 enc_value = cipher.encrypt(raw)
75
76 hmac_signature = ''
77 if self.hmac:
78 # compute hmac+sha256 on iv + enc text, we use
79 # encrypt then mac method to create the signature
80 hmac_signature = HMAC.new(
81 self.hmac_key, iv + enc_value, digestmod=SHA256).digest()
82
83 return base64.b64encode(iv + enc_value + hmac_signature)
48 84
49 85 def decrypt(self, enc):
86 enc_org = enc
50 87 enc = base64.b64decode(enc)
88
89 if self.hmac and len(enc) > self.hmac_size:
90 if self.verify_hmac_signature(enc):
91 # cut off the HMAC verification digest
92 enc = enc[:-self.hmac_size]
93 else:
94 if self.strict_verification:
95 raise SignatureVerificationError(
96 "Encryption signature verification failed. "
97 "Please check your secret key, and/or encrypted value. "
98 "Secret key is stored as "
99 "`rhodecode.encrypted_values.secret` or "
100 "`beaker.session.secret` inside .ini file")
101
102 return InvalidDecryptedValue(enc_org)
103
51 104 iv = enc[:AES.block_size]
52 105 cipher = AES.new(self.key, AES.MODE_CBC, iv)
53 106 return self._unpad(cipher.decrypt(enc[AES.block_size:]))
54 107
55 108 def _pad(self, s):
56 109 return (s + (self.block_size - len(s) % self.block_size)
57 110 * chr(self.block_size - len(s) % self.block_size))
58 111
59 112 @staticmethod
60 113 def _unpad(s):
61 114 return s[:-ord(s[len(s)-1:])] No newline at end of file
Show file before | Show file after | Hide comments
1 NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff
Show file before | Show file after | Hide comments
@@ -1,655 +1,655 b''
1 1 ## -*- coding: utf-8 -*-
2 2 <%inherit file="root.html"/>
3 3
4 4 <div class="outerwrapper">
5 5 <!-- HEADER -->
6 6 <div class="header">
7 7 <div id="header-inner" class="wrapper">
8 8 <div id="logo">
9 9 <div class="logo-wrapper">
10 10 <a href="${h.url('home')}"><img src="${h.url('/images/rhodecode-logo-white-216x60.png')}" alt="RhodeCode"/></a>
11 11 </div>
12 12 %if c.rhodecode_name:
13 13 <div class="branding">- ${h.branding(c.rhodecode_name)}</div>
14 14 %endif
15 15 </div>
16 16 <!-- MENU BAR NAV -->
17 17 ${self.menu_bar_nav()}
18 18 <!-- END MENU BAR NAV -->
19 19 ${self.body()}
20 20 </div>
21 21 </div>
22 22 ${self.menu_bar_subnav()}
23 23 <!-- END HEADER -->
24 24
25 25 <!-- CONTENT -->
26 26 <div id="content" class="wrapper">
27 27 ${self.flash_msg()}
28 28 <div class="main">
29 29 ${next.main()}
30 30 </div>
31 31 </div>
32 32 <!-- END CONTENT -->
33 33
34 34 </div>
35 35 <!-- FOOTER -->
36 36 <div id="footer">
37 37 <div id="footer-inner" class="title wrapper">
38 38 <div>
39 39 <p class="footer-link-right">
40 40 % if c.visual.show_version:
41 41 RhodeCode Enterprise ${c.rhodecode_version} ${c.rhodecode_edition}
42 42 % endif
43 43 &copy; 2010-${h.datetime.today().year}, <a href="${h.url('rhodecode_official')}" target="_blank">RhodeCode GmbH</a>. All rights reserved.
