##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

fixed some config bool converter problems with ldap
marcink -
r1135:1aa1655b beta
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,38 +1,47 b''
1 1 # -*- coding: utf-8 -*-
2 2 """
3 3 rhodecode.lib.__init__
4 4 ~~~~~~~~~~~~~~~~~~~~~~~
5 5
6 6 Some simple helper functions
7 7
8 8 :created_on: Jan 5, 2011
9 9 :author: marcink
10 10 :copyright: (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
11 11 :license: GPLv3, see COPYING for more details.
12 12 """
13 13 # This program is free software; you can redistribute it and/or
14 14 # modify it under the terms of the GNU General Public License
15 15 # as published by the Free Software Foundation; version 2
16 16 # of the License or (at your opinion) any later version of the license.
17 17 #
18 18 # This program is distributed in the hope that it will be useful,
19 19 # but WITHOUT ANY WARRANTY; without even the implied warranty of
20 20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 21 # GNU General Public License for more details.
22 22 #
23 23 # You should have received a copy of the GNU General Public License
24 24 # along with this program; if not, write to the Free Software
25 25 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
26 26 # MA 02110-1301, USA.
27 27
28 28 def str2bool(v):
29 return v.lower() in ["yes", "true", "t", "1"] if v else None
29 if isinstance(v, (str, unicode)):
30 obj = v.strip().lower()
31 if obj in ['true', 'yes', 'on', 'y', 't', '1']:
32 return True
33 elif obj in ['false', 'no', 'off', 'n', 'f', '0']:
34 return False
35 else:
36 if not safe:
37 raise ValueError("String is not true/false: %r" % obj)
38 return bool(obj)
30 39
31 40 def generate_api_key(username, salt=None):
32 41 from tempfile import _RandomNameSequence
33 42 import hashlib
34 43
35 44 if salt is None:
36 45 salt = _RandomNameSequence().next()
37 46
38 47 return hashlib.sha1(username + salt).hexdigest()
Show file before | Show file after | Hide comments
@@ -1,591 +1,591 b''
1 1 # -*- coding: utf-8 -*-
2 2 """
3 3 rhodecode.lib.auth
4 4 ~~~~~~~~~~~~~~~~~~
5 5
6 6 authentication and permission libraries
7 7
8 8 :created_on: Apr 4, 2010
9 9 :copyright: (c) 2010 by marcink.
10 10 :license: LICENSE_NAME, see LICENSE_FILE for more details.
11 11 """
12 12 # This program is free software; you can redistribute it and/or
13 13 # modify it under the terms of the GNU General Public License
14 14 # as published by the Free Software Foundation; version 2
15 15 # of the License or (at your opinion) any later version of the license.
16 16 #
17 17 # This program is distributed in the hope that it will be useful,
18 18 # but WITHOUT ANY WARRANTY; without even the implied warranty of
19 19 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 20 # GNU General Public License for more details.
21 21 #
22 22 # You should have received a copy of the GNU General Public License
23 23 # along with this program; if not, write to the Free Software
24 24 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
25 25 # MA 02110-1301, USA.
