upstream/kallithea Commit - r4074:3b136af3

Added pre-create user hook....

marcink -

r4074:3b136af3 default

parent child

rhodecode/config/rcextensions/__init__.py

0 +23 0

             # Additional mappings that are not present in the pygments lexers
             # used for building stats
             # format is {'ext':['Names']} eg. {'py':['Python']} note: there can be
             # more than one name for extension
             # NOTE: that this will overide any mappings in LANGUAGES_EXTENSIONS_MAP
             # build by pygments
             EXTRA_MAPPINGS = {}
             # additional lexer definitions for custom files
             # it's overrides pygments lexers, and uses defined name of lexer to colorize the
             # files. Format is {'ext': 'lexer_name'}
             # List of lexers can be printed running:
             # python -c "import pprint;from pygments import lexers;pprint.pprint([(x[0], x[1]) for x in lexers.get_all_lexers()]);"
             EXTRA_LEXERS = {}
             #==============================================================================
             # WHOOSH INDEX EXTENSIONS
             #==============================================================================
             # if INDEX_EXTENSIONS is [] it'll use pygments lexers extensions by default.
             # To set your own just add to this list extensions to index with content
             INDEX_EXTENSIONS = []
             # additional extensions for indexing besides the default from pygments
             # those get's added to INDEX_EXTENSIONS
             EXTRA_INDEX_EXTENSIONS = []
             #==============================================================================
             # POST CREATE REPOSITORY HOOK
             #==============================================================================
             # this function will be executed after each repository is created
             def _crrepohook(*args, **kwargs):
                 """
                 Post create repository HOOK
                 kwargs available:
                  :param repo_name:
                  :param repo_type:
                  :param description:
                  :param private:
                  :param created_on:
                  :param enable_downloads:
                  :param repo_id:
                  :param user_id:
                  :param enable_statistics:
                  :param clone_uri:
                  :param fork_id:
                  :param group_id:
                  :param created_by:
                 """
                 return 0
             CREATE_REPO_HOOK = _crrepohook
             #==============================================================================
+            # PRE CREATE USER HOOK
+            #==============================================================================
+            # this function will be executed before each user is created
+            def _pre_cruserhook(*args, **kwargs):
+                """
+                Pre create user HOOK, it returns a tuple of bool, reason.
+                If bool is False the user creation will be stopped and reason
+                will be displayed to the user.
+                kwargs available:
+                :param username:
+                :param password:
+                :param email:
+                :param firstname:
+                :param lastname:
+                :param active:
+                :param admin:
+                :param created_by:
+                """
+                reason = 'allowed'
+                return True, reason
+            PRE_CREATE_USER_HOOK = _pre_cruserhook
+            #==============================================================================
             # POST CREATE USER HOOK
             #==============================================================================
             # this function will be executed after each user is created
             def _cruserhook(*args, **kwargs):
                 """
                 Post create user HOOK
                 kwargs available:
                   :param username:
                   :param full_name_or_username:
                   :param full_contact:
                   :param user_id:
                   :param name:
                   :param firstname:
                   :param short_contact:
                   :param admin:
                   :param lastname:
                   :param ip_addresses:
                   :param ldap_dn:
                   :param email:
                   :param api_key:
                   :param last_login:
                   :param full_name:
                   :param active:
                   :param password:
                   :param emails:
                   :param inherit_default_permissions:
                   :param created_by:
                 """
                 return 0
             CREATE_USER_HOOK = _cruserhook
             #==============================================================================
             # POST DELETE REPOSITORY HOOK
             #==============================================================================
             # this function will be executed after each repository deletion
             def _dlrepohook(*args, **kwargs):
                 """
                 Post delete repository HOOK
                 kwargs available:
                  :param repo_name:
                  :param repo_type:
                  :param description:
                  :param private:
                  :param created_on:
                  :param enable_downloads:
                  :param repo_id:
                  :param user_id:
                  :param enable_statistics:
                  :param clone_uri:
                  :param fork_id:
                  :param group_id:
                  :param deleted_by:
                  :param deleted_on:
                 """
                 return 0
             DELETE_REPO_HOOK = _dlrepohook
             #==============================================================================
             # POST DELETE USER HOOK
             #==============================================================================
             # this function will be executed after each user is deleted
             def _dluserhook(*args, **kwargs):
                 """
                 Post delete user HOOK
                 kwargs available:
                   :param username:
                   :param full_name_or_username:
                   :param full_contact:
                   :param user_id:
                   :param name:
                   :param firstname:
                   :param short_contact:
                   :param admin:
                   :param lastname:
                   :param ip_addresses:
                   :param ldap_dn:
                   :param email:
                   :param api_key:
                   :param last_login:
                   :param full_name:
                   :param active:
                   :param password:
                   :param emails:
                   :param inherit_default_permissions:
                   :param deleted_by:
                 """
                 return 0
             DELETE_USER_HOOK = _dluserhook
             #==============================================================================
             # POST PUSH HOOK
             #==============================================================================
             # this function will be executed after each push it's executed after the
             # build-in hook that RhodeCode uses for logging pushes
             def _pushhook(*args, **kwargs):
                 """
                 Post push hook
                 kwargs available:
                   :param server_url: url of instance that triggered this hook
                   :param config: path to .ini config used
                   :param scm: type of VS 'git' or 'hg'
                   :param username: name of user who pushed
                   :param ip: ip of who pushed
                   :param action: push
                   :param repository: repository name
                   :param pushed_revs: list of pushed revisions
                 """
                 return 0
             PUSH_HOOK = _pushhook
             #==============================================================================
             # POST PULL HOOK
             #==============================================================================
             # this function will be executed after each push it's executed after the
             # build-in hook that RhodeCode uses for logging pulls
             def _pullhook(*args, **kwargs):
                 """
                 Post pull hook
                 kwargs available::
                   :param server_url: url of instance that triggered this hook
                   :param config: path to .ini config used
                   :param scm: type of VS 'git' or 'hg'
                   :param username: name of user who pulled
                   :param ip: ip of who pulled
                   :param action: pull
                   :param repository: repository name
                 """
                 return 0
             PULL_HOOK = _pullhook

