##// END OF EJS Templates
u » ewong » rhodecode-enterprise-ce-fork
RSS

Fork of rhodecode-enterprise-ce

auth: don't expose full set of permissions into channelstream payload....
ergo -
r2194:90609677 stable
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,175 +1,176 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2017 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 """
22 22 Channel Stream controller for rhodecode
23 23
24 24 :created_on: Oct 10, 2015
25 25 :author: marcinl
26 26 :copyright: (c) 2013-2015 RhodeCode GmbH.
27 27 :license: Commercial License, see LICENSE for more details.
28 28 """
29 29
30 30 import logging
31 31 import uuid
32 32
33 33 from pyramid.view import view_config
34 34 from webob.exc import HTTPBadRequest, HTTPForbidden, HTTPBadGateway
35 35
36 36 from rhodecode.lib.channelstream import (
37 37 channelstream_request,
38 38 ChannelstreamConnectionException,
39 39 ChannelstreamPermissionException,
40 40 check_channel_permissions,
41 41 get_connection_validators,
42 42 get_user_data,
43 43 parse_channels_info,
44 44 update_history_from_logs,
45 45 STATE_PUBLIC_KEYS)
46 46 from rhodecode.lib.auth import NotAnonymous
47 47
48 48 log = logging.getLogger(__name__)
49 49
50 50
51 51 class ChannelstreamView(object):
52 52 def __init__(self, context, request):
53 53 self.context = context
54 54 self.request = request
55 55
56 56 # Some of the decorators rely on this attribute to be present
57 57 # on the class of the decorated method.
58 58 self._rhodecode_user = request.user
59 59 registry = request.registry
60 60 self.channelstream_config = registry.rhodecode_plugins['channelstream']
61 61 if not self.channelstream_config.get('enabled'):
62 62 log.error('Channelstream plugin is disabled')
63 63 raise HTTPBadRequest()
64 64
65 65 @NotAnonymous()
66 66 @view_config(route_name='channelstream_connect', renderer='json')
67 67 def connect(self):
68 68 """ handle authorization of users trying to connect """
69 69 try:
70 70 json_body = self.request.json_body
71 71 except Exception:
72 72 log.exception('Failed to decode json from request')
73 73 raise HTTPBadRequest()
74
74 75 try:
75 76 channels = check_channel_permissions(
76 77 json_body.get('channels'),
77 78 get_connection_validators(self.request.registry))
78 79 except ChannelstreamPermissionException:
79 80 log.error('Incorrect permissions for requested channels')
80 81 raise HTTPForbidden()
81 82
82 83 user = self._rhodecode_user
83 84 if user.user_id:
84 85 user_data = get_user_data(user.user_id)
85 86 else:
86 87 user_data = {
87 88 'id': None,
88 89 'username': None,
89 90 'first_name': None,
90 91 'last_name': None,
91 92 'icon_link': None,
92 93 'display_name': None,
93 94 'display_link': None,
94 95 }
95 user_data['permissions'] = self._rhodecode_user.permissions
96 user_data['permissions'] = self._rhodecode_user.permissions_safe
96 97 payload = {
97 98 'username': user.username,
98 99 'user_state': user_data,
99 100 'conn_id': str(uuid.uuid4()),
100 101 'channels': channels,
101 102 'channel_configs': {},
102 103 'state_public_keys': STATE_PUBLIC_KEYS,
103 104 'info': {
104 105 'exclude_channels': ['broadcast']
105 106 }
106 107 }
107 108 filtered_channels = [channel for channel in channels
108 109 if channel != 'broadcast']
109 110 for channel in filtered_channels:
110 111 payload['channel_configs'][channel] = {
111 112 'notify_presence': True,
112 113 'history_size': 100,
113 114 'store_history': True,
114 115 'broadcast_presence_with_user_lists': True
115 116 }
116 117 # connect user to server
117 118 try:
118 119 connect_result = channelstream_request(self.channelstream_config,
119 120 payload, '/connect')
120 121 except ChannelstreamConnectionException:
121 122 log.exception('Channelstream service is down')
122 123 return HTTPBadGateway()
123 124
124 125 connect_result['channels'] = channels
125 126 connect_result['channels_info'] = parse_channels_info(
126 127 connect_result['channels_info'],
127 128 include_channel_info=filtered_channels)
128 129 update_history_from_logs(self.channelstream_config,
129 130 filtered_channels, connect_result)
130 131 return connect_result
131 132
132 133 @NotAnonymous()
133 134 @view_config(route_name='channelstream_subscribe', renderer='json')
134 135 def subscribe(self):
135 136 """ can be used to subscribe specific connection to other channels """
136 137 try:
137 138 json_body = self.request.json_body
138 139 except Exception:
139 140 log.exception('Failed to decode json from request')
140 141 raise HTTPBadRequest()
141 142 try:
142 143 channels = check_channel_permissions(
143 144 json_body.get('channels'),
144 145 get_connection_validators(self.request.registry))
145 146 except ChannelstreamPermissionException:
146 147 log.error('Incorrect permissions for requested channels')
147 148 raise HTTPForbidden()
148 149 payload = {'conn_id': json_body.get('conn_id', ''),
149 150 'channels': channels,
150 151 'channel_configs': {},
151 152 'info': {
152 153 'exclude_channels': ['broadcast']}
153 154 }
154 155 filtered_channels = [chan for chan in channels if chan != 'broadcast']
155 156 for channel in filtered_channels:
156 157 payload['channel_configs'][channel] = {
157 158 'notify_presence': True,
158 159 'history_size': 100,
159 160 'store_history': True,
160 161 'broadcast_presence_with_user_lists': True
161 162 }
162 163 try:
163 164 connect_result = channelstream_request(
164 165 self.channelstream_config, payload, '/subscribe')
165 166 except ChannelstreamConnectionException:
166 167 log.exception('Channelstream service is down')
167 168 return HTTPBadGateway()
168 169 # include_channel_info will limit history only to new channel
169 170 # to not overwrite histories on other channels in client
170 171 connect_result['channels_info'] = parse_channels_info(
171 172 connect_result['channels_info'],
172 173 include_channel_info=filtered_channels)
173 174 update_history_from_logs(self.channelstream_config,
174 175 filtered_channels, connect_result)
175 176 return connect_result
Show file before | Show file after | Hide comments
@@ -1,2023 +1,2041 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2017 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 """
22 22 authentication and permission libraries
23 23 """
24 24
25 25 import os
26 26 import inspect
27 27 import collections
28 28 import fnmatch
29 29 import hashlib
30 30 import itertools
31 31 import logging
32 32 import random
33 33 import traceback
34 34 from functools import wraps
35 35
36 36 import ipaddress
37 37 from pyramid.httpexceptions import HTTPForbidden, HTTPFound, HTTPNotFound
38 38 from pylons.i18n.translation import _
39 39 # NOTE(marcink): this has to be removed only after pyramid migration,
40 40 # replace with _ = request.translate
41 41 from sqlalchemy.orm.exc import ObjectDeletedError
42 42 from sqlalchemy.orm import joinedload
43 43 from zope.cachedescriptors.property import Lazy as LazyProperty
44 44
45 45 import rhodecode
46 46 from rhodecode.model import meta
47 47 from rhodecode.model.meta import Session
48 48 from rhodecode.model.user import UserModel
49 49 from rhodecode.model.db import (
50 50 User, Repository, Permission, UserToPerm, UserGroupToPerm, UserGroupMember,
51 51 UserIpMap, UserApiKeys, RepoGroup)
52 52 from rhodecode.lib import caches
53 53 from rhodecode.lib.utils2 import safe_unicode, aslist, safe_str, md5
54 54 from rhodecode.lib.utils import (
55 55 get_repo_slug, get_repo_group_slug, get_user_group_slug)
56 56 from rhodecode.lib.caching_query import FromCache
57 57
58 58
59 59 if rhodecode.is_unix:
60 60 import bcrypt
61 61
62 62 log = logging.getLogger(__name__)
63 63
64 64 csrf_token_key = "csrf_token"
65 65
66 66
67 67 class PasswordGenerator(object):
68 68 """
69 69 This is a simple class for generating password from different sets of
70 70 characters
71 71 usage::
72 72
73 73 passwd_gen = PasswordGenerator()
74 74 #print 8-letter password containing only big and small letters
75 75 of alphabet
76 76 passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
77 77 """
78 78 ALPHABETS_NUM = r'''1234567890'''
79 79 ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''
80 80 ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''
81 81 ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''
82 82 ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \
83 83 + ALPHABETS_NUM + ALPHABETS_SPECIAL
84 84 ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM
85 85 ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
86 86 ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM
87 87 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM
88 88
89 89 def __init__(self, passwd=''):
90 90 self.passwd = passwd
91 91
92 92 def gen_password(self, length, type_=None):
93 93 if type_ is None:
94 94 type_ = self.ALPHABETS_FULL
95 95 self.passwd = ''.join([random.choice(type_) for _ in xrange(length)])
96 96 return self.passwd
97 97
98 98
99 99 class _RhodeCodeCryptoBase(object):
100 100 ENC_PREF = None
101 101
102 102 def hash_create(self, str_):
103 103 """
104 104 hash the string using
105 105
106 106 :param str_: password to hash
107 107 """
108 108 raise NotImplementedError
109 109
110 110 def hash_check_with_upgrade(self, password, hashed):
111 111 """
112 112 Returns tuple in which first element is boolean that states that
113 113 given password matches it's hashed version, and the second is new hash
114 114 of the password, in case this password should be migrated to new
115 115 cipher.
116 116 """
117 117 checked_hash = self.hash_check(password, hashed)
118 118 return checked_hash, None
119 119
120 120 def hash_check(self, password, hashed):
121 121 """
122 122 Checks matching password with it's hashed value.
123 123
124 124 :param password: password
125 125 :param hashed: password in hashed form
126 126 """
127 127 raise NotImplementedError
128 128
129 129 def _assert_bytes(self, value):
130 130 """
131 131 Passing in an `unicode` object can lead to hard to detect issues
132 132 if passwords contain non-ascii characters. Doing a type check
133 133 during runtime, so that such mistakes are detected early on.
134 134 """
135 135 if not isinstance(value, str):
136 136 raise TypeError(
137 137 "Bytestring required as input, got %r." % (value, ))
138 138
139 139
140 140 class _RhodeCodeCryptoBCrypt(_RhodeCodeCryptoBase):
141 141 ENC_PREF = ('$2a$10', '$2b$10')
142 142
143 143 def hash_create(self, str_):
144 144 self._assert_bytes(str_)
145 145 return bcrypt.hashpw(str_, bcrypt.gensalt(10))
146 146
147 147 def hash_check_with_upgrade(self, password, hashed):
148 148 """
149 149 Returns tuple in which first element is boolean that states that
150 150 given password matches it's hashed version, and the second is new hash
151 151 of the password, in case this password should be migrated to new
152 152 cipher.