26 26
27 27 import random
28 28 import logging
29 29 import traceback
30 30 import hashlib
31 31
32 32 from tempfile import _RandomNameSequence
33 33 from decorator import decorator
34 34
35 35 from pylons import config, session, url, request
36 36 from pylons.controllers.util import abort, redirect
37 37 from pylons.i18n.translation import _
38 38
39 39 from rhodecode import __platform__
40 40
41 41 if __platform__ == 'Windows':
42 42 from hashlib import sha256
43 43 if __platform__ in ('Linux', 'Darwin'):
44 44 import bcrypt
45 45
46
46 from rhodecode.lib import str2bool
47 47 from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError
48 48 from rhodecode.lib.utils import get_repo_slug
49 49 from rhodecode.lib.auth_ldap import AuthLdap
50 50
51 51 from rhodecode.model import meta
52 52 from rhodecode.model.user import UserModel
53 53 from rhodecode.model.db import Permission
54 54
55 55
56 56 log = logging.getLogger(__name__)
57 57
58 58 class PasswordGenerator(object):
59 59 """This is a simple class for generating password from
60 60 different sets of characters
61 61 usage:
62 62 passwd_gen = PasswordGenerator()
63 63 #print 8-letter password containing only big and small letters of alphabet
64 64 print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
65 65 """
66 66 ALPHABETS_NUM = r'''1234567890'''#[0]
67 67 ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''#[1]
68 68 ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''#[2]
69 69 ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?''' #[3]
70 70 ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM + ALPHABETS_SPECIAL#[4]
71 71 ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM#[5]
72 72 ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
73 73 ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM#[6]
74 74 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM#[7]
75 75
76 76 def __init__(self, passwd=''):
77 77 self.passwd = passwd
78 78
79 79 def gen_password(self, len, type):
80 80 self.passwd = ''.join([random.choice(type) for _ in xrange(len)])
81 81 return self.passwd
82 82
83 83 class RhodeCodeCrypto(object):
84 84
85 85 @classmethod
86 86 def hash_string(cls, str_):
87 87 """
88 88 Cryptographic function used for password hashing based on pybcrypt
89 89 or pycrypto in windows
90 90
91 91 :param password: password to hash
92 92 """
93 93 if __platform__ == 'Windows':
94 94 return sha256(str_).hexdigest()
95 95 elif __platform__ in ('Linux', 'Darwin'):
96 96 return bcrypt.hashpw(str_, bcrypt.gensalt(10))
97 97 else:
98 98 raise Exception('Unknown or unsupoprted platform %s' % __platform__)
99 99
100 100 @classmethod
101 101 def hash_check(cls, password, hashed):
102 102 """
103 103 Checks matching password with it's hashed value, runs different
104 104 implementation based on platform it runs on
105 105
106 106 :param password: password
107 107 :param hashed: password in hashed form
108 108 """
109 109
110 110 if __platform__ == 'Windows':
111 111 return sha256(password).hexdigest() == hashed
112 112 elif __platform__ in ('Linux', 'Darwin'):
113 113 return bcrypt.hashpw(password, hashed) == hashed
114 114 else:
115 115 raise Exception('Unknown or unsupoprted platform %s' % __platform__)
116 116
117 117
118 118
119 119
120 120
121 121 def get_crypt_password(password):
122 122 return RhodeCodeCrypto.hash_string(password)
123 123
124 124 def check_password(password, hashed):
125 125 return RhodeCodeCrypto.hash_check(password, hashed)
126 126
127 127 def generate_api_key(username, salt=None):
128 128 if salt is None:
129 129 salt = _RandomNameSequence().next()
130 130
131 131 return hashlib.sha1(username + salt).hexdigest()
132 132
133 133 def authfunc(environ, username, password):
134 134 """Dummy authentication function used in Mercurial/Git/ and access control,
135 135
136 136 :param environ: needed only for using in Basic auth
137 137 """
138 138 return authenticate(username, password)
139 139
140 140
141 141 def authenticate(username, password):
142 142 """Authentication function used for access control,
143 143 firstly checks for db authentication then if ldap is enabled for ldap
144 144 authentication, also creates ldap user if not in database
