##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

AuthUser: Drop ip_addr field...
Søren Løvborg -
r5211:4a2a66bf default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -98,8 +98,8 b' class MyAccountController(BaseController'
98 # url('my_account')
98 # url('my_account')
99 c.active = 'profile'
99 c.active = 'profile'
100 self.__load_data()
100 self.__load_data()
101 c.perm_user = AuthUser(user_id=self.authuser.user_id,
101 c.perm_user = AuthUser(user_id=self.authuser.user_id)
102 ip_addr=self.ip_addr)
102 c.ip_addr = self.ip_addr
103 c.extern_type = c.user.extern_type
103 c.extern_type = c.user.extern_type
104 c.extern_name = c.user.extern_name
104 c.extern_name = c.user.extern_name
105
105
@@ -193,8 +193,8 b' class MyAccountController(BaseController'
193 def my_account_perms(self):
193 def my_account_perms(self):
194 c.active = 'perms'
194 c.active = 'perms'
195 self.__load_data()
195 self.__load_data()
196 c.perm_user = AuthUser(user_id=self.authuser.user_id,
196 c.perm_user = AuthUser(user_id=self.authuser.user_id)
197 ip_addr=self.ip_addr)
197 c.ip_addr = self.ip_addr
198
198
199 return render('admin/my_account/my_account.html')
199 return render('admin/my_account/my_account.html')
200
200
Show file before | Show file after | Hide comments
@@ -168,7 +168,8 b' class UsersController(BaseController):'
168 c.user = user_model.get(id)
168 c.user = user_model.get(id)
169 c.extern_type = c.user.extern_type
169 c.extern_type = c.user.extern_type
170 c.extern_name = c.user.extern_name
170 c.extern_name = c.user.extern_name
171 c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr)
171 c.perm_user = AuthUser(user_id=id)
172 c.ip_addr = self.ip_addr
172 _form = UserForm(edit=True, old_data={'user_id': id,
173 _form = UserForm(edit=True, old_data={'user_id': id,
173 'email': c.user.email})()
174 'email': c.user.email})()
174 form_result = {}
175 form_result = {}
@@ -248,7 +249,8 b' class UsersController(BaseController):'
248 c.active = 'profile'
249 c.active = 'profile'
249 c.extern_type = c.user.extern_type
250 c.extern_type = c.user.extern_type
250 c.extern_name = c.user.extern_name
251 c.extern_name = c.user.extern_name
251 c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr)
252 c.perm_user = AuthUser(user_id=id)
253 c.ip_addr = self.ip_addr
252
254
253 defaults = c.user.get_dict()
255 defaults = c.user.get_dict()
254 return htmlfill.render(
256 return htmlfill.render(
@@ -260,7 +262,8 b' class UsersController(BaseController):'
260 def edit_advanced(self, id):
262 def edit_advanced(self, id):
261 c.user = self._get_user_or_raise_if_default(id)
263 c.user = self._get_user_or_raise_if_default(id)
262 c.active = 'advanced'
264 c.active = 'advanced'
263 c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr)
265 c.perm_user = AuthUser(user_id=id)
266 c.ip_addr = self.ip_addr
264
267
265 umodel = UserModel()
268 umodel = UserModel()
266 defaults = c.user.get_dict()
269 defaults = c.user.get_dict()
@@ -331,7 +334,8 b' class UsersController(BaseController):'
331 def edit_perms(self, id):
334 def edit_perms(self, id):
332 c.user = self._get_user_or_raise_if_default(id)
335 c.user = self._get_user_or_raise_if_default(id)
333 c.active = 'perms'
336 c.active = 'perms'
334 c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr)
337 c.perm_user = AuthUser(user_id=id)
338 c.ip_addr = self.ip_addr
335
339
336 umodel = UserModel()
340 umodel = UserModel()
337 defaults = c.user.get_dict()
341 defaults = c.user.get_dict()
Show file before | Show file after | Hide comments
@@ -159,8 +159,8 b' class JSONRPCController(WSGIController):'
159 message='Invalid API key')
159 message='Invalid API key')
160
160
161 #check if we are allowed to use this IP
161 #check if we are allowed to use this IP
162 auth_u = AuthUser(u.user_id, self._req_api_key, ip_addr=ip_addr)
162 auth_u = AuthUser(u.user_id, self._req_api_key)
163 if not auth_u.ip_allowed:
163 if not auth_u.is_ip_allowed(ip_addr):
164 return jsonrpc_error(retid=self._req_id,
164 return jsonrpc_error(retid=self._req_id,
165 message='request from IP:%s not allowed' % (ip_addr,))
165 message='request from IP:%s not allowed' % (ip_addr,))
166 else:
166 else:
Show file before | Show file after | Hide comments
@@ -109,7 +109,7 b' class LoginController(BaseController):'
109 c.came_from = url('home')