44 44 % if c.visual.rhodecode_support_url:
45 45 <a href="${c.visual.rhodecode_support_url}" target="_blank">${_('Support')}</a>
46 46 % endif
47 47 </p>
48 48 <% sid = 'block' if request.GET.get('showrcid') else 'none' %>
49 49 <p class="server-instance" style="display:${sid}">
50 50 ## display hidden instance ID if specially defined
51 51 % if c.rhodecode_instanceid:
52 52 ${_('RhodeCode instance id: %s') % c.rhodecode_instanceid}
53 53 % endif
54 54 </p>
55 55 </div>
56 56 </div>
57 57 </div>
58 58
59 59 <!-- END FOOTER -->
60 60
61 61 ### MAKO DEFS ###
62 62
63 63 <%def name="menu_bar_subnav()">
64 64 </%def>
65 65
66 66 <%def name="flash_msg()">
67 67 <%include file="/base/flash_msg.html"/>
68 68 </%def>
69 69
70 70 <%def name="breadcrumbs(class_='breadcrumbs')">
71 71 <div class="${class_}">
72 72 ${self.breadcrumbs_links()}
73 73 </div>
74 74 </%def>
75 75
76 76 <%def name="admin_menu()">
77 77 <ul class="admin_menu submenu">
78 78 <li><a href="${h.url('admin_home')}">${_('Admin journal')}</a></li>
79 79 <li><a href="${h.url('repos')}">${_('Repositories')}</a></li>
80 80 <li><a href="${h.url('repo_groups')}">${_('Repository groups')}</a></li>
81 81 <li><a href="${h.url('users')}">${_('Users')}</a></li>
82 82 <li><a href="${h.url('users_groups')}">${_('User groups')}</a></li>
83 83 <li><a href="${h.url('admin_permissions_application')}">${_('Permissions')}</a></li>
84 84 <li><a href="${h.route_path('auth_home', traverse='')}">${_('Authentication')}</a></li>
85 85 <li><a href="${h.url('admin_defaults_repositories')}">${_('Defaults')}</a></li>
86 86 <li class="last"><a href="${h.url('admin_settings')}">${_('Settings')}</a></li>
87 87 </ul>
88 88 </%def>
89 89
90 90
91 91 <%def name="dt_info_panel(elements)">
92 92 <dl class="dl-horizontal">
93 93 %for dt, dd, title, show_items in elements:
94 94 <dt>${dt}:</dt>
95 95 <dd title="${title}">
96 96 %if callable(dd):
97 97 ## allow lazy evaluation of elements
98 98 ${dd()}
99 99 %else:
100 100 ${dd}
101 101 %endif
102 102 %if show_items:
103 103 <span class="btn-collapse" data-toggle="item-${h.md5(dt)[:6]}-details">${_('Show More')} </span>
104 104 %endif
105 105 </dd>
106 106
107 107 %if show_items:
108 108 <div class="collapsable-content" data-toggle="item-${h.md5(dt)[:6]}-details" style="display: none">
109 109 %for item in show_items:
110 110 <dt></dt>
111 111 <dd>${item}</dd>
112 112 %endfor
113 113 </div>
114 114 %endif
115 115
116 116 %endfor
117 117 </dl>
118 118 </%def>
119 119
120 120
121 121 <%def name="gravatar(email, size=16)">
122 122 <%
123 123 if (size > 16):
124 124 gravatar_class = 'gravatar gravatar-large'
125 125 else:
126 126 gravatar_class = 'gravatar'
127 127 %>
128 128 <%doc>
129 129 TODO: johbo: For now we serve double size images to make it smooth
130 130 for retina. This is how it worked until now. Should be replaced
131 131 with a better solution at some point.