145 145
146 146 :param username: username
147 147 :param password: password
148 148 """
149 149 user_model = UserModel()
150 150 user = user_model.get_by_username(username, cache=False)
151 151
152 152 log.debug('Authenticating user using RhodeCode account')
153 153 if user is not None and not user.ldap_dn:
154 154 if user.active:
155 155
156 156 if user.username == 'default' and user.active:
157 157 log.info('user %s authenticated correctly as anonymous user',
158 158 username)
159 159 return True
160 160
161 161 elif user.username == username and check_password(password, user.password):
162 162 log.info('user %s authenticated correctly', username)
163 163 return True
164 164 else:
165 165 log.warning('user %s is disabled', username)
166 166
167 167 else:
168 168 log.debug('Regular authentication failed')
169 169 user_obj = user_model.get_by_username(username, cache=False,
170 170 case_insensitive=True)
171 171
172 172 if user_obj is not None and not user_obj.ldap_dn:
173 173 log.debug('this user already exists as non ldap')
174 174 return False
175 175
176 176 from rhodecode.model.settings import SettingsModel
177 177 ldap_settings = SettingsModel().get_ldap_settings()
178 178
179 179 #======================================================================
180 180 # FALLBACK TO LDAP AUTH IF ENABLE
181 181 #======================================================================
182 if ldap_settings.get('ldap_active', False):
182 if str2bool(ldap_settings.get('ldap_active')):
183 183 log.debug("Authenticating user using ldap")
184 184 kwargs = {
185 185 'server':ldap_settings.get('ldap_host', ''),
186 186 'base_dn':ldap_settings.get('ldap_base_dn', ''),
187 187 'port':ldap_settings.get('ldap_port'),
188 188 'bind_dn':ldap_settings.get('ldap_dn_user'),
189 189 'bind_pass':ldap_settings.get('ldap_dn_pass'),
190 'use_ldaps':ldap_settings.get('ldap_ldaps'),
190 'use_ldaps':str2bool(ldap_settings.get('ldap_ldaps')),
191 191 'tls_reqcert':ldap_settings.get('ldap_tls_reqcert'),
192 192 'ldap_filter':ldap_settings.get('ldap_filter'),
193 193 'search_scope':ldap_settings.get('ldap_search_scope'),
194 194 'attr_login':ldap_settings.get('ldap_attr_login'),
195 195 'ldap_version':3,
196 196 }
197 197 log.debug('Checking for ldap authentication')
198 198 try:
199 199 aldap = AuthLdap(**kwargs)
200 200 (user_dn, ldap_attrs) = aldap.authenticate_ldap(username, password)
201 201 log.debug('Got ldap DN response %s', user_dn)
202 202
203 203 user_attrs = {
204 204 'name' : ldap_attrs[ldap_settings.get('ldap_attr_firstname')][0],
205 205 'lastname' : ldap_attrs[ldap_settings.get('ldap_attr_lastname')][0],
206 206 'email' : ldap_attrs[ldap_settings.get('ldap_attr_email')][0],
207 207 }
208 208
209 209 if user_model.create_ldap(username, password, user_dn, user_attrs):
210 210 log.info('created new ldap user %s', username)
211 211
212 212 return True
213 213 except (LdapUsernameError, LdapPasswordError,):
214 214 pass
215 215 except (Exception,):
216 216 log.error(traceback.format_exc())
217 217 pass
218 218 return False
219 219
220 220 class AuthUser(object):
221 221 """
222 222 A simple object that handles all attributes of user in RhodeCode
223 223
224 224 It does lookup based on API key,given user, or user present in session
225 225 Then it fills all required information for such user. It also checks if
226 226 anonymous access is enabled and if so, it returns default user as logged
227 227 in
228 228 """
229 229
230 230 def __init__(self, user_id=None, api_key=None):
231 231
232 232 self.user_id = user_id
233 233 self.api_key = None
234 234
235 235 self.username = 'None'
236 236 self.name = ''
237 237 self.lastname = ''
238 238 self.email = ''
239 239 self.is_authenticated = False
240 240 self.admin = False
241 241 self.permissions = {}
242 242 self._api_key = api_key
243 243 self.propagate_data()
244 244
245 245
246 246 def propagate_data(self):
247 247 user_model = UserModel()
248 248 self.anonymous_user = user_model.get_by_username('default', cache=True)
249 249 if self._api_key and self._api_key != self.anonymous_user.api_key:
250 250 #try go get user by api key
251 251 log.debug('Auth User lookup by API KEY %s', self._api_key)
