Show More
@@ -98,8 +98,8 b' class MyAccountController(BaseController' | |||
|
98 | 98 | # url('my_account') |
|
99 | 99 | c.active = 'profile' |
|
100 | 100 | self.__load_data() |
|
101 |
c.perm_user = AuthUser(user_id=self.authuser.user_id |
|
|
102 |
|
|
|
101 | c.perm_user = AuthUser(user_id=self.authuser.user_id) | |
|
102 | c.ip_addr = self.ip_addr | |
|
103 | 103 | c.extern_type = c.user.extern_type |
|
104 | 104 | c.extern_name = c.user.extern_name |
|
105 | 105 | |
@@ -193,8 +193,8 b' class MyAccountController(BaseController' | |||
|
193 | 193 | def my_account_perms(self): |
|
194 | 194 | c.active = 'perms' |
|
195 | 195 | self.__load_data() |
|
196 |
c.perm_user = AuthUser(user_id=self.authuser.user_id |
|
|
197 |
|
|
|
196 | c.perm_user = AuthUser(user_id=self.authuser.user_id) | |
|
197 | c.ip_addr = self.ip_addr | |
|
198 | 198 | |
|
199 | 199 | return render('admin/my_account/my_account.html') |
|
200 | 200 |
@@ -168,7 +168,8 b' class UsersController(BaseController):' | |||
|
168 | 168 | c.user = user_model.get(id) |
|
169 | 169 | c.extern_type = c.user.extern_type |
|
170 | 170 | c.extern_name = c.user.extern_name |
|
171 |
c.perm_user = AuthUser(user_id=id |
|
|
171 | c.perm_user = AuthUser(user_id=id) | |
|
172 | c.ip_addr = self.ip_addr | |
|
172 | 173 | _form = UserForm(edit=True, old_data={'user_id': id, |
|
173 | 174 | 'email': c.user.email})() |
|
174 | 175 | form_result = {} |
@@ -248,7 +249,8 b' class UsersController(BaseController):' | |||
|
248 | 249 | c.active = 'profile' |
|
249 | 250 | c.extern_type = c.user.extern_type |
|
250 | 251 | c.extern_name = c.user.extern_name |
|
251 |
c.perm_user = AuthUser(user_id=id |
|
|
252 | c.perm_user = AuthUser(user_id=id) | |
|
253 | c.ip_addr = self.ip_addr | |
|
252 | 254 | |
|
253 | 255 | defaults = c.user.get_dict() |
|
254 | 256 | return htmlfill.render( |
@@ -260,7 +262,8 b' class UsersController(BaseController):' | |||
|
260 | 262 | def edit_advanced(self, id): |
|
261 | 263 | c.user = self._get_user_or_raise_if_default(id) |
|
262 | 264 | c.active = 'advanced' |
|
263 |
c.perm_user = AuthUser(user_id=id |
|
|
265 | c.perm_user = AuthUser(user_id=id) | |
|
266 | c.ip_addr = self.ip_addr | |
|
264 | 267 | |
|
265 | 268 | umodel = UserModel() |
|
266 | 269 | defaults = c.user.get_dict() |
@@ -331,7 +334,8 b' class UsersController(BaseController):' | |||
|
331 | 334 | def edit_perms(self, id): |
|
332 | 335 | c.user = self._get_user_or_raise_if_default(id) |
|
333 | 336 | c.active = 'perms' |
|
334 |
c.perm_user = AuthUser(user_id=id |
|
|
337 | c.perm_user = AuthUser(user_id=id) | |
|
338 | c.ip_addr = self.ip_addr | |
|
335 | 339 | |
|
336 | 340 | umodel = UserModel() |
|
337 | 341 | defaults = c.user.get_dict() |
@@ -159,8 +159,8 b' class JSONRPCController(WSGIController):' | |||
|
159 | 159 | message='Invalid API key') |
|
160 | 160 | |
|
161 | 161 | #check if we are allowed to use this IP |
|
162 |
auth_u = AuthUser(u.user_id, self._req_api_key |
|
|
163 | if not auth_u.ip_allowed: | |
|
162 | auth_u = AuthUser(u.user_id, self._req_api_key) | |
|
163 | if not auth_u.is_ip_allowed(ip_addr): | |
|
164 | 164 | return jsonrpc_error(retid=self._req_id, |
|
165 | 165 | message='request from IP:%s not allowed' % (ip_addr,)) |
|
166 | 166 | else: |
@@ -109,7 +109,7 b' class LoginController(BaseController):' | |||
|
109 | 109 | c.came_from = url('home') |
|
110 | 110 | |
|
111 | 111 | not_default = self.authuser.username != User.DEFAULT_USER |
|
112 | ip_allowed = self.authuser.ip_allowed | |
|
112 | ip_allowed = self.authuser.is_ip_allowed(self.ip_addr) | |
|
113 | 113 | |
|
114 | 114 | # redirect if already logged in |
|
115 | 115 | if self.authuser.is_authenticated and not_default and ip_allowed: |
@@ -468,14 +468,13 b' class AuthUser(object):' | |||
|
468 | 468 | anonymous access is enabled and if so, it returns default user as logged in |
|
469 | 469 | """ |
|
470 | 470 | |
|
471 |
def __init__(self, user_id=None, api_key=None, username=None |
|
|
471 | def __init__(self, user_id=None, api_key=None, username=None): | |
|
472 | 472 | |
|
473 | 473 | self.user_id = user_id |
|
474 | 474 | self._api_key = api_key |
|
475 | 475 | |
|
476 | 476 | self.api_key = None |
|
477 | 477 | self.username = username |
|
478 | self.ip_addr = ip_addr | |
|
479 | 478 | self.name = '' |
|
480 | 479 | self.lastname = '' |
|
481 | 480 | self.email = '' |
@@ -596,17 +595,13 b' class AuthUser(object):' | |||
|
596 | 595 | return [x[0] for x in self.permissions['user_groups'].iteritems() |
|
597 | 596 | if x[1] == 'usergroup.admin'] |
|
598 | 597 | |
|
599 | @property | |
|
600 | def ip_allowed(self): | |
|
598 | def is_ip_allowed(self, ip_addr): | |
|
601 | 599 | """ |
|
602 | Checks if ip_addr used in constructor is allowed from defined list of | |
|
603 | allowed ip_addresses for user | |
|
604 | ||
|
605 | :returns: boolean, True if ip is in allowed ip range | |
|
600 | Determine if `ip_addr` is on the list of allowed IP addresses | |
|
601 | for this user. | |
|
606 | 602 | """ |
|
607 | # check IP | |
|
608 | 603 | inherit = self.inherit_default_permissions |
|
609 |
return AuthUser.check_ip_allowed(self.user_id, |
|
|
604 | return AuthUser.check_ip_allowed(self.user_id, ip_addr, | |
|
610 | 605 | inherit_from_default=inherit) |
|
611 | 606 | |
|
612 | 607 | @classmethod |
@@ -622,8 +617,8 b' class AuthUser(object):' | |||
|
622 | 617 | return False |
|
623 | 618 | |
|
624 | 619 | def __repr__(self): |
|
625 |
return "<AuthUser('id:%s[%s] |
|
|
626 |
% (self.user_id, self.username, self. |
|
|
620 | return "<AuthUser('id:%s[%s] auth:%s')>"\ | |
|
621 | % (self.user_id, self.username, self.is_authenticated) | |
|
627 | 622 | |
|
628 | 623 | def set_authenticated(self, authenticated=True): |
|
629 | 624 | if self.user_id != self.anonymous_user.user_id: |
@@ -729,14 +724,14 b' class LoginRequired(object):' | |||
|
729 | 724 | return decorator(self.__wrapper, func) |
|
730 | 725 | |
|
731 | 726 | def __wrapper(self, func, *fargs, **fkwargs): |
|
732 |
c |
|
|
733 |
user = c |
|
|
734 |
loc = "%s:%s" % (c |
|
|
727 | controller = fargs[0] | |
|
728 | user = controller.authuser | |
|
729 | loc = "%s:%s" % (controller.__class__.__name__, func.__name__) | |
|
735 | 730 | log.debug('Checking access for user %s @ %s' % (user, loc)) |
|
736 | 731 | |
|
737 | 732 | # check if our IP is allowed |
|
738 | if not user.ip_allowed: | |
|
739 |
return redirect_to_login(_('IP %s not allowed' % |
|
|
733 | if not user.is_ip_allowed(controller.ip_addr): | |
|
734 | return redirect_to_login(_('IP %s not allowed') % controller.ip_addr) | |
|
740 | 735 | |
|
741 | 736 | # check if we used an API key and it's a valid one |
|
742 | 737 | api_key = request.GET.get('api_key') |
@@ -342,7 +342,7 b' class BaseController(WSGIController):' | |||
|
342 | 342 | self.scm_model = ScmModel(self.sa) |
|
343 | 343 | |
|
344 | 344 | @staticmethod |
|
345 |
def _determine_auth_user( |
|
|
345 | def _determine_auth_user(api_key, session_authuser): | |
|
346 | 346 | """ |
|
347 | 347 | Create an `AuthUser` object given the IP address of the request, the |
|
348 | 348 | API key (if any), and the authuser from the session. |
@@ -350,13 +350,13 b' class BaseController(WSGIController):' | |||
|
350 | 350 | |
|
351 | 351 | if api_key: |
|
352 | 352 | # when using API_KEY we are sure user exists. |
|
353 |
auth_user = AuthUser(api_key=api_key |
|
|
353 | auth_user = AuthUser(api_key=api_key) | |
|
354 | 354 | authenticated = False |
|
355 | 355 | else: |
|
356 | 356 | cookie_store = CookieStoreWrapper(session_authuser) |
|
357 | 357 | user_id = cookie_store.get('user_id') |
|
358 | 358 | try: |
|
359 |
auth_user = AuthUser(user_id=user_id |
|
|
359 | auth_user = AuthUser(user_id=user_id) | |
|
360 | 360 | except UserCreationError as e: |
|
361 | 361 | # container auth or other auth functions that create users on |
|
362 | 362 | # the fly can throw UserCreationError to signal issues with |
@@ -364,7 +364,7 b' class BaseController(WSGIController):' | |||
|
364 | 364 | # exception object. |
|
365 | 365 | from kallithea.lib import helpers as h |
|
366 | 366 | h.flash(e, 'error') |
|
367 |
auth_user = AuthUser( |
|
|
367 | auth_user = AuthUser() | |
|
368 | 368 | |
|
369 | 369 | authenticated = cookie_store.get('is_authenticated') |
|
370 | 370 | |
@@ -386,7 +386,6 b' class BaseController(WSGIController):' | |||
|
386 | 386 | |
|
387 | 387 | #set globals for auth user |
|
388 | 388 | self.authuser = c.authuser = request.user = self._determine_auth_user( |
|
389 | self.ip_addr, | |
|
390 | 389 | request.GET.get('api_key'), |
|
391 | 390 | session.get('authuser'), |
|
392 | 391 | ) |
@@ -13,7 +13,7 b'' | |||
|
13 | 13 | %else: |
|
14 | 14 | <strong>${_('Avatars are disabled')}</strong> |
|
15 | 15 | <br/>${c.user.email or _('Missing email, please update your user email address.')} |
|
16 |
[${_('Current IP')}: ${c. |
|
|
16 | [${_('Current IP')}: ${c.ip_addr}] | |
|
17 | 17 | %endif |
|
18 | 18 | </p> |
|
19 | 19 | </div> |
@@ -12,7 +12,7 b'' | |||
|
12 | 12 | <br/>${c.user.email or _('Missing email, please update this user email address.')} |
|
13 | 13 | ##show current ip just if we show ourself |
|
14 | 14 | %if c.authuser.username == c.user.username: |
|
15 |
[${_('Current IP')}: ${c. |
|
|
15 | [${_('Current IP')}: ${c.ip_addr}] | |
|
16 | 16 | %endif |
|
17 | 17 | %endif |
|
18 | 18 | </div> |
General Comments 0
You need to be logged in to leave comments.
Login now