132 132 </%doc>
133 133 <img class="${gravatar_class}" src="${h.gravatar_url(email, size * 2)}" height="${size}" width="${size}">
134 134 </%def>
135 135
136 136
137 137 <%def name="gravatar_with_user(contact, size=16, show_disabled=False)">
138 138 <div class="rc-user tooltip" title="${contact}">
139 139 ${self.gravatar(h.email_or_none(contact), size)}
140 140 <span class="${'user user-disabled' if show_disabled else 'user'}"> ${h.link_to_user(contact)}</span>
141 141 </div>
142 142 </%def>
143 143
144 144
145 145 ## admin menu used for people that have some admin resources
146 146 <%def name="admin_menu_simple(repositories=None, repository_groups=None, user_groups=None)">
147 147 <ul class="submenu">
148 148 %if repositories:
149 149 <li><a href="${h.url('repos')}">${_('Repositories')}</a></li>
150 150 %endif
151 151 %if repository_groups:
152 152 <li><a href="${h.url('repo_groups')}">${_('Repository groups')}</a></li>
153 153 %endif
154 154 %if user_groups:
155 155 <li><a href="${h.url('users_groups')}">${_('User groups')}</a></li>
156 156 %endif
157 157 </ul>
158 158 </%def>
159 159
160 160 <%def name="repo_page_title(repo_instance)">
161 161 <div class="title-content">
162 162 <div class="title-main">
163 163 ## SVN/HG/GIT icons
164 164 %if h.is_hg(repo_instance):
165 165 <i class="icon-hg"></i>
166 166 %endif
167 167 %if h.is_git(repo_instance):
168 168 <i class="icon-git"></i>
169 169 %endif
170 170 %if h.is_svn(repo_instance):
171 171 <i class="icon-svn"></i>
172 172 %endif
173 173
174 174 ## public/private
175 175 %if repo_instance.private:
176 176 <i class="icon-repo-private"></i>
177 177 %else:
178 178 <i class="icon-repo-public"></i>
179 179 %endif
180 180
181 181 ## repo name with group name
182 182 ${h.breadcrumb_repo_link(c.rhodecode_db_repo)}
183 183
184 184 </div>
185 185
186 186 ## FORKED
187 187 %if repo_instance.fork:
188 188 <p>
189 189 <i class="icon-code-fork"></i> ${_('Fork of')}
190 190 <a href="${h.url('summary_home',repo_name=repo_instance.fork.repo_name)}">${repo_instance.fork.repo_name}</a>
191 191 </p>
192 192 %endif
193 193
194 194 ## IMPORTED FROM REMOTE
195 195 %if repo_instance.clone_uri:
196 196 <p>
197 197 <i class="icon-code-fork"></i> ${_('Clone from')}
198 <a href="${h.url(str(h.hide_credentials(repo_instance.clone_uri)))}">${h.hide_credentials(repo_instance.clone_uri)}</a>
198 <a href="${h.url(h.safe_str(h.hide_credentials(repo_instance.clone_uri)))}">${h.hide_credentials(repo_instance.clone_uri)}</a>
199 199 </p>
200 200 %endif
201 201
202 202 ## LOCKING STATUS
203 203 %if repo_instance.locked[0]:
204 204 <p class="locking_locked">
205 205 <i class="icon-repo-lock"></i>
206 206 ${_('Repository locked by %(user)s') % {'user': h.person_by_id(repo_instance.locked[0])}}
207 207 </p>
208 208 %elif repo_instance.enable_locking:
209 209 <p class="locking_unlocked">
210 210 <i class="icon-repo-unlock"></i>
211 211 ${_('Repository not locked. Pull repository to lock it.')}
212 212 </p>
213 213 %endif
214 214
215 215 </div>
216 216 </%def>
217 217
218 218 <%def name="repo_menu(active=None)">
219 219 <%
220 220 def is_active(selected):
221 221 if selected == active:
222 222 return "active"
223 223 %>
224 224
225 225 <!--- CONTEXT BAR -->
226 226 <div id="context-bar">
227 227 <div class="wrapper">
228 228 <ul id="context-pages" class="horizontal-list navigation">
229 229 <li class="${is_active('summary')}"><a class="menulink" href="${h.url('summary_home', repo_name=c.repo_name)}"><div class="menulabel">${_('Summary')}</div></a></li>
230 230 <li class="${is_active('changelog')}"><a class="menulink" href="${h.url('changelog_home', repo_name=c.repo_name)}"><div class="menulabel">${_('Changelog')}</div></a></li>
231 231 <li class="${is_active('files')}"><a class="menulink" href="${h.url('files_home', repo_name=c.repo_name, revision=c.rhodecode_db_repo.landing_rev[1])}"><div class="menulabel">${_('Files')}</div></a></li>