252 252 user_model.fill_data(self, api_key=self._api_key)
253 253 else:
254 254 log.debug('Auth User lookup by USER ID %s', self.user_id)
255 255 if self.user_id is not None and self.user_id != self.anonymous_user.user_id:
256 256 user_model.fill_data(self, user_id=self.user_id)
257 257 else:
258 258 if self.anonymous_user.active is True:
259 259 user_model.fill_data(self, user_id=self.anonymous_user.user_id)
260 260 #then we set this user is logged in
261 261 self.is_authenticated = True
262 262 else:
263 263 self.is_authenticated = False
264 264
265 265 log.debug('Auth User is now %s', self)
266 266 user_model.fill_perms(self)
267 267
268 268 @property
269 269 def is_admin(self):
270 270 return self.admin
271 271
272 272 def __repr__(self):
273 273 return "<AuthUser('id:%s:%s|%s')>" % (self.user_id, self.username,
274 274 self.is_authenticated)
275 275
276 276 def set_authenticated(self, authenticated=True):
277 277
278 278 if self.user_id != self.anonymous_user.user_id:
279 279 self.is_authenticated = authenticated
280 280
281 281
282 282 def set_available_permissions(config):
283 283 """This function will propagate pylons globals with all available defined
284 284 permission given in db. We don't want to check each time from db for new
285 285 permissions since adding a new permission also requires application restart
286 286 ie. to decorate new views with the newly created permission
287 287
288 288 :param config: current pylons config instance
289 289
290 290 """
291 291 log.info('getting information about all available permissions')
292 292 try:
293 293 sa = meta.Session()
294 294 all_perms = sa.query(Permission).all()
295 295 except:
296 296 pass
297 297 finally:
298 298 meta.Session.remove()
299 299
300 300 config['available_permissions'] = [x.permission_name for x in all_perms]
301 301
302 302 #===============================================================================
303 303 # CHECK DECORATORS
304 304 #===============================================================================
305 305 class LoginRequired(object):
306 306 """
307 307 Must be logged in to execute this function else
308 308 redirect to login page
309 309
310 310 :param api_access: if enabled this checks only for valid auth token
311 311 and grants access based on valid token
312 312 """
313 313
314 314 def __init__(self, api_access=False):
315 315 self.api_access = api_access
316 316
317 317 def __call__(self, func):
318 318 return decorator(self.__wrapper, func)
319 319
320 320 def __wrapper(self, func, *fargs, **fkwargs):
321 321 cls = fargs[0]
322 322 user = cls.rhodecode_user
323 323
324 324 api_access_ok = False
325 325 if self.api_access:
326 326 log.debug('Checking API KEY access for %s', cls)
327 327 if user.api_key == request.GET.get('api_key'):
328 328 api_access_ok = True
329 329 else:
330 330 log.debug("API KEY token not valid")
331 331
332 332 log.debug('Checking if %s is authenticated @ %s', user.username, cls)
333 333 if user.is_authenticated or api_access_ok:
334 334 log.debug('user %s is authenticated', user.username)
335 335 return func(*fargs, **fkwargs)
336 336 else:
337 337 log.warn('user %s NOT authenticated', user.username)
338 338
339 339 p = ''
340 340 if request.environ.get('SCRIPT_NAME') != '/':
341 341 p += request.environ.get('SCRIPT_NAME')
342 342
343 343 p += request.environ.get('PATH_INFO')
344 344 if request.environ.get('QUERY_STRING'):
345 345 p += '?' + request.environ.get('QUERY_STRING')
346 346
347 347 log.debug('redirecting to login page with %s', p)
348 348 return redirect(url('login_home', came_from=p))
349 349
350 350 class NotAnonymous(object):
351 351 """Must be logged in to execute this function else
352 352 redirect to login page"""
353 353
354 354 def __call__(self, func):
355 355 return decorator(self.__wrapper, func)
356 356
357 357 def __wrapper(self, func, *fargs, **fkwargs):
358 358 cls = fargs[0]
359 359 self.user = cls.rhodecode_user
360 360
361 361 log.debug('Checking if user is not anonymous @%s', cls)
362 362
363 363 anonymous = self.user.username == 'default'
364 364
365 365 if anonymous:
366 366 p = ''
367 367 if request.environ.get('SCRIPT_NAME') != '/':
368 368 p += request.environ.get('SCRIPT_NAME')
