auth.py
83 lines
| 3.0 KiB
| text/x-python
|
PythonLexer
Marcin Kuzminski
|
r41 | import logging | ||
| from datetime import datetime | ||||
| import crypt | ||||
| r52 | from pylons import session, url | |||
| from pylons.controllers.util import abort, redirect | ||||
| from decorator import decorator | ||||
|
Marcin Kuzminski
|
r64 | from sqlalchemy.exc import OperationalError | ||
|
Marcin Kuzminski
|
r41 | log = logging.getLogger(__name__) | ||
|
Marcin Kuzminski
|
r64 | from pylons_app.model import meta | ||
| from pylons_app.model.db import Users, UserLogs | ||||
| from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound | ||||
|
Marcin Kuzminski
|
r41 | |||
|
Marcin Kuzminski
|
r64 | def get_crypt_password(password): | ||
| return crypt.crypt(password, '6a') | ||||
|
Marcin Kuzminski
|
r46 | |||
| def admin_auth(username, password): | ||||
|
Marcin Kuzminski
|
r64 | sa = meta.Session | ||
| password_crypt = get_crypt_password(password) | ||||
|
Marcin Kuzminski
|
r46 | |||
| try: | ||||
|
Marcin Kuzminski
|
r64 | user = sa.query(Users).filter(Users.username == username).one() | ||
| except (NoResultFound, MultipleResultsFound, OperationalError) as e: | ||||
|
Marcin Kuzminski
|
r46 | log.error(e) | ||
|
Marcin Kuzminski
|
r64 | user = None | ||
|
Marcin Kuzminski
|
r46 | |||
|
Marcin Kuzminski
|
r64 | if user: | ||
| if user.active: | ||||
| if user.username == username and user.password == password_crypt and user.admin: | ||||
|
Marcin Kuzminski
|
r46 | log.info('user %s authenticated correctly', username) | ||
| return True | ||||
| else: | ||||
| log.error('user %s is disabled', username) | ||||
| return False | ||||
|
Marcin Kuzminski
|
r41 | def authfunc(environ, username, password): | ||
|
Marcin Kuzminski
|
r64 | sa = meta.Session | ||
| password_crypt = get_crypt_password(password) | ||||
| r42 | try: | |||
|
Marcin Kuzminski
|
r64 | user = sa.query(Users).filter(Users.username == username).one() | ||
| except (NoResultFound, MultipleResultsFound, OperationalError) as e: | ||||
| r42 | log.error(e) | |||
|
Marcin Kuzminski
|
r64 | user = None | ||
| if user: | ||||
| if user.active: | ||||
| if user.username == username and user.password == password_crypt: | ||||
|
Marcin Kuzminski
|
r41 | log.info('user %s authenticated correctly', username) | ||
| r45 | if environ: | |||
| http_accept = environ.get('HTTP_ACCEPT') | ||||
| if http_accept.startswith('application/mercurial') or \ | ||||
| environ['PATH_INFO'].find('raw-file') != -1: | ||||
|
Marcin Kuzminski
|
r64 | repo = environ['PATH_INFO'] | ||
| r45 | for qry in environ['QUERY_STRING'].split('&'): | |||
| if qry.startswith('cmd'): | ||||
|
Marcin Kuzminski
|
r41 | |||
| r45 | try: | |||
|
Marcin Kuzminski
|
r64 | user_log = UserLogs() | ||
| user_log.user_id = user.user_id | ||||
| user_log.action = qry | ||||
| user_log.repository = repo | ||||
| user_log.action_date = datetime.now() | ||||
| sa.add(user_log) | ||||
| sa.commit() | ||||
| log.info('Adding user %s, action %s', username, qry) | ||||
| r45 | except Exception as e: | |||
|
Marcin Kuzminski
|
r64 | sa.rollback() | ||
| r45 | log.error(e) | |||
|
Marcin Kuzminski
|
r41 | return True | ||
| else: | ||||
| log.error('user %s is disabled', username) | ||||
| return False | ||||
| r52 | ||||
| @decorator | ||||
| def authenticate(fn, *args, **kwargs): | ||||
| if not session.get('admin_user', False): | ||||
| redirect(url('admin_home'), 301) | ||||
| return fn(*args, **kwargs) | ||||