232 232 <li class="${is_active('compare')}">
233 233 <a class="menulink" href="${h.url('compare_home',repo_name=c.repo_name)}"><div class="menulabel">${_('Compare')}</div></a>
234 234 </li>
235 235 ## TODO: anderson: ideally it would have a function on the scm_instance "enable_pullrequest() and enable_fork()"
236 236 %if c.rhodecode_db_repo.repo_type in ['git','hg']:
237 237 <li class="${is_active('showpullrequest')}">
238 238 <a class="menulink" href="${h.url('pullrequest_show_all',repo_name=c.repo_name)}" title="${_('Show Pull Requests for %s') % c.repo_name}">
239 239 %if c.repository_pull_requests:
240 240 <span class="pr_notifications">${c.repository_pull_requests}</span>
241 241 %endif
242 242 <div class="menulabel">${_('Pull Requests')}</div>
243 243 </a>
244 244 </li>
245 245 %endif
246 246 <li class="${is_active('options')}">
247 247 <a class="menulink" href="#" class="dropdown"><div class="menulabel">${_('Options')} <div class="show_more"></div></div></a>
248 248 <ul class="submenu">
249 249 %if h.HasRepoPermissionAll('repository.admin')(c.repo_name):
250 250 <li><a href="${h.url('edit_repo',repo_name=c.repo_name)}">${_('Settings')}</a></li>
251 251 %endif
252 252 %if c.rhodecode_db_repo.fork:
253 253 <li><a href="${h.url('compare_url',repo_name=c.rhodecode_db_repo.fork.repo_name,source_ref_type=c.rhodecode_db_repo.landing_rev[0],source_ref=c.rhodecode_db_repo.landing_rev[1], target_repo=c.repo_name,target_ref_type='branch' if request.GET.get('branch') else c.rhodecode_db_repo.landing_rev[0],target_ref=request.GET.get('branch') or c.rhodecode_db_repo.landing_rev[1], merge=1)}">
254 254 ${_('Compare fork')}</a></li>
255 255 %endif
256 256
257 257 <li><a href="${h.url('search_repo_home',repo_name=c.repo_name)}">${_('Search')}</a></li>
258 258
259 259 %if h.HasRepoPermissionAny('repository.write','repository.admin')(c.repo_name) and c.rhodecode_db_repo.enable_locking:
260 260 %if c.rhodecode_db_repo.locked[0]:
261 261 <li><a class="locking_del" href="${h.url('toggle_locking',repo_name=c.repo_name)}">${_('Unlock')}</a></li>
262 262 %else:
263 263 <li><a class="locking_add" href="${h.url('toggle_locking',repo_name=c.repo_name)}">${_('Lock')}</a></li>
264 264 %endif
265 265 %endif
266 266 %if c.rhodecode_user.username != h.DEFAULT_USER:
267 267 %if c.rhodecode_db_repo.repo_type in ['git','hg']:
268 268 <li><a href="${h.url('repo_fork_home',repo_name=c.repo_name)}">${_('Fork')}</a></li>
269 269 <li><a href="${h.url('pullrequest_home',repo_name=c.repo_name)}">${_('Create Pull Request')}</a></li>
270 270 %endif
271 271 %endif
272 272 </ul>
273 273 </li>
274 274 </ul>
275 275 </div>
276 276 <div class="clear"></div>
277 277 </div>
278 278 <!--- END CONTEXT BAR -->
279 279
280 280 </%def>
281 281
282 282 <%def name="usermenu()">
283 283 ## USER MENU
284 284 <li id="quick_login_li">
285 285 <a id="quick_login_link" class="menulink childs">
286 286 ${gravatar(c.rhodecode_user.email, 20)}
287 287 <span class="user">
288 288 %if c.rhodecode_user.username != h.DEFAULT_USER:
289 289 <span class="menu_link_user">${c.rhodecode_user.username}</span><div class="show_more"></div>
290 290 %else:
291 291 <span>${_('Sign in')}</span>
292 292 %endif
293 293 </span>
294 294 </a>
295 295
296 296 <div class="user-menu submenu">
297 297 <div id="quick_login">
298 298 %if c.rhodecode_user.username == h.DEFAULT_USER:
299 299 <h4>${_('Sign in to your account')}</h4>
300 300 ${h.form(h.route_path('login', _query={'came_from': h.url.current()}), needs_csrf_token=False)}
301 301 <div class="form form-vertical">
302 302 <div class="fields">
303 303 <div class="field">
304 304 <div class="label">
305 305 <label for="username">${_('Username')}:</label>
306 306 </div>
307 307 <div class="input">
308 308 ${h.text('username',class_='focus',tabindex=1)}
309 309 </div>
310 310
311 311 </div>
312 312 <div class="field">