rhodecode/controllers/admin/users.py

0 +3 -1

             # -*- coding: utf-8 -*-
             """
                 rhodecode.controllers.admin.users
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                 Users crud controller for pylons
                 :created_on: Apr 4, 2010
                 :author: marcink
                 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import logging
             import traceback
             import formencode
             from pylons import response
             from formencode import htmlfill
             from pylons import request, session, tmpl_context as c, url, config
             from pylons.controllers.util import redirect
             from pylons.i18n.translation import _
             import rhodecode
             from rhodecode.lib.exceptions import DefaultUserException, \
-                UserOwnsReposException
+                UserOwnsReposException, UserCreationError
             from rhodecode.lib import helpers as h
             from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \
                 AuthUser
             from rhodecode.lib.base import BaseController, render
             from rhodecode.model.db import User, UserEmailMap, UserIpMap, UserToPerm
             from rhodecode.model.forms import UserForm, CustomDefaultPermissionsForm
             from rhodecode.model.user import UserModel
             from rhodecode.model.meta import Session
             from rhodecode.lib.utils import action_logger
             from rhodecode.lib.compat import json
             from rhodecode.lib.utils2 import datetime_to_time, str2bool
             log = logging.getLogger(__name__)
             class UsersController(BaseController):
                 """REST Controller styled on the Atom Publishing Protocol"""
                 # To properly map this controller, ensure your config/routing.py
                 # file has a resource setup:
                 #     map.resource('user', 'users')
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 def __before__(self):
                     super(UsersController, self).__before__()
                     c.available_permissions = config['available_permissions']
                 def index(self, format='html'):
                     """GET /users: All items in the collection"""
                     # url('users')
                     c.users_list = User.query().order_by(User.username)\
                                     .filter(User.username != User.DEFAULT_USER)\
                                     .all()
                     users_data = []
                     total_records = len(c.users_list)
                     _tmpl_lookup = rhodecode.CONFIG['pylons.app_globals'].mako_lookup
                     template = _tmpl_lookup.get_template('data_table/_dt_elements.html')
                     grav_tmpl = lambda user_email, size: (
                             template.get_def("user_gravatar")
                             .render(user_email, size, _=_, h=h, c=c))
                     user_lnk = lambda user_id, username: (
                             template.get_def("user_name")
                             .render(user_id, username, _=_, h=h, c=c))
                     user_actions = lambda user_id, username: (
                             template.get_def("user_actions")
                             .render(user_id, username, _=_, h=h, c=c))
                     for user in c.users_list:
                         users_data.append({
                             "gravatar": grav_tmpl(user. email, 24),
                             "raw_username": user.username,
                             "username": user_lnk(user.user_id, user.username),
                             "firstname": user.name,
                             "lastname": user.lastname,
                             "last_login": h.fmt_date(user.last_login),
                             "last_login_raw": datetime_to_time(user.last_login),
                             "active": h.boolicon(user.active),
                             "admin": h.boolicon(user.admin),
                             "ldap": h.boolicon(bool(user.ldap_dn)),
                             "action": user_actions(user.user_id, user.username),
                         })
                     c.data = json.dumps({
                         "totalRecords": total_records,
                         "startIndex": 0,
                         "sort": None,
                         "dir": "asc",
                         "records": users_data
                     })
                     return render('admin/users/users.html')
                 def create(self):
                     """POST /users: Create a new item"""
                     # url('users')
                     user_model = UserModel()
                     user_form = UserForm()()
                     try:
                         form_result = user_form.to_python(dict(request.POST))
                         user_model.create(form_result)
                         usr = form_result['username']
                         action_logger(self.rhodecode_user, 'admin_created_user:%s' % usr,
                                       None, self.ip_addr, self.sa)
                         h.flash(_('Created user %s') % usr,
                                 category='success')
                         Session().commit()
                     except formencode.Invalid, errors:
                         return htmlfill.render(
                             render('admin/users/user_add.html'),
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8")
+                    except UserCreationError, e:
+                        h.flash(e, 'error')
                     except Exception:
                         log.error(traceback.format_exc())
                         h.flash(_('Error occurred during creation of user %s') \
                                 % request.POST.get('username'), category='error')
                     return redirect(url('users'))
                 def new(self, format='html'):
                     """GET /users/new: Form to create a new item"""
                     # url('new_user')
                     return render('admin/users/user_add.html')
                 def update(self, id):
                     """PUT /users/id: Update an existing item"""
                     # Forms posted to this method should contain a hidden field:
                     #    <input type="hidden" name="_method" value="PUT" />
                     # Or using helpers:
                     #    h.form(url('update_user', id=ID),
                     #           method='put')
                     # url('user', id=ID)
                     user_model = UserModel()
                     c.user = user_model.get(id)
                     c.ldap_dn = c.user.ldap_dn
                     c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr)
                     _form = UserForm(edit=True, old_data={'user_id': id,
                                                           'email': c.user.email})()
                     form_result = {}
                     try:
                         form_result = _form.to_python(dict(request.POST))
                         skip_attrs = []
                         if c.ldap_dn:
                             #forbid updating username for ldap accounts
                             skip_attrs = ['username']
                         user_model.update(id, form_result, skip_attrs=skip_attrs)
                         usr = form_result['username']
                         action_logger(self.rhodecode_user, 'admin_updated_user:%s' % usr,
                                       None, self.ip_addr, self.sa)
                         h.flash(_('User updated successfully'), category='success')
                         Session().commit()
                     except formencode.Invalid, errors:
                         c.user_email_map = UserEmailMap.query()\
                                         .filter(UserEmailMap.user == c.user).all()
                         c.user_ip_map = UserIpMap.query()\
                                         .filter(UserIpMap.user == c.user).all()
                         defaults = errors.value
                         e = errors.error_dict or {}
                         defaults.update({
                             'create_repo_perm': user_model.has_perm(id, 'hg.create.repository'),
                             'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'),
                             '_method': 'put'
                         })
                         return htmlfill.render(
                             render('admin/users/user_edit.html'),
                             defaults=defaults,
                             errors=e,
                             prefix_error=False,
                             encoding="UTF-8")
                     except Exception:
                         log.error(traceback.format_exc())
                         h.flash(_('Error occurred during update of user %s') \
                                 % form_result.get('username'), category='error')
                     return redirect(url('edit_user', id=id))
                 def delete(self, id):
                     """DELETE /users/id: Delete an existing item"""
                     # Forms posted to this method should contain a hidden field:
                     #    <input type="hidden" name="_method" value="DELETE" />
                     # Or using helpers:
                     #    h.form(url('delete_user', id=ID),
                     #           method='delete')
                     # url('user', id=ID)
                     usr = User.get_or_404(id)
                     try:
                         UserModel().delete(usr)
                         Session().commit()
                         h.flash(_('Successfully deleted user'), category='success')
                     except (UserOwnsReposException, DefaultUserException), e:
                         h.flash(e, category='warning')
                     except Exception:
                         log.error(traceback.format_exc())
                         h.flash(_('An error occurred during deletion of user'),
                                 category='error')
                     return redirect(url('users'))
                 def show(self, id, format='html'):
                     """GET /users/id: Show a specific item"""
                     # url('user', id=ID)
                     User.get_or_404(-1)
                 def edit(self, id, format='html'):
                     """GET /users/id/edit: Form to edit an existing item"""
                     # url('edit_user', id=ID)
                     c.user = User.get_or_404(id)
                     if c.user.username == 'default':
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(url('users'))
                     c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr)
                     c.user.permissions = {}
                     c.granted_permissions = UserModel().fill_perms(c.user)\
                         .permissions['global']
                     c.user_email_map = UserEmailMap.query()\
                                     .filter(UserEmailMap.user == c.user).all()
                     c.user_ip_map = UserIpMap.query()\
                                     .filter(UserIpMap.user == c.user).all()
                     umodel = UserModel()
                     c.ldap_dn = c.user.ldap_dn
                     defaults = c.user.get_dict()
                     defaults.update({
                      'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'),
                      'create_user_group_perm': umodel.has_perm(c.user, 'hg.usergroup.create.true'),
                      'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'),
                     })
                     return htmlfill.render(
                         render('admin/users/user_edit.html'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                 def update_perm(self, id):
                     """PUT /users_perm/id: Update an existing item"""
                     # url('user_perm', id=ID, method='put')
                     user = User.get_or_404(id)
                     try:
                         form = CustomDefaultPermissionsForm()()
                         form_result = form.to_python(request.POST)
                         inherit_perms = form_result['inherit_default_permissions']
                         user.inherit_default_permissions = inherit_perms
                         Session().add(user)
                         user_model = UserModel()
                         defs = UserToPerm.query()\
                             .filter(UserToPerm.user == user)\
                             .all()
                         for ug in defs:
                             Session().delete(ug)
                         if form_result['create_repo_perm']:
                             user_model.grant_perm(id, 'hg.create.repository')
                         else:
                             user_model.grant_perm(id, 'hg.create.none')
                         if form_result['create_user_group_perm']:
                             user_model.grant_perm(id, 'hg.usergroup.create.true')
                         else:
                             user_model.grant_perm(id, 'hg.usergroup.create.false')
                         if form_result['fork_repo_perm']:
                             user_model.grant_perm(id, 'hg.fork.repository')
                         else:
                             user_model.grant_perm(id, 'hg.fork.none')
                         h.flash(_("Updated permissions"), category='success')
                         Session().commit()
                     except Exception:
                         log.error(traceback.format_exc())
                         h.flash(_('An error occurred during permissions saving'),
                                 category='error')
                     return redirect(url('edit_user', id=id))
                 def add_email(self, id):
                     """POST /user_emails:Add an existing item"""
                     # url('user_emails', id=ID, method='put')
                     email = request.POST.get('new_email')
                     user_model = UserModel()
                     try:
                         user_model.add_extra_email(id, email)
                         Session().commit()
                         h.flash(_("Added email %s to user") % email, category='success')
                     except formencode.Invalid, error:
                         msg = error.error_dict['email']
                         h.flash(msg, category='error')
                     except Exception:
                         log.error(traceback.format_exc())
                         h.flash(_('An error occurred during email saving'),
                                 category='error')
                     return redirect(url('edit_user', id=id))
                 def delete_email(self, id):
                     """DELETE /user_emails_delete/id: Delete an existing item"""
                     # url('user_emails_delete', id=ID, method='delete')
                     user_model = UserModel()
                     user_model.delete_extra_email(id, request.POST.get('del_email'))
                     Session().commit()
                     h.flash(_("Removed email from user"), category='success')
                     return redirect(url('edit_user', id=id))
                 def add_ip(self, id):
                     """POST /user_ips:Add an existing item"""
                     # url('user_ips', id=ID, method='put')
                     ip = request.POST.get('new_ip')
                     user_model = UserModel()
                     try:
                         user_model.add_extra_ip(id, ip)
                         Session().commit()
                         h.flash(_("Added ip %s to user") % ip, category='success')
                     except formencode.Invalid, error:
                         msg = error.error_dict['ip']
                         h.flash(msg, category='error')
                     except Exception:
                         log.error(traceback.format_exc())
                         h.flash(_('An error occurred during ip saving'),
                                 category='error')
                     if 'default_user' in request.POST:
                         return redirect(url('edit_permission', id='default'))
                     return redirect(url('edit_user', id=id))
                 def delete_ip(self, id):
                     """DELETE /user_ips_delete/id: Delete an existing item"""
                     # url('user_ips_delete', id=ID, method='delete')
                     user_model = UserModel()
                     user_model.delete_extra_ip(id, request.POST.get('del_ip'))
                     Session().commit()
                     h.flash(_("Removed ip from user"), category='success')
                     if 'default_user' in request.POST:
                         return redirect(url('edit_permission', id='default'))
                     return redirect(url('edit_user', id=id))

rhodecode/controllers/login.py

0 +13 0

             # -*- coding: utf-8 -*-
             """
                 rhodecode.controllers.login
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
                 Login controller for rhodeocode
                 :created_on: Apr 22, 2010
                 :author: marcink
                 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import logging
             import formencode
             import datetime
             import urlparse
             from formencode import htmlfill
             from webob.exc import HTTPFound
             from pylons.i18n.translation import _
             from pylons.controllers.util import abort, redirect
             from pylons import request, response, session, tmpl_context as c, url
             import rhodecode.lib.helpers as h
             from rhodecode.lib.auth import AuthUser, HasPermissionAnyDecorator
             from rhodecode.lib.base import BaseController, render
+            from rhodecode.lib.exceptions import UserCreationError
             from rhodecode.model.db import User
             from rhodecode.model.forms import LoginForm, RegisterForm, PasswordResetForm
             from rhodecode.model.user import UserModel
             from rhodecode.model.meta import Session
             log = logging.getLogger(__name__)
             class LoginController(BaseController):
                 def __before__(self):
                     super(LoginController, self).__before__()
                 def index(self):
                     # redirect if already logged in
                     c.came_from = request.GET.get('came_from')
                     not_default = self.rhodecode_user.username != 'default'
                     ip_allowed = self.rhodecode_user.ip_allowed
                     if self.rhodecode_user.is_authenticated and not_default and ip_allowed:
                         return redirect(url('home'))
                     if request.POST:
                         # import Login Form validator class
                         login_form = LoginForm()
                         try:
                             session.invalidate()
                             c.form_result = login_form.to_python(dict(request.POST))
                             # form checks for username/password, now we're authenticated
                             username = c.form_result['username']
                             user = User.get_by_username(username, case_insensitive=True)
                             auth_user = AuthUser(user.user_id)
                             auth_user.set_authenticated()
                             cs = auth_user.get_cookie_store()
                             session['rhodecode_user'] = cs
                             user.update_lastlogin()
                             Session().commit()
                             # If they want to be remembered, update the cookie
                             if c.form_result['remember']:
                                 _year = (datetime.datetime.now() +
                                          datetime.timedelta(seconds=60 * 60 * 24 * 365))
                                 session._set_cookie_expires(_year)
                             session.save()
                             log.info('user %s is now authenticated and stored in '
                                      'session, session attrs %s' % (username, cs))
                             # dumps session attrs back to cookie
                             session._update_cookie_out()
                             # we set new cookie
                             headers = None
                             if session.request['set_cookie']:
                                 # send set-cookie headers back to response to update cookie
                                 headers = [('Set-Cookie', session.request['cookie_out'])]
                             allowed_schemes = ['http', 'https']
                             if c.came_from:
                                 parsed = urlparse.urlparse(c.came_from)
                                 server_parsed = urlparse.urlparse(url.current())
                                 if parsed.scheme and parsed.scheme not in allowed_schemes:
                                     log.error(
                                         'Suspicious URL scheme detected %s for url %s' %
                                         (parsed.scheme, parsed))
                                     c.came_from = url('home')
                                 elif server_parsed.netloc != parsed.netloc:
                                     log.error('Suspicious NETLOC detected %s for url %s'
                                               'server url is: %s' %
                                               (parsed.netloc, parsed, server_parsed))
                                     c.came_from = url('home')
                                 raise HTTPFound(location=c.came_from, headers=headers)
                             else:
                                 raise HTTPFound(location=url('home'), headers=headers)
                         except formencode.Invalid, errors:
                             return htmlfill.render(
                                 render('/login.html'),
                                 defaults=errors.value,
                                 errors=errors.error_dict or {},
                                 prefix_error=False,
                                 encoding="UTF-8")
+                        except UserCreationError, e:
+                            # container auth or other auth functions that create users on
+                            # the fly can throw this exception signaling that there's issue
+                            # with user creation, explanation should be provided in
+                            # Exception itself
+                            h.flash(e, 'error')
                     return render('/login.html')
                 @HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate',
                                            'hg.register.manual_activate')
                 def register(self):
                     c.auto_active = 'hg.register.auto_activate' in User.get_default_user()\
                         .AuthUser.permissions['global']
                     if request.POST:
                         register_form = RegisterForm()()
                         try:
                             form_result = register_form.to_python(dict(request.POST))
                             form_result['active'] = c.auto_active
                             UserModel().create_registration(form_result)
                             h.flash(_('You have successfully registered into RhodeCode'),
                                         category='success')
                             Session().commit()
                             return redirect(url('login_home'))
                         except formencode.Invalid, errors:
                             return htmlfill.render(
                                 render('/register.html'),
                                 defaults=errors.value,
                                 errors=errors.error_dict or {},
                                 prefix_error=False,
                                 encoding="UTF-8")
+                        except UserCreationError, e:
+                            # container auth or other auth functions that create users on
+                            # the fly can throw this exception signaling that there's issue
+                            # with user creation, explanation should be provided in
+                            # Exception itself
+                            h.flash(e, 'error')
                     return render('/register.html')
                 def password_reset(self):
                     if request.POST:
                         password_reset_form = PasswordResetForm()()
                         try:
                             form_result = password_reset_form.to_python(dict(request.POST))
                             UserModel().reset_password_link(form_result)
                             h.flash(_('Your password reset link was sent'),
                                         category='success')
                             return redirect(url('login_home'))
                         except formencode.Invalid, errors:
                             return htmlfill.render(
                                 render('/password_reset.html'),
                                 defaults=errors.value,
                                 errors=errors.error_dict or {},
                                 prefix_error=False,
                                 encoding="UTF-8")
                     return render('/password_reset.html')
                 def password_reset_confirmation(self):
                     if request.GET and request.GET.get('key'):
                         try:
                             user = User.get_by_api_key(request.GET.get('key'))
                             data = dict(email=user.email)
                             UserModel().reset_password(data)
                             h.flash(_('Your password reset was successful, '
                                       'new password has been sent to your email'),
                                         category='success')
                         except Exception, e:
                             log.error(e)
                             return redirect(url('reset_password'))
                     return redirect(url('login_home'))
                 def logout(self):
                     session.delete()
                     log.info('Logging out and deleting session for user')
                     redirect(url('home'))

