##// END OF EJS Templates
merged fix for #189
merged fix for #189

File last commit:

r1270:49872ed3 beta
r1329:e058df3f default
Show More
user.py
221 lines | 7.5 KiB | text/x-python | PythonLexer
ldap auth rewrite, moved split authfunc into two functions,...
r761 # -*- coding: utf-8 -*-
"""
rhodecode release 1.1.3 changes
r1057 rhodecode.model.user
~~~~~~~~~~~~~~~~~~~~
ldap auth rewrite, moved split authfunc into two functions,...
r761
users model for RhodeCode
docs updates
r811
ldap auth rewrite, moved split authfunc into two functions,...
r761 :created_on: Apr 9, 2010
:author: marcink
rhodecode release 1.1.3 changes
r1057 :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
ldap auth rewrite, moved split authfunc into two functions,...
r761 :license: GPLv3, see COPYING for more details.
"""
fixes for issue #149
r1217 # This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
Code refactoring,models renames...
r629 # This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
fixes for issue #149
r1217 #
Code refactoring,models renames...
r629 # You should have received a copy of the GNU General Public License
fixes for issue #149
r1217 # along with this program. If not, see <http://www.gnu.org/licenses/>.
fixed security issue when saving ldap user saved plaintext password
r750
Code refactoring,models renames...
r629 import logging
import traceback
ldap auth rewrite, moved split authfunc into two functions,...
r761 from pylons.i18n.translation import _
from rhodecode.model import BaseModel
from rhodecode.model.caching_query import FromCache
from rhodecode.model.db import User
Code refactoring,models renames...
r629
ldap auth rewrite, moved split authfunc into two functions,...
r761 from rhodecode.lib.exceptions import DefaultUserException, UserOwnsReposException
fixed #72 show warning on removal when user still is owner of existing repositories...
r713
ldap auth rewrite, moved split authfunc into two functions,...
r761 from sqlalchemy.exc import DatabaseError
log = logging.getLogger(__name__)
Code refactoring,models renames...
r629
fixed Example celery config to ampq,...
r752 class UserModel(BaseModel):
Code refactoring,models renames...
r629
def get(self, user_id, cache=False):
user = self.sa.query(User)
if cache:
user = user.options(FromCache("sql_cache_short",
"get_user_%s" % user_id))
return user.get(user_id)
#78, fixed more reliable case insensitive searches
r742 def get_by_username(self, username, cache=False, case_insensitive=False):
fixed security issue when saving ldap user saved plaintext password
r750
#78, fixed more reliable case insensitive searches
r742 if case_insensitive:
user = self.sa.query(User).filter(User.username.ilike(username))
else:
user = self.sa.query(User)\
.filter(User.username == username)
Code refactoring,models renames...
r629 if cache:
user = user.options(FromCache("sql_cache_short",
"get_user_%s" % username))
return user.scalar()
def create(self, form_data):
try:
new_user = User()
for k, v in form_data.items():
setattr(new_user, k, v)
self.sa.add(new_user)
self.sa.commit()
except:
log.error(traceback.format_exc())
self.sa.rollback()
raise
implements #60, ldap configuration and authentication....
r705 def create_ldap(self, username, password):
"""
Checks if user is in database, if not creates this user marked
as ldap user
:param username:
:param password:
"""
fixed security issue when saving ldap user saved plaintext password
r750 from rhodecode.lib.auth import get_crypt_password
ldap auth rewrite, moved split authfunc into two functions,...
r761 log.debug('Checking for such ldap account in RhodeCode database')
if self.get_by_username(username, case_insensitive=True) is None:
implements #60, ldap configuration and authentication....
r705 try:
new_user = User()
ldap auth rewrite, moved split authfunc into two functions,...
r761 new_user.username = username.lower()#add ldap account always lowercase
fixed security issue when saving ldap user saved plaintext password
r750 new_user.password = get_crypt_password(password)
implements #60, ldap configuration and authentication....
r705 new_user.email = '%s@ldap.server' % username
new_user.active = True
new_user.is_ldap = True
new_user.name = '%s@ldap' % username
new_user.lastname = ''
self.sa.add(new_user)
self.sa.commit()
return True
ldap auth rewrite, moved split authfunc into two functions,...
r761 except (DatabaseError,):
implements #60, ldap configuration and authentication....
r705 log.error(traceback.format_exc())
self.sa.rollback()
raise
ldap auth rewrite, moved split authfunc into two functions,...
r761 log.debug('this %s user exists skipping creation of ldap account',
username)
implements #60, ldap configuration and authentication....
r705 return False
Code refactoring,models renames...
r629 def create_registration(self, form_data):
fixes #59, notifications for user registrations + some changes to mailer
r689 from rhodecode.lib.celerylib import tasks, run_task
Code refactoring,models renames...
r629 try:
new_user = User()
for k, v in form_data.items():
if k != 'admin':
setattr(new_user, k, v)
self.sa.add(new_user)
self.sa.commit()
fixes #59, notifications for user registrations + some changes to mailer
r689 body = ('New user registration\n'
'username: %s\n'
'email: %s\n')
body = body % (form_data['username'], form_data['email'])
run_task(tasks.send_email, None,
_('[RhodeCode] New User registration'),
body)
Code refactoring,models renames...
r629 except:
log.error(traceback.format_exc())
self.sa.rollback()
raise
def update(self, user_id, form_data):
try:
new_user = self.get(user_id, cache=False)
if new_user.username == 'default':
raise DefaultUserException(
_("You can't Edit this user since it's"
" crucial for entire application"))
fixed #72 show warning on removal when user still is owner of existing repositories...
r713
Code refactoring,models renames...
r629 for k, v in form_data.items():
if k == 'new_password' and v != '':
new_user.password = v
else:
setattr(new_user, k, v)
self.sa.add(new_user)
self.sa.commit()
except:
log.error(traceback.format_exc())
self.sa.rollback()
raise
def update_my_account(self, user_id, form_data):
try:
new_user = self.get(user_id, cache=False)
if new_user.username == 'default':
raise DefaultUserException(
_("You can't Edit this user since it's"
" crucial for entire application"))
for k, v in form_data.items():
if k == 'new_password' and v != '':
new_user.password = v
else:
if k not in ['admin', 'active']:
setattr(new_user, k, v)
self.sa.add(new_user)
self.sa.commit()
except:
log.error(traceback.format_exc())
self.sa.rollback()
raise
def delete(self, user_id):
try:
user = self.get(user_id, cache=False)
if user.username == 'default':
raise DefaultUserException(
_("You can't remove this user since it's"
" crucial for entire application"))
fixed #72 show warning on removal when user still is owner of existing repositories...
r713 if user.repositories:
raise UserOwnsReposException(_('This user still owns %s '
'repositories and cannot be '
'removed. Switch owners or '
'remove those repositories') \
% user.repositories)
Code refactoring,models renames...
r629 self.sa.delete(user)
self.sa.commit()
except:
log.error(traceback.format_exc())
self.sa.rollback()
raise
def reset_password(self, data):
from rhodecode.lib.celerylib import tasks, run_task
run_task(tasks.reset_user_password, data['email'])
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
def fill_data(self, user):
"""
Fills user data with those from database and log out user if not
present in database
:param user:
"""
fixed anonymous access bug.
r686
if not hasattr(user, 'user_id') or user.user_id is None:
raise Exception('passed in user has to have the user_id attribute')
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673 log.debug('filling auth user data')
try:
dbuser = self.get(user.user_id)
user.username = dbuser.username
user.is_admin = dbuser.admin
user.name = dbuser.name
user.lastname = dbuser.lastname
user.email = dbuser.email
except:
log.error(traceback.format_exc())
user.is_authenticated = False
return user