##// END OF EJS Templates
api: security, fix problem when absolute paths are specified with API call, that would allow...
api: security, fix problem when absolute paths are specified with API call, that would allow forking of path based repos if paths are known to end users.

File last commit:

r2659:8b68aff1 default
r2664:36dbf06f stable
Show More
views.py
191 lines | 6.9 KiB | text/x-python | PythonLexer
project: added all source files and assets
r1 # -*- coding: utf-8 -*-
release: update copyright year to 2018
r2487 # Copyright (C) 2012-2018 RhodeCode GmbH
project: added all source files and assets
r1 #
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License, version 3
# (only), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# This program is dual-licensed. If you wish to learn more about the
# RhodeCode Enterprise Edition, including its added features, Support services,
# and proprietary license terms, please see https://rhodecode.com/licenses/
import colander
import formencode.htmlfill
import logging
from pyramid.httpexceptions import HTTPFound
from pyramid.renderers import render
from pyramid.response import Response
pylons: remove pylons as dependency...
r2351 from rhodecode.apps._base import BaseAppView
auth-token: allow other authentication types to use auth-token....
r440 from rhodecode.authentication.base import (
caches: clear perms cache manager while updating settings for auth plugins
r2169 get_auth_cache_manager, get_perms_cache_manager, get_authn_registry)
flash: use consistent use of h.flash across the application.
r2366 from rhodecode.lib import helpers as h
pylons: remove pylons as dependency...
r2351 from rhodecode.lib.auth import (
LoginRequired, HasPermissionAllDecorator, CSRFRequired)
caches: use individual namespaces per user to prevent beaker caching problems....
r2591 from rhodecode.lib.caches import clear_cache_manager
project: added all source files and assets
r1 from rhodecode.model.forms import AuthSettingsForm
from rhodecode.model.meta import Session
from rhodecode.model.settings import SettingsModel
log = logging.getLogger(__name__)
pylons: remove pylons as dependency...
r2351 class AuthnPluginViewBase(BaseAppView):
project: added all source files and assets
r1
pylons: remove pylons as dependency...
r2351 def load_default_context(self):
c = self._get_local_tmpl_context()
self.plugin = self.context.plugin
return c
project: added all source files and assets
r1
Martin Bornhold
permissions: Fix permissions for authentication plugin settings view.
r173 @LoginRequired()
@HasPermissionAllDecorator('hg.admin')
authn: Fix handling of form errors and default values.
r90 def settings_get(self, defaults=None, errors=None):
project: added all source files and assets
r1 """
View that displays the plugin settings as a form.
"""
pylons: remove pylons as dependency...
r2351 c = self.load_default_context()
authn: Fix handling of form errors and default values.
r90 defaults = defaults or {}
errors = errors or {}
project: added all source files and assets
r1 schema = self.plugin.get_settings_schema()
authn: Fix priority of default values if some values are missing during POST...
r237 # Compute default values for the form. Priority is:
# 1. Passed to this method 2. DB value 3. Schema default
authn: Fix handling of form errors and default values.
r90 for node in schema:
Martin Bornhold
authn: Only lookup settings from DB if they are really used....
r285 if node.name not in defaults:
defaults[node.name] = self.plugin.get_setting_by_name(
auth: don't cache settings for auth plugins
r2170 node.name, node.default, cache=False)
project: added all source files and assets
r1
template_context = {
authn: Fix handling of form errors and default values.
r90 'defaults': defaults,
authn: Refactored the auth-plugins-settings base view....
r84 'errors': errors,
'plugin': self.context.plugin,
project: added all source files and assets
r1 'resource': self.context,
}
pylons: remove pylons as dependency...
r2351 return self._get_template_context(c, **template_context)
project: added all source files and assets
r1
Martin Bornhold
permissions: Fix permissions for authentication plugin settings view.
r173 @LoginRequired()
@HasPermissionAllDecorator('hg.admin')
pylons: remove pylons as dependency...
r2351 @CSRFRequired()
project: added all source files and assets
r1 def settings_post(self):
"""
View that validates and stores the plugin settings.
