diff --git a/rhodecode/__init__.py b/rhodecode/__init__.py
--- a/rhodecode/__init__.py
+++ b/rhodecode/__init__.py
@@ -51,7 +51,7 @@ PYRAMID_SETTINGS = {}
EXTENSIONS = {}
__version__ = ('.'.join((str(each) for each in VERSION[:3])))
-__dbversion__ = 60 # defines current db version for migrations
+__dbversion__ = 61 # defines current db version for migrations
__platform__ = platform.system()
__license__ = 'AGPLv3, and Commercial License'
__author__ = 'RhodeCode GmbH'
diff --git a/rhodecode/api/views/user_api.py b/rhodecode/api/views/user_api.py
--- a/rhodecode/api/views/user_api.py
+++ b/rhodecode/api/views/user_api.py
@@ -81,6 +81,7 @@ def get_user(request, apiuser, userid=Op
"usergroup.read",
"hg.repogroup.create.false",
"hg.create.none",
+ "hg.password_reset.enabled",
"hg.extern_activate.manual",
"hg.create.write_on_repogroup.false",
"hg.usergroup.create.false",
diff --git a/rhodecode/controllers/admin/permissions.py b/rhodecode/controllers/admin/permissions.py
--- a/rhodecode/controllers/admin/permissions.py
+++ b/rhodecode/controllers/admin/permissions.py
@@ -92,6 +92,7 @@ class PermissionsController(BaseControll
self.__load_data()
_form = ApplicationPermissionsForm(
[x[0] for x in c.register_choices],
+ [x[0] for x in c.password_reset_choices],
[x[0] for x in c.extern_activate_choices])()
try:
diff --git a/rhodecode/lib/dbmigrate/versions/061_version_4_5_0.py b/rhodecode/lib/dbmigrate/versions/061_version_4_5_0.py
new file mode 100644
--- /dev/null
+++ b/rhodecode/lib/dbmigrate/versions/061_version_4_5_0.py
@@ -0,0 +1,42 @@
+import logging
+import datetime
+
+from sqlalchemy import *
+from sqlalchemy.exc import DatabaseError
+from sqlalchemy.orm import relation, backref, class_mapper, joinedload
+from sqlalchemy.orm.session import Session
+from sqlalchemy.ext.declarative import declarative_base
+
+from rhodecode.lib.dbmigrate.migrate import *
+from rhodecode.lib.dbmigrate.migrate.changeset import *
+from rhodecode.lib.utils2 import str2bool
+
+from rhodecode.model.meta import Base
+from rhodecode.model import meta
+from rhodecode.lib.dbmigrate.versions import _reset_base, notify
+
+log = logging.getLogger(__name__)
+
+
+def upgrade(migrate_engine):
+ """
+ Upgrade operations go here.
+ Don't create your own engine; bind migrate_engine to your metadata
+ """
+ _reset_base(migrate_engine)
+ from rhodecode.lib.dbmigrate.schema import db_4_5_0_0
+
+ fixups(db_4_5_0_0, meta.Session)
+
+def downgrade(migrate_engine):
+ meta = MetaData()
+ meta.bind = migrate_engine
+
+def fixups(models, _SESSION):
+ # ** create default permissions ** #
+ from rhodecode.model.permission import PermissionModel
+ PermissionModel(_SESSION()).create_permissions()
+
+ res = PermissionModel(_SESSION()).create_default_user_permissions(
+ models.User.DEFAULT_USER)
+ _SESSION().commit()
diff --git a/rhodecode/model/db.py b/rhodecode/model/db.py
--- a/rhodecode/model/db.py
+++ b/rhodecode/model/db.py
@@ -2314,6 +2314,10 @@ class Permission(Base, BaseModel):
('hg.register.manual_activate', _('User Registration with manual account activation')),
('hg.register.auto_activate', _('User Registration with automatic account activation')),
+ ('hg.password_reset.enabled', _('Password reset enabled')),
+ ('hg.password_reset.hidden', _('Password reset hidden')),
+ ('hg.password_reset.disabled', _('Password reset disabled')),
+
('hg.extern_activate.manual', _('Manual activation of external account')),
('hg.extern_activate.auto', _('Automatic activation of external account')),
@@ -2332,6 +2336,7 @@ class Permission(Base, BaseModel):
'hg.create.write_on_repogroup.true',
'hg.fork.repository',
'hg.register.manual_activate',
+ 'hg.password_reset.enabled',
'hg.extern_activate.auto',
'hg.inherit_default_perms.true',
]
diff --git a/rhodecode/model/forms.py b/rhodecode/model/forms.py
--- a/rhodecode/model/forms.py
+++ b/rhodecode/model/forms.py
@@ -427,7 +427,8 @@ def LabsSettingsForm():
return _LabSettingsForm
-def ApplicationPermissionsForm(register_choices, extern_activate_choices):
+def ApplicationPermissionsForm(
