##// END OF EJS Templates
security: fix self xss on repo downloads picker for svn case.
security: fix self xss on repo downloads picker for svn case.

File last commit:

r2170:4adf3415 default
r2234:8f4440a2 stable
Show More
views.py
196 lines | 6.9 KiB | text/x-python | PythonLexer
project: added all source files and assets
r1 # -*- coding: utf-8 -*-
license: updated copyright year to 2017
r1271 # Copyright (C) 2012-2017 RhodeCode GmbH
project: added all source files and assets
r1 #
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License, version 3
# (only), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# This program is dual-licensed. If you wish to learn more about the
# RhodeCode Enterprise Edition, including its added features, Support services,
# and proprietary license terms, please see https://rhodecode.com/licenses/
import colander
import formencode.htmlfill
import logging
from pyramid.httpexceptions import HTTPFound
from pyramid.renderers import render
from pyramid.response import Response
auth-token: allow other authentication types to use auth-token....
r440 from rhodecode.authentication.base import (
caches: clear perms cache manager while updating settings for auth plugins
r2169 get_auth_cache_manager, get_perms_cache_manager, get_authn_registry)
project: added all source files and assets
r1 from rhodecode.lib import auth
from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator
from rhodecode.model.forms import AuthSettingsForm
from rhodecode.model.meta import Session
from rhodecode.model.settings import SettingsModel
i18n: Use new translation string factory....
r51 from rhodecode.translation import _
project: added all source files and assets
r1
log = logging.getLogger(__name__)
class AuthnPluginViewBase(object):
def __init__(self, context, request):
self.request = request
self.context = context
self.plugin = context.plugin
Martin Bornhold
permissions: Fix permissions for authentication plugin settings view.
r173 self._rhodecode_user = request.user
project: added all source files and assets
r1
Martin Bornhold
permissions: Fix permissions for authentication plugin settings view.
r173 @LoginRequired()
@HasPermissionAllDecorator('hg.admin')
authn: Fix handling of form errors and default values.
r90 def settings_get(self, defaults=None, errors=None):
project: added all source files and assets
r1 """
View that displays the plugin settings as a form.
"""
authn: Fix handling of form errors and default values.
r90 defaults = defaults or {}
errors = errors or {}
project: added all source files and assets
r1 schema = self.plugin.get_settings_schema()
authn: Fix priority of default values if some values are missing during POST...
r237 # Compute default values for the form. Priority is:
# 1. Passed to this method 2. DB value 3. Schema default
authn: Fix handling of form errors and default values.
r90 for node in schema:
Martin Bornhold
authn: Only lookup settings from DB if they are really used....
r285 if node.name not in defaults:
defaults[node.name] = self.plugin.get_setting_by_name(
auth: don't cache settings for auth plugins
r2170 node.name, node.default, cache=False)
project: added all source files and assets
r1
template_context = {
authn: Fix handling of form errors and default values.
r90 'defaults': defaults,
authn: Refactored the auth-plugins-settings base view....
r84 'errors': errors,
'plugin': self.context.plugin,
project: added all source files and assets
r1 'resource': self.context,
}
authn: Refactored the auth-plugins-settings base view....
r84 return template_context
project: added all source files and assets
r1
Martin Bornhold
permissions: Fix permissions for authentication plugin settings view.
r173 @LoginRequired()
@HasPermissionAllDecorator('hg.admin')
@auth.CSRFRequired()
project: added all source files and assets
r1 def settings_post(self):
"""
View that validates and stores the plugin settings.
"""
schema = self.plugin.get_settings_schema()
Martin Bornhold
authn: Generate the form default values manually....
r291 data = self.request.params
project: added all source files and assets
r1 try:
Martin Bornhold
authn: Generate the form default values manually....
r291 valid_data = schema.deserialize(data)
authentication-views: fixed old style exception catch syntax.
r1092 except colander.Invalid as e:
project: added all source files and assets
r1 # Display error message and display form again.
self.request.session.flash(
_('Errors exist when saving plugin settings. '
authn: Refactored the auth-plugins-settings base view....
r84 'Please check the form inputs.'),
project: added all source files and assets
r1 queue='error')
Martin Bornhold
authn: Generate the form default values manually....
r291 defaults = {key: data[key] for key in data if key in schema}
authn: Fix handling of form errors and default values.
r90 return self.settings_get(errors=e.asdict(), defaults=defaults)
project: added all source files and assets
r1
# Store validated data.
for name, value in valid_data.items():
self.plugin.create_or_update_setting(name, value)
db: always use Session() for compatibility, Using Session is actually the...
r506 Session().commit()
project: added all source files and assets
r1
# Display success message and redirect.
self.request.session.flash(
_('Auth settings updated successfully.'),
queue='success')
redirect_to = self.request.resource_path(
self.context, route_name='auth_home')
return HTTPFound(redirect_to)
# TODO: Ongoing migration in these views.
# - Maybe we should also use a colander schema for these views.
class AuthSettingsView(object):
def __init__(self, context, request):
self.context = context
self.request = request
# TODO: Move this into a utility function. It is needed in all view
# classes during migration. Maybe a mixin?
# Some of the decorators rely on this attribute to be present on the
# class of the decorated method.
self._rhodecode_user = request.user
@LoginRequired()
@HasPermissionAllDecorator('hg.admin')
authn: Fix handling of form errors and default values.
r90 def index(self, defaults=None, errors=None, prefix_error=False):
defaults = defaults or {}
auth-token: allow other authentication types to use auth-token....
r440 authn_registry = get_authn_registry(self.request.registry)
authn: Add an INI option to set an authentication plugin fallback. #3953...
r52 enabled_plugins = SettingsModel().get_auth_plugins()
project: added all source files and assets
r1
# Create template context and render it.
template_context = {
'resource': self.context,
'available_plugins': authn_registry.get_plugins(),
'enabled_plugins': enabled_plugins,
}
templating: use .mako as extensions for template files.
r1282 html = render('rhodecode:templates/admin/auth/auth_settings.mako',
project: added all source files and assets
r1 template_context,
request=self.request)
# Create form default values and fill the form.
form_defaults = {
'auth_plugins': ','.join(enabled_plugins)
}
form_defaults.update(defaults)
html = formencode.htmlfill.render(
html,
defaults=form_defaults,
errors=errors,
prefix_error=prefix_error,
encoding="UTF-8",
force_defaults=False)
return Response(html)
@LoginRequired()
@HasPermissionAllDecorator('hg.admin')
@auth.CSRFRequired()
def auth_settings(self):
try:
form = AuthSettingsForm()()
form_result = form.to_python(self.request.params)
plugins = ','.join(form_result['auth_plugins'])
setting = SettingsModel().create_or_update_setting(
'auth_plugins', plugins)
Session().add(setting)
Session().commit()
cache_manager = get_auth_cache_manager()
cache_manager.clear()
caches: clear perms cache manager while updating settings for auth plugins
r2169
cache_manager = get_perms_cache_manager()
cache_manager.clear()
project: added all source files and assets
r1 self.request.session.flash(
_('Auth settings updated successfully.'),
queue='success')
except formencode.Invalid as errors:
e = errors.error_dict or {}
self.request.session.flash(
_('Errors exist when saving plugin setting. '
'Please check the form inputs.'),
queue='error')
return self.index(
defaults=errors.value,
errors=e,
prefix_error=False)
except Exception:
log.exception('Exception in auth_settings')
self.request.session.flash(
_('Error occurred during update of auth settings.'),
queue='error')
redirect_to = self.request.resource_path(
self.context, route_name='auth_home')
return HTTPFound(redirect_to)