153 153
154 154 This implements special upgrade logic which works like that:
155 155 - check if the given password == bcrypted hash, if yes then we
156 156 properly used password and it was already in bcrypt. Proceed
157 157 without any changes
158 158 - if bcrypt hash check is not working try with sha256. If hash compare
159 159 is ok, it means we using correct but old hashed password. indicate
160 160 hash change and proceed
161 161 """
162 162
163 163 new_hash = None
164 164
165 165 # regular pw check
166 166 password_match_bcrypt = self.hash_check(password, hashed)
167 167
168 168 # now we want to know if the password was maybe from sha256
169 169 # basically calling _RhodeCodeCryptoSha256().hash_check()
170 170 if not password_match_bcrypt:
171 171 if _RhodeCodeCryptoSha256().hash_check(password, hashed):
172 172 new_hash = self.hash_create(password) # make new bcrypt hash
173 173 password_match_bcrypt = True
174 174
175 175 return password_match_bcrypt, new_hash
176 176
177 177 def hash_check(self, password, hashed):
178 178 """
179 179 Checks matching password with it's hashed value.
180 180
181 181 :param password: password
182 182 :param hashed: password in hashed form
183 183 """
184 184 self._assert_bytes(password)
185 185 try:
186 186 return bcrypt.hashpw(password, hashed) == hashed
187 187 except ValueError as e:
188 188 # we're having a invalid salt here probably, we should not crash
189 189 # just return with False as it would be a wrong password.
190 190 log.debug('Failed to check password hash using bcrypt %s',
191 191 safe_str(e))
192 192
193 193 return False
194 194
195 195
196 196 class _RhodeCodeCryptoSha256(_RhodeCodeCryptoBase):
197 197 ENC_PREF = '_'
198 198
199 199 def hash_create(self, str_):
200 200 self._assert_bytes(str_)
201 201 return hashlib.sha256(str_).hexdigest()
202 202
203 203 def hash_check(self, password, hashed):
204 204 """
205 205 Checks matching password with it's hashed value.
206 206
207 207 :param password: password
208 208 :param hashed: password in hashed form
209 209 """
210 210 self._assert_bytes(password)
211 211 return hashlib.sha256(password).hexdigest() == hashed
212 212
213 213
214 214 class _RhodeCodeCryptoMd5(_RhodeCodeCryptoBase):
215 215 ENC_PREF = '_'
216 216
217 217 def hash_create(self, str_):
218 218 self._assert_bytes(str_)
219 219 return hashlib.md5(str_).hexdigest()
220 220
221 221 def hash_check(self, password, hashed):
222 222 """
223 223 Checks matching password with it's hashed value.
224 224
225 225 :param password: password
226 226 :param hashed: password in hashed form
227 227 """
228 228 self._assert_bytes(password)
229 229 return hashlib.md5(password).hexdigest() == hashed
230 230
231 231
232 232 def crypto_backend():
233 233 """
234 234 Return the matching crypto backend.
235 235
236 236 Selection is based on if we run tests or not, we pick md5 backend to run
237 237 tests faster since BCRYPT is expensive to calculate
238 238 """
239 239 if rhodecode.is_test:
240 240 RhodeCodeCrypto = _RhodeCodeCryptoMd5()
241 241 else:
242 242 RhodeCodeCrypto = _RhodeCodeCryptoBCrypt()
243 243
244 244 return RhodeCodeCrypto
245 245
246 246
247 247 def get_crypt_password(password):
248 248 """
249 249 Create the hash of `password` with the active crypto backend.
250 250
251 251 :param password: The cleartext password.
252 252 :type password: unicode
253 253 """
254 254 password = safe_str(password)
255 255 return crypto_backend().hash_create(password)
256 256
257 257
258 258 def check_password(password, hashed):
259 259 """
260 260 Check if the value in `password` matches the hash in `hashed`.
261 261
262 262 :param password: The cleartext password.
263 263 :type password: unicode
264 264
265 265 :param hashed: The expected hashed version of the password.
266 266 :type hashed: The hash has to be passed in in text representation.
267 267 """
268 268 password = safe_str(password)
269 269 return crypto_backend().hash_check(password, hashed)
270 270
271 271
272 272 def generate_auth_token(data, salt=None):
273 273 """
274 274 Generates API KEY from given string
275 275 """
276 276
277 277 if salt is None:
278 278 salt = os.urandom(16)
279 279 return hashlib.sha1(safe_str(data) + salt).hexdigest()
280 280
281 281
282 282 class CookieStoreWrapper(object):
283 283
284 284 def __init__(self, cookie_store):
285 285 self.cookie_store = cookie_store
286 286
287 287 def __repr__(self):
288 288 return 'CookieStore<%s>' % (self.cookie_store)
289 289
290 290 def get(self, key, other=None):
291 291 if isinstance(self.cookie_store, dict):
292 292 return self.cookie_store.get(key, other)
293 293 elif isinstance(self.cookie_store, AuthUser):
294 294 return self.cookie_store.__dict__.get(key, other)
295 295
296 296
297 297 def _cached_perms_data(user_id, scope, user_is_admin,
298 298 user_inherit_default_permissions, explicit, algo):
299 299
300 300 permissions = PermissionCalculator(
301 301 user_id, scope, user_is_admin, user_inherit_default_permissions,
302 302 explicit, algo)
303 303 return permissions.calculate()
304 304
305 305
306 306 class PermOrigin(object):
307 307 ADMIN = 'superadmin'
308 308
309 309 REPO_USER = 'user:%s'
310 310 REPO_USERGROUP = 'usergroup:%s'
311 311 REPO_OWNER = 'repo.owner'
312 312 REPO_DEFAULT = 'repo.default'
313 313 REPO_PRIVATE = 'repo.private'
314 314
315 315 REPOGROUP_USER = 'user:%s'
316 316 REPOGROUP_USERGROUP = 'usergroup:%s'
317 317 REPOGROUP_OWNER = 'group.owner'
318 318 REPOGROUP_DEFAULT = 'group.default'
319 319
320 320 USERGROUP_USER = 'user:%s'
321 321 USERGROUP_USERGROUP = 'usergroup:%s'
322 322 USERGROUP_OWNER = 'usergroup.owner'
323 323 USERGROUP_DEFAULT = 'usergroup.default'
324 324
325 325
326 326 class PermOriginDict(dict):
327 327 """
328 328 A special dict used for tracking permissions along with their origins.
329 329
330 330 `__setitem__` has been overridden to expect a tuple(perm, origin)
331 331 `__getitem__` will return only the perm
332 332 `.perm_origin_stack` will return the stack of (perm, origin) set per key
333 333
334 334 >>> perms = PermOriginDict()
335 335 >>> perms['resource'] = 'read', 'default'
336 336 >>> perms['resource']
337 337 'read'
338 338 >>> perms['resource'] = 'write', 'admin'
339 339 >>> perms['resource']
340 340 'write'
341 341 >>> perms.perm_origin_stack
342 342 {'resource': [('read', 'default'), ('write', 'admin')]}
343 343 """
344 344
345 345 def __init__(self, *args, **kw):
346 346 dict.__init__(self, *args, **kw)
347 347 self.perm_origin_stack = {}
348 348
349 349 def __setitem__(self, key, (perm, origin)):
350 350 self.perm_origin_stack.setdefault(key, []).append((perm, origin))
351 351 dict.__setitem__(self, key, perm)
352 352
353 353
354 354 class PermissionCalculator(object):
355 355
356 356 def __init__(
357 357 self, user_id, scope, user_is_admin,
358 358 user_inherit_default_permissions, explicit, algo):
359 359 self.user_id = user_id
360 360 self.user_is_admin = user_is_admin
361 361 self.inherit_default_permissions = user_inherit_default_permissions
362 362 self.explicit = explicit
363 363 self.algo = algo
364 364
365 365 scope = scope or {}
366 366 self.scope_repo_id = scope.get('repo_id')
367 367 self.scope_repo_group_id = scope.get('repo_group_id')
368 368 self.scope_user_group_id = scope.get('user_group_id')
369 369
370 370 self.default_user_id = User.get_default_user(cache=True).user_id
371 371
372 372 self.permissions_repositories = PermOriginDict()
373 373 self.permissions_repository_groups = PermOriginDict()
374 374 self.permissions_user_groups = PermOriginDict()
375 375 self.permissions_global = set()
376 376
377 377 self.default_repo_perms = Permission.get_default_repo_perms(
378 378 self.default_user_id, self.scope_repo_id)
379 379 self.default_repo_groups_perms = Permission.get_default_group_perms(
380 380 self.default_user_id, self.scope_repo_group_id)
381 381 self.default_user_group_perms = \
382 382 Permission.get_default_user_group_perms(
383 383 self.default_user_id, self.scope_user_group_id)
384 384
385 385 def calculate(self):
386 386 if self.user_is_admin:
387 387 return self._admin_permissions()
388 388
389 389 self._calculate_global_default_permissions()
390 390 self._calculate_global_permissions()
391 391 self._calculate_default_permissions()
392 392 self._calculate_repository_permissions()
393 393 self._calculate_repository_group_permissions()
394 394 self._calculate_user_group_permissions()
395 395 return self._permission_structure()
396 396
397 397 def _admin_permissions(self):
398 398 """
399 399 admin user have all default rights for repositories
400 400 and groups set to admin
401 401 """
402 402 self.permissions_global.add('hg.admin')
403 403 self.permissions_global.add('hg.create.write_on_repogroup.true')
404 404
405 405 # repositories
406 406 for perm in self.default_repo_perms:
407 407 r_k = perm.UserRepoToPerm.repository.repo_name
408 408 p = 'repository.admin'
409 409 self.permissions_repositories[r_k] = p, PermOrigin.ADMIN
410 410
411 411 # repository groups
412 412 for perm in self.default_repo_groups_perms:
413 413 rg_k = perm.UserRepoGroupToPerm.group.group_name
414 414 p = 'group.admin'
415 415 self.permissions_repository_groups[rg_k] = p, PermOrigin.ADMIN
416 416
417 417 # user groups
418 418 for perm in self.default_user_group_perms:
419 419 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
420 420 p = 'usergroup.admin'
421 421 self.permissions_user_groups[u_k] = p, PermOrigin.ADMIN
422 422
423 423 return self._permission_structure()
424 424
425 425 def _calculate_global_default_permissions(self):
426 426 """
427 427 global permissions taken from the default user
428 428 """
429 429 default_global_perms = UserToPerm.query()\
430 430 .filter(UserToPerm.user_id == self.default_user_id)\
431 431 .options(joinedload(UserToPerm.permission))
432 432
433 433 for perm in default_global_perms:
434 434 self.permissions_global.add(perm.permission.permission_name)
435 435
436 436 def _calculate_global_permissions(self):
437 437 """
438 438 Set global system permissions with user permissions or permissions
439 439 taken from the user groups of the current user.
440 440
441 441 The permissions include repo creating, repo group creating, forking
442 442 etc.
443 443 """
444 444
445 445 # now we read the defined permissions and overwrite what we have set
446 446 # before those can be configured from groups or users explicitly.
447 447
448 448 # TODO: johbo: This seems to be out of sync, find out the reason
449 449 # for the comment below and update it.