313 313 <div class="label">
314 314 <label for="password">${_('Password')}:</label>
315 315 <span class="forgot_password">${h.link_to(_('(Forgot password?)'),h.route_path('reset_password'))}</span>
316 316 </div>
317 317 <div class="input">
318 318 ${h.password('password',class_='focus',tabindex=2)}
319 319 </div>
320 320 </div>
321 321 <div class="buttons">
322 322 <div class="register">
323 323 %if h.HasPermissionAny('hg.admin', 'hg.register.auto_activate', 'hg.register.manual_activate')():
324 324 ${h.link_to(_("Don't have an account ?"),h.route_path('register'))}
325 325 %endif
326 326 </div>
327 327 <div class="submit">
328 328 ${h.submit('sign_in',_('Sign In'),class_="btn btn-small",tabindex=3)}
329 329 </div>
330 330 </div>
331 331 </div>
332 332 </div>
333 333 ${h.end_form()}
334 334 %else:
335 335 <div class="">
336 336 <div class="big_gravatar">${gravatar(c.rhodecode_user.email, 48)}</div>
337 337 <div class="full_name">${c.rhodecode_user.full_name_or_username}</div>
338 338 <div class="email">${c.rhodecode_user.email}</div>
339 339 </div>
340 340 <div class="">
341 341 <ol class="links">
342 342 <li>${h.link_to(_(u'My account'),h.url('my_account'))}</li>
343 343 <li class="logout">
344 344 ${h.secure_form(h.route_path('logout'))}
345 345 ${h.submit('log_out', _(u'Sign Out'),class_="btn btn-primary")}
346 346 ${h.end_form()}
347 347 </li>
348 348 </ol>
349 349 </div>
350 350 %endif
351 351 </div>
352 352 </div>
353 353 %if c.rhodecode_user.username != h.DEFAULT_USER:
354 354 <div class="pill_container">
355 355 % if c.unread_notifications == 0:
356 356 <a class="menu_link_notifications empty" href="${h.url('notifications')}">${c.unread_notifications}</a>
357 357 % else:
358 358 <a class="menu_link_notifications" href="${h.url('notifications')}">${c.unread_notifications}</a>
359 359 % endif
360 360 </div>
361 361 % endif
362 362 </li>
363 363 </%def>
364 364
365 365 <%def name="menu_items(active=None)">
366 366 <%
367 367 def is_active(selected):
368 368 if selected == active:
369 369 return "active"
370 370 return ""
371 371 %>
372 372 <ul id="quick" class="main_nav navigation horizontal-list">
373 373 <!-- repo switcher -->
374 374 <li class="${is_active('repositories')} repo_switcher_li has_select2">
375 375 <input id="repo_switcher" name="repo_switcher" type="hidden">
376 376 </li>
377 377
378 378 ## ROOT MENU
379 379 %if c.rhodecode_user.username != h.DEFAULT_USER:
380 380 <li class="${is_active('journal')}">
381 381 <a class="menulink" title="${_('Show activity journal')}" href="${h.url('journal')}">
382 382 <div class="menulabel">${_('Journal')}</div>
383 383 </a>
384 384 </li>
385 385 %else:
386 386 <li class="${is_active('journal')}">
387 387 <a class="menulink" title="${_('Show Public activity journal')}" href="${h.url('public_journal')}">
388 388 <div class="menulabel">${_('Public journal')}</div>
389 389 </a>
390 390 </li>
391 391 %endif
392 392 <li class="${is_active('gists')}">
393 393 <a class="menulink childs" title="${_('Show Gists')}" href="${h.url('gists')}">
394 394 <div class="menulabel">${_('Gists')}</div>
395 395 </a>
396 396 </li>
397 397 <li class="${is_active('search')}">
398 398 <a class="menulink" title="${_('Search in repositories you have access to')}" href="${h.url('search')}">
399 399 <div class="menulabel">${_('Search')}</div>
400 400 </a>
401 401 </li>
402 402 % if h.HasPermissionAll('hg.admin')('access admin main page'):
403 403 <li class="${is_active('admin')}">
404 404 <a class="menulink childs" title="${_('Admin settings')}" href="#" onclick="return false;">
405 405 <div class="menulabel">${_('Admin')} <div class="show_more"></div></div>
406 406 </a>
407 407 ${admin_menu()}
408 408 </li>
409 409 % elif c.rhodecode_user.repositories_admin or c.rhodecode_user.repository_groups_admin or c.rhodecode_user.user_groups_admin:
410 410 <li class="${is_active('admin')}">