369 369
370 370 p += request.environ.get('PATH_INFO')
371 371 if request.environ.get('QUERY_STRING'):
372 372 p += '?' + request.environ.get('QUERY_STRING')
373 373
374 374 import rhodecode.lib.helpers as h
375 375 h.flash(_('You need to be a registered user to perform this action'),
376 376 category='warning')
377 377 return redirect(url('login_home', came_from=p))
378 378 else:
379 379 return func(*fargs, **fkwargs)
380 380
381 381 class PermsDecorator(object):
382 382 """Base class for controller decorators"""
383 383
384 384 def __init__(self, *required_perms):
385 385 available_perms = config['available_permissions']
386 386 for perm in required_perms:
387 387 if perm not in available_perms:
388 388 raise Exception("'%s' permission is not defined" % perm)
389 389 self.required_perms = set(required_perms)
390 390 self.user_perms = None
391 391
392 392 def __call__(self, func):
393 393 return decorator(self.__wrapper, func)
394 394
395 395
396 396 def __wrapper(self, func, *fargs, **fkwargs):
397 397 cls = fargs[0]
398 398 self.user = cls.rhodecode_user
399 399 self.user_perms = self.user.permissions
400 400 log.debug('checking %s permissions %s for %s %s',
401 401 self.__class__.__name__, self.required_perms, cls,
402 402 self.user)
403 403
404 404 if self.check_permissions():
405 405 log.debug('Permission granted for %s %s', cls, self.user)
406 406 return func(*fargs, **fkwargs)
407 407
408 408 else:
409 409 log.warning('Permission denied for %s %s', cls, self.user)
410 410 #redirect with forbidden ret code
411 411 return abort(403)
412 412
413 413
414 414
415 415 def check_permissions(self):
416 416 """Dummy function for overriding"""
417 417 raise Exception('You have to write this function in child class')
418 418
419 419 class HasPermissionAllDecorator(PermsDecorator):
420 420 """Checks for access permission for all given predicates. All of them
421 421 have to be meet in order to fulfill the request
422 422 """
423 423
424 424 def check_permissions(self):
425 425 if self.required_perms.issubset(self.user_perms.get('global')):
426 426 return True
427 427 return False
428 428
429 429
430 430 class HasPermissionAnyDecorator(PermsDecorator):
431 431 """Checks for access permission for any of given predicates. In order to
432 432 fulfill the request any of predicates must be meet
433 433 """
434 434
435 435 def check_permissions(self):
436 436 if self.required_perms.intersection(self.user_perms.get('global')):
437 437 return True
438 438 return False
439 439
440 440 class HasRepoPermissionAllDecorator(PermsDecorator):
441 441 """Checks for access permission for all given predicates for specific
442 442 repository. All of them have to be meet in order to fulfill the request
443 443 """
444 444
445 445 def check_permissions(self):
446 446 repo_name = get_repo_slug(request)
447 447 try:
448 448 user_perms = set([self.user_perms['repositories'][repo_name]])
449 449 except KeyError:
450 450 return False
451 451 if self.required_perms.issubset(user_perms):
452 452 return True
453 453 return False
454 454
455 455
456 456 class HasRepoPermissionAnyDecorator(PermsDecorator):
457 457 """Checks for access permission for any of given predicates for specific
458 458 repository. In order to fulfill the request any of predicates must be meet
459 459 """
460 460
461 461 def check_permissions(self):
462 462 repo_name = get_repo_slug(request)
463 463
464 464 try:
465 465 user_perms = set([self.user_perms['repositories'][repo_name]])
466 466 except KeyError:
467 467 return False
468 468 if self.required_perms.intersection(user_perms):
469 469 return True
470 470 return False
471 471 #===============================================================================
472 472 # CHECK FUNCTIONS
473 473 #===============================================================================
474 474
475 475 class PermsFunction(object):
476 476 """Base function for other check functions"""
477 477
478 478 def __init__(self, *perms):
479 479 available_perms = config['available_permissions']
480 480
481 481 for perm in perms:
482 482 if perm not in available_perms:
483 483 raise Exception("'%s' permission in not defined" % perm)