450 450
451 451 # In case we want to extend this list we should be always in sync with
452 452 # User.DEFAULT_USER_PERMISSIONS definitions
453 453 _configurable = frozenset([
454 454 'hg.fork.none', 'hg.fork.repository',
455 455 'hg.create.none', 'hg.create.repository',
456 456 'hg.usergroup.create.false', 'hg.usergroup.create.true',
457 457 'hg.repogroup.create.false', 'hg.repogroup.create.true',
458 458 'hg.create.write_on_repogroup.false',
459 459 'hg.create.write_on_repogroup.true',
460 460 'hg.inherit_default_perms.false', 'hg.inherit_default_perms.true'
461 461 ])
462 462
463 463 # USER GROUPS comes first user group global permissions
464 464 user_perms_from_users_groups = Session().query(UserGroupToPerm)\
465 465 .options(joinedload(UserGroupToPerm.permission))\
466 466 .join((UserGroupMember, UserGroupToPerm.users_group_id ==
467 467 UserGroupMember.users_group_id))\
468 468 .filter(UserGroupMember.user_id == self.user_id)\
469 469 .order_by(UserGroupToPerm.users_group_id)\
470 470 .all()
471 471
472 472 # need to group here by groups since user can be in more than
473 473 # one group, so we get all groups
474 474 _explicit_grouped_perms = [
475 475 [x, list(y)] for x, y in
476 476 itertools.groupby(user_perms_from_users_groups,
477 477 lambda _x: _x.users_group)]
478 478
479 479 for gr, perms in _explicit_grouped_perms:
480 480 # since user can be in multiple groups iterate over them and
481 481 # select the lowest permissions first (more explicit)
482 482 # TODO: marcink: do this^^
483 483
484 484 # group doesn't inherit default permissions so we actually set them
485 485 if not gr.inherit_default_permissions:
486 486 # NEED TO IGNORE all previously set configurable permissions
487 487 # and replace them with explicitly set from this user
488 488 # group permissions
489 489 self.permissions_global = self.permissions_global.difference(
490 490 _configurable)
491 491 for perm in perms:
492 492 self.permissions_global.add(perm.permission.permission_name)
493 493
494 494 # user explicit global permissions
495 495 user_perms = Session().query(UserToPerm)\
496 496 .options(joinedload(UserToPerm.permission))\
497 497 .filter(UserToPerm.user_id == self.user_id).all()
498 498
499 499 if not self.inherit_default_permissions:
500 500 # NEED TO IGNORE all configurable permissions and
501 501 # replace them with explicitly set from this user permissions
502 502 self.permissions_global = self.permissions_global.difference(
503 503 _configurable)
504 504 for perm in user_perms:
505 505 self.permissions_global.add(perm.permission.permission_name)
506 506
507 507 def _calculate_default_permissions(self):
508 508 """
509 509 Set default user permissions for repositories, repository groups
510 510 taken from the default user.
511 511
512 512 Calculate inheritance of object permissions based on what we have now
513 513 in GLOBAL permissions. We check if .false is in GLOBAL since this is
514 514 explicitly set. Inherit is the opposite of .false being there.
515 515
516 516 .. note::
517 517
518 518 the syntax is little bit odd but what we need to check here is
519 519 the opposite of .false permission being in the list so even for
520 520 inconsistent state when both .true/.false is there
521 521 .false is more important
522 522
523 523 """
524 524 user_inherit_object_permissions = not ('hg.inherit_default_perms.false'
525 525 in self.permissions_global)
526 526
527 527 # defaults for repositories, taken from `default` user permissions
528 528 # on given repo
529 529 for perm in self.default_repo_perms:
530 530 r_k = perm.UserRepoToPerm.repository.repo_name
531 531 o = PermOrigin.REPO_DEFAULT
532 532 if perm.Repository.private and not (
533 533 perm.Repository.user_id == self.user_id):
534 534 # disable defaults for private repos,
535 535 p = 'repository.none'
536 536 o = PermOrigin.REPO_PRIVATE
537 537 elif perm.Repository.user_id == self.user_id:
538 538 # set admin if owner
539 539 p = 'repository.admin'
540 540 o = PermOrigin.REPO_OWNER
541 541 else:
542 542 p = perm.Permission.permission_name
543 543 # if we decide this user isn't inheriting permissions from
544 544 # default user we set him to .none so only explicit
545 545 # permissions work
546 546 if not user_inherit_object_permissions:
547 547 p = 'repository.none'
548 548 self.permissions_repositories[r_k] = p, o
549 549
550 550 # defaults for repository groups taken from `default` user permission
551 551 # on given group
552 552 for perm in self.default_repo_groups_perms:
553 553 rg_k = perm.UserRepoGroupToPerm.group.group_name
554 554 o = PermOrigin.REPOGROUP_DEFAULT
555 555 if perm.RepoGroup.user_id == self.user_id:
556 556 # set admin if owner
557 557 p = 'group.admin'
558 558 o = PermOrigin.REPOGROUP_OWNER
559 559 else:
560 560 p = perm.Permission.permission_name
561 561
562 562 # if we decide this user isn't inheriting permissions from default
563 563 # user we set him to .none so only explicit permissions work
564 564 if not user_inherit_object_permissions:
565 565 p = 'group.none'
566 566 self.permissions_repository_groups[rg_k] = p, o
567 567
568 568 # defaults for user groups taken from `default` user permission
569 569 # on given user group
570 570 for perm in self.default_user_group_perms:
571 571 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
572 572 o = PermOrigin.USERGROUP_DEFAULT
573 573 if perm.UserGroup.user_id == self.user_id:
574 574 # set admin if owner
575 575 p = 'usergroup.admin'
576 576 o = PermOrigin.USERGROUP_OWNER
577 577 else:
578 578 p = perm.Permission.permission_name
579 579
580 580 # if we decide this user isn't inheriting permissions from default
581 581 # user we set him to .none so only explicit permissions work
582 582 if not user_inherit_object_permissions:
583 583 p = 'usergroup.none'
584 584 self.permissions_user_groups[u_k] = p, o
585 585
586 586 def _calculate_repository_permissions(self):
587 587 """
588 588 Repository permissions for the current user.
589 589
590 590 Check if the user is part of user groups for this repository and
591 591 fill in the permission from it. `_choose_permission` decides of which
592 592 permission should be selected based on selected method.
593 593 """
594 594
595 595 # user group for repositories permissions
596 596 user_repo_perms_from_user_group = Permission\
597 597 .get_default_repo_perms_from_user_group(
598 598 self.user_id, self.scope_repo_id)
599 599
600 600 multiple_counter = collections.defaultdict(int)
601 601 for perm in user_repo_perms_from_user_group:
602 602 r_k = perm.UserGroupRepoToPerm.repository.repo_name
603 603 ug_k = perm.UserGroupRepoToPerm.users_group.users_group_name
604 604 multiple_counter[r_k] += 1
605 605 p = perm.Permission.permission_name
606 606 o = PermOrigin.REPO_USERGROUP % ug_k
607 607
608 608 if perm.Repository.user_id == self.user_id:
609 609 # set admin if owner
610 610 p = 'repository.admin'
611 611 o = PermOrigin.REPO_OWNER
612 612 else:
613 613 if multiple_counter[r_k] > 1:
614 614 cur_perm = self.permissions_repositories[r_k]
615 615 p = self._choose_permission(p, cur_perm)
616 616 self.permissions_repositories[r_k] = p, o
617 617
618 618 # user explicit permissions for repositories, overrides any specified
619 619 # by the group permission
620 620 user_repo_perms = Permission.get_default_repo_perms(
621 621 self.user_id, self.scope_repo_id)
622 622 for perm in user_repo_perms:
623 623 r_k = perm.UserRepoToPerm.repository.repo_name
624 624 o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username
625 625 # set admin if owner
626 626 if perm.Repository.user_id == self.user_id:
627 627 p = 'repository.admin'
628 628 o = PermOrigin.REPO_OWNER
629 629 else:
630 630 p = perm.Permission.permission_name
631 631 if not self.explicit:
632 632 cur_perm = self.permissions_repositories.get(
633 633 r_k, 'repository.none')
634 634 p = self._choose_permission(p, cur_perm)
635 635 self.permissions_repositories[r_k] = p, o
636 636
637 637 def _calculate_repository_group_permissions(self):
638 638 """
639 639 Repository group permissions for the current user.
640 640
641 641 Check if the user is part of user groups for repository groups and
642 642 fill in the permissions from it. `_choose_permmission` decides of which
643 643 permission should be selected based on selected method.
644 644 """
645 645 # user group for repo groups permissions
646 646 user_repo_group_perms_from_user_group = Permission\
647 647 .get_default_group_perms_from_user_group(
648 648 self.user_id, self.scope_repo_group_id)
649 649
650 650 multiple_counter = collections.defaultdict(int)
651 651 for perm in user_repo_group_perms_from_user_group:
652 652 g_k = perm.UserGroupRepoGroupToPerm.group.group_name
653 653 ug_k = perm.UserGroupRepoGroupToPerm.users_group.users_group_name
654 654 o = PermOrigin.REPOGROUP_USERGROUP % ug_k
655 655 multiple_counter[g_k] += 1
656 656 p = perm.Permission.permission_name
657 657 if perm.RepoGroup.user_id == self.user_id:
658 658 # set admin if owner, even for member of other user group
659 659 p = 'group.admin'
660 660 o = PermOrigin.REPOGROUP_OWNER
661 661 else:
662 662 if multiple_counter[g_k] > 1:
663 663 cur_perm = self.permissions_repository_groups[g_k]
664 664 p = self._choose_permission(p, cur_perm)
665 665 self.permissions_repository_groups[g_k] = p, o
666 666
667 667 # user explicit permissions for repository groups
668 668 user_repo_groups_perms = Permission.get_default_group_perms(
669 669 self.user_id, self.scope_repo_group_id)
670 670 for perm in user_repo_groups_perms:
671 671 rg_k = perm.UserRepoGroupToPerm.group.group_name
672 672 u_k = perm.UserRepoGroupToPerm.user.username
673 673 o = PermOrigin.REPOGROUP_USER % u_k
674 674
675 675 if perm.RepoGroup.user_id == self.user_id:
676 676 # set admin if owner
677 677 p = 'group.admin'
678 678 o = PermOrigin.REPOGROUP_OWNER
679 679 else:
680 680 p = perm.Permission.permission_name
681 681 if not self.explicit:
682 682 cur_perm = self.permissions_repository_groups.get(
683 683 rg_k, 'group.none')
684 684 p = self._choose_permission(p, cur_perm)
685 685 self.permissions_repository_groups[rg_k] = p, o
686 686
687 687 def _calculate_user_group_permissions(self):
688 688 """
689 689 User group permissions for the current user.