411 411 <a class="menulink childs" title="${_('Delegated Admin settings')}">
412 412 <div class="menulabel">${_('Admin')} <div class="show_more"></div></div>
413 413 </a>
414 414 ${admin_menu_simple(c.rhodecode_user.repositories_admin,
415 415 c.rhodecode_user.repository_groups_admin,
416 416 c.rhodecode_user.user_groups_admin or h.HasPermissionAny('hg.usergroup.create.true')())}
417 417 </li>
418 418 % endif
419 419 % if c.debug_style:
420 420 <li class="${is_active('debug_style')}">
421 421 <a class="menulink" title="${_('Style')}" href="${h.url('debug_style_home')}">
422 422 <div class="menulabel">${_('Style')}</div>
423 423 </a>
424 424 </li>
425 425 % endif
426 426 ## render extra user menu
427 427 ${usermenu()}
428 428 </ul>
429 429
430 430 <script type="text/javascript">
431 431 var visual_show_public_icon = "${c.visual.show_public_icon}" == "True";
432 432
433 433 /*format the look of items in the list*/
434 434 var format = function(state, escapeMarkup){
435 435 if (!state.id){
436 436 return state.text; // optgroup
437 437 }
438 438 var obj_dict = state.obj;
439 439 var tmpl = '';
440 440
441 441 if(obj_dict && state.type == 'repo'){
442 442 if(obj_dict['repo_type'] === 'hg'){
443 443 tmpl += '<i class="icon-hg"></i> ';
444 444 }
445 445 else if(obj_dict['repo_type'] === 'git'){
446 446 tmpl += '<i class="icon-git"></i> ';
447 447 }
448 448 else if(obj_dict['repo_type'] === 'svn'){
449 449 tmpl += '<i class="icon-svn"></i> ';
450 450 }
451 451 if(obj_dict['private']){
452 452 tmpl += '<i class="icon-lock" ></i> ';
453 453 }
454 454 else if(visual_show_public_icon){
455 455 tmpl += '<i class="icon-unlock-alt"></i> ';
456 456 }
457 457 }
458 458 if(obj_dict && state.type == 'commit') {
459 459 tmpl += '<i class="icon-tag"></i>';
460 460 }
461 461 if(obj_dict && state.type == 'group'){
462 462 tmpl += '<i class="icon-folder-close"></i> ';
463 463 }
464 464 tmpl += escapeMarkup(state.text);
465 465 return tmpl;
466 466 };
467 467
468 468 var formatResult = function(result, container, query, escapeMarkup) {
469 469 return format(result, escapeMarkup);
470 470 };
471 471
472 472 var formatSelection = function(data, container, escapeMarkup) {
473 473 return format(data, escapeMarkup);
474 474 };
475 475
476 476 $("#repo_switcher").select2({
477 477 cachedDataSource: {},
478 478 minimumInputLength: 2,
479 479 placeholder: '<div class="menulabel">${_('Go to')} <div class="show_more"></div></div>',
480 480 dropdownAutoWidth: true,
481 481 formatResult: formatResult,
482 482 formatSelection: formatSelection,
483 483 containerCssClass: "repo-switcher",
484 484 dropdownCssClass: "repo-switcher-dropdown",
485 485 escapeMarkup: function(m){
486 486 // don't escape our custom placeholder
487 487 if(m.substr(0,23) == '<div class="menulabel">'){
488 488 return m;
489 489 }
490 490
491 491 return Select2.util.escapeMarkup(m);
492 492 },
493 493 query: $.debounce(250, function(query){
494 494 self = this;
495 495 var cacheKey = query.term;
496 496 var cachedData = self.cachedDataSource[cacheKey];
497 497
498 498 if (cachedData) {
499 499 query.callback({results: cachedData.results});
500 500 } else {
501 501 $.ajax({
502 502 url: "${h.url('goto_switcher_data')}",
503 503 data: {'query': query.term},
504 504 dataType: 'json',
505 505 type: 'GET',
506 506 success: function(data) {
507 507 self.cachedDataSource[cacheKey] = data;
508 508 query.callback({results: data.results});
509 509 },
510 510 error: function(data, textStatus, errorThrown) {
511 511 alert("Error while fetching entries.\nError code {0} ({1}).".format(data.status, data.statusText));
512 512 }
513 513 })
514 514 }
515 515 })
516 516 });
517 517
518 518 $("#repo_switcher").on('select2-selecting', function(e){
519 519 e.preventDefault();
520 520 window.location = e.choice.url;
521 521 });
522 522
523 523 ## Global mouse bindings ##
524 524
525 525 // general help "?"