109 c.came_from = url('home')
110
110
111 not_default = self.authuser.username != User.DEFAULT_USER
111 not_default = self.authuser.username != User.DEFAULT_USER
112 ip_allowed = self.authuser.ip_allowed
112 ip_allowed = self.authuser.is_ip_allowed(self.ip_addr)
113
113
114 # redirect if already logged in
114 # redirect if already logged in
115 if self.authuser.is_authenticated and not_default and ip_allowed:
115 if self.authuser.is_authenticated and not_default and ip_allowed:
Show file before | Show file after | Hide comments
@@ -468,14 +468,13 b' class AuthUser(object):'
468 anonymous access is enabled and if so, it returns default user as logged in
468 anonymous access is enabled and if so, it returns default user as logged in
469 """
469 """
470
470
471 def __init__(self, user_id=None, api_key=None, username=None, ip_addr=None):
471 def __init__(self, user_id=None, api_key=None, username=None):
472
472
473 self.user_id = user_id
473 self.user_id = user_id
474 self._api_key = api_key
474 self._api_key = api_key
475
475
476 self.api_key = None
476 self.api_key = None
477 self.username = username
477 self.username = username
478 self.ip_addr = ip_addr
479 self.name = ''
478 self.name = ''
480 self.lastname = ''
479 self.lastname = ''
481 self.email = ''
480 self.email = ''
@@ -596,17 +595,13 b' class AuthUser(object):'
596 return [x[0] for x in self.permissions['user_groups'].iteritems()
595 return [x[0] for x in self.permissions['user_groups'].iteritems()
597 if x[1] == 'usergroup.admin']
596 if x[1] == 'usergroup.admin']
598
597
599 @property
598 def is_ip_allowed(self, ip_addr):
600 def ip_allowed(self):
601 """
599 """
602 Checks if ip_addr used in constructor is allowed from defined list of
600 Determine if `ip_addr` is on the list of allowed IP addresses
603 allowed ip_addresses for user
601 for this user.
604
605 :returns: boolean, True if ip is in allowed ip range
606 """
602 """
607 # check IP
608 inherit = self.inherit_default_permissions
603 inherit = self.inherit_default_permissions
609 return AuthUser.check_ip_allowed(self.user_id, self.ip_addr,
604 return AuthUser.check_ip_allowed(self.user_id, ip_addr,
610 inherit_from_default=inherit)
605 inherit_from_default=inherit)
611
606
612 @classmethod
607 @classmethod
@@ -622,8 +617,8 b' class AuthUser(object):'
622 return False
617 return False
623
618
624 def __repr__(self):
619 def __repr__(self):
625 return "<AuthUser('id:%s[%s] ip:%s auth:%s')>"\
620 return "<AuthUser('id:%s[%s] auth:%s')>"\
626 % (self.user_id, self.username, self.ip_addr, self.is_authenticated)
621 % (self.user_id, self.username, self.is_authenticated)
627
622
628 def set_authenticated(self, authenticated=True):
623 def set_authenticated(self, authenticated=True):
629 if self.user_id != self.anonymous_user.user_id:
624 if self.user_id != self.anonymous_user.user_id:
@@ -729,14 +724,14 b' class LoginRequired(object):'
729 return decorator(self.__wrapper, func)
724 return decorator(self.__wrapper, func)
730
725
731 def __wrapper(self, func, *fargs, **fkwargs):
726 def __wrapper(self, func, *fargs, **fkwargs):
732 cls = fargs[0]
727 controller = fargs[0]
733 user = cls.authuser
728 user = controller.authuser
734 loc = "%s:%s" % (cls.__class__.__name__, func.__name__)
729 loc = "%s:%s" % (controller.__class__.__name__, func.__name__)
735 log.debug('Checking access for user %s @ %s' % (user, loc))
730 log.debug('Checking access for user %s @ %s' % (user, loc))
736
731
737 # check if our IP is allowed
732 # check if our IP is allowed
738 if not user.ip_allowed:
733 if not user.is_ip_allowed(controller.ip_addr):
739 return redirect_to_login(_('IP %s not allowed' % (user.ip_addr)))
734 return redirect_to_login(_('IP %s not allowed') % controller.ip_addr)
740
735
741 # check if we used an API key and it's a valid one
736 # check if we used an API key and it's a valid one
742 api_key = request.GET.get('api_key')
737 api_key = request.GET.get('api_key')
Show file before | Show file after | Hide comments
@@ -342,7 +342,7 b' class BaseController(WSGIController):'
342 self.scm_model = ScmModel(self.sa)
342 self.scm_model = ScmModel(self.sa)
343
343
344 @staticmethod
344 @staticmethod
345 def _determine_auth_user(ip_addr, api_key, session_authuser):
345 def _determine_auth_user(api_key, session_authuser):
346 """
346 """