+ register_choices, password_reset_choices, extern_activate_choices):
class _DefaultPermissionsForm(formencode.Schema):
allow_extra_fields = True
filter_extra_fields = True
@@ -435,6 +436,7 @@ def ApplicationPermissionsForm(register_
anonymous = v.StringBoolean(if_missing=False)
default_register = v.OneOf(register_choices)
default_register_message = v.UnicodeString()
+ default_password_reset = v.OneOf(password_reset_choices)
default_extern_activate = v.OneOf(extern_activate_choices)
return _DefaultPermissionsForm
diff --git a/rhodecode/model/permission.py b/rhodecode/model/permission.py
--- a/rhodecode/model/permission.py
+++ b/rhodecode/model/permission.py
@@ -51,8 +51,8 @@ class PermissionModel(BaseModel):
'default_user_group_create': None,
'default_fork_create': None,
'default_inherit_default_permissions': None,
-
'default_register': None,
+ 'default_password_reset': None,
'default_extern_activate': None,
# object permissions below
@@ -85,6 +85,11 @@ class PermissionModel(BaseModel):
('hg.register.manual_activate', translator('Allowed with manual account activation')),
('hg.register.auto_activate', translator('Allowed with automatic account activation')),]
+ c_obj.password_reset_choices = [
+ ('hg.password_reset.enabled', translator('Allow password recovery')),
+ ('hg.password_reset.hidden', translator('Hide password recovery link')),
+ ('hg.password_reset.disabled', translator('Disable password recovery')),]
+
c_obj.extern_activate_choices = [
('hg.extern_activate.manual', translator('Manual activation of external account')),
('hg.extern_activate.auto', translator('Automatic activation of external account')),]
@@ -149,6 +154,9 @@ class PermissionModel(BaseModel):
if perm.permission.permission_name.startswith('hg.register.'):
defaults['default_register' + suffix] = perm.permission.permission_name
+ if perm.permission.permission_name.startswith('hg.password_reset.'):
+ defaults['default_password_reset' + suffix] = perm.permission.permission_name
+
if perm.permission.permission_name.startswith('hg.extern_activate.'):
defaults['default_extern_activate' + suffix] = perm.permission.permission_name
@@ -182,6 +190,7 @@ class PermissionModel(BaseModel):
# application perms
'default_register': 'hg.register.',
+ 'default_password_reset': 'hg.password_reset.',
'default_extern_activate': 'hg.extern_activate.',
# object permissions below
@@ -383,6 +392,7 @@ class PermissionModel(BaseModel):
'default_user_group_perm',
'default_register',
+ 'default_password_reset',
'default_extern_activate'])
self.sa.commit()
except (DatabaseError,):
@@ -404,6 +414,7 @@ class PermissionModel(BaseModel):
'default_user_group_perm',
'default_register',
+ 'default_password_reset',
'default_extern_activate'])
self.sa.commit()
except (DatabaseError,):
@@ -429,6 +440,7 @@ class PermissionModel(BaseModel):
'default_inherit_default_permissions',
'default_register',
+ 'default_password_reset',
'default_extern_activate'])
# overwrite default repo permissions
diff --git a/rhodecode/public/css/login.less b/rhodecode/public/css/login.less
--- a/rhodecode/public/css/login.less
+++ b/rhodecode/public/css/login.less
@@ -188,6 +188,10 @@
line-height: 1.5em;
}
}
+
+ p.help-block {
+ margin-left: 0;
+ }
}
.user-menu.submenu {
diff --git a/rhodecode/templates/admin/permissions/permissions_application.html b/rhodecode/templates/admin/permissions/permissions_application.html
--- a/rhodecode/templates/admin/permissions/permissions_application.html
+++ b/rhodecode/templates/admin/permissions/permissions_application.html
@@ -29,6 +29,15 @@
</div>
<div class="field">
+ <div class="label label-select">
+ <label for="default_password_reset">${_('Password Reset')}:</label>
+ </div>
+ <div class="select">
+ ${h.select('default_password_reset','',c.password_reset_choices)}
+ </div>
+ </div>
+
+ <div class="field">
<div class="label label-textarea">
<label for="default_register_message">${_('Registration Page Message')}:</label>
</div>
@@ -66,6 +75,7 @@
};
$("#default_register").select2(select2Options);
+ $("#default_password_reset").select2(select2Options);