rhodecode/lib/base.py

0 +11 0

             """The base Controller API
             Provides the BaseController class for subclassing.
             """
             import logging
             import time
             import traceback
             from paste.auth.basic import AuthBasicAuthenticator
             from paste.httpexceptions import HTTPUnauthorized, HTTPForbidden
             from paste.httpheaders import WWW_AUTHENTICATE, AUTHORIZATION
             from pylons import config, tmpl_context as c, request, session, url
             from pylons.controllers import WSGIController
             from pylons.controllers.util import redirect
             from pylons.templating import render_mako as render
             from rhodecode import __version__, BACKENDS
             from rhodecode.lib.utils2 import str2bool, safe_unicode, AttributeDict,\
                 safe_str, safe_int
             from rhodecode.lib.auth import AuthUser, get_container_username, authfunc,\
                 HasPermissionAnyMiddleware, CookieStoreWrapper
             from rhodecode.lib.utils import get_repo_slug
+            from rhodecode.lib.exceptions import UserCreationError
             from rhodecode.model import meta
             from rhodecode.model.db import Repository, RhodeCodeUi, User, RhodeCodeSetting
             from rhodecode.model.notification import NotificationModel
             from rhodecode.model.scm import ScmModel
             from rhodecode.model.meta import Session
             log = logging.getLogger(__name__)
             def _filter_proxy(ip):
                 """
                 HEADERS can have multiple ips inside the left-most being the original
                 client, and each successive proxy that passed the request adding the IP
                 address where it received the request from.
                 :param ip:
                 """
                 if ',' in ip:
                     _ips = ip.split(',')
                     _first_ip = _ips[0].strip()
                     log.debug('Got multiple IPs %s, using %s' % (','.join(_ips), _first_ip))
                     return _first_ip
                 return ip
             def _get_ip_addr(environ):
                 proxy_key = 'HTTP_X_REAL_IP'
                 proxy_key2 = 'HTTP_X_FORWARDED_FOR'
                 def_key = 'REMOTE_ADDR'
                 ip = environ.get(proxy_key)
                 if ip:
                     return _filter_proxy(ip)
                 ip = environ.get(proxy_key2)
                 if ip:
                     return _filter_proxy(ip)
                 ip = environ.get(def_key, '0.0.0.0')
                 return _filter_proxy(ip)
             def _get_access_path(environ):
                 path = environ.get('PATH_INFO')
                 org_req = environ.get('pylons.original_request')
                 if org_req:
                     path = org_req.environ.get('PATH_INFO')
                 return path
             class BasicAuth(AuthBasicAuthenticator):
                 def __init__(self, realm, authfunc, auth_http_code=None):
                     self.realm = realm
                     self.authfunc = authfunc
                     self._rc_auth_http_code = auth_http_code
                 def build_authentication(self):
                     head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)
                     if self._rc_auth_http_code and self._rc_auth_http_code == '403':
                         # return 403 if alternative http return code is specified in
                         # RhodeCode config
                         return HTTPForbidden(headers=head)
                     return HTTPUnauthorized(headers=head)
                 def authenticate(self, environ):
                     authorization = AUTHORIZATION(environ)
                     if not authorization:
                         return self.build_authentication()
                     (authmeth, auth) = authorization.split(' ', 1)
                     if 'basic' != authmeth.lower():
                         return self.build_authentication()
                     auth = auth.strip().decode('base64')
                     _parts = auth.split(':', 1)
                     if len(_parts) == 2:
                         username, password = _parts
                         if self.authfunc(environ, username, password):
                             return username
                     return self.build_authentication()
                 __call__ = authenticate
             class BaseVCSController(object):
                 def __init__(self, application, config):
                     self.application = application
                     self.config = config
                     # base path of repo locations
                     self.basepath = self.config['base_path']
                     #authenticate this mercurial request using authfunc
                     self.authenticate = BasicAuth('', authfunc,
                                                   config.get('auth_ret_code'))
                     self.ip_addr = '0.0.0.0'
                 def _handle_request(self, environ, start_response):
                     raise NotImplementedError()
                 def _get_by_id(self, repo_name):
                     """
                     Get's a special pattern _<ID> from clone url and tries to replace it
                     with a repository_name for support of _<ID> non changable urls
                     :param repo_name:
                     """
                     try:
                         data = repo_name.split('/')
                         if len(data) >= 2:
                             by_id = data[1].split('_')
                             if len(by_id) == 2 and by_id[1].isdigit():
                                 _repo_name = Repository.get(by_id[1]).repo_name
                                 data[1] = _repo_name
                     except Exception:
                         log.debug('Failed to extract repo_name from id %s' % (
                                   traceback.format_exc()
                                   )
                         )
                     return '/'.join(data)
                 def _invalidate_cache(self, repo_name):
                     """
                     Set's cache for this repository for invalidation on next access
                     :param repo_name: full repo name, also a cache key
                     """
                     ScmModel().mark_for_invalidation(repo_name)
                 def _check_permission(self, action, user, repo_name, ip_addr=None):
                     """
                     Checks permissions using action (push/pull) user and repository
                     name
                     :param action: push or pull action
                     :param user: user instance
                     :param repo_name: repository name
                     """
                     #check IP
                     authuser = AuthUser(user_id=user.user_id, ip_addr=ip_addr)
                     if not authuser.ip_allowed:
                         return False
                     else:
                         log.info('Access for IP:%s allowed' % (ip_addr))
                     if action == 'push':
                         if not HasPermissionAnyMiddleware('repository.write',
                                                           'repository.admin')(user,
                                                                               repo_name):
                             return False
                     else:
                         #any other action need at least read permission
                         if not HasPermissionAnyMiddleware('repository.read',
                                                           'repository.write',
                                                           'repository.admin')(user,
                                                                               repo_name):
                             return False
                     return True
                 def _get_ip_addr(self, environ):
                     return _get_ip_addr(environ)
                 def _check_ssl(self, environ, start_response):
                     """
                     Checks the SSL check flag and returns False if SSL is not present
                     and required True otherwise
                     """
                     org_proto = environ['wsgi._org_proto']
                     #check if we have SSL required  ! if not it's a bad request !
                     require_ssl = str2bool(RhodeCodeUi.get_by_key('push_ssl').ui_value)
                     if require_ssl and org_proto == 'http':
                         log.debug('proto is %s and SSL is required BAD REQUEST !'
                                   % org_proto)
                         return False
                     return True
                 def _check_locking_state(self, environ, action, repo, user_id):
                     """
                     Checks locking on this repository, if locking is enabled and lock is
                     present returns a tuple of make_lock, locked, locked_by.
                     make_lock can have 3 states None (do nothing) True, make lock
                     False release lock, This value is later propagated to hooks, which
                     do the locking. Think about this as signals passed to hooks what to do.
                     """
                     locked = False  # defines that locked error should be thrown to user
                     make_lock = None
                     repo = Repository.get_by_repo_name(repo)
                     user = User.get(user_id)
                     # this is kind of hacky, but due to how mercurial handles client-server
                     # server see all operation on changeset; bookmarks, phases and
                     # obsolescence marker in different transaction, we don't want to check
                     # locking on those
                     obsolete_call = environ['QUERY_STRING'] in ['cmd=listkeys',]
                     locked_by = repo.locked
                     if repo and repo.enable_locking and not obsolete_call:
                         if action == 'push':
                             #check if it's already locked !, if it is compare users
                             user_id, _date = repo.locked
                             if user.user_id == user_id:
                                 log.debug('Got push from user %s, now unlocking' % (user))
                                 # unlock if we have push from user who locked
                                 make_lock = False
                             else:
                                 # we're not the same user who locked, ban with 423 !
                                 locked = True
                         if action == 'pull':
                             if repo.locked[0] and repo.locked[1]:
                                 locked = True
                             else:
                                 log.debug('Setting lock on repo %s by %s' % (repo, user))
                                 make_lock = True
                     else:
                         log.debug('Repository %s do not have locking enabled' % (repo))
                     log.debug('FINAL locking values make_lock:%s,locked:%s,locked_by:%s'
                               % (make_lock, locked, locked_by))
                     return make_lock, locked, locked_by
                 def __call__(self, environ, start_response):
                     start = time.time()
                     try:
                         return self._handle_request(environ, start_response)
                     finally:
                         log = logging.getLogger('rhodecode.' + self.__class__.__name__)
                         log.debug('Request time: %.3fs' % (time.time() - start))
                         meta.Session.remove()
             class BaseController(WSGIController):
                 def __before__(self):
                     """
                     __before__ is called before controller methods and after __call__
                     """
                     c.rhodecode_version = __version__
                     c.rhodecode_instanceid = config.get('instance_id')
                     c.rhodecode_name = config.get('rhodecode_title')
                     c.rhodecode_bugtracker = config.get('bugtracker', 'http://bitbucket.org/marcinkuzminski/rhodecode/issues')
                     c.use_gravatar = str2bool(config.get('use_gravatar'))
                     c.ga_code = config.get('rhodecode_ga_code')
                     # Visual options
                     c.visual = AttributeDict({})
                     rc_config = RhodeCodeSetting.get_app_settings()
                     ## DB stored
                     c.visual.show_public_icon = str2bool(rc_config.get('rhodecode_show_public_icon'))
                     c.visual.show_private_icon = str2bool(rc_config.get('rhodecode_show_private_icon'))
                     c.visual.stylify_metatags = str2bool(rc_config.get('rhodecode_stylify_metatags'))
                     c.visual.dashboard_items = safe_int(rc_config.get('rhodecode_dashboard_items', 100))
                     c.visual.repository_fields = str2bool(rc_config.get('rhodecode_repository_fields'))
                     c.visual.show_version = str2bool(rc_config.get('rhodecode_show_version'))
                     ## INI stored
                     self.cut_off_limit = int(config.get('cut_off_limit'))
                     c.visual.allow_repo_location_change = str2bool(config.get('allow_repo_location_change', True))
                     c.visual.allow_custom_hooks_settings = str2bool(config.get('allow_custom_hooks_settings', True))
                     c.repo_name = get_repo_slug(request)  # can be empty
                     c.backends = BACKENDS.keys()
                     c.unread_notifications = NotificationModel()\
                                     .get_unread_cnt_for_user(c.rhodecode_user.user_id)
                     self.sa = meta.Session
                     self.scm_model = ScmModel(self.sa)
                 def __call__(self, environ, start_response):
                     """Invoke the Controller"""
                     # WSGIController.__call__ dispatches to the Controller method
                     # the request is routed to. This routing information is
                     # available in environ['pylons.routes_dict']
                     try:
                         self.ip_addr = _get_ip_addr(environ)
                         # make sure that we update permissions each time we call controller
                         api_key = request.GET.get('api_key')
                         cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))
                         user_id = cookie_store.get('user_id', None)
                         username = get_container_username(environ, config)
+                        try:
                             auth_user = AuthUser(user_id, api_key, username, self.ip_addr)
+                        except UserCreationError, e:
+                            from rhodecode.lib import helpers as h
+                            h.flash(e, 'error')
+                            # container auth or other auth functions that create users on
+                            # the fly can throw this exception signaling that there's issue
+                            # with user creation, explanation should be provided in
+                            # Exception itself
+                            auth_user = AuthUser(ip_addr=self.ip_addr)
                         request.user = auth_user
                         self.rhodecode_user = c.rhodecode_user = auth_user
                         if not self.rhodecode_user.is_authenticated and \
                                    self.rhodecode_user.user_id is not None:
                             self.rhodecode_user.set_authenticated(
                                 cookie_store.get('is_authenticated')
                             )
                         log.info('IP: %s User: %s accessed %s' % (
                            self.ip_addr, auth_user, safe_unicode(_get_access_path(environ)))
                         )
                         return WSGIController.__call__(self, environ, start_response)
                     finally:
                         meta.Session.remove()
             class BaseRepoController(BaseController):
                 """
                 Base class for controllers responsible for loading all needed data for
                 repository loaded items are
                 c.rhodecode_repo: instance of scm repository
                 c.rhodecode_db_repo: instance of db
                 c.repository_followers: number of followers
                 c.repository_forks: number of forks
                 c.repository_following: weather the current user is following the current repo
                 """
                 def __before__(self):
                     super(BaseRepoController, self).__before__()
                     if c.repo_name:
                         dbr = c.rhodecode_db_repo = Repository.get_by_repo_name(c.repo_name)
                         c.rhodecode_repo = c.rhodecode_db_repo.scm_instance
                         # update last change according to VCS data
                         dbr.update_changeset_cache(dbr.get_changeset())
                         if c.rhodecode_repo is None:
                             log.error('%s this repository is present in database but it '
                                       'cannot be created as an scm instance', c.repo_name)
                             redirect(url('home'))
                         # some globals counter for menu
                         c.repository_followers = self.scm_model.get_followers(dbr)
                         c.repository_forks = self.scm_model.get_forks(dbr)
                         c.repository_pull_requests = self.scm_model.get_pull_requests(dbr)
                         c.repository_following = self.scm_model.is_following_repo(c.repo_name,
                                                             self.rhodecode_user.user_id)