526 526 Mousetrap.bind(['?'], function(e) {
527 527 $('#help_kb').modal({})
528 528 });
529 529
530 530 // / open the quick filter
531 531 Mousetrap.bind(['/'], function(e) {
532 532 $("#repo_switcher").select2("open");
533 533
534 534 // return false to prevent default browser behavior
535 535 // and stop event from bubbling
536 536 return false;
537 537 });
538 538
539 539 // general nav g + action
540 540 Mousetrap.bind(['g h'], function(e) {
541 541 window.location = pyroutes.url('home');
542 542 });
543 543 Mousetrap.bind(['g g'], function(e) {
544 544 window.location = pyroutes.url('gists', {'private':1});
545 545 });
546 546 Mousetrap.bind(['g G'], function(e) {
547 547 window.location = pyroutes.url('gists', {'public':1});
548 548 });
549 549 Mousetrap.bind(['n g'], function(e) {
550 550 window.location = pyroutes.url('new_gist');
551 551 });
552 552 Mousetrap.bind(['n r'], function(e) {
553 553 window.location = pyroutes.url('new_repo');
554 554 });
555 555
556 556 % if hasattr(c, 'repo_name') and hasattr(c, 'rhodecode_db_repo'):
557 557 // nav in repo context
558 558 Mousetrap.bind(['g s'], function(e) {
559 559 window.location = pyroutes.url('summary_home', {'repo_name': REPO_NAME});
560 560 });
561 561 Mousetrap.bind(['g c'], function(e) {
562 562 window.location = pyroutes.url('changelog_home', {'repo_name': REPO_NAME});
563 563 });
564 564 Mousetrap.bind(['g F'], function(e) {
565 565 window.location = pyroutes.url('files_home', {'repo_name': REPO_NAME, 'revision': '${c.rhodecode_db_repo.landing_rev[1]}', 'f_path': '', 'search': '1'});
566 566 });
567 567 Mousetrap.bind(['g f'], function(e) {
568 568 window.location = pyroutes.url('files_home', {'repo_name': REPO_NAME, 'revision': '${c.rhodecode_db_repo.landing_rev[1]}', 'f_path': ''});
569 569 });
570 570 Mousetrap.bind(['g p'], function(e) {
571 571 window.location = pyroutes.url('pullrequest_show_all', {'repo_name': REPO_NAME});
572 572 });
573 573 Mousetrap.bind(['g o'], function(e) {
574 574 window.location = pyroutes.url('edit_repo', {'repo_name': REPO_NAME});
575 575 });
576 576 Mousetrap.bind(['g O'], function(e) {
577 577 window.location = pyroutes.url('edit_repo_perms', {'repo_name': REPO_NAME});
578 578 });
579 579 % endif
580 580
581 581 </script>
582 582 <script src="${h.url('/js/rhodecode/base/keyboard-bindings.js', ver=c.rhodecode_version_hash)}"></script>
583 583 </%def>
584 584
585 585 <div class="modal" id="help_kb" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
586 586 <div class="modal-dialog">
587 587 <div class="modal-content">
588 588 <div class="modal-header">
589 589 <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
590 590 <h4 class="modal-title" id="myModalLabel">${_('Keyboard shortcuts')}</h4>
591 591 </div>
592 592 <div class="modal-body">
593 593 <div class="block-left">
594 594 <table class="keyboard-mappings">
595 595 <tbody>
596 596 <tr>
597 597 <th></th>
598 598 <th>${_('Site-wide shortcuts')}</th>
599 599 </tr>
600 600 <%
601 601 elems = [
602 602 ('/', 'Open quick search box'),
603 603 ('g h', 'Goto home page'),
604 604 ('g g', 'Goto my private gists page'),
605 605 ('g G', 'Goto my public gists page'),
606 606 ('n r', 'New repository page'),
607 607 ('n g', 'New gist page'),