$("#default_extern_activate").select2(select2Options);
});
</script>
diff --git a/rhodecode/templates/base/base.html b/rhodecode/templates/base/base.html
--- a/rhodecode/templates/base/base.html
+++ b/rhodecode/templates/base/base.html
@@ -308,7 +308,9 @@
<div class="field">
<div class="label">
<label for="password">${_('Password')}:</label>
- <span class="forgot_password">${h.link_to(_('(Forgot password?)'),h.route_path('reset_password'))}</span>
+ %if h.HasPermissionAny('hg.password_reset.enabled')():
+ <span class="forgot_password">${h.link_to(_('(Forgot password?)'),h.route_path('reset_password'))}</span>
+ %endif
</div>
<div class="input">
${h.password('password',class_='focus',tabindex=2)}
diff --git a/rhodecode/templates/login.html b/rhodecode/templates/login.html
--- a/rhodecode/templates/login.html
+++ b/rhodecode/templates/login.html
@@ -56,9 +56,17 @@
${h.checkbox('remember', value=True, checked=defaults.get('remember'))}
<label class="checkbox" for="remember">${_('Remember me')}</label>
- <p class="links">
- ${h.link_to(_('Forgot your password?'), h.route_path('reset_password'))}
- </p>
+
+ %if h.HasPermissionAny('hg.password_reset.enable')():
+ <p class="links">
+ ${h.link_to(_('Forgot your password?'), h.route_path('reset_password'))}
+ </p>
+ %elif h.HasPermissionAny('hg.password_reset.hidden')():
+ <p class="help-block">
+ ${_('Contact an administrator if you have forgotten your password.')}
+ </p>
+ %endif
+
${h.submit('sign_in', _('Sign In'), class_="btn sign-in")}
diff --git a/rhodecode/templates/password_reset.html b/rhodecode/templates/password_reset.html
--- a/rhodecode/templates/password_reset.html
+++ b/rhodecode/templates/password_reset.html
@@ -28,39 +28,45 @@
<img class="sign-in-image" src="${h.asset('images/sign-in.png')}" alt="RhodeCode"/>
</div>
- <div id="register" class="right-column">
- <!-- login -->
- <div class="sign-in-title">
- <h1>${_('Reset your Password')}</h1>
- <h4>${h.link_to(_("Go to the login page to sign in."), request.route_path('login'))}</h4>
+ %if h.HasPermissionAny('hg.password_reset.disabled')():
+ <div class="right-column">
+ <p>${_('Password reset has been disabled.')}</p>
</div>
- <div class="inner form">
- ${h.form(request.route_path('reset_password'), needs_csrf_token=False)}
- <label for="email">${_('Email Address')}:</label>
- ${h.text('email', defaults.get('email'))}
- %if 'email' in errors:
- <span class="error-message">${errors.get('email')}</span>
- <br />
- %endif
-
- %if captcha_active:
- <div class="login-captcha"
- <label for="email">${_('Captcha')}:</label>
- ${h.hidden('recaptcha_field')}
- <div id="recaptcha"></div>
- %if 'recaptcha_field' in errors:
- <span class="error-message">${errors.get('recaptcha_field')}</span>
+ %else:
+ <div id="register" class="right-column">
+ <!-- login -->
+ <div class="sign-in-title">
+ <h1>${_('Reset your Password')}</h1>
+ <h4>${h.link_to(_("Go to the login page to sign in."), request.route_path('login'))}</h4>
+ </div>
+ <div class="inner form">
+ ${h.form(request.route_path('reset_password'), needs_csrf_token=False)}
+ <label for="email">${_('Email Address')}:</label>
+ ${h.text('email', defaults.get('email'))}
+ %if 'email' in errors:
+ <span class="error-message">${errors.get('email')}</span>
<br />
%endif
- </div>
- %endif
-
- ${h.submit('send', _('Send password reset email'), class_="btn sign-in")}
- <div class="activation_msg">${_('Password reset link will be sent to matching email address')}</div>
-
- ${h.end_form()}
+
+ %if captcha_active:
+ <div class="login-captcha"
+ <label for="email">${_('Captcha')}:</label>
+ ${h.hidden('recaptcha_field')}
+ <div id="recaptcha"></div>
+ %if 'recaptcha_field' in errors:
+ <span class="error-message">${errors.get('recaptcha_field')}</span>
+ <br />
+ %endif
+ </div>
+ %endif
+
+ ${h.submit('send', _('Send password reset email'), class_="btn sign-in")}
+ <div class="activation_msg">${_('Password reset link will be sent to matching email address')}</div>
+
+ ${h.end_form()}
+ </div>
</div>
- </div>
+ %endif
</div>
</div>