rhodecode/lib/exceptions.py

0 +8 0

             # -*- coding: utf-8 -*-
             """
                 rhodecode.lib.exceptions
                 ~~~~~~~~~~~~~~~~~~~~~~~~
                 Set of custom exceptions used in RhodeCode
                 :created_on: Nov 17, 2010
                 :author: marcink
                 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             from webob.exc import HTTPClientError
             class LdapUsernameError(Exception):
                 pass
             class LdapPasswordError(Exception):
                 pass
             class LdapConnectionError(Exception):
                 pass
             class LdapImportError(Exception):
                 pass
             class DefaultUserException(Exception):
                 pass
             class UserOwnsReposException(Exception):
                 pass
             class UserGroupsAssignedException(Exception):
                 pass
             class StatusChangeOnClosedPullRequestError(Exception):
                 pass
             class AttachedForksError(Exception):
                 pass
             class RepoGroupAssignmentError(Exception):
                 pass
             class NonRelativePathError(Exception):
                 pass
             class HTTPLockedRC(HTTPClientError):
                 """
                 Special Exception For locked Repos in RhodeCode, the return code can
                 be overwritten by _code keyword argument passed into constructors
                 """
                 code = 423
                 title = explanation = 'Repository Locked'
                 def __init__(self, reponame, username, *args, **kwargs):
                     from rhodecode import CONFIG
                     from rhodecode.lib.utils2 import safe_int
                     _code = CONFIG.get('lock_ret_code')
                     self.code = safe_int(_code, self.code)
                     self.title = self.explanation = ('Repository `%s` locked by '
                                                      'user `%s`' % (reponame, username))
                     super(HTTPLockedRC, self).__init__(*args, **kwargs)
             class IMCCommitError(Exception):
                 pass
+            class UserCreationError(Exception):
+                pass
+            class RepositoryCreationError(Exception):
+                pass