690 690 """
691 691 # user group for user group permissions
692 692 user_group_from_user_group = Permission\
693 693 .get_default_user_group_perms_from_user_group(
694 694 self.user_id, self.scope_user_group_id)
695 695
696 696 multiple_counter = collections.defaultdict(int)
697 697 for perm in user_group_from_user_group:
698 698 g_k = perm.UserGroupUserGroupToPerm\
699 699 .target_user_group.users_group_name
700 700 u_k = perm.UserGroupUserGroupToPerm\
701 701 .user_group.users_group_name
702 702 o = PermOrigin.USERGROUP_USERGROUP % u_k
703 703 multiple_counter[g_k] += 1
704 704 p = perm.Permission.permission_name
705 705
706 706 if perm.UserGroup.user_id == self.user_id:
707 707 # set admin if owner, even for member of other user group
708 708 p = 'usergroup.admin'
709 709 o = PermOrigin.USERGROUP_OWNER
710 710 else:
711 711 if multiple_counter[g_k] > 1:
712 712 cur_perm = self.permissions_user_groups[g_k]
713 713 p = self._choose_permission(p, cur_perm)
714 714 self.permissions_user_groups[g_k] = p, o
715 715
716 716 # user explicit permission for user groups
717 717 user_user_groups_perms = Permission.get_default_user_group_perms(
718 718 self.user_id, self.scope_user_group_id)
719 719 for perm in user_user_groups_perms:
720 720 ug_k = perm.UserUserGroupToPerm.user_group.users_group_name
721 721 u_k = perm.UserUserGroupToPerm.user.username
722 722 o = PermOrigin.USERGROUP_USER % u_k
723 723
724 724 if perm.UserGroup.user_id == self.user_id:
725 725 # set admin if owner
726 726 p = 'usergroup.admin'
727 727 o = PermOrigin.USERGROUP_OWNER
728 728 else:
729 729 p = perm.Permission.permission_name
730 730 if not self.explicit:
731 731 cur_perm = self.permissions_user_groups.get(
732 732 ug_k, 'usergroup.none')
733 733 p = self._choose_permission(p, cur_perm)
734 734 self.permissions_user_groups[ug_k] = p, o
735 735
736 736 def _choose_permission(self, new_perm, cur_perm):
737 737 new_perm_val = Permission.PERM_WEIGHTS[new_perm]
738 738 cur_perm_val = Permission.PERM_WEIGHTS[cur_perm]
739 739 if self.algo == 'higherwin':
740 740 if new_perm_val > cur_perm_val:
741 741 return new_perm
742 742 return cur_perm
743 743 elif self.algo == 'lowerwin':
744 744 if new_perm_val < cur_perm_val:
745 745 return new_perm
746 746 return cur_perm
747 747
748 748 def _permission_structure(self):
749 749 return {
750 750 'global': self.permissions_global,
751 751 'repositories': self.permissions_repositories,
752 752 'repositories_groups': self.permissions_repository_groups,
753 753 'user_groups': self.permissions_user_groups,
754 754 }
755 755
756 756
757 757 def allowed_auth_token_access(controller_name, whitelist=None, auth_token=None):
758 758 """
759 759 Check if given controller_name is in whitelist of auth token access
760 760 """
761 761 if not whitelist:
762 762 from rhodecode import CONFIG
763 763 whitelist = aslist(
764 764 CONFIG.get('api_access_controllers_whitelist'), sep=',')
765 765 log.debug(
766 766 'Allowed controllers for AUTH TOKEN access: %s' % (whitelist,))
767 767
768 768 auth_token_access_valid = False
769 769 for entry in whitelist:
770 770 if fnmatch.fnmatch(controller_name, entry):
771 771 auth_token_access_valid = True
772 772 break
773 773
774 774 if auth_token_access_valid:
775 775 log.debug('controller:%s matches entry in whitelist'
776 776 % (controller_name,))
777 777 else:
778 778 msg = ('controller: %s does *NOT* match any entry in whitelist'
779 779 % (controller_name,))
780 780 if auth_token:
781 781 # if we use auth token key and don't have access it's a warning
782 782 log.warning(msg)
783 783 else:
784 784 log.debug(msg)
785 785
786 786 return auth_token_access_valid
787 787
788 788
789 789 class AuthUser(object):
790 790 """
791 791 A simple object that handles all attributes of user in RhodeCode
792 792
793 793 It does lookup based on API key,given user, or user present in session
794 794 Then it fills all required information for such user. It also checks if
795 795 anonymous access is enabled and if so, it returns default user as logged in
796 796 """
797 797 GLOBAL_PERMS = [x[0] for x in Permission.PERMS]
798 798
799 799 def __init__(self, user_id=None, api_key=None, username=None, ip_addr=None):
800 800
801 801 self.user_id = user_id
802 802 self._api_key = api_key
803 803
804 804 self.api_key = None
805 805 self.feed_token = ''
806 806 self.username = username
807 807 self.ip_addr = ip_addr
808 808 self.name = ''
809 809 self.lastname = ''
810 810 self.first_name = ''
811 811 self.last_name = ''
812 812 self.email = ''
813 813 self.is_authenticated = False
814 814 self.admin = False
815 815 self.inherit_default_permissions = False
816 816 self.password = ''
817 817
818 818 self.anonymous_user = None # propagated on propagate_data
819 819 self.propagate_data()
820 820 self._instance = None
821 821 self._permissions_scoped_cache = {} # used to bind scoped calculation
822 822
823 823 @LazyProperty
824 824 def permissions(self):
825 825 return self.get_perms(user=self, cache=False)
826 826
827 @LazyProperty
828 def permissions_safe(self):
829 """
830 Filtered permissions excluding not allowed repositories
831 """
832 perms = self.get_perms(user=self, cache=False)
833
834 perms['repositories'] = {
835 k: v for k, v in perms['repositories'].iteritems()
836 if v != 'repository.none'}
837 perms['repositories_groups'] = {
838 k: v for k, v in perms['repositories_groups'].iteritems()
839 if v != 'group.none'}
840 perms['user_groups'] = {
841 k: v for k, v in perms['user_groups'].iteritems()
842 if v != 'usergroup.none'}
843 return perms
844
827 845 def permissions_with_scope(self, scope):
828 846 """
829 847 Call the get_perms function with scoped data. The scope in that function
830 848 narrows the SQL calls to the given ID of objects resulting in fetching
831 849 Just particular permission we want to obtain. If scope is an empty dict
832 850 then it basically narrows the scope to GLOBAL permissions only.
833 851
834 852 :param scope: dict
835 853 """
836 854 if 'repo_name' in scope:
837 855 obj = Repository.get_by_repo_name(scope['repo_name'])
838 856 if obj:
839 857 scope['repo_id'] = obj.repo_id
840 858 _scope = {
841 859 'repo_id': -1,
842 860 'user_group_id': -1,
843 861 'repo_group_id': -1,
844 862 }
845 863 _scope.update(scope)
846 864 cache_key = "_".join(map(safe_str, reduce(lambda a, b: a+b,
847 865 _scope.items())))
848 866 if cache_key not in self._permissions_scoped_cache:
849 867 # store in cache to mimic how the @LazyProperty works,
850 868 # the difference here is that we use the unique key calculated
851 869 # from params and values
852 870 res = self.get_perms(user=self, cache=False, scope=_scope)
853 871 self._permissions_scoped_cache[cache_key] = res
854 872 return self._permissions_scoped_cache[cache_key]
855 873
856 874 def get_instance(self):
857 875 return User.get(self.user_id)
858 876
859 877 def update_lastactivity(self):
860 878 if self.user_id:
861 879 User.get(self.user_id).update_lastactivity()
862 880
863 881 def propagate_data(self):
864 882 """
865 883 Fills in user data and propagates values to this instance. Maps fetched
866 884 user attributes to this class instance attributes
867 885 """
868 886 log.debug('starting data propagation for new potential AuthUser')
869 887 user_model = UserModel()
870 888 anon_user = self.anonymous_user = User.get_default_user(cache=True)
871 889 is_user_loaded = False
872 890
873 891 # lookup by userid
874 892 if self.user_id is not None and self.user_id != anon_user.user_id:
875 893 log.debug('Trying Auth User lookup by USER ID: `%s`' % self.user_id)
876 894 is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
877 895
878 896 # try go get user by api key
879 897 elif self._api_key and self._api_key != anon_user.api_key:
880 898 log.debug('Trying Auth User lookup by API KEY: `%s`' % self._api_key)
881 899 is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
882 900
883 901 # lookup by username
884 902 elif self.username:
885 903 log.debug('Trying Auth User lookup by USER NAME: `%s`' % self.username)
886 904 is_user_loaded = user_model.fill_data(self, username=self.username)
887 905 else:
888 906 log.debug('No data in %s that could been used to log in' % self)
889 907
890 908 if not is_user_loaded:
891 909 log.debug('Failed to load user. Fallback to default user')
892 910 # if we cannot authenticate user try anonymous
893 911 if anon_user.active:
894 912 user_model.fill_data(self, user_id=anon_user.user_id)
895 913 # then we set this user is logged in
896 914 self.is_authenticated = True
897 915 else:
898 916 # in case of disabled anonymous user we reset some of the
899 917 # parameters so such user is "corrupted", skipping the fill_data
900 918 for attr in ['user_id', 'username', 'admin', 'active']:
901 919 setattr(self, attr, None)
902 920 self.is_authenticated = False
903 921
904 922 if not self.username:
905 923 self.username = 'None'
906 924
907 925 log.debug('Auth User is now %s' % self)
908 926
909 927 def get_perms(self, user, scope=None, explicit=True, algo='higherwin',
910 928 cache=False):
911 929 """
912 930 Fills user permission attribute with permissions taken from database
913 931 works for permissions given for repositories, and for permissions that
914 932 are granted to groups
915 933
916 934 :param user: instance of User object from database
917 935 :param explicit: In case there are permissions both for user and a group
918 936 that user is part of, explicit flag will defiine if user will
919 937 explicitly override permissions from group, if it's False it will
920 938 make decision based on the algo
921 939 :param algo: algorithm to decide what permission should be choose if
922 940 it's multiple defined, eg user in two different groups. It also
923 941 decides if explicit flag is turned off how to specify the permission
924 942 for case when user is in a group + have defined separate permission
925 943 """
926 944 user_id = user.user_id
927 945 user_is_admin = user.is_admin
928 946
929 947 # inheritance of global permissions like create repo/fork repo etc
930 948 user_inherit_default_permissions = user.inherit_default_permissions
931 949
932 950 log.debug('Computing PERMISSION tree for scope %s' % (scope, ))
933 951 compute = caches.conditional_cache(
934 952 'short_term', 'cache_desc',
935 953 condition=cache, func=_cached_perms_data)
936 954 result = compute(user_id, scope, user_is_admin,
937 955 user_inherit_default_permissions, explicit, algo)
938 956
939 957 result_repr = []
940 958 for k in result:
941 959 result_repr.append((k, len(result[k])))
942 960
943 961 log.debug('PERMISSION tree computed %s' % (result_repr,))
944 962 return result
945 963
946 964 @property
947 965 def is_default(self):
948 966 return self.username == User.DEFAULT_USER
949 967
950 968 @property
951 969 def is_admin(self):
952 970 return self.admin
953 971
954 972 @property
955 973 def is_user_object(self):
956 974 return self.user_id is not None
957 975
958 976 @property
959 977 def repositories_admin(self):
960 978 """
961 979 Returns list of repositories you're an admin of
962 980 """
963 981 return [
964 982 x[0] for x in self.permissions['repositories'].iteritems()
965 983 if x[1] == 'repository.admin']
966 984
967 985 @property
968 986 def repository_groups_admin(self):
969 987 """
970 988 Returns list of repository groups you're an admin of
971 989 """
972 990 return [
973 991 x[0] for x in self.permissions['repositories_groups'].iteritems()
974 992 if x[1] == 'group.admin']
975 993
976 994 @property
977 995 def user_groups_admin(self):
978 996 """
979 997 Returns list of user groups you're an admin of
980 998 """
981 999 return [
982 1000 x[0] for x in self.permissions['user_groups'].iteritems()
983 1001 if x[1] == 'usergroup.admin']
984 1002
985 1003 @property
986 1004 def ip_allowed(self):
987 1005 """
988 1006 Checks if ip_addr used in constructor is allowed from defined list of
989 1007 allowed ip_addresses for user
990 1008
991 1009 :returns: boolean, True if ip is in allowed ip range
992 1010 """
993 1011 # check IP
994 1012 inherit = self.inherit_default_permissions
995 1013 return AuthUser.check_ip_allowed(self.user_id, self.ip_addr,
996 1014 inherit_from_default=inherit)
997 1015 @property
998 1016 def personal_repo_group(self):
999 1017 return RepoGroup.get_user_personal_repo_group(self.user_id)
1000 1018
1001 1019 @classmethod
1002 1020 def check_ip_allowed(cls, user_id, ip_addr, inherit_from_default):
1003 1021 allowed_ips = AuthUser.get_allowed_ips(
1004 1022 user_id, cache=True, inherit_from_default=inherit_from_default)
1005 1023 if check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips):
1006 1024 log.debug('IP:%s is in range of %s' % (ip_addr, allowed_ips))
1007 1025 return True
1008 1026 else:
1009 1027 log.info('Access for IP:%s forbidden, '
1010 1028 'not in %s' % (ip_addr, allowed_ips))
1011 1029 return False
1012 1030
1013 1031 def __repr__(self):
1014 1032 return "<AuthUser('id:%s[%s] ip:%s auth:%s')>"\
1015 1033 % (self.user_id, self.username, self.ip_addr, self.is_authenticated)
1016 1034
1017 1035 def set_authenticated(self, authenticated=True):
1018 1036 if self.user_id != self.anonymous_user.user_id:
1019 1037 self.is_authenticated = authenticated
1020 1038
1021 1039 def get_cookie_store(self):
1022 1040 return {
1023 1041 'username': self.username,
1024 1042 'password': md5(self.password),
1025 1043 'user_id': self.user_id,
1026 1044 'is_authenticated': self.is_authenticated
1027 1045 }
1028 1046
1029 1047 @classmethod
1030 1048 def from_cookie_store(cls, cookie_store):
1031 1049 """
1032 1050 Creates AuthUser from a cookie store
1033 1051
1034 1052 :param cls:
1035 1053 :param cookie_store:
1036 1054 """
1037 1055 user_id = cookie_store.get('user_id')
1038 1056 username = cookie_store.get('username')
1039 1057 api_key = cookie_store.get('api_key')
1040 1058 return AuthUser(user_id, api_key, username)
1041 1059
1042 1060 @classmethod
1043 1061 def get_allowed_ips(cls, user_id, cache=False, inherit_from_default=False):
1044 1062 _set = set()
1045 1063
1046 1064 if inherit_from_default:
1047 1065 default_ips = UserIpMap.query().filter(
1048 1066 UserIpMap.user == User.get_default_user(cache=True))
1049 1067 if cache:
1050 1068 default_ips = default_ips.options(
1051 1069 FromCache("sql_cache_short", "get_user_ips_default"))
1052 1070
1053 1071 # populate from default user
1054 1072 for ip in default_ips:
1055 1073 try:
1056 1074 _set.add(ip.ip_addr)
1057 1075 except ObjectDeletedError:
1058 1076 # since we use heavy caching sometimes it happens that
1059 1077 # we get deleted objects here, we just skip them
1060 1078 pass
1061 1079
1062 1080 user_ips = UserIpMap.query().filter(UserIpMap.user_id == user_id)
1063 1081 if cache:
1064 1082 user_ips = user_ips.options(
1065 1083 FromCache("sql_cache_short", "get_user_ips_%s" % user_id))
1066 1084
1067 1085 for ip in user_ips:
1068 1086 try:
1069 1087 _set.add(ip.ip_addr)
1070 1088 except ObjectDeletedError:
1071 1089 # since we use heavy caching sometimes it happens that we get
1072 1090 # deleted objects here, we just skip them
1073 1091 pass
1074 1092 return _set or set(['0.0.0.0/0', '::/0'])
1075 1093
1076 1094
1077 1095 def set_available_permissions(config):
1078 1096 """
1079 1097 This function will propagate pylons globals with all available defined
1080 1098 permission given in db. We don't want to check each time from db for new
1081 1099 permissions since adding a new permission also requires application restart
1082 1100 ie. to decorate new views with the newly created permission
1083 1101
1084 1102 :param config: current pylons config instance
1085 1103
1086 1104 """
1087 1105 log.info('getting information about all available permissions')
1088 1106 try:
1089 1107 sa = meta.Session
1090 1108 all_perms = sa.query(Permission).all()
1091 1109 config['available_permissions'] = [x.permission_name for x in all_perms]
1092 1110 except Exception:
1093 1111 log.error(traceback.format_exc())
1094 1112 finally:
1095 1113 meta.Session.remove()
1096 1114
1097 1115
1098 1116 def get_csrf_token(session=None, force_new=False, save_if_missing=True):
1099 1117 """
1100 1118 Return the current authentication token, creating one if one doesn't
1101 1119 already exist and the save_if_missing flag is present.
1102 1120
1103 1121 :param session: pass in the pylons session, else we use the global ones
1104 1122 :param force_new: force to re-generate the token and store it in session
1105 1123 :param save_if_missing: save the newly generated token if it's missing in
1106 1124 session
1107 1125 """
1108 1126 if not session:
1109 1127 from pylons import session
1110 1128
1111 1129 if (csrf_token_key not in session and save_if_missing) or force_new:
1112 1130 token = hashlib.sha1(str(random.getrandbits(128))).hexdigest()
1113 1131 session[csrf_token_key] = token
1114 1132 if hasattr(session, 'save'):
1115 1133 session.save()
1116 1134 return session.get(csrf_token_key)
1117 1135
1118 1136
1119 1137 def get_request(perm_class):
1120 1138 from pyramid.threadlocal import get_current_request
1121 1139 pyramid_request = get_current_request()
1122 1140 if not pyramid_request:
1123 1141 # return global request of pylons in case pyramid isn't available
1124 1142 # NOTE(marcink): this should be removed after migration to pyramid
1125 1143 from pylons import request
1126 1144 return request
1127 1145 return pyramid_request
1128 1146
1129 1147
1130 1148 # CHECK DECORATORS
1131 1149 class CSRFRequired(object):
1132 1150 """
1133 1151 Decorator for authenticating a form
1134 1152
1135 1153 This decorator uses an authorization token stored in the client's
1136 1154 session for prevention of certain Cross-site request forgery (CSRF)
1137 1155 attacks (See
1138 1156 http://en.wikipedia.org/wiki/Cross-site_request_forgery for more
1139 1157 information).
1140 1158
1141 1159 For use with the ``webhelpers.secure_form`` helper functions.
1142 1160
1143 1161 """
1144 1162 def __init__(self, token=csrf_token_key, header='X-CSRF-Token',
1145 1163 except_methods=None):
1146 1164 self.token = token
1147 1165 self.header = header
1148 1166 self.except_methods = except_methods or []
1149 1167
1150 1168 def __call__(self, func):
1151 1169 return get_cython_compat_decorator(self.__wrapper, func)
1152 1170
1153 1171 def _get_csrf(self, _request):
1154 1172 return _request.POST.get(self.token, _request.headers.get(self.header))
1155 1173
1156 1174 def check_csrf(self, _request, cur_token):
1157 1175 supplied_token = self._get_csrf(_request)
1158 1176 return supplied_token and supplied_token == cur_token
1159 1177
1160 1178 def _get_request(self):
1161 1179 return get_request(self)
1162 1180
1163 1181 def __wrapper(self, func, *fargs, **fkwargs):
1164 1182 request = self._get_request()
1165 1183
1166 1184 if request.method in self.except_methods:
1167 1185 return func(*fargs, **fkwargs)
1168 1186
1169 1187 cur_token = get_csrf_token(save_if_missing=False)
1170 1188 if self.check_csrf(request, cur_token):
1171 1189 if request.POST.get(self.token):
1172 1190 del request.POST[self.token]
1173 1191 return func(*fargs, **fkwargs)
1174 1192 else:
1175 1193 reason = 'token-missing'
1176 1194 supplied_token = self._get_csrf(request)
1177 1195 if supplied_token and cur_token != supplied_token:
1178 1196 reason = 'token-mismatch [%s:%s]' % (
1179 1197 cur_token or ''[:6], supplied_token or ''[:6])
1180 1198
1181 1199 csrf_message = \
1182 1200 ("Cross-site request forgery detected, request denied. See "
1183 1201 "http://en.wikipedia.org/wiki/Cross-site_request_forgery for "
1184 1202 "more information.")
1185 1203 log.warn('Cross-site request forgery detected, request %r DENIED: %s '
1186 1204 'REMOTE_ADDR:%s, HEADERS:%s' % (
1187 1205 request, reason, request.remote_addr, request.headers))
1188 1206
1189 1207 raise HTTPForbidden(explanation=csrf_message)
1190 1208
1191 1209
1192 1210 class LoginRequired(object):
1193 1211 """
1194 1212 Must be logged in to execute this function else
1195 1213 redirect to login page
1196 1214
1197 1215 :param api_access: if enabled this checks only for valid auth token
1198 1216 and grants access based on valid token
1199 1217 """
1200 1218 def __init__(self, auth_token_access=None):
1201 1219 self.auth_token_access = auth_token_access
1202 1220
1203 1221 def __call__(self, func):
1204 1222 return get_cython_compat_decorator(self.__wrapper, func)
1205 1223
1206 1224 def _get_request(self):
1207 1225 return get_request(self)
1208 1226
1209 1227 def __wrapper(self, func, *fargs, **fkwargs):
1210 1228 from rhodecode.lib import helpers as h
1211 1229 cls = fargs[0]
1212 1230 user = cls._rhodecode_user
1213 1231 request = self._get_request()
1214 1232
1215 1233 loc = "%s:%s" % (cls.__class__.__name__, func.__name__)
1216 1234 log.debug('Starting login restriction checks for user: %s' % (user,))
1217 1235 # check if our IP is allowed
1218 1236 ip_access_valid = True
1219 1237 if not user.ip_allowed:
1220 1238 h.flash(h.literal(_('IP %s not allowed' % (user.ip_addr,))),
1221 1239 category='warning')
1222 1240 ip_access_valid = False
1223 1241
1224 1242 # check if we used an APIKEY and it's a valid one
1225 1243 # defined white-list of controllers which API access will be enabled
1226 1244 _auth_token = request.GET.get(
1227 1245 'auth_token', '') or request.GET.get('api_key', '')
1228 1246 auth_token_access_valid = allowed_auth_token_access(
1229 1247 loc, auth_token=_auth_token)
1230 1248
1231 1249 # explicit controller is enabled or API is in our whitelist
1232 1250 if self.auth_token_access or auth_token_access_valid:
1233 1251 log.debug('Checking AUTH TOKEN access for %s' % (cls,))
1234 1252 db_user = user.get_instance()
1235 1253
1236 1254 if db_user:
1237 1255 if self.auth_token_access:
1238 1256 roles = self.auth_token_access
1239 1257 else:
1240 1258 roles = [UserApiKeys.ROLE_HTTP]
1241 1259 token_match = db_user.authenticate_by_token(
1242 1260 _auth_token, roles=roles)
1243 1261 else:
1244 1262 log.debug('Unable to fetch db instance for auth user: %s', user)
1245 1263 token_match = False
1246 1264
1247 1265 if _auth_token and token_match:
1248 1266 auth_token_access_valid = True
1249 1267 log.debug('AUTH TOKEN ****%s is VALID' % (_auth_token[-4:],))
1250 1268 else:
1251 1269 auth_token_access_valid = False
1252 1270 if not _auth_token:
1253 1271 log.debug("AUTH TOKEN *NOT* present in request")
1254 1272 else:
1255 1273 log.warning(
1256 1274 "AUTH TOKEN ****%s *NOT* valid" % _auth_token[-4:])
1257 1275
1258 1276 log.debug('Checking if %s is authenticated @ %s' % (user.username, loc))
1259 1277 reason = 'RHODECODE_AUTH' if user.is_authenticated \
1260 1278 else 'AUTH_TOKEN_AUTH'
1261 1279
1262 1280 if ip_access_valid and (
1263 1281 user.is_authenticated or auth_token_access_valid):
1264 1282 log.info(
1265 1283 'user %s authenticating with:%s IS authenticated on func %s'
1266 1284 % (user, reason, loc))
1267 1285
1268 1286 # update user data to check last activity
1269 1287 user.update_lastactivity()
1270 1288 Session().commit()
1271 1289 return func(*fargs, **fkwargs)
1272 1290 else:
1273 1291 log.warning(
1274 1292 'user %s authenticating with:%s NOT authenticated on '
1275 1293 'func: %s: IP_ACCESS:%s AUTH_TOKEN_ACCESS:%s'
1276 1294 % (user, reason, loc, ip_access_valid,
1277 1295 auth_token_access_valid))
1278 1296 # we preserve the get PARAM
1279 1297 came_from = request.path_qs
1280 1298 log.debug('redirecting to login page with %s' % (came_from,))
1281 1299 raise HTTPFound(
1282 1300 h.route_path('login', _query={'came_from': came_from}))
1283 1301
1284 1302
1285 1303 class NotAnonymous(object):
1286 1304 """
1287 1305 Must be logged in to execute this function else
1288 1306 redirect to login page
1289 1307 """
1290 1308
1291 1309 def __call__(self, func):
1292 1310 return get_cython_compat_decorator(self.__wrapper, func)
1293 1311
1294 1312 def _get_request(self):
1295 1313 return get_request(self)
1296 1314
1297 1315 def __wrapper(self, func, *fargs, **fkwargs):
1298 1316 import rhodecode.lib.helpers as h
1299 1317 cls = fargs[0]
1300 1318 self.user = cls._rhodecode_user
1301 1319 request = self._get_request()
1302 1320
1303 1321 log.debug('Checking if user is not anonymous @%s' % cls)
1304 1322
1305 1323 anonymous = self.user.username == User.DEFAULT_USER
1306 1324
1307 1325 if anonymous:
1308 1326 came_from = request.path_qs
1309 1327 h.flash(_('You need to be a registered user to '
1310 1328 'perform this action'),
1311 1329 category='warning')
1312 1330 raise HTTPFound(
1313 1331 h.route_path('login', _query={'came_from': came_from}))
1314 1332 else:
1315 1333 return func(*fargs, **fkwargs)
1316 1334
1317 1335
1318 1336 class XHRRequired(object):
1319 1337 # TODO(marcink): remove this in favor of the predicates in pyramid routes
1320 1338
1321 1339 def __call__(self, func):
1322 1340 return get_cython_compat_decorator(self.__wrapper, func)
1323 1341
1324 1342 def _get_request(self):
1325 1343 return get_request(self)
1326 1344
1327 1345 def __wrapper(self, func, *fargs, **fkwargs):
1328 1346 from pylons.controllers.util import abort
1329 1347 request = self._get_request()
1330 1348
1331 1349 log.debug('Checking if request is XMLHttpRequest (XHR)')
1332 1350 xhr_message = 'This is not a valid XMLHttpRequest (XHR) request'
1333 1351
1334 1352 if not request.is_xhr:
1335 1353 abort(400, detail=xhr_message)
1336 1354
1337 1355 return func(*fargs, **fkwargs)
1338 1356
1339 1357
1340 1358 class HasAcceptedRepoType(object):
1341 1359 """
1342 1360 Check if requested repo is within given repo type aliases
1343 1361 """
1344 1362
1345 1363 # TODO(marcink): remove this in favor of the predicates in pyramid routes
1346 1364
1347 1365 def __init__(self, *repo_type_list):
1348 1366 self.repo_type_list = set(repo_type_list)
1349 1367
1350 1368 def __call__(self, func):
1351 1369 return get_cython_compat_decorator(self.__wrapper, func)
1352 1370
1353 1371 def __wrapper(self, func, *fargs, **fkwargs):
1354 1372 import rhodecode.lib.helpers as h
1355 1373 cls = fargs[0]
1356 1374 rhodecode_repo = cls.rhodecode_repo
1357 1375
1358 1376 log.debug('%s checking repo type for %s in %s',
1359 1377 self.__class__.__name__,
1360 1378 rhodecode_repo.alias, self.repo_type_list)
1361 1379
1362 1380 if rhodecode_repo.alias in self.repo_type_list:
1363 1381 return func(*fargs, **fkwargs)
1364 1382 else:
1365 1383 h.flash(h.literal(
1366 1384 _('Action not supported for %s.' % rhodecode_repo.alias)),
1367 1385 category='warning')
1368 1386 raise HTTPFound(
1369 1387 h.route_path('repo_summary',
1370 1388 repo_name=cls.rhodecode_db_repo.repo_name))
1371 1389
1372 1390
1373 1391 class PermsDecorator(object):
1374 1392 """
1375 1393 Base class for controller decorators, we extract the current user from
1376 1394 the class itself, which has it stored in base controllers
1377 1395 """
1378 1396
1379 1397 def __init__(self, *required_perms):
1380 1398 self.required_perms = set(required_perms)
1381 1399
1382 1400 def __call__(self, func):
1383 1401 return get_cython_compat_decorator(self.__wrapper, func)
1384 1402
1385 1403 def _get_request(self):
1386 1404 return get_request(self)
1387 1405
1388 1406 def _get_came_from(self):
1389 1407 _request = self._get_request()
1390 1408
1391 1409 # both pylons/pyramid has this attribute
1392 1410 return _request.path_qs
1393 1411
1394 1412 def __wrapper(self, func, *fargs, **fkwargs):
1395 1413 import rhodecode.lib.helpers as h
1396 1414 cls = fargs[0]
1397 1415 _user = cls._rhodecode_user
1398 1416
1399 1417 log.debug('checking %s permissions %s for %s %s',
1400 1418 self.__class__.__name__, self.required_perms, cls, _user)
1401 1419
1402 1420 if self.check_permissions(_user):
1403 1421 log.debug('Permission granted for %s %s', cls, _user)
1404 1422 return func(*fargs, **fkwargs)
1405 1423
1406 1424 else:
1407 1425 log.debug('Permission denied for %s %s', cls, _user)
1408 1426 anonymous = _user.username == User.DEFAULT_USER
1409 1427
1410 1428 if anonymous:
1411 1429 came_from = self._get_came_from()
1412 1430 h.flash(_('You need to be signed in to view this page'),
1413 1431 category='warning')
1414 1432 raise HTTPFound(
1415 1433 h.route_path('login', _query={'came_from': came_from}))
1416 1434
1417 1435 else:
1418 1436 # redirect with 404 to prevent resource discovery
1419 1437 raise HTTPNotFound()
1420 1438
1421 1439 def check_permissions(self, user):
1422 1440 """Dummy function for overriding"""
1423 1441 raise NotImplementedError(
1424 1442 'You have to write this function in child class')
1425 1443
1426 1444
1427 1445 class HasPermissionAllDecorator(PermsDecorator):
1428 1446 """
1429 1447 Checks for access permission for all given predicates. All of them
1430 1448 have to be meet in order to fulfill the request
1431 1449 """
1432 1450
1433 1451 def check_permissions(self, user):
1434 1452 perms = user.permissions_with_scope({})
1435 1453 if self.required_perms.issubset(perms['global']):
1436 1454 return True
1437 1455 return False
1438 1456
1439 1457
1440 1458 class HasPermissionAnyDecorator(PermsDecorator):
1441 1459 """
1442 1460 Checks for access permission for any of given predicates. In order to
1443 1461 fulfill the request any of predicates must be meet
1444 1462 """
1445 1463
1446 1464 def check_permissions(self, user):
1447 1465 perms = user.permissions_with_scope({})
1448 1466 if self.required_perms.intersection(perms['global']):
1449 1467 return True
1450 1468 return False
1451 1469
1452 1470
1453 1471 class HasRepoPermissionAllDecorator(PermsDecorator):
1454 1472 """
1455 1473 Checks for access permission for all given predicates for specific
1456 1474 repository. All of them have to be meet in order to fulfill the request
1457 1475 """
1458 1476 def _get_repo_name(self):
1459 1477 _request = self._get_request()
1460 1478 return get_repo_slug(_request)
1461 1479
1462 1480 def check_permissions(self, user):
1463 1481 perms = user.permissions
1464 1482 repo_name = self._get_repo_name()
1465 1483
1466 1484 try:
1467 1485 user_perms = set([perms['repositories'][repo_name]])
1468 1486 except KeyError:
1469 1487 log.debug('cannot locate repo with name: `%s` in permissions defs',
1470 1488 repo_name)
1471 1489 return False
1472 1490
1473 1491 log.debug('checking `%s` permissions for repo `%s`',
1474 1492 user_perms, repo_name)
1475 1493 if self.required_perms.issubset(user_perms):
1476 1494 return True
1477 1495 return False
1478 1496
1479 1497
1480 1498 class HasRepoPermissionAnyDecorator(PermsDecorator):
1481 1499 """
1482 1500 Checks for access permission for any of given predicates for specific
1483 1501 repository. In order to fulfill the request any of predicates must be meet
1484 1502 """
1485 1503 def _get_repo_name(self):
1486 1504 _request = self._get_request()
1487 1505 return get_repo_slug(_request)
1488 1506
1489 1507 def check_permissions(self, user):
1490 1508 perms = user.permissions
1491 1509 repo_name = self._get_repo_name()
1492 1510
1493 1511 try:
1494 1512 user_perms = set([perms['repositories'][repo_name]])
1495 1513 except KeyError:
1496 1514 log.debug('cannot locate repo with name: `%s` in permissions defs',
1497 1515 repo_name)
1498 1516 return False
1499 1517
1500 1518 log.debug('checking `%s` permissions for repo `%s`',
1501 1519 user_perms, repo_name)
1502 1520 if self.required_perms.intersection(user_perms):
1503 1521 return True
1504 1522 return False
1505 1523
1506 1524
1507 1525 class HasRepoGroupPermissionAllDecorator(PermsDecorator):
1508 1526 """
1509 1527 Checks for access permission for all given predicates for specific
1510 1528 repository group. All of them have to be meet in order to
1511 1529 fulfill the request
1512 1530 """
1513 1531 def _get_repo_group_name(self):
1514 1532 _request = self._get_request()
1515 1533 return get_repo_group_slug(_request)
1516 1534
1517 1535 def check_permissions(self, user):
1518 1536 perms = user.permissions
1519 1537 group_name = self._get_repo_group_name()
1520 1538 try:
1521 1539 user_perms = set([perms['repositories_groups'][group_name]])
1522 1540 except KeyError:
1523 1541 log.debug('cannot locate repo group with name: `%s` in permissions defs',
1524 1542 group_name)
1525 1543 return False
1526 1544
1527 1545 log.debug('checking `%s` permissions for repo group `%s`',
1528 1546 user_perms, group_name)
1529 1547 if self.required_perms.issubset(user_perms):
1530 1548 return True
1531 1549 return False
1532 1550
1533 1551
1534 1552 class HasRepoGroupPermissionAnyDecorator(PermsDecorator):
1535 1553 """
1536 1554 Checks for access permission for any of given predicates for specific
1537 1555 repository group. In order to fulfill the request any
1538 1556 of predicates must be met
1539 1557 """
1540 1558 def _get_repo_group_name(self):
1541 1559 _request = self._get_request()
1542 1560 return get_repo_group_slug(_request)
1543 1561
1544 1562 def check_permissions(self, user):
1545 1563 perms = user.permissions
1546 1564 group_name = self._get_repo_group_name()
1547 1565
1548 1566 try:
1549 1567 user_perms = set([perms['repositories_groups'][group_name]])
1550 1568 except KeyError:
1551 1569 log.debug('cannot locate repo group with name: `%s` in permissions defs',
1552 1570 group_name)
1553 1571 return False
1554 1572
1555 1573 log.debug('checking `%s` permissions for repo group `%s`',
1556 1574 user_perms, group_name)
1557 1575 if self.required_perms.intersection(user_perms):
1558 1576 return True
1559 1577 return False
1560 1578
1561 1579
1562 1580 class HasUserGroupPermissionAllDecorator(PermsDecorator):
1563 1581 """
1564 1582 Checks for access permission for all given predicates for specific
1565 1583 user group. All of them have to be meet in order to fulfill the request
1566 1584 """
1567 1585 def _get_user_group_name(self):
1568 1586 _request = self._get_request()
1569 1587 return get_user_group_slug(_request)
1570 1588
1571 1589 def check_permissions(self, user):
1572 1590 perms = user.permissions
1573 1591 group_name = self._get_user_group_name()
1574 1592 try:
1575 1593 user_perms = set([perms['user_groups'][group_name]])
1576 1594 except KeyError:
1577 1595 return False
1578 1596
1579 1597 if self.required_perms.issubset(user_perms):
1580 1598 return True
1581 1599 return False
1582 1600
1583 1601
1584 1602 class HasUserGroupPermissionAnyDecorator(PermsDecorator):
1585 1603 """
1586 1604 Checks for access permission for any of given predicates for specific
1587 1605 user group. In order to fulfill the request any of predicates must be meet
1588 1606 """
1589 1607 def _get_user_group_name(self):
1590 1608 _request = self._get_request()
1591 1609 return get_user_group_slug(_request)
1592 1610
1593 1611 def check_permissions(self, user):
1594 1612 perms = user.permissions
1595 1613 group_name = self._get_user_group_name()
1596 1614 try:
1597 1615 user_perms = set([perms['user_groups'][group_name]])
1598 1616 except KeyError:
1599 1617 return False
1600 1618
1601 1619 if self.required_perms.intersection(user_perms):
1602 1620 return True
1603 1621 return False
1604 1622
1605 1623
1606 1624 # CHECK FUNCTIONS
1607 1625 class PermsFunction(object):
1608 1626 """Base function for other check functions"""
1609 1627
1610 1628 def __init__(self, *perms):
1611 1629 self.required_perms = set(perms)
1612 1630 self.repo_name = None
1613 1631 self.repo_group_name = None
1614 1632 self.user_group_name = None
1615 1633
1616 1634 def __bool__(self):
1617 1635 frame = inspect.currentframe()
1618 1636 stack_trace = traceback.format_stack(frame)
1619 1637 log.error('Checking bool value on a class instance of perm '
1620 1638 'function is not allowed: %s' % ''.join(stack_trace))
1621 1639 # rather than throwing errors, here we always return False so if by
1622 1640 # accident someone checks truth for just an instance it will always end
1623 1641 # up in returning False
1624 1642 return False
1625 1643 __nonzero__ = __bool__
1626 1644
1627 1645 def __call__(self, check_location='', user=None):
1628 1646 if not user:
1629 1647 log.debug('Using user attribute from global request')
1630 1648 # TODO: remove this someday,put as user as attribute here
1631 1649 request = self._get_request()
1632 1650 user = request.user
1633 1651
1634 1652 # init auth user if not already given
1635 1653 if not isinstance(user, AuthUser):
1636 1654 log.debug('Wrapping user %s into AuthUser', user)
1637 1655 user = AuthUser(user.user_id)
1638 1656
1639 1657 cls_name = self.__class__.__name__
1640 1658 check_scope = self._get_check_scope(cls_name)
1641 1659 check_location = check_location or 'unspecified location'
1642 1660
1643 1661 log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,
1644 1662 self.required_perms, user, check_scope, check_location)
1645 1663 if not user:
1646 1664 log.warning('Empty user given for permission check')
1647 1665 return False
1648 1666
1649 1667 if self.check_permissions(user):
1650 1668 log.debug('Permission to repo:`%s` GRANTED for user:`%s` @ %s',
1651 1669 check_scope, user, check_location)
1652 1670 return True
1653 1671
1654 1672 else:
1655 1673 log.debug('Permission to repo:`%s` DENIED for user:`%s` @ %s',
1656 1674 check_scope, user, check_location)
1657 1675 return False
1658 1676
1659 1677 def _get_request(self):
1660 1678 return get_request(self)
1661 1679
1662 1680 def _get_check_scope(self, cls_name):
1663 1681 return {
1664 1682 'HasPermissionAll': 'GLOBAL',
1665 1683 'HasPermissionAny': 'GLOBAL',
1666 1684 'HasRepoPermissionAll': 'repo:%s' % self.repo_name,
1667 1685 'HasRepoPermissionAny': 'repo:%s' % self.repo_name,
1668 1686 'HasRepoGroupPermissionAll': 'repo_group:%s' % self.repo_group_name,
1669 1687 'HasRepoGroupPermissionAny': 'repo_group:%s' % self.repo_group_name,
1670 1688 'HasUserGroupPermissionAll': 'user_group:%s' % self.user_group_name,
1671 1689 'HasUserGroupPermissionAny': 'user_group:%s' % self.user_group_name,
1672 1690 }.get(cls_name, '?:%s' % cls_name)
1673 1691
1674 1692 def check_permissions(self, user):
1675 1693 """Dummy function for overriding"""
1676 1694 raise Exception('You have to write this function in child class')
1677 1695
1678 1696
1679 1697 class HasPermissionAll(PermsFunction):
1680 1698 def check_permissions(self, user):
1681 1699 perms = user.permissions_with_scope({})
1682 1700 if self.required_perms.issubset(perms.get('global')):
1683 1701 return True
1684 1702 return False
1685 1703
1686 1704
1687 1705 class HasPermissionAny(PermsFunction):
1688 1706 def check_permissions(self, user):
1689 1707 perms = user.permissions_with_scope({})
1690 1708 if self.required_perms.intersection(perms.get('global')):
1691 1709 return True
1692 1710 return False
1693 1711
1694 1712
1695 1713 class HasRepoPermissionAll(PermsFunction):
1696 1714 def __call__(self, repo_name=None, check_location='', user=None):
1697 1715 self.repo_name = repo_name
1698 1716 return super(HasRepoPermissionAll, self).__call__(check_location, user)
1699 1717
1700 1718 def _get_repo_name(self):
1701 1719 if not self.repo_name:
1702 1720 _request = self._get_request()
1703 1721 self.repo_name = get_repo_slug(_request)
1704 1722 return self.repo_name
1705 1723
1706 1724 def check_permissions(self, user):
1707 1725 self.repo_name = self._get_repo_name()
1708 1726 perms = user.permissions
1709 1727 try:
1710 1728 user_perms = set([perms['repositories'][self.repo_name]])
1711 1729 except KeyError:
1712 1730 return False
1713 1731 if self.required_perms.issubset(user_perms):
1714 1732 return True
1715 1733 return False
1716 1734
1717 1735
1718 1736 class HasRepoPermissionAny(PermsFunction):
1719 1737 def __call__(self, repo_name=None, check_location='', user=None):
1720 1738 self.repo_name = repo_name
1721 1739 return super(HasRepoPermissionAny, self).__call__(check_location, user)
1722 1740
1723 1741 def _get_repo_name(self):
1724 1742 if not self.repo_name:
1725 1743 _request = self._get_request()
1726 1744 self.repo_name = get_repo_slug(_request)
1727 1745 return self.repo_name
1728 1746
1729 1747 def check_permissions(self, user):
1730 1748 self.repo_name = self._get_repo_name()
1731 1749 perms = user.permissions
1732 1750 try:
1733 1751 user_perms = set([perms['repositories'][self.repo_name]])
1734 1752 except KeyError:
1735 1753 return False
1736 1754 if self.required_perms.intersection(user_perms):
1737 1755 return True
1738 1756 return False
1739 1757
1740 1758
1741 1759 class HasRepoGroupPermissionAny(PermsFunction):
1742 1760 def __call__(self, group_name=None, check_location='', user=None):