484 484 self.required_perms = set(perms)
485 485 self.user_perms = None
486 486 self.granted_for = ''
487 487 self.repo_name = None
488 488
489 489 def __call__(self, check_Location=''):
490 490 user = session.get('rhodecode_user', False)
491 491 if not user:
492 492 return False
493 493 self.user_perms = user.permissions
494 494 self.granted_for = user
495 495 log.debug('checking %s %s %s', self.__class__.__name__,
496 496 self.required_perms, user)
497 497
498 498 if self.check_permissions():
499 499 log.debug('Permission granted %s @ %s', self.granted_for,
500 500 check_Location or 'unspecified location')
501 501 return True
502 502
503 503 else:
504 504 log.warning('Permission denied for %s @ %s', self.granted_for,
505 505 check_Location or 'unspecified location')
506 506 return False
507 507
508 508 def check_permissions(self):
509 509 """Dummy function for overriding"""
510 510 raise Exception('You have to write this function in child class')
511 511
512 512 class HasPermissionAll(PermsFunction):
513 513 def check_permissions(self):
514 514 if self.required_perms.issubset(self.user_perms.get('global')):
515 515 return True
516 516 return False
517 517
518 518 class HasPermissionAny(PermsFunction):
519 519 def check_permissions(self):
520 520 if self.required_perms.intersection(self.user_perms.get('global')):
521 521 return True
522 522 return False
523 523
524 524 class HasRepoPermissionAll(PermsFunction):
525 525
526 526 def __call__(self, repo_name=None, check_Location=''):
527 527 self.repo_name = repo_name
528 528 return super(HasRepoPermissionAll, self).__call__(check_Location)
529 529
530 530 def check_permissions(self):
531 531 if not self.repo_name:
532 532 self.repo_name = get_repo_slug(request)
533 533
534 534 try:
535 535 self.user_perms = set([self.user_perms['repositories']\
536 536 [self.repo_name]])
537 537 except KeyError:
538 538 return False
539 539 self.granted_for = self.repo_name
540 540 if self.required_perms.issubset(self.user_perms):
541 541 return True
542 542 return False
543 543
544 544 class HasRepoPermissionAny(PermsFunction):
545 545
546 546 def __call__(self, repo_name=None, check_Location=''):
547 547 self.repo_name = repo_name
548 548 return super(HasRepoPermissionAny, self).__call__(check_Location)
549 549
550 550 def check_permissions(self):
551 551 if not self.repo_name:
552 552 self.repo_name = get_repo_slug(request)
553 553
554 554 try:
555 555 self.user_perms = set([self.user_perms['repositories']\
556 556 [self.repo_name]])
557 557 except KeyError:
558 558 return False
559 559 self.granted_for = self.repo_name
560 560 if self.required_perms.intersection(self.user_perms):
561 561 return True
562 562 return False
563 563
564 564 #===============================================================================
565 565 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
566 566 #===============================================================================
567 567
568 568 class HasPermissionAnyMiddleware(object):
569 569 def __init__(self, *perms):
570 570 self.required_perms = set(perms)
571 571
572 572 def __call__(self, user, repo_name):
573 573 usr = AuthUser(user.user_id)
574 574 try:
575 575 self.user_perms = set([usr.permissions['repositories'][repo_name]])
576 576 except:
577 577 self.user_perms = set()
578 578 self.granted_for = ''
579 579 self.username = user.username
580 580 self.repo_name = repo_name
581 581 return self.check_permissions()
582 582
583 583 def check_permissions(self):
584 584 log.debug('checking mercurial protocol '
585 585 'permissions %s for user:%s repository:%s', self.user_perms,
586 586 self.username, self.repo_name)
587 587 if self.required_perms.intersection(self.user_perms):
588 588 log.debug('permission granted')
589 589 return True
590 590 log.debug('permission denied')
591 591 return False
Show file before | Show file after | Hide comments
@@ -1,102 +1,105 b''
1 1 # -*- coding: utf-8 -*-
2 2 """
3 3 rhodecode.model.settings
4 4 ~~~~~~~~~~~~~~~~~~~~~~~~
5 5
6 6 Settings model for RhodeCode
7 7
8 8 :created on Nov 17, 2010
9 9 :author: marcink
10 10 :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
11 11 :license: GPLv3, see COPYING for more details.
12 12 """
13 13 # This program is free software; you can redistribute it and/or
14 14 # modify it under the terms of the GNU General Public License
15 15 # as published by the Free Software Foundation; version 2
16 16 # of the License or (at your opinion) any later version of the license.
17 17 #
18 18 # This program is distributed in the hope that it will be useful,
19 19 # but WITHOUT ANY WARRANTY; without even the implied warranty of
20 20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 21 # GNU General Public License for more details.
22 22 #
23 23 # You should have received a copy of the GNU General Public License
24 24 # along with this program; if not, write to the Free Software
25 25 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
26 26 # MA 02110-1301, USA.
27 27
28 28 import logging
29 29
30 30 from rhodecode.model import BaseModel
31 31 from rhodecode.model.caching_query import FromCache
32 32 from rhodecode.model.db import RhodeCodeSettings
33 33
34 34 log = logging.getLogger(__name__)
35 35
36 36 class SettingsModel(BaseModel):
37 37 """
38 38 Settings model
39 39 """
40 40
41 41 def get(self, settings_key, cache=False):
42 42 r = self.sa.query(RhodeCodeSettings)\
43 43 .filter(RhodeCodeSettings.app_settings_name == settings_key).scalar()
44 44 if cache:
45 45 r = r.options(FromCache("sql_cache_short",
46 46 "get_setting_%s" % settings_key))
47 47 return r
48 48
49 49 def get_app_settings(self, cache=False):
50 50 """Get's config from database, each config key is prefixed with
51 51 'rhodecode_' prefix, than global pylons config is updated with such
52 52 keys
53 53 """
54 54
55 55 ret = self.sa.query(RhodeCodeSettings)
56 56
57 57 if cache:
58 58 ret = ret.options(FromCache("sql_cache_short", "get_hg_settings"))
59 59
60 60 if not ret:
61 61 raise Exception('Could not get application settings !')
62 62 settings = {}
63 63 for each in ret:
64 64 settings['rhodecode_' + each.app_settings_name] = each.app_settings_value
65 65
66 66 return settings
67 67
68 68 def get_ldap_settings(self):
69 69 """
70 70 Returns ldap settings from database
71 71 :returns:
72 72 ldap_active
73 73 ldap_host
74 74 ldap_port
75 75 ldap_ldaps
76 76 ldap_tls_reqcert
77 77 ldap_dn_user
78 78 ldap_dn_pass
79 79 ldap_base_dn
80 80 ldap_filter
81 81 ldap_search_scope
82 82 ldap_attr_login
83 83 ldap_attr_firstname
84 84 ldap_attr_lastname
85 85 ldap_attr_email
86 86 """
87 87 # ldap_search_scope
88 88
89 89 r = self.sa.query(RhodeCodeSettings)\
90 90 .filter(RhodeCodeSettings.app_settings_name\
91 91 .startswith('ldap_'))\
92 92 .all()
93 93
94 94 fd = {}
95 95
96 96 for row in r:
97 97 v = row.app_settings_value
98 if v in ['0', '1']:
99 v = v == '1'
98 if v in ['true', 'yes', 'on', 'y', 't', '1']:
99 v = True
100 elif v in ['false', 'no', 'off', 'n', 'f', '0']:
101 v = False
102
100 103 fd.update({row.app_settings_name:v})
101 104
102 105 return fd
General Comments 0
You need to be logged in to leave comments. Login now