rhodecode/lib/hooks.py

0 +10 -1

             # -*- coding: utf-8 -*-
             """
                 rhodecode.lib.hooks
                 ~~~~~~~~~~~~~~~~~~~
                 Hooks runned by rhodecode
                 :created_on: Aug 6, 2010
                 :author: marcink
                 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import os
             import sys
             import time
             import binascii
             import traceback
             from inspect import isfunction
             from rhodecode.lib.vcs.utils.hgcompat import nullrev, revrange
             from rhodecode.lib import helpers as h
             from rhodecode.lib.utils import action_logger
             from rhodecode.lib.vcs.backends.base import EmptyChangeset
             from rhodecode.lib.compat import json
-            from rhodecode.lib.exceptions import HTTPLockedRC
+            from rhodecode.lib.exceptions import HTTPLockedRC, UserCreationError
             from rhodecode.lib.utils2 import safe_str, _extract_extras
             from rhodecode.model.db import Repository, User
             def _get_scm_size(alias, root_path):
                 if not alias.startswith('.'):
                     alias += '.'
                 size_scm, size_root = 0, 0
                 for path, dirs, files in os.walk(safe_str(root_path)):
                     if path.find(alias) != -1:
                         for f in files:
                             try:
                                 size_scm += os.path.getsize(os.path.join(path, f))
                             except OSError:
                                 pass
                     else:
                         for f in files:
                             try:
                                 size_root += os.path.getsize(os.path.join(path, f))
                             except OSError:
                                 pass
                 size_scm_f = h.format_byte_size(size_scm)
                 size_root_f = h.format_byte_size(size_root)
                 size_total_f = h.format_byte_size(size_root + size_scm)
                 return size_scm_f, size_root_f, size_total_f
             def repo_size(ui, repo, hooktype=None, **kwargs):
                 """
                 Presents size of repository after push
                 :param ui:
                 :param repo:
                 :param hooktype:
                 """
                 size_hg_f, size_root_f, size_total_f = _get_scm_size('.hg', repo.root)
                 last_cs = repo[len(repo) - 1]
                 msg = ('Repository size .hg:%s repo:%s total:%s\n'
                        'Last revision is now r%s:%s\n') % (
                     size_hg_f, size_root_f, size_total_f, last_cs.rev(), last_cs.hex()[:12]
                 )
                 sys.stdout.write(msg)
             def pre_push(ui, repo, **kwargs):
                 # pre push function, currently used to ban pushing when
                 # repository is locked
                 ex = _extract_extras()
                 usr = User.get_by_username(ex.username)
                 if ex.locked_by[0] and usr.user_id != int(ex.locked_by[0]):
                     locked_by = User.get(ex.locked_by[0]).username
                     # this exception is interpreted in git/hg middlewares and based
                     # on that proper return code is server to client
                     _http_ret = HTTPLockedRC(ex.repository, locked_by)
                     if str(_http_ret.code).startswith('2'):
                         #2xx Codes don't raise exceptions
                         sys.stdout.write(_http_ret.title)
                     else:
                         raise _http_ret
             def pre_pull(ui, repo, **kwargs):
                 # pre push function, currently used to ban pushing when
                 # repository is locked
                 ex = _extract_extras()
                 if ex.locked_by[0]:
                     locked_by = User.get(ex.locked_by[0]).username
                     # this exception is interpreted in git/hg middlewares and based
                     # on that proper return code is server to client
                     _http_ret = HTTPLockedRC(ex.repository, locked_by)
                     if str(_http_ret.code).startswith('2'):
                         #2xx Codes don't raise exceptions
                         sys.stdout.write(_http_ret.title)
                     else:
                         raise _http_ret
             def log_pull_action(ui, repo, **kwargs):
                 """
                 Logs user last pull action
                 :param ui:
                 :param repo:
                 """
                 ex = _extract_extras()
                 user = User.get_by_username(ex.username)
                 action = 'pull'
                 action_logger(user, action, ex.repository, ex.ip, commit=True)
                 # extension hook call
                 from rhodecode import EXTENSIONS
                 callback = getattr(EXTENSIONS, 'PULL_HOOK', None)
                 if isfunction(callback):
                     kw = {}
                     kw.update(ex)
                     callback(**kw)
                 if ex.make_lock is not None and ex.make_lock:
                     Repository.lock(Repository.get_by_repo_name(ex.repository), user.user_id)
                     #msg = 'Made lock on repo `%s`' % repository
                     #sys.stdout.write(msg)
                 if ex.locked_by[0]:
                     locked_by = User.get(ex.locked_by[0]).username
                     _http_ret = HTTPLockedRC(ex.repository, locked_by)
                     if str(_http_ret.code).startswith('2'):
                         #2xx Codes don't raise exceptions
                         sys.stdout.write(_http_ret.title)
                 return 0
             def log_push_action(ui, repo, **kwargs):
                 """
                 Maps user last push action to new changeset id, from mercurial
                 :param ui:
                 :param repo: repo object containing the `ui` object
                 """
                 ex = _extract_extras()
                 action = ex.action + ':%s'
                 if ex.scm == 'hg':
                     node = kwargs['node']
                     def get_revs(repo, rev_opt):
                         if rev_opt:
                             revs = revrange(repo, rev_opt)
                             if len(revs) == 0:
                                 return (nullrev, nullrev)
                             return (max(revs), min(revs))
                         else:
                             return (len(repo) - 1, 0)
                     stop, start = get_revs(repo, [node + ':'])
                     h = binascii.hexlify
                     revs = [h(repo[r].node()) for r in xrange(start, stop + 1)]
                 elif ex.scm == 'git':
                     revs = kwargs.get('_git_revs', [])
                     if '_git_revs' in kwargs:
                         kwargs.pop('_git_revs')
                 action = action % ','.join(revs)
                 action_logger(ex.username, action, ex.repository, ex.ip, commit=True)
                 # extension hook call
                 from rhodecode import EXTENSIONS
                 callback = getattr(EXTENSIONS, 'PUSH_HOOK', None)
                 if isfunction(callback):
                     kw = {'pushed_revs': revs}
                     kw.update(ex)
                     callback(**kw)
                 if ex.make_lock is not None and not ex.make_lock:
                     Repository.unlock(Repository.get_by_repo_name(ex.repository))
                     msg = 'Released lock on repo `%s`\n' % ex.repository
                     sys.stdout.write(msg)
                 if ex.locked_by[0]:
                     locked_by = User.get(ex.locked_by[0]).username
                     _http_ret = HTTPLockedRC(ex.repository, locked_by)
                     if str(_http_ret.code).startswith('2'):
                         #2xx Codes don't raise exceptions
                         sys.stdout.write(_http_ret.title)
                 return 0
             def log_create_repository(repository_dict, created_by, **kwargs):
                 """
                 Post create repository Hook. This is a dummy function for admins to re-use
                 if needed. It's taken from rhodecode-extensions module and executed
                 if present
                 :param repository: dict dump of repository object
                 :param created_by: username who created repository
                 available keys of repository_dict:
                  'repo_type',
                  'description',
                  'private',
                  'created_on',
                  'enable_downloads',
                  'repo_id',
                  'user_id',
                  'enable_statistics',
                  'clone_uri',
                  'fork_id',
                  'group_id',
                  'repo_name'
                 """
                 from rhodecode import EXTENSIONS
                 callback = getattr(EXTENSIONS, 'CREATE_REPO_HOOK', None)
                 if isfunction(callback):
                     kw = {}
                     kw.update(repository_dict)
                     kw.update({'created_by': created_by})
                     kw.update(kwargs)
                     return callback(**kw)
                 return 0
+            def check_allowed_create_user(user_dict, created_by, **kwargs):
+                from rhodecode import EXTENSIONS
+                callback = getattr(EXTENSIONS, 'PRE_CREATE_USER_HOOK', None)
+                if isfunction(callback):
+                    allowed, reason = callback(created_by=created_by, **user_dict)
+                    if not allowed:
+                        raise UserCreationError(reason)
             def log_create_user(user_dict, created_by, **kwargs):
                 """
                 Post create user Hook. This is a dummy function for admins to re-use
                 if needed. It's taken from rhodecode-extensions module and executed
                 if present
                 :param user_dict: dict dump of user object
                 available keys for user_dict:
                  'username',
                  'full_name_or_username',
                  'full_contact',
                  'user_id',
                  'name',
                  'firstname',
                  'short_contact',
                  'admin',
                  'lastname',
                  'ip_addresses',
                  'ldap_dn',
                  'email',
                  'api_key',
                  'last_login',
                  'full_name',
                  'active',
                  'password',
                  'emails',
                  'inherit_default_permissions'
                 """
                 from rhodecode import EXTENSIONS
                 callback = getattr(EXTENSIONS, 'CREATE_USER_HOOK', None)
                 if isfunction(callback):
                     return callback(created_by=created_by, **user_dict)
                 return 0
             def log_delete_repository(repository_dict, deleted_by, **kwargs):
                 """
                 Post delete repository Hook. This is a dummy function for admins to re-use
                 if needed. It's taken from rhodecode-extensions module and executed
                 if present
                 :param repository: dict dump of repository object
                 :param deleted_by: username who deleted the repository
                 available keys of repository_dict:
                  'repo_type',
                  'description',
                  'private',
                  'created_on',
                  'enable_downloads',
                  'repo_id',
                  'user_id',
                  'enable_statistics',
                  'clone_uri',
                  'fork_id',
                  'group_id',
                  'repo_name'
                 """
                 from rhodecode import EXTENSIONS
                 callback = getattr(EXTENSIONS, 'DELETE_REPO_HOOK', None)
                 if isfunction(callback):
                     kw = {}
                     kw.update(repository_dict)
                     kw.update({'deleted_by': deleted_by,
                                'deleted_on': time.time()})
                     kw.update(kwargs)
                     return callback(**kw)
                 return 0
             def log_delete_user(user_dict, deleted_by, **kwargs):
                 """
                 Post delete user Hook. This is a dummy function for admins to re-use
                 if needed. It's taken from rhodecode-extensions module and executed
                 if present
                 :param user_dict: dict dump of user object
                 available keys for user_dict:
                  'username',
                  'full_name_or_username',
                  'full_contact',
                  'user_id',
                  'name',
                  'firstname',
                  'short_contact',
                  'admin',
                  'lastname',
                  'ip_addresses',
                  'ldap_dn',
                  'email',
                  'api_key',
                  'last_login',
                  'full_name',
                  'active',
                  'password',
                  'emails',
                  'inherit_default_permissions'
                 """
                 from rhodecode import EXTENSIONS
                 callback = getattr(EXTENSIONS, 'DELETE_USER_HOOK', None)
                 if isfunction(callback):
                     return callback(deleted_by=deleted_by, **user_dict)
                 return 0
             handle_git_pre_receive = (lambda repo_path, revs, env:
                 handle_git_receive(repo_path, revs, env, hook_type='pre'))
             handle_git_post_receive = (lambda repo_path, revs, env:
                 handle_git_receive(repo_path, revs, env, hook_type='post'))
             def handle_git_receive(repo_path, revs, env, hook_type='post'):
                 """
                 A really hacky method that is runned by git post-receive hook and logs
                 an push action together with pushed revisions. It's executed by subprocess
                 thus needs all info to be able to create a on the fly pylons enviroment,
                 connect to database and run the logging code. Hacky as sh*t but works.
                 :param repo_path:
                 :param revs:
                 :param env:
                 """
                 from paste.deploy import appconfig
                 from sqlalchemy import engine_from_config
                 from rhodecode.config.environment import load_environment
                 from rhodecode.model import init_model
                 from rhodecode.model.db import RhodeCodeUi
                 from rhodecode.lib.utils import make_ui
                 extras = _extract_extras(env)
                 path, ini_name = os.path.split(extras['config'])
                 conf = appconfig('config:%s' % ini_name, relative_to=path)
                 load_environment(conf.global_conf, conf.local_conf)
                 engine = engine_from_config(conf, 'sqlalchemy.db1.')
                 init_model(engine)
                 baseui = make_ui('db')
                 # fix if it's not a bare repo
                 if repo_path.endswith(os.sep + '.git'):
                     repo_path = repo_path[:-5]
                 repo = Repository.get_by_full_path(repo_path)
                 if not repo:
                     raise OSError('Repository %s not found in database'
                                   % (safe_str(repo_path)))
                 _hooks = dict(baseui.configitems('hooks')) or {}
                 if hook_type == 'pre':
                     repo = repo.scm_instance
                 else:
                     #post push shouldn't use the cached instance never
                     repo = repo.scm_instance_no_cache()
                 if hook_type == 'pre':
                     pre_push(baseui, repo)
                 # if push hook is enabled via web interface
                 elif hook_type == 'post' and _hooks.get(RhodeCodeUi.HOOK_PUSH):
                     rev_data = []
                     for l in revs:
                         old_rev, new_rev, ref = l.split(' ')
                         _ref_data = ref.split('/')
                         if _ref_data[1] in ['tags', 'heads']:
                             rev_data.append({'old_rev': old_rev,
                                              'new_rev': new_rev,
                                              'ref': ref,
                                              'type': _ref_data[1],
                                              'name': _ref_data[2].strip()})
                     git_revs = []
                     for push_ref  in rev_data:
                         _type = push_ref['type']
                         if _type == 'heads':
                             if push_ref['old_rev'] == EmptyChangeset().raw_id:
                                 cmd = "for-each-ref --format='%(refname)' 'refs/heads/*'"
                                 heads = repo.run_git_command(cmd)[0]
                                 heads = heads.replace(push_ref['ref'], '')
                                 heads = ' '.join(map(lambda c: c.strip('\n').strip(),
                                                      heads.splitlines()))
                                 cmd = (('log %(new_rev)s' % push_ref) +
                                        ' --reverse --pretty=format:"%H" --not ' + heads)
                                 git_revs += repo.run_git_command(cmd)[0].splitlines()
                             elif push_ref['new_rev'] == EmptyChangeset().raw_id:
                                 #delete branch case
                                 git_revs += ['delete_branch=>%s' % push_ref['name']]
                             else:
                                 cmd = (('log %(old_rev)s..%(new_rev)s' % push_ref) +
                                        ' --reverse --pretty=format:"%H"')
                                 git_revs += repo.run_git_command(cmd)[0].splitlines()
                         elif _type == 'tags':
                             git_revs += ['tag=>%s' % push_ref['name']]
                     log_push_action(baseui, repo, _git_revs=git_revs)