"""
pylons: remove pylons as dependency...
r2351 _ = self.request.translate
self.load_default_context()
project: added all source files and assets
r1 schema = self.plugin.get_settings_schema()
Martin Bornhold
authn: Generate the form default values manually....
r291 data = self.request.params
project: added all source files and assets
r1 try:
Martin Bornhold
authn: Generate the form default values manually....
r291 valid_data = schema.deserialize(data)
authentication-views: fixed old style exception catch syntax.
r1092 except colander.Invalid as e:
project: added all source files and assets
r1 # Display error message and display form again.
flash: use consistent use of h.flash across the application.
r2366 h.flash(
project: added all source files and assets
r1 _('Errors exist when saving plugin settings. '
authn: Refactored the auth-plugins-settings base view....
r84 'Please check the form inputs.'),
flash: use consistent use of h.flash across the application.
r2366 category='error')
Martin Bornhold
authn: Generate the form default values manually....
r291 defaults = {key: data[key] for key in data if key in schema}
authn: Fix handling of form errors and default values.
r90 return self.settings_get(errors=e.asdict(), defaults=defaults)
project: added all source files and assets
r1
# Store validated data.
for name, value in valid_data.items():
self.plugin.create_or_update_setting(name, value)
db: always use Session() for compatibility, Using Session is actually the...
r506 Session().commit()
project: added all source files and assets
r1
caches: use individual namespaces per user to prevent beaker caching problems....
r2591 # cleanup cache managers in case of change for plugin
# TODO(marcink): because we can register multiple namespaces
# we should at some point figure out how to retrieve ALL namespace
# cache managers and clear them...
cache_manager = get_auth_cache_manager()
clear_cache_manager(cache_manager)
cache_manager = get_perms_cache_manager()
clear_cache_manager(cache_manager)
project: added all source files and assets
r1 # Display success message and redirect.
flash: use consistent use of h.flash across the application.
r2366 h.flash(_('Auth settings updated successfully.'), category='success')
project: added all source files and assets
r1 redirect_to = self.request.resource_path(
self.context, route_name='auth_home')
return HTTPFound(redirect_to)
pylons: remove pylons as dependency...
r2351 class AuthSettingsView(BaseAppView):
def load_default_context(self):
c = self._get_local_tmpl_context()
return c
project: added all source files and assets
r1
@LoginRequired()
@HasPermissionAllDecorator('hg.admin')
authn: Fix handling of form errors and default values.
r90 def index(self, defaults=None, errors=None, prefix_error=False):
pylons: remove pylons as dependency...
r2351 c = self.load_default_context()
authn: Fix handling of form errors and default values.
r90 defaults = defaults or {}
auth-token: allow other authentication types to use auth-token....
r440 authn_registry = get_authn_registry(self.request.registry)
authn: Add an INI option to set an authentication plugin fallback. #3953...
r52 enabled_plugins = SettingsModel().get_auth_plugins()
project: added all source files and assets
r1
# Create template context and render it.
template_context = {
'resource': self.context,
'available_plugins': authn_registry.get_plugins(),
'enabled_plugins': enabled_plugins,
}
templating: use .mako as extensions for template files.
r1282 html = render('rhodecode:templates/admin/auth/auth_settings.mako',
pylons: remove pylons as dependency...
r2351 self._get_template_context(c, **template_context),
self.request)
project: added all source files and assets
r1
# Create form default values and fill the form.
form_defaults = {
'auth_plugins': ','.join(enabled_plugins)
}
form_defaults.update(defaults)
html = formencode.htmlfill.render(
html,
defaults=form_defaults,
errors=errors,
prefix_error=prefix_error,
encoding="UTF-8",
force_defaults=False)
return Response(html)
@LoginRequired()
@HasPermissionAllDecorator('hg.admin')
pylons: remove pylons as dependency...
r2351 @CSRFRequired()
project: added all source files and assets
r1 def auth_settings(self):
pylons: remove pylons as dependency...
r2351 _ = self.request.translate
project: added all source files and assets
r1 try:
pylons: remove pylons as dependency...
r2351 form = AuthSettingsForm(self.request.translate)()
form_result = form.to_python(self.request.POST)
project: added all source files and assets
r1 plugins = ','.join(form_result['auth_plugins'])
setting = SettingsModel().create_or_update_setting(
'auth_plugins', plugins)
Session().add(setting)
Session().commit()
flash: use consistent use of h.flash across the application.
r2366 h.flash(_('Auth settings updated successfully.'), category='success')
project: added all source files and assets
r1 except formencode.Invalid as errors:
e = errors.error_dict or {}
flash: use consistent use of h.flash across the application.
r2366 h.flash(_('Errors exist when saving plugin setting. '
'Please check the form inputs.'), category='error')
project: added all source files and assets
r1 return self.index(
defaults=errors.value,
errors=e,
prefix_error=False)
except Exception:
log.exception('Exception in auth_settings')
flash: use consistent use of h.flash across the application.
r2366 h.flash(_('Error occurred during update of auth settings.'),
category='error')
project: added all source files and assets
r1
redirect_to = self.request.resource_path(
self.context, route_name='auth_home')
return HTTPFound(redirect_to)