347 Create an `AuthUser` object given the IP address of the request, the
347 Create an `AuthUser` object given the IP address of the request, the
348 API key (if any), and the authuser from the session.
348 API key (if any), and the authuser from the session.
@@ -350,13 +350,13 b' class BaseController(WSGIController):'
350
350
351 if api_key:
351 if api_key:
352 # when using API_KEY we are sure user exists.
352 # when using API_KEY we are sure user exists.
353 auth_user = AuthUser(api_key=api_key, ip_addr=ip_addr)
353 auth_user = AuthUser(api_key=api_key)
354 authenticated = False
354 authenticated = False
355 else:
355 else:
356 cookie_store = CookieStoreWrapper(session_authuser)
356 cookie_store = CookieStoreWrapper(session_authuser)
357 user_id = cookie_store.get('user_id')
357 user_id = cookie_store.get('user_id')
358 try:
358 try:
359 auth_user = AuthUser(user_id=user_id, ip_addr=ip_addr)
359 auth_user = AuthUser(user_id=user_id)
360 except UserCreationError as e:
360 except UserCreationError as e:
361 # container auth or other auth functions that create users on
361 # container auth or other auth functions that create users on
362 # the fly can throw UserCreationError to signal issues with
362 # the fly can throw UserCreationError to signal issues with
@@ -364,7 +364,7 b' class BaseController(WSGIController):'
364 # exception object.
364 # exception object.
365 from kallithea.lib import helpers as h
365 from kallithea.lib import helpers as h
366 h.flash(e, 'error')
366 h.flash(e, 'error')
367 auth_user = AuthUser(ip_addr=ip_addr)
367 auth_user = AuthUser()
368
368
369 authenticated = cookie_store.get('is_authenticated')
369 authenticated = cookie_store.get('is_authenticated')
370
370
@@ -386,7 +386,6 b' class BaseController(WSGIController):'
386
386
387 #set globals for auth user
387 #set globals for auth user
388 self.authuser = c.authuser = request.user = self._determine_auth_user(
388 self.authuser = c.authuser = request.user = self._determine_auth_user(
389 self.ip_addr,
390 request.GET.get('api_key'),
389 request.GET.get('api_key'),
391 session.get('authuser'),
390 session.get('authuser'),
392 )
391 )
Show file before | Show file after | Hide comments
@@ -13,7 +13,7 b''
13 %else:
13 %else:
14 <strong>${_('Avatars are disabled')}</strong>
14 <strong>${_('Avatars are disabled')}</strong>
15 <br/>${c.user.email or _('Missing email, please update your user email address.')}
15 <br/>${c.user.email or _('Missing email, please update your user email address.')}
16 [${_('Current IP')}: ${c.perm_user.ip_addr or "?"}]
16 [${_('Current IP')}: ${c.ip_addr}]
17 %endif
17 %endif
18 </p>
18 </p>
19 </div>
19 </div>
Show file before | Show file after | Hide comments
@@ -12,7 +12,7 b''
12 <br/>${c.user.email or _('Missing email, please update this user email address.')}
12 <br/>${c.user.email or _('Missing email, please update this user email address.')}
13 ##show current ip just if we show ourself
13 ##show current ip just if we show ourself
14 %if c.authuser.username == c.user.username:
14 %if c.authuser.username == c.user.username:
15 [${_('Current IP')}: ${c.perm_user.ip_addr or "?"}]
15 [${_('Current IP')}: ${c.ip_addr}]
16 %endif
16 %endif
17 %endif
17 %endif
18 </div>
18 </div>
General Comments 0
You need to be logged in to leave comments. Login now