rhodecode/model/user.py

0 +58 -20

             # -*- coding: utf-8 -*-
             """
                 rhodecode.model.user
                 ~~~~~~~~~~~~~~~~~~~~
                 users model for RhodeCode
                 :created_on: Apr 9, 2010
                 :author: marcink
                 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import logging
             import traceback
             import itertools
             import collections
             from pylons import url
             from pylons.i18n.translation import _
             from sqlalchemy.exc import DatabaseError
             from sqlalchemy.orm import joinedload
             from rhodecode.lib.utils2 import safe_unicode, generate_api_key, get_current_rhodecode_user
             from rhodecode.lib.caching_query import FromCache
             from rhodecode.model import BaseModel
-            from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \
+            from rhodecode.model.db import User, Repository, Permission, \
                 UserToPerm, UserGroupRepoToPerm, UserGroupToPerm, UserGroupMember, \
-                Notification, RepoGroup, UserRepoGroupToPerm, UserGroupRepoGroupToPerm, \
+                Notification, RepoGroup, UserGroupRepoGroupToPerm, \
                 UserEmailMap, UserIpMap, UserGroupUserGroupToPerm, UserGroup
             from rhodecode.lib.exceptions import DefaultUserException, \
                 UserOwnsReposException
             from rhodecode.model.meta import Session
             log = logging.getLogger(__name__)
             PERM_WEIGHTS = Permission.PERM_WEIGHTS
             class UserModel(BaseModel):
                 cls = User
                 def get(self, user_id, cache=False):
                     user = self.sa.query(User)
                     if cache:
                         user = user.options(FromCache("sql_cache_short",
                                                       "get_user_%s" % user_id))
                     return user.get(user_id)
                 def get_user(self, user):
                     return self._get_user(user)
                 def get_by_username(self, username, cache=False, case_insensitive=False):
                     if case_insensitive:
                         user = self.sa.query(User).filter(User.username.ilike(username))
                     else:
                         user = self.sa.query(User).filter(User.username == username)
                     if cache:
                         user = user.options(FromCache("sql_cache_short",
                                                       "get_user_%s" % username))
                     return user.scalar()
                 def get_by_email(self, email, cache=False, case_insensitive=False):
                     return User.get_by_email(email, case_insensitive, cache)
                 def get_by_api_key(self, api_key, cache=False):
                     return User.get_by_api_key(api_key, cache)
                 def create(self, form_data, cur_user=None):
                     if not cur_user:
                         cur_user = getattr(get_current_rhodecode_user(), 'username', None)
+                    from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
+                    _fd = form_data
+                    form_data = {
+                        'username': _fd['username'], 'password': _fd['password'],
+                        'email': _fd['email'], 'firstname': _fd['firstname'], 'lastname': _fd['lastname'],
+                        'active': _fd['active'], 'admin': False
+                    }
+                    # raises UserCreationError if it's not allowed
+                    check_allowed_create_user(form_data, cur_user)
                     from rhodecode.lib.auth import get_crypt_password
                     try:
                         new_user = User()
                         for k, v in form_data.items():
                             if k == 'password':
                                 v = get_crypt_password(v)
                             if k == 'firstname':
                                 k = 'name'
                             setattr(new_user, k, v)
                         new_user.api_key = generate_api_key(form_data['username'])
                         self.sa.add(new_user)
-                        from rhodecode.lib.hooks import log_create_user
                         log_create_user(new_user.get_dict(), cur_user)
                         return new_user
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def create_or_update(self, username, password, email, firstname='',
                                      lastname='', active=True, admin=False, ldap_dn=None,
                                      cur_user=None):
                     """
                     Creates a new instance if not found, or updates current one
                     :param username:
                     :param password:
                     :param email:
                     :param active:
                     :param firstname:
                     :param lastname:
                     :param active:
                     :param admin:
                     :param ldap_dn:
                     :param cur_user:
                     """
                     if not cur_user:
                         cur_user = getattr(get_current_rhodecode_user(), 'username', None)
                     from rhodecode.lib.auth import get_crypt_password
+                    from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
+                    form_data = {
+                        'username': username, 'password': password,
+                        'email': email, 'firstname': firstname, 'lastname': lastname,
+                        'active': active, 'admin': admin
+                    }
+                    # raises UserCreationError if it's not allowed
+                    check_allowed_create_user(form_data, cur_user)
                     log.debug('Checking for %s account in RhodeCode database' % username)
                     user = User.get_by_username(username, case_insensitive=True)
                     if user is None:
                         log.debug('creating new user %s' % username)
                         new_user = User()
                         edit = False
                     else:
                         log.debug('updating user %s' % username)
                         new_user = user
                         edit = True
                     try:
                         new_user.username = username
                         new_user.admin = admin
                         # set password only if creating an user or password is changed
                         if not edit or user.password != password:
                             new_user.password = get_crypt_password(password) if password else None
                             new_user.api_key = generate_api_key(username)
                         new_user.email = email
                         new_user.active = active
                         new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
                         new_user.name = firstname
                         new_user.lastname = lastname
                         self.sa.add(new_user)
                         if not edit:
-                            from rhodecode.lib.hooks import log_create_user
                             log_create_user(new_user.get_dict(), cur_user)
                         return new_user
                     except (DatabaseError,):
                         log.error(traceback.format_exc())
                         raise
                 def create_for_container_auth(self, username, attrs, cur_user=None):
                     """
                     Creates the given user if it's not already in the database
                     :param username:
                     :param attrs:
                     :param cur_user:
                     """
                     if not cur_user:
                         cur_user = getattr(get_current_rhodecode_user(), 'username', None)
                     if self.get_by_username(username, case_insensitive=True) is None:
                         # autogenerate email for container account without one
                         generate_email = lambda usr: '%s@container_auth.account' % usr
+                        firstname = attrs['name']
+                        lastname = attrs['lastname']
+                        active = attrs.get('active', True)
+                        email = attrs['email'] or generate_email(username)
+                        from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
+                        form_data = {
+                            'username': username, 'password': None,
+                            'email': email, 'firstname': firstname, 'lastname': lastname,
+                            'active': attrs.get('active', True), 'admin': False
+                        }
+                        # raises UserCreationError if it's not allowed
+                        check_allowed_create_user(form_data, cur_user)
                         try:
                             new_user = User()
                             new_user.username = username
                             new_user.password = None
                             new_user.api_key = generate_api_key(username)
-                            new_user.email = attrs['email']
+                            new_user.email = email
-                            new_user.active = attrs.get('active', True)
+                            new_user.active = active
-                            new_user.name = attrs['name'] or generate_email(username)
+                            new_user.name = firstname
-                            new_user.lastname = attrs['lastname']
+                            new_user.lastname = lastname
                             self.sa.add(new_user)
-                            from rhodecode.lib.hooks import log_create_user
                             log_create_user(new_user.get_dict(), cur_user)
                             return new_user
                         except (DatabaseError,):
                             log.error(traceback.format_exc())
                             self.sa.rollback()
                             raise
                     log.debug('User %s already exists. Skipping creation of account'
                               ' for container auth.', username)
                     return None
                 def create_ldap(self, username, password, user_dn, attrs, cur_user=None):
                     """
                     Checks if user is in database, if not creates this user marked
                     as ldap user
                     :param username:
                     :param password:
                     :param user_dn:
                     :param attrs:
                     :param cur_user:
                     """
                     if not cur_user:
                         cur_user = getattr(get_current_rhodecode_user(), 'username', None)
                     from rhodecode.lib.auth import get_crypt_password
                     log.debug('Checking for such ldap account in RhodeCode database')
                     if self.get_by_username(username, case_insensitive=True) is None:
+                        # autogenerate email for container account without one
+                        generate_email = lambda usr: '%s@ldap.account' % usr
+                        password = get_crypt_password(password)
+                        firstname = attrs['name']
+                        lastname = attrs['lastname']
+                        active = attrs.get('active', True)
+                        email = attrs['email'] or generate_email(username)
-                        # autogenerate email for ldap account without one
+                        from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
-                        generate_email = lambda usr: '%s@ldap.account' % usr
+                        form_data = {
+                            'username': username, 'password': password,
+                            'email': email, 'firstname': firstname, 'lastname': lastname,
+                            'active': attrs.get('active', True), 'admin': False
+                        }
+                        # raises UserCreationError if it's not allowed
+                        check_allowed_create_user(form_data, cur_user)
                         try:
                             new_user = User()
                             username = username.lower()
                             # add ldap account always lowercase
                             new_user.username = username
-                            new_user.password = get_crypt_password(password)
+                            new_user.password = password
                             new_user.api_key = generate_api_key(username)
-                            new_user.email = attrs['email'] or generate_email(username)
+                            new_user.email = email
-                            new_user.active = attrs.get('active', True)
+                            new_user.active = active
                             new_user.ldap_dn = safe_unicode(user_dn)
-                            new_user.name = attrs['name']
+                            new_user.name = firstname
-                            new_user.lastname = attrs['lastname']
+                            new_user.lastname = lastname
                             self.sa.add(new_user)
-                            from rhodecode.lib.hooks import log_create_user
                             log_create_user(new_user.get_dict(), cur_user)
                             return new_user
                         except (DatabaseError,):
                             log.error(traceback.format_exc())
                             self.sa.rollback()
                             raise
                     log.debug('this %s user exists skipping creation of ldap account',
                               username)
                     return None
                 def create_registration(self, form_data):
                     from rhodecode.model.notification import NotificationModel
                     try:
                         form_data['admin'] = False
                         new_user = self.create(form_data)
                         self.sa.add(new_user)
                         self.sa.flush()
                         # notification to admins
                         subject = _('New user registration')
                         body = ('New user registration\n'
                                 '---------------------\n'
                                 '- Username: %s\n'
                                 '- Full Name: %s\n'
                                 '- Email: %s\n')
                         body = body % (new_user.username, new_user.full_name, new_user.email)
                         edit_url = url('edit_user', id=new_user.user_id, qualified=True)
                         kw = {'registered_user_url': edit_url}
                         NotificationModel().create(created_by=new_user, subject=subject,
                                                    body=body, recipients=None,
                                                    type_=Notification.TYPE_REGISTRATION,
                                                    email_kwargs=kw)
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def update(self, user_id, form_data, skip_attrs=[]):
                     from rhodecode.lib.auth import get_crypt_password
                     try:
                         user = self.get(user_id, cache=False)
                         if user.username == 'default':
                             raise DefaultUserException(
                                             _("You can't Edit this user since it's"
                                               " crucial for entire application"))
                         for k, v in form_data.items():
                             if k in skip_attrs:
                                 continue
                             if k == 'new_password' and v:
                                 user.password = get_crypt_password(v)
                                 user.api_key = generate_api_key(user.username)
                             else:
                                 if k == 'firstname':
                                     k = 'name'
                                 setattr(user, k, v)
                         self.sa.add(user)
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def update_user(self, user, **kwargs):
                     from rhodecode.lib.auth import get_crypt_password
                     try:
                         user = self._get_user(user)
                         if user.username == 'default':
                             raise DefaultUserException(
                                 _("You can't Edit this user since it's"
                                   " crucial for entire application")
                             )
                         for k, v in kwargs.items():
                             if k == 'password' and v:
                                 v = get_crypt_password(v)
                                 user.api_key = generate_api_key(user.username)
                             setattr(user, k, v)
                         self.sa.add(user)
                         return user
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def delete(self, user, cur_user=None):
                     if not cur_user:
                         cur_user = getattr(get_current_rhodecode_user(), 'username', None)
                     user = self._get_user(user)
                     try:
                         if user.username == 'default':
                             raise DefaultUserException(
                                 _(u"You can't remove this user since it's"
                                   " crucial for entire application")
                             )
                         if user.repositories:
                             repos = [x.repo_name for x in user.repositories]
                             raise UserOwnsReposException(
                                 _(u'user "%s" still owns %s repositories and cannot be '
                                   'removed. Switch owners or remove those repositories. %s')
                                 % (user.username, len(repos), ', '.join(repos))
                             )
                         self.sa.delete(user)
                         from rhodecode.lib.hooks import log_delete_user
                         log_delete_user(user.get_dict(), cur_user)
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def reset_password_link(self, data):
                     from rhodecode.lib.celerylib import tasks, run_task
                     from rhodecode.model.notification import EmailNotificationModel
                     user_email = data['email']
                     try:
                         user = User.get_by_email(user_email)
                         if user:
                             log.debug('password reset user found %s' % user)
                             link = url('reset_password_confirmation', key=user.api_key,
                                        qualified=True)
                             reg_type = EmailNotificationModel.TYPE_PASSWORD_RESET
                             body = EmailNotificationModel().get_email_tmpl(reg_type,
                                                                 **{'user': user.short_contact,
                                                                    'reset_url': link})
                             log.debug('sending email')
                             run_task(tasks.send_email, user_email,
                                      _("Password reset link"), body, body)
                             log.info('send new password mail to %s' % user_email)
                         else:
                             log.debug("password reset email %s not found" % user_email)
                     except Exception:
                         log.error(traceback.format_exc())
                         return False
                     return True
                 def reset_password(self, data):
                     from rhodecode.lib.celerylib import tasks, run_task
                     from rhodecode.lib import auth
                     user_email = data['email']
                     try:
                         try:
                             user = User.get_by_email(user_email)
                             new_passwd = auth.PasswordGenerator().gen_password(8,
                                              auth.PasswordGenerator.ALPHABETS_BIG_SMALL)
                             if user:
                                 user.password = auth.get_crypt_password(new_passwd)
                                 user.api_key = auth.generate_api_key(user.username)
                                 Session().add(user)
                                 Session().commit()
                                 log.info('change password for %s' % user_email)
                             if new_passwd is None:
                                 raise Exception('unable to generate new password')
                         except Exception:
                             log.error(traceback.format_exc())
                             Session().rollback()
                         run_task(tasks.send_email, user_email,
                                  _('Your new password'),
                                  _('Your new RhodeCode password:%s') % (new_passwd,))
                         log.info('send new password mail to %s' % user_email)
                     except Exception:
                         log.error('Failed to update user password')
                         log.error(traceback.format_exc())
                     return True
                 def fill_data(self, auth_user, user_id=None, api_key=None):
                     """
                     Fetches auth_user by user_id,or api_key if present.