1743 1761 self.repo_group_name = group_name
1744 1762 return super(HasRepoGroupPermissionAny, self).__call__(
1745 1763 check_location, user)
1746 1764
1747 1765 def check_permissions(self, user):
1748 1766 perms = user.permissions
1749 1767 try:
1750 1768 user_perms = set(
1751 1769 [perms['repositories_groups'][self.repo_group_name]])
1752 1770 except KeyError:
1753 1771 return False
1754 1772 if self.required_perms.intersection(user_perms):
1755 1773 return True
1756 1774 return False
1757 1775
1758 1776
1759 1777 class HasRepoGroupPermissionAll(PermsFunction):
1760 1778 def __call__(self, group_name=None, check_location='', user=None):
1761 1779 self.repo_group_name = group_name
1762 1780 return super(HasRepoGroupPermissionAll, self).__call__(
1763 1781 check_location, user)
1764 1782
1765 1783 def check_permissions(self, user):
1766 1784 perms = user.permissions
1767 1785 try:
1768 1786 user_perms = set(
1769 1787 [perms['repositories_groups'][self.repo_group_name]])
1770 1788 except KeyError:
1771 1789 return False
1772 1790 if self.required_perms.issubset(user_perms):
1773 1791 return True
1774 1792 return False
1775 1793
1776 1794
1777 1795 class HasUserGroupPermissionAny(PermsFunction):
1778 1796 def __call__(self, user_group_name=None, check_location='', user=None):
1779 1797 self.user_group_name = user_group_name
1780 1798 return super(HasUserGroupPermissionAny, self).__call__(
1781 1799 check_location, user)
1782 1800
1783 1801 def check_permissions(self, user):
1784 1802 perms = user.permissions
1785 1803 try:
1786 1804 user_perms = set([perms['user_groups'][self.user_group_name]])
1787 1805 except KeyError:
1788 1806 return False
1789 1807 if self.required_perms.intersection(user_perms):
1790 1808 return True
1791 1809 return False
1792 1810
1793 1811
1794 1812 class HasUserGroupPermissionAll(PermsFunction):
1795 1813 def __call__(self, user_group_name=None, check_location='', user=None):
1796 1814 self.user_group_name = user_group_name
1797 1815 return super(HasUserGroupPermissionAll, self).__call__(
1798 1816 check_location, user)
1799 1817
1800 1818 def check_permissions(self, user):
1801 1819 perms = user.permissions
1802 1820 try:
1803 1821 user_perms = set([perms['user_groups'][self.user_group_name]])
1804 1822 except KeyError:
1805 1823 return False
1806 1824 if self.required_perms.issubset(user_perms):
1807 1825 return True
1808 1826 return False
1809 1827
1810 1828
1811 1829 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
1812 1830 class HasPermissionAnyMiddleware(object):
1813 1831 def __init__(self, *perms):
1814 1832 self.required_perms = set(perms)
1815 1833
1816 1834 def __call__(self, user, repo_name):
1817 1835 # repo_name MUST be unicode, since we handle keys in permission
1818 1836 # dict by unicode
1819 1837 repo_name = safe_unicode(repo_name)
1820 1838 user = AuthUser(user.user_id)
1821 1839 log.debug(
1822 1840 'Checking VCS protocol permissions %s for user:%s repo:`%s`',
1823 1841 self.required_perms, user, repo_name)
1824 1842
1825 1843 if self.check_permissions(user, repo_name):
1826 1844 log.debug('Permission to repo:`%s` GRANTED for user:%s @ %s',
1827 1845 repo_name, user, 'PermissionMiddleware')
1828 1846 return True
1829 1847
1830 1848 else:
1831 1849 log.debug('Permission to repo:`%s` DENIED for user:%s @ %s',
1832 1850 repo_name, user, 'PermissionMiddleware')
1833 1851 return False
1834 1852
1835 1853 def check_permissions(self, user, repo_name):
1836 1854 perms = user.permissions_with_scope({'repo_name': repo_name})
1837 1855
1838 1856 try:
1839 1857 user_perms = set([perms['repositories'][repo_name]])
1840 1858 except Exception:
1841 1859 log.exception('Error while accessing user permissions')
1842 1860 return False
1843 1861
1844 1862 if self.required_perms.intersection(user_perms):
1845 1863 return True
1846 1864 return False
1847 1865
1848 1866
1849 1867 # SPECIAL VERSION TO HANDLE API AUTH
1850 1868 class _BaseApiPerm(object):
1851 1869 def __init__(self, *perms):
1852 1870 self.required_perms = set(perms)
1853 1871
1854 1872 def __call__(self, check_location=None, user=None, repo_name=None,
1855 1873 group_name=None, user_group_name=None):
1856 1874 cls_name = self.__class__.__name__
1857 1875 check_scope = 'global:%s' % (self.required_perms,)
1858 1876 if repo_name:
1859 1877 check_scope += ', repo_name:%s' % (repo_name,)
1860 1878
1861 1879 if group_name:
1862 1880 check_scope += ', repo_group_name:%s' % (group_name,)
1863 1881
1864 1882 if user_group_name:
1865 1883 check_scope += ', user_group_name:%s' % (user_group_name,)
1866 1884
1867 1885 log.debug(
1868 1886 'checking cls:%s %s %s @ %s'
1869 1887 % (cls_name, self.required_perms, check_scope, check_location))
1870 1888 if not user:
1871 1889 log.debug('Empty User passed into arguments')
1872 1890 return False
1873 1891
1874 1892 # process user
1875 1893 if not isinstance(user, AuthUser):
1876 1894 user = AuthUser(user.user_id)
1877 1895 if not check_location:
1878 1896 check_location = 'unspecified'
1879 1897 if self.check_permissions(user.permissions, repo_name, group_name,
1880 1898 user_group_name):
1881 1899 log.debug('Permission to repo:`%s` GRANTED for user:`%s` @ %s',
1882 1900 check_scope, user, check_location)
1883 1901 return True
1884 1902
1885 1903 else:
1886 1904 log.debug('Permission to repo:`%s` DENIED for user:`%s` @ %s',
1887 1905 check_scope, user, check_location)
1888 1906 return False
1889 1907
1890 1908 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1891 1909 user_group_name=None):
1892 1910 """
1893 1911 implement in child class should return True if permissions are ok,
1894 1912 False otherwise
1895 1913
1896 1914 :param perm_defs: dict with permission definitions
1897 1915 :param repo_name: repo name
1898 1916 """
1899 1917 raise NotImplementedError()
1900 1918
1901 1919
1902 1920 class HasPermissionAllApi(_BaseApiPerm):
1903 1921 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1904 1922 user_group_name=None):
1905 1923 if self.required_perms.issubset(perm_defs.get('global')):
1906 1924 return True
1907 1925 return False
1908 1926
1909 1927
1910 1928 class HasPermissionAnyApi(_BaseApiPerm):
1911 1929 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1912 1930 user_group_name=None):
1913 1931 if self.required_perms.intersection(perm_defs.get('global')):
1914 1932 return True
1915 1933 return False
1916 1934
1917 1935
1918 1936 class HasRepoPermissionAllApi(_BaseApiPerm):
1919 1937 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1920 1938 user_group_name=None):
1921 1939 try:
1922 1940 _user_perms = set([perm_defs['repositories'][repo_name]])
1923 1941 except KeyError:
1924 1942 log.warning(traceback.format_exc())
1925 1943 return False
1926 1944 if self.required_perms.issubset(_user_perms):
1927 1945 return True
1928 1946 return False
1929 1947
1930 1948
1931 1949 class HasRepoPermissionAnyApi(_BaseApiPerm):
1932 1950 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1933 1951 user_group_name=None):
1934 1952 try:
1935 1953 _user_perms = set([perm_defs['repositories'][repo_name]])
1936 1954 except KeyError:
1937 1955 log.warning(traceback.format_exc())
1938 1956 return False
1939 1957 if self.required_perms.intersection(_user_perms):
1940 1958 return True
1941 1959 return False
1942 1960
1943 1961
1944 1962 class HasRepoGroupPermissionAnyApi(_BaseApiPerm):
1945 1963 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1946 1964 user_group_name=None):
1947 1965 try:
1948 1966 _user_perms = set([perm_defs['repositories_groups'][group_name]])
1949 1967 except KeyError:
1950 1968 log.warning(traceback.format_exc())
1951 1969 return False
1952 1970 if self.required_perms.intersection(_user_perms):
1953 1971 return True
1954 1972 return False
1955 1973
1956 1974
1957 1975 class HasRepoGroupPermissionAllApi(_BaseApiPerm):
1958 1976 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1959 1977 user_group_name=None):
1960 1978 try:
1961 1979 _user_perms = set([perm_defs['repositories_groups'][group_name]])
1962 1980 except KeyError:
1963 1981 log.warning(traceback.format_exc())
1964 1982 return False
1965 1983 if self.required_perms.issubset(_user_perms):
1966 1984 return True
1967 1985 return False
1968 1986
1969 1987
1970 1988 class HasUserGroupPermissionAnyApi(_BaseApiPerm):
1971 1989 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1972 1990 user_group_name=None):
1973 1991 try:
1974 1992 _user_perms = set([perm_defs['user_groups'][user_group_name]])
1975 1993 except KeyError:
1976 1994 log.warning(traceback.format_exc())
1977 1995 return False
1978 1996 if self.required_perms.intersection(_user_perms):
1979 1997 return True
1980 1998 return False
1981 1999
1982 2000
1983 2001 def check_ip_access(source_ip, allowed_ips=None):
1984 2002 """
1985 2003 Checks if source_ip is a subnet of any of allowed_ips.
1986 2004
1987 2005 :param source_ip:
1988 2006 :param allowed_ips: list of allowed ips together with mask
1989 2007 """
1990 2008 log.debug('checking if ip:%s is subnet of %s' % (source_ip, allowed_ips))
1991 2009 source_ip_address = ipaddress.ip_address(source_ip)
1992 2010 if isinstance(allowed_ips, (tuple, list, set)):
1993 2011 for ip in allowed_ips:
1994 2012 try:
1995 2013 network_address = ipaddress.ip_network(ip, strict=False)
1996 2014 if source_ip_address in network_address:
1997 2015 log.debug('IP %s is network %s' %
1998 2016 (source_ip_address, network_address))
1999 2017 return True
2000 2018 # for any case we cannot determine the IP, don't crash just
2001 2019 # skip it and log as error, we want to say forbidden still when
2002 2020 # sending bad IP
2003 2021 except Exception:
2004 2022 log.error(traceback.format_exc())
2005 2023 continue
2006 2024 return False
2007 2025
2008 2026
2009 2027 def get_cython_compat_decorator(wrapper, func):
2010 2028 """
2011 2029 Creates a cython compatible decorator. The previously used
2012 2030 decorator.decorator() function seems to be incompatible with cython.
2013 2031
2014 2032 :param wrapper: __wrapper method of the decorator class
2015 2033 :param func: decorated function
2016 2034 """
2017 2035 @wraps(func)
2018 2036 def local_wrapper(*args, **kwds):
2019 2037 return wrapper(func, *args, **kwds)
2020 2038 local_wrapper.__wrapped__ = func
2021 2039 return local_wrapper
2022 2040
2023 2041
General Comments 0
You need to be logged in to leave comments. Login now