608 608 ]
609 609 %>
610 610 %for key, desc in elems:
611 611 <tr>
612 612 <td class="keys">
613 613 <span class="key tag">${key}</span>
614 614 </td>
615 615 <td>${desc}</td>
616 616 </tr>
617 617 %endfor
618 618 </tbody>
619 619 </table>
620 620 </div>
621 621 <div class="block-left">
622 622 <table class="keyboard-mappings">
623 623 <tbody>
624 624 <tr>
625 625 <th></th>
626 626 <th>${_('Repositories')}</th>
627 627 </tr>
628 628 <%
629 629 elems = [
630 630 ('g s', 'Goto summary page'),
631 631 ('g c', 'Goto changelog page'),
632 632 ('g f', 'Goto files page'),
633 633 ('g F', 'Goto files page with file search activated'),
634 634 ('g p', 'Goto pull requests page'),
635 635 ('g o', 'Goto repository settings'),
636 636 ('g O', 'Goto repository permissions settings'),
637 637 ]
638 638 %>
639 639 %for key, desc in elems:
640 640 <tr>
641 641 <td class="keys">
642 642 <span class="key tag">${key}</span>
643 643 </td>
644 644 <td>${desc}</td>
645 645 </tr>
646 646 %endfor
647 647 </tbody>
648 648 </table>
649 649 </div>
650 650 </div>
651 651 <div class="modal-footer">
652 652 </div>
653 653 </div><!-- /.modal-content -->
654 654 </div><!-- /.modal-dialog -->
655 655 </div><!-- /.modal -->
Show file before | Show file after | Hide comments
@@ -1,40 +1,76 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2016 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 import pytest
22 22
23 from rhodecode.lib.encrypt import AESCipher
23 from rhodecode.lib.encrypt import (
24 AESCipher, SignatureVerificationError, InvalidDecryptedValue)
24 25
25 26
26 27 class TestEncryptModule(object):
27 28
28 29 @pytest.mark.parametrize(
29 30 "key, text",
30 31 [
31 32 ('a', 'short'),
32 33 ('a'*64, 'too long(trimmed to 32)'),
33 34 ('a'*32, 'just enough'),
34 35 ('ąćęćę', 'non asci'),
35 36 ('$asa$asa', 'special $ used'),
36 37 ]
37 38 )
38 39 def test_encryption(self, key, text):
39 40 enc = AESCipher(key).encrypt(text)
40 41 assert AESCipher(key).decrypt(enc) == text
42
43 def test_encryption_with_hmac(self):
44 key = 'secret'
45 text = 'ihatemysql'
46 enc = AESCipher(key, hmac=True).encrypt(text)
47 assert AESCipher(key, hmac=True).decrypt(enc) == text
48
49 def test_encryption_with_hmac_with_bad_key(self):
50 key = 'secretstring'
51 text = 'ihatemysql'
52 enc = AESCipher(key, hmac=True).encrypt(text)
53
54 with pytest.raises(SignatureVerificationError) as e:
55 assert AESCipher('differentsecret', hmac=True).decrypt(enc) == ''
56
57 assert 'Encryption signature verification failed' in str(e)
58
59 def test_encryption_with_hmac_with_bad_data(self):
60 key = 'secret'
61 text = 'ihatemysql'
62 enc = AESCipher(key, hmac=True).encrypt(text)
63 enc = 'xyz' + enc[3:]
64 with pytest.raises(SignatureVerificationError) as e:
65 assert AESCipher(key, hmac=True).decrypt(enc) == text
66
67 assert 'Encryption signature verification failed' in str(e)
68
69 def test_encryption_with_hmac_with_bad_key_not_strict(self):
70 key = 'secretstring'
71 text = 'ihatemysql'
72 enc = AESCipher(key, hmac=True).encrypt(text)
73
74 assert isinstance(AESCipher(
75 'differentsecret', hmac=True, strict_verification=False
76 ).decrypt(enc), InvalidDecryptedValue)
General Comments 0
You need to be logged in to leave comments. Login now