                     Fills auth_user attributes with those taken from database.
                     Additionally set's is_authenitated if lookup fails
                     present in database
                     :param auth_user: instance of user to set attributes
                     :param user_id: user id to fetch by
                     :param api_key: api key to fetch by
                     """
                     if user_id is None and api_key is None:
                         raise Exception('You need to pass user_id or api_key')
                     try:
                         if api_key:
                             dbuser = self.get_by_api_key(api_key)
                         else:
                             dbuser = self.get(user_id)
                         if dbuser is not None and dbuser.active:
                             log.debug('filling %s data' % dbuser)
                             for k, v in dbuser.get_dict().items():
                                 setattr(auth_user, k, v)
                         else:
                             return False
                     except Exception:
                         log.error(traceback.format_exc())
                         auth_user.is_authenticated = False
                         return False
                     return True
                 def fill_perms(self, user, explicit=True, algo='higherwin'):
                     """
                     Fills user permission attribute with permissions taken from database
                     works for permissions given for repositories, and for permissions that
                     are granted to groups
                     :param user: user instance to fill his perms
                     :param explicit: In case there are permissions both for user and a group
                         that user is part of, explicit flag will defiine if user will
                         explicitly override permissions from group, if it's False it will
                         make decision based on the algo
                     :param algo: algorithm to decide what permission should be choose if
                         it's multiple defined, eg user in two different groups. It also
                         decides if explicit flag is turned off how to specify the permission
                         for case when user is in a group + have defined separate permission
                     """
                     RK = 'repositories'
                     GK = 'repositories_groups'
                     UK = 'user_groups'
                     GLOBAL = 'global'
                     user.permissions[RK] = {}
                     user.permissions[GK] = {}
                     user.permissions[UK] = {}
                     user.permissions[GLOBAL] = set()
                     def _choose_perm(new_perm, cur_perm):
                         new_perm_val = PERM_WEIGHTS[new_perm]
                         cur_perm_val = PERM_WEIGHTS[cur_perm]
                         if algo == 'higherwin':
                             if new_perm_val > cur_perm_val:
                                 return new_perm
                             return cur_perm
                         elif algo == 'lowerwin':
                             if new_perm_val < cur_perm_val:
                                 return new_perm
                             return cur_perm
                     #======================================================================
                     # fetch default permissions
                     #======================================================================
                     default_user = User.get_by_username('default', cache=True)
                     default_user_id = default_user.user_id
                     default_repo_perms = Permission.get_default_perms(default_user_id)
                     default_repo_groups_perms = Permission.get_default_group_perms(default_user_id)
                     default_user_group_perms = Permission.get_default_user_group_perms(default_user_id)
                     if user.is_admin:
                         #==================================================================
                         # admin user have all default rights for repositories
                         # and groups set to admin
                         #==================================================================
                         user.permissions[GLOBAL].add('hg.admin')
                         # repositories
                         for perm in default_repo_perms:
                             r_k = perm.UserRepoToPerm.repository.repo_name
                             p = 'repository.admin'
                             user.permissions[RK][r_k] = p
                         # repository groups
                         for perm in default_repo_groups_perms:
                             rg_k = perm.UserRepoGroupToPerm.group.group_name
                             p = 'group.admin'
                             user.permissions[GK][rg_k] = p
                         # user groups
                         for perm in default_user_group_perms:
                             u_k = perm.UserUserGroupToPerm.user_group.users_group_name
                             p = 'usergroup.admin'
                             user.permissions[UK][u_k] = p
                         return user
                     #==================================================================
                     # SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS
                     #==================================================================
                     uid = user.user_id
                     # default global permissions taken fron the default user
                     default_global_perms = self.sa.query(UserToPerm)\
                         .filter(UserToPerm.user_id == default_user_id)
                     for perm in default_global_perms:
                         user.permissions[GLOBAL].add(perm.permission.permission_name)
                     # defaults for repositories, taken from default user
                     for perm in default_repo_perms:
                         r_k = perm.UserRepoToPerm.repository.repo_name
                         if perm.Repository.private and not (perm.Repository.user_id == uid):
                             # disable defaults for private repos,
                             p = 'repository.none'
                         elif perm.Repository.user_id == uid:
                             # set admin if owner
                             p = 'repository.admin'
                         else:
                             p = perm.Permission.permission_name
                         user.permissions[RK][r_k] = p
                     # defaults for repository groups taken from default user permission
                     # on given group
                     for perm in default_repo_groups_perms:
                         rg_k = perm.UserRepoGroupToPerm.group.group_name
                         p = perm.Permission.permission_name
                         user.permissions[GK][rg_k] = p
                     # defaults for user groups taken from default user permission
                     # on given user group
                     for perm in default_user_group_perms:
                         u_k = perm.UserUserGroupToPerm.user_group.users_group_name
                         p = perm.Permission.permission_name
                         user.permissions[UK][u_k] = p
                     #======================================================================
                     # !! OVERRIDE GLOBALS !! with user permissions if any found
                     #======================================================================
                     # those can be configured from groups or users explicitly
                     _configurable = set([
                         'hg.fork.none', 'hg.fork.repository',
                         'hg.create.none', 'hg.create.repository',
                         'hg.usergroup.create.false', 'hg.usergroup.create.true'
                     ])
                     # USER GROUPS comes first
                     # user group global permissions
                     user_perms_from_users_groups = self.sa.query(UserGroupToPerm)\
                         .options(joinedload(UserGroupToPerm.permission))\
                         .join((UserGroupMember, UserGroupToPerm.users_group_id ==
                                UserGroupMember.users_group_id))\
                         .filter(UserGroupMember.user_id == uid)\
                         .order_by(UserGroupToPerm.users_group_id)\
                         .all()
                     #need to group here by groups since user can be in more than one group
                     _grouped = [[x, list(y)] for x, y in
                                 itertools.groupby(user_perms_from_users_groups,
                                                   lambda x:x.users_group)]
                     for gr, perms in _grouped:
                         # since user can be in multiple groups iterate over them and
                         # select the lowest permissions first (more explicit)
                         ##TODO: do this^^
                         if not gr.inherit_default_permissions:
                             # NEED TO IGNORE all configurable permissions and
                             # replace them with explicitly set
                             user.permissions[GLOBAL] = user.permissions[GLOBAL]\
                                                             .difference(_configurable)
                         for perm in perms:
                             user.permissions[GLOBAL].add(perm.permission.permission_name)
                     # user specific global permissions
                     user_perms = self.sa.query(UserToPerm)\
                             .options(joinedload(UserToPerm.permission))\
                             .filter(UserToPerm.user_id == uid).all()
                     if not user.inherit_default_permissions:
                         # NEED TO IGNORE all configurable permissions and
                         # replace them with explicitly set
                         user.permissions[GLOBAL] = user.permissions[GLOBAL]\
                                                         .difference(_configurable)
                         for perm in user_perms:
                             user.permissions[GLOBAL].add(perm.permission.permission_name)
                     ## END GLOBAL PERMISSIONS
                     #======================================================================
                     # !! PERMISSIONS FOR REPOSITORIES !!
                     #======================================================================
                     #======================================================================
                     # check if user is part of user groups for this repository and
                     # fill in his permission from it. _choose_perm decides of which
                     # permission should be selected based on selected method
                     #======================================================================
                     # user group for repositories permissions
                     user_repo_perms_from_users_groups = \
                      self.sa.query(UserGroupRepoToPerm, Permission, Repository,)\
                         .join((Repository, UserGroupRepoToPerm.repository_id ==
                                Repository.repo_id))\
                         .join((Permission, UserGroupRepoToPerm.permission_id ==
                                Permission.permission_id))\
                         .join((UserGroupMember, UserGroupRepoToPerm.users_group_id ==
                                UserGroupMember.users_group_id))\
                         .filter(UserGroupMember.user_id == uid)\
                         .all()
                     multiple_counter = collections.defaultdict(int)
                     for perm in user_repo_perms_from_users_groups:
                         r_k = perm.UserGroupRepoToPerm.repository.repo_name
                         multiple_counter[r_k] += 1
                         p = perm.Permission.permission_name
                         cur_perm = user.permissions[RK][r_k]
                         if perm.Repository.user_id == uid:
                             # set admin if owner
                             p = 'repository.admin'
                         else:
                             if multiple_counter[r_k] > 1:
                                 p = _choose_perm(p, cur_perm)
                         user.permissions[RK][r_k] = p
                     # user explicit permissions for repositories, overrides any specified
                     # by the group permission
                     user_repo_perms = Permission.get_default_perms(uid)
                     for perm in user_repo_perms:
                         r_k = perm.UserRepoToPerm.repository.repo_name
                         cur_perm = user.permissions[RK][r_k]
                         # set admin if owner
                         if perm.Repository.user_id == uid:
                             p = 'repository.admin'
                         else:
                             p = perm.Permission.permission_name
                             if not explicit:
                                 p = _choose_perm(p, cur_perm)
                         user.permissions[RK][r_k] = p
                     #======================================================================
                     # !! PERMISSIONS FOR REPOSITORY GROUPS !!
                     #======================================================================
                     #======================================================================
                     # check if user is part of user groups for this repository groups and
                     # fill in his permission from it. _choose_perm decides of which
                     # permission should be selected based on selected method
                     #======================================================================
                     # user group for repo groups permissions
                     user_repo_group_perms_from_users_groups = \
                      self.sa.query(UserGroupRepoGroupToPerm, Permission, RepoGroup)\
                      .join((RepoGroup, UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\
                      .join((Permission, UserGroupRepoGroupToPerm.permission_id
                             == Permission.permission_id))\
                      .join((UserGroupMember, UserGroupRepoGroupToPerm.users_group_id
                             == UserGroupMember.users_group_id))\
                      .filter(UserGroupMember.user_id == uid)\
                      .all()
                     multiple_counter = collections.defaultdict(int)
                     for perm in user_repo_group_perms_from_users_groups:
                         g_k = perm.UserGroupRepoGroupToPerm.group.group_name
                         multiple_counter[g_k] += 1
                         p = perm.Permission.permission_name
                         cur_perm = user.permissions[GK][g_k]
                         if multiple_counter[g_k] > 1:
                             p = _choose_perm(p, cur_perm)
                         user.permissions[GK][g_k] = p
                     # user explicit permissions for repository groups
                     user_repo_groups_perms = Permission.get_default_group_perms(uid)
                     for perm in user_repo_groups_perms:
                         rg_k = perm.UserRepoGroupToPerm.group.group_name
                         p = perm.Permission.permission_name
                         cur_perm = user.permissions[GK][rg_k]
                         if not explicit:
                             p = _choose_perm(p, cur_perm)
                         user.permissions[GK][rg_k] = p
                     #======================================================================
                     # !! PERMISSIONS FOR USER GROUPS !!
                     #======================================================================
                     # user group for user group permissions
                     user_group_user_groups_perms = \
                      self.sa.query(UserGroupUserGroupToPerm, Permission, UserGroup)\
                      .join((UserGroup, UserGroupUserGroupToPerm.target_user_group_id
                             == UserGroup.users_group_id))\
                      .join((Permission, UserGroupUserGroupToPerm.permission_id
                             == Permission.permission_id))\
                      .join((UserGroupMember, UserGroupUserGroupToPerm.user_group_id
                             == UserGroupMember.users_group_id))\
                      .filter(UserGroupMember.user_id == uid)\
                      .all()
                     multiple_counter = collections.defaultdict(int)
                     for perm in user_group_user_groups_perms:
                         g_k = perm.UserGroupUserGroupToPerm.target_user_group.users_group_name
                         multiple_counter[g_k] += 1
                         p = perm.Permission.permission_name
                         cur_perm = user.permissions[UK][g_k]
                         if multiple_counter[g_k] > 1:
                             p = _choose_perm(p, cur_perm)
                         user.permissions[UK][g_k] = p
                     #user explicit permission for user groups
                     user_user_groups_perms = Permission.get_default_user_group_perms(uid)
                     for perm in user_user_groups_perms:
                         u_k = perm.UserUserGroupToPerm.user_group.users_group_name
                         p = perm.Permission.permission_name
                         cur_perm = user.permissions[UK][u_k]
                         if not explicit:
                             p = _choose_perm(p, cur_perm)
                         user.permissions[UK][u_k] = p
                     return user
                 def has_perm(self, user, perm):
                     perm = self._get_perm(perm)
                     user = self._get_user(user)
                     return UserToPerm.query().filter(UserToPerm.user == user)\
                         .filter(UserToPerm.permission == perm).scalar() is not None
                 def grant_perm(self, user, perm):
                     """
                     Grant user global permissions
                     :param user:
                     :param perm:
                     """
                     user = self._get_user(user)
                     perm = self._get_perm(perm)
                     # if this permission is already granted skip it
                     _perm = UserToPerm.query()\
                         .filter(UserToPerm.user == user)\
                         .filter(UserToPerm.permission == perm)\
                         .scalar()
                     if _perm:
                         return
                     new = UserToPerm()
                     new.user = user
                     new.permission = perm
                     self.sa.add(new)
                 def revoke_perm(self, user, perm):
                     """
                     Revoke users global permissions
                     :param user:
                     :param perm:
                     """
                     user = self._get_user(user)
                     perm = self._get_perm(perm)
                     obj = UserToPerm.query()\
                             .filter(UserToPerm.user == user)\
                             .filter(UserToPerm.permission == perm)\
                             .scalar()
                     if obj:
                         self.sa.delete(obj)
                 def add_extra_email(self, user, email):
                     """
                     Adds email address to UserEmailMap
                     :param user:
                     :param email:
                     """
                     from rhodecode.model import forms
                     form = forms.UserExtraEmailForm()()
                     data = form.to_python(dict(email=email))
                     user = self._get_user(user)
                     obj = UserEmailMap()
                     obj.user = user
                     obj.email = data['email']
                     self.sa.add(obj)
                     return obj
                 def delete_extra_email(self, user, email_id):
                     """
                     Removes email address from UserEmailMap
                     :param user:
                     :param email_id:
                     """
                     user = self._get_user(user)
                     obj = UserEmailMap.query().get(email_id)
                     if obj:
                         self.sa.delete(obj)
                 def add_extra_ip(self, user, ip):
                     """
                     Adds ip address to UserIpMap
                     :param user:
                     :param ip:
                     """
                     from rhodecode.model import forms
                     form = forms.UserExtraIpForm()()
                     data = form.to_python(dict(ip=ip))
                     user = self._get_user(user)
                     obj = UserIpMap()
                     obj.user = user
                     obj.ip_addr = data['ip']
                     self.sa.add(obj)
                     return obj
                 def delete_extra_ip(self, user, ip_id):
                     """
                     Removes ip address from UserIpMap
                     :param user:
                     :param ip_id:
                     """
                     user = self._get_user(user)
                     obj = UserIpMap.query().get(ip_id)
                     if obj:
                         self.sa.delete(obj)

rhodecode/templates/register.html

0 +10 -1

             ## -*- coding: utf-8 -*-
             <%inherit file="base/root.html"/>
             <%def name="title()">
                 ${_('Sign Up')} &middot; ${c.rhodecode_name}
             </%def>
             <div id="register">
+            <div class="flash_msg">
+                <% messages = h.flash.pop_messages() %>
+                % if messages:
+                <ul id="flash-messages">
+                    % for message in messages:
+                    <li class="${message.category}_msg">${message}</li>
+                    % endfor
+                </ul>
+                % endif
+            </div>
                 <div class="title top-left-rounded-corner top-right-rounded-corner">
                     <h5>${_('Sign Up to')} ${c.rhodecode_name}</h5>
                 </div>
                 <div class="inner">
                     ${h.form(url('register'))}
                     <div class="form">
                         <!-- fields -->
                         <div class="fields">
                             <div class="field">
                                 <div class="label">
                                     <label for="username">${_('Username')}:</label>
                                 </div>
                                 <div class="input">
                                     ${h.text('username',class_="medium")}
                                 </div>
                             </div>
                             <div class="field">
                                 <div class="label">
                                     <label for="password">${_('Password')}:</label>
                                 </div>
                                 <div class="input">
                                     ${h.password('password',class_="medium")}
                                 </div>
                             </div>
                             <div class="field">
                                 <div class="label">
                                     <label for="password">${_('Re-enter password')}:</label>
                                 </div>
                                 <div class="input">
                                     ${h.password('password_confirmation',class_="medium")}
                                 </div>
                             </div>
                             <div class="field">
                                 <div class="label">
                                     <label for="firstname">${_('First Name')}:</label>
                                 </div>
                                 <div class="input">
                                     ${h.text('firstname',class_="medium")}
                                 </div>
                             </div>
                             <div class="field">
                                 <div class="label">
                                     <label for="lastname">${_('Last Name')}:</label>
                                 </div>
                                 <div class="input">
                                     ${h.text('lastname',class_="medium")}
                                 </div>
                             </div>
                             <div class="field">
                                 <div class="label">
                                     <label for="email">${_('Email')}:</label>
                                 </div>
                                 <div class="input">
                                     ${h.text('email',class_="medium")}
                                 </div>
                             </div>
                             <div class="buttons">
                                 <div class="nohighlight">
                                   ${h.submit('sign_up',_('Sign Up'),class_="ui-btn large")}
                                   %if c.auto_active:
                                       <div class="activation_msg">${_('Your account will be activated right after registration')}</div>
                                   %else:
                                       <div class="activation_msg">${_('Your account must wait for activation by administrator')}</div>
                                   %endif
                                 </div>
                             </div>
                         </div>
                     </div>
                     ${h.end_form()}
                     <script type="text/javascript">
                     YUE.onDOMReady(function(){
                         YUD.get('username').focus();
                     })
                     </script>
                 </div>
              </div>

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages