upstream/kallithea Commit - r1693:60249224

fix for api key lookup, reuse same function in user model

marcink -

r1693:60249224 beta

parent child

rhodecode/controllers/api/__init__.py

0 +4 -2

             # -*- coding: utf-8 -*-
             """
                 rhodecode.controllers.api
                 ~~~~~~~~~~~~~~~~~~~~~~~~~
                 JSON RPC controller
                 :created_on: Aug 20, 2011
                 :author: marcink
                 :copyright: (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; version 2
             # of the License or (at your opinion) any later version of the license.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
             # MA  02110-1301, USA.
             import inspect
             import logging
             import types
             import urllib
             import traceback
             from rhodecode.lib.compat import izip_longest, json
             from paste.response import replace_header
             from pylons.controllers import WSGIController
             from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \
             HTTPBadRequest, HTTPError
             from rhodecode.model.db import User
             from rhodecode.lib.auth import AuthUser
             log = logging.getLogger('JSONRPC')
             class JSONRPCError(BaseException):
                 def __init__(self, message):
                     self.message = message
                 def __str__(self):
                     return str(self.message)
             def jsonrpc_error(message, code=None):
                 """
                 Generate a Response object with a JSON-RPC error body
                 """
                 from pylons.controllers.util import Response
                 resp = Response(body=json.dumps(dict(result=None, error=message)),
                                 status=code,
                                 content_type='application/json')
                 return resp
             class JSONRPCController(WSGIController):
                 """
                  A WSGI-speaking JSON-RPC controller class
                  See the specification:
                  <http://json-rpc.org/wiki/specification>`.
                  Valid controller return values should be json-serializable objects.
                  Sub-classes should catch their exceptions and raise JSONRPCError
                  if they want to pass meaningful errors to the client.
                  """
                 def _get_method_args(self):
                     """
                     Return `self._rpc_args` to dispatched controller method
                     chosen by __call__
                     """
                     return self._rpc_args
                 def __call__(self, environ, start_response):
                     """
                     Parse the request body as JSON, look up the method on the
                     controller and if it exists, dispatch to it.
                     """
                     if 'CONTENT_LENGTH' not in environ:
                         log.debug("No Content-Length")
                         return jsonrpc_error(message="No Content-Length in request")
                     else:
                         length = environ['CONTENT_LENGTH'] or 0
                         length = int(environ['CONTENT_LENGTH'])
                         log.debug('Content-Length: %s', length)
                     if length == 0:
                         log.debug("Content-Length is 0")
                         return jsonrpc_error(message="Content-Length is 0")
                     raw_body = environ['wsgi.input'].read(length)
                     try:
                         json_body = json.loads(urllib.unquote_plus(raw_body))
                     except ValueError, e:
                         #catch JSON errors Here
                         return jsonrpc_error(message="JSON parse error ERR:%s RAW:%r" \
                                              % (e, urllib.unquote_plus(raw_body)))
-                    #check AUTH based on API KEY
+                    # check AUTH based on API KEY
                     try:
                         self._req_api_key = json_body['api_key']
                         self._req_method = json_body['method']
                         self._req_params = json_body['args']
                         log.debug('method: %s, params: %s',
                                   self._req_method,
                                   self._req_params)
                     except KeyError, e:
                         return jsonrpc_error(message='Incorrect JSON query missing %s' % e)
-                    #check if we can find this session using api_key
+                    # check if we can find this session using api_key
                     try:
                         u = User.get_by_api_key(self._req_api_key)
+                        if u is None:
+                            return jsonrpc_error(message='Invalid API KEY')
                         auth_u = AuthUser(u.user_id, self._req_api_key)
                     except Exception, e:
                         return jsonrpc_error(message='Invalid API KEY')
                     self._error = None
                     try:
                         self._func = self._find_method()
                     except AttributeError, e:
                         return jsonrpc_error(message=str(e))
                     # now that we have a method, add self._req_params to
                     # self.kargs and dispatch control to WGIController
                     argspec = inspect.getargspec(self._func)
                     arglist = argspec[0][1:]
                     defaults = argspec[3] or []
                     default_empty = types.NotImplementedType
                     kwarglist = list(izip_longest(reversed(arglist), reversed(defaults),
                                             fillvalue=default_empty))
                     # this is little trick to inject logged in user for
                     # perms decorators to work they expect the controller class to have
                     # rhodecode_user attribute set
                     self.rhodecode_user = auth_u
                     # This attribute will need to be first param of a method that uses
                     # api_key, which is translated to instance of user at that name
                     USER_SESSION_ATTR = 'apiuser'
                     if USER_SESSION_ATTR not in arglist:
                         return jsonrpc_error(message='This method [%s] does not support '
                                              'authentication (missing %s param)' %
                                              (self._func.__name__, USER_SESSION_ATTR))
                     # get our arglist and check if we provided them as args
                     for arg, default in kwarglist:
                         if arg == USER_SESSION_ATTR:
                             # USER_SESSION_ATTR is something translated from api key and
                             # this is checked before so we don't need validate it
                             continue
                         # skip the required param check if it's default value is
                         # NotImplementedType (default_empty)
                         if not self._req_params or (type(default) == default_empty
                                                     and arg not in self._req_params):
                             return jsonrpc_error(message=('Missing non optional %s arg '
                                                           'in JSON DATA') % arg)
                     self._rpc_args = {USER_SESSION_ATTR:u}
                     self._rpc_args.update(self._req_params)
                     self._rpc_args['action'] = self._req_method
                     self._rpc_args['environ'] = environ
                     self._rpc_args['start_response'] = start_response
                     status = []
                     headers = []
                     exc_info = []
                     def change_content(new_status, new_headers, new_exc_info=None):
                         status.append(new_status)
                         headers.extend(new_headers)
                         exc_info.append(new_exc_info)
                     output = WSGIController.__call__(self, environ, change_content)
                     output = list(output)
                     headers.append(('Content-Length', str(len(output[0]))))
                     replace_header(headers, 'Content-Type', 'application/json')
                     start_response(status[0], headers, exc_info[0])
                     return output
                 def _dispatch_call(self):
                     """
                     Implement dispatch interface specified by WSGIController
                     """
                     try:
                         raw_response = self._inspect_call(self._func)
                         if isinstance(raw_response, HTTPError):
                             self._error = str(raw_response)
                     except JSONRPCError, e:
                         self._error = str(e)
                     except Exception, e:
                         log.error('Encountered unhandled exception: %s' \
                                   % traceback.format_exc())
                         json_exc = JSONRPCError('Internal server error')
                         self._error = str(json_exc)
                     if self._error is not None:
                         raw_response = None
                     response = dict(result=raw_response, error=self._error)
                     try:
                         return json.dumps(response)
                     except TypeError, e:
                         log.debug('Error encoding response: %s', e)
                         return json.dumps(dict(result=None,
                                                error="Error encoding response"))
                 def _find_method(self):
                     """
                     Return method named by `self._req_method` in controller if able
                     """
                     log.debug('Trying to find JSON-RPC method: %s', self._req_method)
                     if self._req_method.startswith('_'):
                         raise AttributeError("Method not allowed")
                     try:
                         func = getattr(self, self._req_method, None)
                     except UnicodeEncodeError:
                         raise AttributeError("Problem decoding unicode in requested "
                                              "method name.")
                     if isinstance(func, types.MethodType):
                         return func
                     else:
                         raise AttributeError("No such method: %s" % self._req_method)

rhodecode/model/db.py

0 +1 -1

             # -*- coding: utf-8 -*-
             """
                 rhodecode.model.db
                 ~~~~~~~~~~~~~~~~~~
                 Database Models for RhodeCode
                 :created_on: Apr 08, 2010
                 :author: marcink
                 :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import os
             import logging
             import datetime
             import traceback
             from datetime import date
             from sqlalchemy import *
             from sqlalchemy.exc import DatabaseError
             from sqlalchemy.ext.hybrid import hybrid_property
             from sqlalchemy.orm import relationship, joinedload, class_mapper, validates
             from beaker.cache import cache_region, region_invalidate
             from vcs import get_backend
             from vcs.utils.helpers import get_scm
             from vcs.exceptions import VCSError
             from vcs.utils.lazy import LazyProperty
             from rhodecode.lib import str2bool, safe_str, get_changeset_safe, \
                 generate_api_key, safe_unicode
             from rhodecode.lib.exceptions import UsersGroupsAssignedException
             from rhodecode.lib.compat import json
             from rhodecode.lib.caching_query import FromCache
             from rhodecode.model.meta import Base, Session
             log = logging.getLogger(__name__)
             #==============================================================================
             # BASE CLASSES
             #==============================================================================
             class ModelSerializer(json.JSONEncoder):
                 """
                 Simple Serializer for JSON,
                 usage::
                     to make object customized for serialization implement a __json__
                     method that will return a dict for serialization into json
                 example::
                     class Task(object):
                         def __init__(self, name, value):
                             self.name = name
                             self.value = value
                         def __json__(self):
                             return dict(name=self.name,
                                         value=self.value)
                 """
                 def default(self, obj):
                     if hasattr(obj, '__json__'):
                         return obj.__json__()
                     else:
                         return json.JSONEncoder.default(self, obj)
             class BaseModel(object):
                 """Base Model for all classess
                 """
                 @classmethod
                 def _get_keys(cls):
                     """return column names for this model """
                     return class_mapper(cls).c.keys()
                 def get_dict(self):
                     """return dict with keys and values corresponding
                     to this model data """
                     d = {}
                     for k in self._get_keys():
                         d[k] = getattr(self, k)
                     return d
                 def get_appstruct(self):
                     """return list with keys and values tupples corresponding
                     to this model data """
                     l = []
                     for k in self._get_keys():
                         l.append((k, getattr(self, k),))
                     return l
                 def populate_obj(self, populate_dict):
                     """populate model with data from given populate_dict"""
                     for k in self._get_keys():
                         if k in populate_dict:
                             setattr(self, k, populate_dict[k])
                 @classmethod
                 def query(cls):
                     return Session.query(cls)
                 @classmethod
                 def get(cls, id_):
                     if id_:
                         return cls.query().get(id_)
                 @classmethod
                 def getAll(cls):
                     return cls.query().all()
                 @classmethod
                 def delete(cls, id_):
                     obj = cls.query().get(id_)
                     Session.delete(obj)
                     Session.commit()
             class RhodeCodeSetting(Base, BaseModel):
                 __tablename__ = 'rhodecode_settings'
                 __table_args__ = (UniqueConstraint('app_settings_name'), {'extend_existing':True})
                 app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 app_settings_name = Column("app_settings_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 _app_settings_value = Column("app_settings_value", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 def __init__(self, k='', v=''):
                     self.app_settings_name = k
                     self.app_settings_value = v
                 @validates('_app_settings_value')
                 def validate_settings_value(self, key, val):
                     assert type(val) == unicode
                     return val
                 @hybrid_property
                 def app_settings_value(self):
                     v = self._app_settings_value
                     if v == 'ldap_active':
                         v = str2bool(v)
                     return v
                 @app_settings_value.setter
                 def app_settings_value(self, val):
                     """
                     Setter that will always make sure we use unicode in app_settings_value
                     :param val:
                     """
                     self._app_settings_value = safe_unicode(val)
                 def __repr__(self):
                     return "<%s('%s:%s')>" % (self.__class__.__name__,
                                               self.app_settings_name, self.app_settings_value)
                 @classmethod
                 def get_by_name(cls, ldap_key):
                     return cls.query()\
                         .filter(cls.app_settings_name == ldap_key).scalar()
                 @classmethod
                 def get_app_settings(cls, cache=False):
                     ret = cls.query()
                     if cache:
                         ret = ret.options(FromCache("sql_cache_short", "get_hg_settings"))
                     if not ret:
                         raise Exception('Could not get application settings !')
                     settings = {}
                     for each in ret:
                         settings['rhodecode_' + each.app_settings_name] = \
                             each.app_settings_value
                     return settings
                 @classmethod
                 def get_ldap_settings(cls, cache=False):
                     ret = cls.query()\
                             .filter(cls.app_settings_name.startswith('ldap_')).all()
                     fd = {}
                     for row in ret:
                         fd.update({row.app_settings_name:row.app_settings_value})
                     return fd
             class RhodeCodeUi(Base, BaseModel):
                 __tablename__ = 'rhodecode_ui'
                 __table_args__ = (UniqueConstraint('ui_key'), {'extend_existing':True})
                 HOOK_UPDATE = 'changegroup.update'
                 HOOK_REPO_SIZE = 'changegroup.repo_size'
                 HOOK_PUSH = 'pretxnchangegroup.push_logger'
                 HOOK_PULL = 'preoutgoing.pull_logger'
                 ui_id = Column("ui_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 ui_section = Column("ui_section", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 ui_key = Column("ui_key", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 ui_value = Column("ui_value", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 ui_active = Column("ui_active", Boolean(), nullable=True, unique=None, default=True)
                 @classmethod
                 def get_by_key(cls, key):
                     return cls.query().filter(cls.ui_key == key)
                 @classmethod
                 def get_builtin_hooks(cls):
                     q = cls.query()
                     q = q.filter(cls.ui_key.in_([cls.HOOK_UPDATE,
                                                 cls.HOOK_REPO_SIZE,
                                                 cls.HOOK_PUSH, cls.HOOK_PULL]))
                     return q.all()
                 @classmethod
                 def get_custom_hooks(cls):
                     q = cls.query()
                     q = q.filter(~cls.ui_key.in_([cls.HOOK_UPDATE,
                                                 cls.HOOK_REPO_SIZE,
                                                 cls.HOOK_PUSH, cls.HOOK_PULL]))
                     q = q.filter(cls.ui_section == 'hooks')
                     return q.all()
                 @classmethod
                 def create_or_update_hook(cls, key, val):
                     new_ui = cls.get_by_key(key).scalar() or cls()
                     new_ui.ui_section = 'hooks'
                     new_ui.ui_active = True
                     new_ui.ui_key = key
                     new_ui.ui_value = val
                     Session.add(new_ui)
                     Session.commit()
             class User(Base, BaseModel):
                 __tablename__ = 'users'
                 __table_args__ = (UniqueConstraint('username'), UniqueConstraint('email'), {'extend_existing':True})
                 user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 username = Column("username", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 password = Column("password", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 active = Column("active", Boolean(), nullable=True, unique=None, default=None)
                 admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)
                 name = Column("name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 lastname = Column("lastname", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 email = Column("email", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)
                 ldap_dn = Column("ldap_dn", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 api_key = Column("api_key", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 user_log = relationship('UserLog', cascade='all')
                 user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')
                 repositories = relationship('Repository')
                 user_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all')
                 repo_to_perm = relationship('UserRepoToPerm', primaryjoin='UserRepoToPerm.user_id==User.user_id', cascade='all')
                 group_member = relationship('UsersGroupMember', cascade='all')
                 @property
                 def full_contact(self):
                     return '%s %s <%s>' % (self.name, self.lastname, self.email)
                 @property
                 def short_contact(self):
                     return '%s %s' % (self.name, self.lastname)
                 @property
                 def is_admin(self):
                     return self.admin
                 def __repr__(self):
                     try:
                         return "<%s('id:%s:%s')>" % (self.__class__.__name__,
                                                          self.user_id, self.username)
                     except:
                         return self.__class__.__name__
                 @classmethod
                 def get_by_username(cls, username, case_insensitive=False, cache=False):
                     if case_insensitive:
                         q = cls.query().filter(cls.username.ilike(username))
                     else:
                         q = cls.query().filter(cls.username == username)
                     if cache:
                         q = q.options(FromCache("sql_cache_short",
                                                 "get_user_%s" % username))
                     return q.scalar()
                 @classmethod
                 def get_by_api_key(cls, api_key, cache=False):
                     q = cls.query().filter(cls.api_key == api_key)
                     if cache:
                         q = q.options(FromCache("sql_cache_short",
                                                 "get_api_key_%s" % api_key))
-                    q.one()
+                    return q.scalar()
                 def update_lastlogin(self):
                     """Update user lastlogin"""
                     self.last_login = datetime.datetime.now()
                     Session.add(self)
                     Session.commit()
                     log.debug('updated user %s lastlogin', self.username)
             class UserLog(Base, BaseModel):
                 __tablename__ = 'user_logs'
                 __table_args__ = {'extend_existing':True}
                 user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
                 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
                 repository_name = Column("repository_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 user_ip = Column("user_ip", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 action = Column("action", UnicodeText(length=1200000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None)
                 @property
                 def action_as_day(self):
                     return date(*self.action_date.timetuple()[:3])
                 user = relationship('User')
                 repository = relationship('Repository')
             class UsersGroup(Base, BaseModel):
                 __tablename__ = 'users_groups'
                 __table_args__ = {'extend_existing':True}
                 users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 users_group_name = Column("users_group_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
                 users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)
                 members = relationship('UsersGroupMember', cascade="all, delete, delete-orphan", lazy="joined")
                 def __repr__(self):
                     return '<userGroup(%s)>' % (self.users_group_name)
                 @classmethod
                 def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):
                     if case_insensitive:
                         gr = cls.query()\
                             .filter(cls.users_group_name.ilike(group_name))
                     else:
                         gr = cls.query()\
                             .filter(cls.users_group_name == group_name)
                     if cache:
                         gr = gr.options(FromCache("sql_cache_short",
                                                       "get_user_%s" % group_name))
                     return gr.scalar()
                 @classmethod
                 def get(cls, users_group_id, cache=False):
                     users_group = cls.query()
                     if cache:
                         users_group = users_group.options(FromCache("sql_cache_short",
                                                 "get_users_group_%s" % users_group_id))
                     return users_group.get(users_group_id)
                 @classmethod
                 def create(cls, form_data):
                     try:
                         new_users_group = cls()
                         for k, v in form_data.items():
                             setattr(new_users_group, k, v)
                         Session.add(new_users_group)
                         Session.commit()
                         return new_users_group
                     except:
                         log.error(traceback.format_exc())
                         Session.rollback()
                         raise
                 @classmethod
                 def update(cls, users_group_id, form_data):
                     try:
                         users_group = cls.get(users_group_id, cache=False)
                         for k, v in form_data.items():
                             if k == 'users_group_members':
                                 users_group.members = []
                                 Session.flush()
                                 members_list = []
                                 if v:
                                     v = [v] if isinstance(v, basestring) else v
                                     for u_id in set(v):
                                         member = UsersGroupMember(users_group_id, u_id)
                                         members_list.append(member)
                                 setattr(users_group, 'members', members_list)
                             setattr(users_group, k, v)
                         Session.add(users_group)
                         Session.commit()
                     except:
                         log.error(traceback.format_exc())
                         Session.rollback()
                         raise
                 @classmethod
                 def delete(cls, users_group_id):
                     try:
                         # check if this group is not assigned to repo
                         assigned_groups = UsersGroupRepoToPerm.query()\
                             .filter(UsersGroupRepoToPerm.users_group_id ==
                                     users_group_id).all()
                         if assigned_groups:
                             raise UsersGroupsAssignedException('RepoGroup assigned to %s' %
                                                                assigned_groups)
                         users_group = cls.get(users_group_id, cache=False)
                         Session.delete(users_group)
                         Session.commit()
                     except:
                         log.error(traceback.format_exc())
                         Session.rollback()
                         raise
             class UsersGroupMember(Base, BaseModel):
                 __tablename__ = 'users_groups_members'
                 __table_args__ = {'extend_existing':True}
                 users_group_member_id = Column("users_group_member_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
                 user = relationship('User', lazy='joined')
                 users_group = relationship('UsersGroup')
                 def __init__(self, gr_id='', u_id=''):
                     self.users_group_id = gr_id
                     self.user_id = u_id
                 @staticmethod
                 def add_user_to_group(group, user):
                     ugm = UsersGroupMember()
                     ugm.users_group = group
                     ugm.user = user
                     Session.add(ugm)
                     Session.commit()
                     return ugm
             class Repository(Base, BaseModel):
                 __tablename__ = 'repositories'
                 __table_args__ = (UniqueConstraint('repo_name'), {'extend_existing':True},)
                 repo_id = Column("repo_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 repo_name = Column("repo_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
                 clone_uri = Column("clone_uri", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=False, default=None)
                 repo_type = Column("repo_type", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=False, default='hg')
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
                 private = Column("private", Boolean(), nullable=True, unique=None, default=None)
                 enable_statistics = Column("statistics", Boolean(), nullable=True, unique=None, default=True)
                 enable_downloads = Column("downloads", Boolean(), nullable=True, unique=None, default=True)
                 description = Column("description", String(length=10000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 created_on = Column('created_on', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
                 fork_id = Column("fork_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=False, default=None)
                 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=False, default=None)
                 user = relationship('User')
                 fork = relationship('Repository', remote_side=repo_id)
                 group = relationship('RepoGroup')
                 repo_to_perm = relationship('UserRepoToPerm', cascade='all', order_by='UserRepoToPerm.repo_to_perm_id')
                 users_group_to_perm = relationship('UsersGroupRepoToPerm', cascade='all')
                 stats = relationship('Statistics', cascade='all', uselist=False)
                 followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id', cascade='all')
                 logs = relationship('UserLog', cascade='all')
                 def __repr__(self):
                     return "<%s('%s:%s')>" % (self.__class__.__name__,
                                               self.repo_id, self.repo_name)
                 @classmethod
                 def url_sep(cls):
                     return '/'
                 @classmethod
                 def get_by_repo_name(cls, repo_name):
                     q = Session.query(cls).filter(cls.repo_name == repo_name)
                     q = q.options(joinedload(Repository.fork))\
                             .options(joinedload(Repository.user))\
                             .options(joinedload(Repository.group))
                     return q.one()
                 @classmethod
                 def get_repo_forks(cls, repo_id):
                     return cls.query().filter(Repository.fork_id == repo_id)
                 @classmethod
                 def base_path(cls):
                     """
                     Returns base path when all repos are stored
                     :param cls:
                     """
                     q = Session.query(RhodeCodeUi).filter(RhodeCodeUi.ui_key ==
                                                           cls.url_sep())
                     q.options(FromCache("sql_cache_short", "repository_repo_path"))
                     return q.one().ui_value
                 @property
                 def just_name(self):
                     return self.repo_name.split(Repository.url_sep())[-1]
                 @property
                 def groups_with_parents(self):
                     groups = []
                     if self.group is None:
                         return groups
                     cur_gr = self.group
                     groups.insert(0, cur_gr)
                     while 1:
                         gr = getattr(cur_gr, 'parent_group', None)
                         cur_gr = cur_gr.parent_group
                         if gr is None:
                             break
                         groups.insert(0, gr)
                     return groups
                 @property
                 def groups_and_repo(self):
                     return self.groups_with_parents, self.just_name
                 @LazyProperty
                 def repo_path(self):
                     """
                     Returns base full path for that repository means where it actually
                     exists on a filesystem
                     """
                     q = Session.query(RhodeCodeUi).filter(RhodeCodeUi.ui_key ==
                                                           Repository.url_sep())
                     q.options(FromCache("sql_cache_short", "repository_repo_path"))
                     return q.one().ui_value
                 @property
                 def repo_full_path(self):
                     p = [self.repo_path]
                     # we need to split the name by / since this is how we store the
                     # names in the database, but that eventually needs to be converted
                     # into a valid system path
                     p += self.repo_name.split(Repository.url_sep())
                     return os.path.join(*p)
                 def get_new_name(self, repo_name):
                     """
                     returns new full repository name based on assigned group and new new
                     :param group_name:
                     """
                     path_prefix = self.group.full_path_splitted if self.group else []
                     return Repository.url_sep().join(path_prefix + [repo_name])
                 @property
                 def _ui(self):
                     """
                     Creates an db based ui object for this repository
                     """
                     from mercurial import ui
                     from mercurial import config
                     baseui = ui.ui()
                     #clean the baseui object
                     baseui._ocfg = config.config()
                     baseui._ucfg = config.config()
                     baseui._tcfg = config.config()
                     ret = RhodeCodeUi.query()\
                         .options(FromCache("sql_cache_short", "repository_repo_ui")).all()
                     hg_ui = ret
                     for ui_ in hg_ui:
                         if ui_.ui_active:
                             log.debug('settings ui from db[%s]%s:%s', ui_.ui_section,
                                       ui_.ui_key, ui_.ui_value)
                             baseui.setconfig(ui_.ui_section, ui_.ui_key, ui_.ui_value)
                     return baseui
                 @classmethod
                 def is_valid(cls, repo_name):
                     """
                     returns True if given repo name is a valid filesystem repository
                     @param cls:
                     @param repo_name:
                     """
                     from rhodecode.lib.utils import is_valid_repo
                     return is_valid_repo(repo_name, cls.base_path())
                 #==========================================================================
                 # SCM PROPERTIES
                 #==========================================================================
                 def get_changeset(self, rev):
                     return get_changeset_safe(self.scm_instance, rev)
                 @property
                 def tip(self):
                     return self.get_changeset('tip')
                 @property
                 def author(self):
                     return self.tip.author
                 @property
                 def last_change(self):
                     return self.scm_instance.last_change
                 #==========================================================================
                 # SCM CACHE INSTANCE
                 #==========================================================================
                 @property
                 def invalidate(self):
                     return CacheInvalidation.invalidate(self.repo_name)
                 def set_invalidate(self):
                     """
                     set a cache for invalidation for this instance
                     """
                     CacheInvalidation.set_invalidate(self.repo_name)
                 @LazyProperty
                 def scm_instance(self):
                     return self.__get_instance()
                 @property
                 def scm_instance_cached(self):
                     @cache_region('long_term')
                     def _c(repo_name):
                         return self.__get_instance()
                     rn = self.repo_name
                     inv = self.invalidate
                     if inv is not None:
                         region_invalidate(_c, None, rn)
                         # update our cache
                         CacheInvalidation.set_valid(inv.cache_key)
                     return _c(rn)
                 def __get_instance(self):
                     repo_full_path = self.repo_full_path
                     try:
                         alias = get_scm(repo_full_path)[0]
                         log.debug('Creating instance of %s repository', alias)
                         backend = get_backend(alias)
                     except VCSError:
                         log.error(traceback.format_exc())
                         log.error('Perhaps this repository is in db and not in '
                                   'filesystem run rescan repositories with '
                                   '"destroy old data " option from admin panel')
                         return
                     if alias == 'hg':
                         repo = backend(safe_str(repo_full_path), create=False,
                                        baseui=self._ui)
                         # skip hidden web repository
                         if repo._get_hidden():
                             return
                     else:
                         repo = backend(repo_full_path, create=False)
                     return repo
             class RepoGroup(Base, BaseModel):
                 __tablename__ = 'groups'
                 __table_args__ = (UniqueConstraint('group_name', 'group_parent_id'),
                                   CheckConstraint('group_id != group_parent_id'), {'extend_existing':True},)
                 __mapper_args__ = {'order_by':'group_name'}
                 group_id = Column("group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 group_name = Column("group_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
                 group_parent_id = Column("group_parent_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=None, default=None)
                 group_description = Column("group_description", String(length=10000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 parent_group = relationship('RepoGroup', remote_side=group_id)
                 def __init__(self, group_name='', parent_group=None):
                     self.group_name = group_name
                     self.parent_group = parent_group
                 def __repr__(self):
                     return "<%s('%s:%s')>" % (self.__class__.__name__, self.group_id,
                                               self.group_name)
                 @classmethod
                 def groups_choices(cls):
                     from webhelpers.html import literal as _literal
                     repo_groups = [('', '')]
                     sep = ' &raquo; '
                     _name = lambda k: _literal(sep.join(k))
                     repo_groups.extend([(x.group_id, _name(x.full_path_splitted))
                                           for x in cls.query().all()])
                     repo_groups = sorted(repo_groups, key=lambda t: t[1].split(sep)[0])
                     return repo_groups
                 @classmethod
                 def url_sep(cls):
                     return '/'
                 @classmethod
                 def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):
                     if case_insensitive:
                         gr = cls.query()\
                             .filter(cls.group_name.ilike(group_name))
                     else:
                         gr = cls.query()\
                             .filter(cls.group_name == group_name)
                     if cache:
                         gr = gr.options(FromCache("sql_cache_short",
                                                       "get_group_%s" % group_name))
                     return gr.scalar()
                 @property
                 def parents(self):
                     parents_recursion_limit = 5
                     groups = []
                     if self.parent_group is None:
                         return groups
                     cur_gr = self.parent_group
                     groups.insert(0, cur_gr)
                     cnt = 0
                     while 1:
                         cnt += 1
                         gr = getattr(cur_gr, 'parent_group', None)
                         cur_gr = cur_gr.parent_group
                         if gr is None:
                             break
                         if cnt == parents_recursion_limit:
                             # this will prevent accidental infinit loops
                             log.error('group nested more than %s' %
                                       parents_recursion_limit)
                             break
                         groups.insert(0, gr)
                     return groups
                 @property
                 def children(self):
                     return RepoGroup.query().filter(RepoGroup.parent_group == self)
                 @property
                 def name(self):
                     return self.group_name.split(RepoGroup.url_sep())[-1]
                 @property
                 def full_path(self):
                     return self.group_name
                 @property
                 def full_path_splitted(self):
                     return self.group_name.split(RepoGroup.url_sep())
                 @property
                 def repositories(self):
                     return Repository.query().filter(Repository.group == self)
                 @property
                 def repositories_recursive_count(self):
                     cnt = self.repositories.count()
                     def children_count(group):
                         cnt = 0
                         for child in group.children:
                             cnt += child.repositories.count()
                             cnt += children_count(child)
                         return cnt
                     return cnt + children_count(self)
                 def get_new_name(self, group_name):
                     """
                     returns new full group name based on parent and new name
                     :param group_name:
                     """
                     path_prefix = (self.parent_group.full_path_splitted if
                                    self.parent_group else [])
                     return RepoGroup.url_sep().join(path_prefix + [group_name])
             class Permission(Base, BaseModel):
                 __tablename__ = 'permissions'
                 __table_args__ = {'extend_existing':True}
                 permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 permission_name = Column("permission_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 permission_longname = Column("permission_longname", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 def __repr__(self):
                     return "<%s('%s:%s')>" % (self.__class__.__name__,
                                               self.permission_id, self.permission_name)
                 @classmethod
                 def get_by_key(cls, key):
                     return cls.query().filter(cls.permission_name == key).scalar()
             class UserRepoToPerm(Base, BaseModel):
                 __tablename__ = 'repo_to_perm'
                 __table_args__ = (UniqueConstraint('user_id', 'repository_id'), {'extend_existing':True})
                 repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
                 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
                 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
                 user = relationship('User')
                 permission = relationship('Permission')
                 repository = relationship('Repository')
             class UserToPerm(Base, BaseModel):
                 __tablename__ = 'user_to_perm'
                 __table_args__ = (UniqueConstraint('user_id', 'permission_id'), {'extend_existing':True})
                 user_to_perm_id = Column("user_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
                 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
                 user = relationship('User')
                 permission = relationship('Permission')
                 @classmethod
                 def has_perm(cls, user_id, perm):
                     if not isinstance(perm, Permission):
                         raise Exception('perm needs to be an instance of Permission class')
                     return cls.query().filter(cls.user_id == user_id)\
                         .filter(cls.permission == perm).scalar() is not None
                 @classmethod
                 def grant_perm(cls, user_id, perm):
                     if not isinstance(perm, Permission):
                         raise Exception('perm needs to be an instance of Permission class')
                     new = cls()
                     new.user_id = user_id
                     new.permission = perm
                     try:
                         Session.add(new)
                         Session.commit()
                     except:
                         Session.rollback()
                 @classmethod
                 def revoke_perm(cls, user_id, perm):
                     if not isinstance(perm, Permission):
                         raise Exception('perm needs to be an instance of Permission class')
                     try:
                         cls.query().filter(cls.user_id == user_id)\
                             .filter(cls.permission == perm).delete()
                         Session.commit()
                     except:
                         Session.rollback()
             class UsersGroupRepoToPerm(Base, BaseModel):
                 __tablename__ = 'users_group_repo_to_perm'
                 __table_args__ = (UniqueConstraint('repository_id', 'users_group_id', 'permission_id'), {'extend_existing':True})
                 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
                 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
                 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
                 users_group = relationship('UsersGroup')
                 permission = relationship('Permission')
                 repository = relationship('Repository')
                 def __repr__(self):
                     return '<userGroup:%s => %s >' % (self.users_group, self.repository)
             class UsersGroupToPerm(Base, BaseModel):
                 __tablename__ = 'users_group_to_perm'
                 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
                 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
                 users_group = relationship('UsersGroup')
                 permission = relationship('Permission')
                 @classmethod
                 def has_perm(cls, users_group_id, perm):
                     if not isinstance(perm, Permission):
                         raise Exception('perm needs to be an instance of Permission class')
                     return cls.query().filter(cls.users_group_id ==
                                                      users_group_id)\
                                                      .filter(cls.permission == perm)\
                                                      .scalar() is not None
                 @classmethod
                 def grant_perm(cls, users_group_id, perm):
                     if not isinstance(perm, Permission):
                         raise Exception('perm needs to be an instance of Permission class')
                     new = cls()
                     new.users_group_id = users_group_id
                     new.permission = perm
                     try:
                         Session.add(new)
                         Session.commit()
                     except:
                         Session.rollback()
                 @classmethod
                 def revoke_perm(cls, users_group_id, perm):
                     if not isinstance(perm, Permission):
                         raise Exception('perm needs to be an instance of Permission class')
                     try:
                         cls.query().filter(cls.users_group_id == users_group_id)\
                             .filter(cls.permission == perm).delete()
                         Session.commit()
                     except:
                         Session.rollback()
             class UserRepoGroupToPerm(Base, BaseModel):
                 __tablename__ = 'group_to_perm'
                 __table_args__ = (UniqueConstraint('group_id', 'permission_id'), {'extend_existing':True})
                 group_to_perm_id = Column("group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
                 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
                 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
                 user = relationship('User')
                 permission = relationship('Permission')
                 group = relationship('RepoGroup')
             class UsersGroupRepoGroupToPerm(Base, BaseModel):
                 __tablename__ = 'users_group_repo_group_to_perm'
                 __table_args__ = (UniqueConstraint('group_id', 'permission_id'), {'extend_existing':True})
                 users_group_repo_group_to_perm_id = Column("users_group_repo_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
                 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
                 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
                 users_group = relationship('UsersGroup')
                 permission = relationship('Permission')
                 group = relationship('RepoGroup')
             class Statistics(Base, BaseModel):
                 __tablename__ = 'statistics'
                 __table_args__ = (UniqueConstraint('repository_id'), {'extend_existing':True})
                 stat_id = Column("stat_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=True, default=None)
                 stat_on_revision = Column("stat_on_revision", Integer(), nullable=False)
                 commit_activity = Column("commit_activity", LargeBinary(1000000), nullable=False)#JSON data
                 commit_activity_combined = Column("commit_activity_combined", LargeBinary(), nullable=False)#JSON data
                 languages = Column("languages", LargeBinary(1000000), nullable=False)#JSON data
                 repository = relationship('Repository', single_parent=True)
             class UserFollowing(Base, BaseModel):
                 __tablename__ = 'user_followings'
                 __table_args__ = (UniqueConstraint('user_id', 'follows_repository_id'),
                                   UniqueConstraint('user_id', 'follows_user_id')
                                   , {'extend_existing':True})
                 user_following_id = Column("user_following_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
                 follows_repo_id = Column("follows_repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=None, default=None)
                 follows_user_id = Column("follows_user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
                 follows_from = Column('follows_from', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
                 user = relationship('User', primaryjoin='User.user_id==UserFollowing.user_id')
                 follows_user = relationship('User', primaryjoin='User.user_id==UserFollowing.follows_user_id')
                 follows_repository = relationship('Repository', order_by='Repository.repo_name')
                 @classmethod
                 def get_repo_followers(cls, repo_id):
                     return cls.query().filter(cls.follows_repo_id == repo_id)
             class CacheInvalidation(Base, BaseModel):
                 __tablename__ = 'cache_invalidation'
                 __table_args__ = (UniqueConstraint('cache_key'), {'extend_existing':True})
                 cache_id = Column("cache_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 cache_key = Column("cache_key", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 cache_args = Column("cache_args", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 cache_active = Column("cache_active", Boolean(), nullable=True, unique=None, default=False)
                 def __init__(self, cache_key, cache_args=''):
                     self.cache_key = cache_key
                     self.cache_args = cache_args
                     self.cache_active = False
                 def __repr__(self):
                     return "<%s('%s:%s')>" % (self.__class__.__name__,
                                               self.cache_id, self.cache_key)
                 @classmethod
                 def invalidate(cls, key):
                     """
                     Returns Invalidation object if this given key should be invalidated
                     None otherwise. `cache_active = False` means that this cache
                     state is not valid and needs to be invalidated
                     :param key:
                     """
                     return cls.query()\
                             .filter(CacheInvalidation.cache_key == key)\
                             .filter(CacheInvalidation.cache_active == False)\
                             .scalar()
                 @classmethod
                 def set_invalidate(cls, key):
                     """
                     Mark this Cache key for invalidation
                     :param key:
                     """
                     log.debug('marking %s for invalidation' % key)
                     inv_obj = Session().query(cls)\
                         .filter(cls.cache_key == key).scalar()
                     if inv_obj:
                         inv_obj.cache_active = False
                     else:
                         log.debug('cache key not found in invalidation db -> creating one')
                         inv_obj = CacheInvalidation(key)
                     try:
                         Session.add(inv_obj)
                         Session.commit()
                     except Exception:
                         log.error(traceback.format_exc())
                         Session.rollback()
                 @classmethod
                 def set_valid(cls, key):
                     """
                     Mark this cache key as active and currently cached
                     :param key:
                     """
                     inv_obj = Session().query(CacheInvalidation)\
                         .filter(CacheInvalidation.cache_key == key).scalar()
                     inv_obj.cache_active = True
                     Session.add(inv_obj)
                     Session.commit()
             class ChangesetComment(Base, BaseModel):
                 __tablename__ = 'changeset_comments'
                 __table_args__ = ({'extend_existing':True},)
                 comment_id = Column('comment_id', Integer(), nullable=False, primary_key=True)
                 repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
                 revision = Column('revision', String(40), nullable=False)
                 line_no = Column('line_no', Unicode(10), nullable=True)
                 f_path = Column('f_path', Unicode(1000), nullable=True)
                 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)
                 text = Column('text', Unicode(25000), nullable=False)
                 modified_at = Column('modified_at', DateTime(), nullable=False, default=datetime.datetime.now)
                 author = relationship('User')
                 repo = relationship('Repository')
             class DbMigrateVersion(Base, BaseModel):
                 __tablename__ = 'db_migrate_version'
                 __table_args__ = {'extend_existing':True}
                 repository_id = Column('repository_id', String(250), primary_key=True)
                 repository_path = Column('repository_path', Text)
                 version = Column('version', Integer)

rhodecode/model/user.py

0 +1 -7

             # -*- coding: utf-8 -*-
             """
                 rhodecode.model.user
                 ~~~~~~~~~~~~~~~~~~~~
                 users model for RhodeCode
                 :created_on: Apr 9, 2010
                 :author: marcink
                 :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import logging
             import traceback
             from pylons.i18n.translation import _
             from rhodecode.lib import safe_unicode
             from rhodecode.lib.caching_query import FromCache
             from rhodecode.model import BaseModel
             from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \
                 UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember
             from rhodecode.lib.exceptions import DefaultUserException, \
                 UserOwnsReposException
             from sqlalchemy.exc import DatabaseError
             from rhodecode.lib import generate_api_key
             from sqlalchemy.orm import joinedload
             log = logging.getLogger(__name__)
             PERM_WEIGHTS = {'repository.none': 0,
                             'repository.read': 1,
                             'repository.write': 3,
                             'repository.admin': 3}
             class UserModel(BaseModel):
                 def get(self, user_id, cache=False):
                     user = self.sa.query(User)
                     if cache:
                         user = user.options(FromCache("sql_cache_short",
                                                       "get_user_%s" % user_id))
                     return user.get(user_id)
                 def get_by_username(self, username, cache=False, case_insensitive=False):
                     if case_insensitive:
                         user = self.sa.query(User).filter(User.username.ilike(username))
                     else:
                         user = self.sa.query(User)\
                             .filter(User.username == username)
                     if cache:
                         user = user.options(FromCache("sql_cache_short",
                                                       "get_user_%s" % username))
                     return user.scalar()
                 def get_by_api_key(self, api_key, cache=False):
+                    return User.get_by_api_key(api_key, cache)
-                    user = self.sa.query(User)\
-                            .filter(User.api_key == api_key)
-                    if cache:
-                        user = user.options(FromCache("sql_cache_short",
-                                                      "get_user_%s" % api_key))
-                    return user.scalar()
                 def create(self, form_data):
                     try:
                         new_user = User()
                         for k, v in form_data.items():
                             setattr(new_user, k, v)
                         new_user.api_key = generate_api_key(form_data['username'])
                         self.sa.add(new_user)
                         self.sa.commit()
                         return new_user
                     except:
                         log.error(traceback.format_exc())
                         self.sa.rollback()
                         raise
                 def create_or_update(self, username, password, email, name, lastname,
                                      active=True, admin=False, ldap_dn=None):
                     """
                     Creates a new instance if not found, or updates current one
                     :param username:
                     :param password:
                     :param email:
                     :param active:
                     :param name:
                     :param lastname:
                     :param active:
                     :param admin:
                     :param ldap_dn:
                     """
                     from rhodecode.lib.auth import get_crypt_password
                     log.debug('Checking for %s account in RhodeCode database', username)
                     user = User.get_by_username(username, case_insensitive=True)
                     if user is None:
                         log.debug('creating new user %s', username)
                         new_user = User()
                     else:
                         log.debug('updating user %s', username)
                         new_user = user
                     try:
                         new_user.username = username
                         new_user.admin = admin
                         new_user.password = get_crypt_password(password)
                         new_user.api_key = generate_api_key(username)
                         new_user.email = email
                         new_user.active = active
                         new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
                         new_user.name = name
                         new_user.lastname = lastname
                         self.sa.add(new_user)
                         self.sa.commit()
                         return new_user
                     except (DatabaseError,):
                         log.error(traceback.format_exc())
                         self.sa.rollback()
                         raise
                 def create_for_container_auth(self, username, attrs):
                     """
                     Creates the given user if it's not already in the database
                     :param username:
                     :param attrs:
                     """
                     if self.get_by_username(username, case_insensitive=True) is None:
                         # autogenerate email for container account without one
                         generate_email = lambda usr: '%s@container_auth.account' % usr
                         try:
                             new_user = User()
                             new_user.username = username
                             new_user.password = None
                             new_user.api_key = generate_api_key(username)
                             new_user.email = attrs['email']
                             new_user.active = attrs.get('active', True)
                             new_user.name = attrs['name'] or generate_email(username)
                             new_user.lastname = attrs['lastname']
                             self.sa.add(new_user)
                             self.sa.commit()
                             return new_user
                         except (DatabaseError,):
                             log.error(traceback.format_exc())
                             self.sa.rollback()
                             raise
                     log.debug('User %s already exists. Skipping creation of account'
                               ' for container auth.', username)
                     return None
                 def create_ldap(self, username, password, user_dn, attrs):
                     """
                     Checks if user is in database, if not creates this user marked
                     as ldap user
                     :param username:
                     :param password:
                     :param user_dn:
                     :param attrs:
                     """
                     from rhodecode.lib.auth import get_crypt_password
                     log.debug('Checking for such ldap account in RhodeCode database')
                     if self.get_by_username(username, case_insensitive=True) is None:
                         # autogenerate email for ldap account without one
                         generate_email = lambda usr: '%s@ldap.account' % usr
                         try:
                             new_user = User()
                             username = username.lower()
                             # add ldap account always lowercase
                             new_user.username = username
                             new_user.password = get_crypt_password(password)
                             new_user.api_key = generate_api_key(username)
                             new_user.email = attrs['email'] or generate_email(username)
                             new_user.active = attrs.get('active', True)
                             new_user.ldap_dn = safe_unicode(user_dn)
                             new_user.name = attrs['name']
                             new_user.lastname = attrs['lastname']
                             self.sa.add(new_user)
                             self.sa.commit()
                             return new_user
                         except (DatabaseError,):
                             log.error(traceback.format_exc())
                             self.sa.rollback()
                             raise
                     log.debug('this %s user exists skipping creation of ldap account',
                               username)
                     return None
                 def create_registration(self, form_data):
                     from rhodecode.lib.celerylib import tasks, run_task
                     try:
                         new_user = User()
                         for k, v in form_data.items():
                             if k != 'admin':
                                 setattr(new_user, k, v)
                         self.sa.add(new_user)
                         self.sa.commit()
                         body = ('New user registration\n'
                                 'username: %s\n'
                                 'email: %s\n')
                         body = body % (form_data['username'], form_data['email'])
                         run_task(tasks.send_email, None,
                                  _('[RhodeCode] New User registration'),
                                  body)
                     except:
                         log.error(traceback.format_exc())
                         self.sa.rollback()
                         raise
                 def update(self, user_id, form_data):
                     try:
                         user = self.get(user_id, cache=False)
                         if user.username == 'default':
                             raise DefaultUserException(
                                             _("You can't Edit this user since it's"
                                               " crucial for entire application"))
                         for k, v in form_data.items():
                             if k == 'new_password' and v != '':
                                 user.password = v
                                 user.api_key = generate_api_key(user.username)
                             else:
                                 setattr(user, k, v)
                         self.sa.add(user)
                         self.sa.commit()
                     except:
                         log.error(traceback.format_exc())
                         self.sa.rollback()
                         raise
                 def update_my_account(self, user_id, form_data):
                     try:
                         user = self.get(user_id, cache=False)
                         if user.username == 'default':
                             raise DefaultUserException(
                                             _("You can't Edit this user since it's"
                                               " crucial for entire application"))
                         for k, v in form_data.items():
                             if k == 'new_password' and v != '':
                                 user.password = v
                                 user.api_key = generate_api_key(user.username)
                             else:
                                 if k not in ['admin', 'active']:
                                     setattr(user, k, v)
                         self.sa.add(user)
                         self.sa.commit()
                     except:
                         log.error(traceback.format_exc())
                         self.sa.rollback()
                         raise
                 def delete(self, user_id):
                     try:
                         user = self.get(user_id, cache=False)
                         if user.username == 'default':
                             raise DefaultUserException(
                                             _("You can't remove this user since it's"
                                               " crucial for entire application"))
                         if user.repositories:
                             raise UserOwnsReposException(_('This user still owns %s '
                                                            'repositories and cannot be '
                                                            'removed. Switch owners or '
                                                            'remove those repositories') \
                                                            % user.repositories)
                         self.sa.delete(user)
                         self.sa.commit()
                     except:
                         log.error(traceback.format_exc())
                         self.sa.rollback()
                         raise
                 def reset_password_link(self, data):
                     from rhodecode.lib.celerylib import tasks, run_task
                     run_task(tasks.send_password_link, data['email'])
                 def reset_password(self, data):
                     from rhodecode.lib.celerylib import tasks, run_task
                     run_task(tasks.reset_user_password, data['email'])
                 def fill_data(self, auth_user, user_id=None, api_key=None):
                     """
                     Fetches auth_user by user_id,or api_key if present.
                     Fills auth_user attributes with those taken from database.
                     Additionally set's is_authenitated if lookup fails
                     present in database
                     :param auth_user: instance of user to set attributes
                     :param user_id: user id to fetch by
                     :param api_key: api key to fetch by
                     """
                     if user_id is None and api_key is None:
                         raise Exception('You need to pass user_id or api_key')
                     try:
                         if api_key:
                             dbuser = self.get_by_api_key(api_key)
                         else:
                             dbuser = self.get(user_id)
                         if dbuser is not None and dbuser.active:
                             log.debug('filling %s data', dbuser)
                             for k, v in dbuser.get_dict().items():
                                 setattr(auth_user, k, v)
                         else:
                             return False
                     except:
                         log.error(traceback.format_exc())
                         auth_user.is_authenticated = False
                         return False
                     return True
                 def fill_perms(self, user):
                     """
                     Fills user permission attribute with permissions taken from database
                     works for permissions given for repositories, and for permissions that
                     are granted to groups
                     :param user: user instance to fill his perms
                     """
                     user.permissions['repositories'] = {}
                     user.permissions['global'] = set()
                     #======================================================================
                     # fetch default permissions
                     #======================================================================
                     default_user = self.get_by_username('default', cache=True)
                     default_perms = self.sa.query(UserRepoToPerm, Repository, Permission)\
                         .join((Repository, UserRepoToPerm.repository_id ==
                                Repository.repo_id))\
                         .join((Permission, UserRepoToPerm.permission_id ==
                                Permission.permission_id))\
                         .filter(UserRepoToPerm.user == default_user).all()
                     if user.is_admin:
                         #==================================================================
                         # #admin have all default rights set to admin
                         #==================================================================
                         user.permissions['global'].add('hg.admin')
                         for perm in default_perms:
                             p = 'repository.admin'
                             user.permissions['repositories'][perm.UserRepoToPerm.
                                                              repository.repo_name] = p
                     else:
                         #==================================================================
                         # set default permissions
                         #==================================================================
                         uid = user.user_id
                         #default global
                         default_global_perms = self.sa.query(UserToPerm)\
                             .filter(UserToPerm.user == default_user)
                         for perm in default_global_perms:
                             user.permissions['global'].add(perm.permission.permission_name)
                         #default for repositories
                         for perm in default_perms:
                             if perm.Repository.private and not (perm.Repository.user_id ==
                                                                 uid):
                                 #diself.sable defaults for private repos,
                                 p = 'repository.none'
                             elif perm.Repository.user_id == uid:
                                 #set admin if owner
                                 p = 'repository.admin'
                             else:
                                 p = perm.Permission.permission_name
                             user.permissions['repositories'][perm.UserRepoToPerm.
                                                              repository.repo_name] = p
                         #==================================================================
                         # overwrite default with user permissions if any
                         #==================================================================
                         #user global
                         user_perms = self.sa.query(UserToPerm)\
                                 .options(joinedload(UserToPerm.permission))\
                                 .filter(UserToPerm.user_id == uid).all()
                         for perm in user_perms:
                             user.permissions['global'].add(perm.permission.
                                                            permission_name)
                         #user repositories
                         user_repo_perms = self.sa.query(UserRepoToPerm, Permission,
                                                         Repository)\
                             .join((Repository, UserRepoToPerm.repository_id ==
                                    Repository.repo_id))\
                             .join((Permission, UserRepoToPerm.permission_id ==
                                    Permission.permission_id))\
                             .filter(UserRepoToPerm.user_id == uid).all()
                         for perm in user_repo_perms:
                             # set admin if owner
                             if perm.Repository.user_id == uid:
                                 p = 'repository.admin'
                             else:
                                 p = perm.Permission.permission_name
                             user.permissions['repositories'][perm.UserRepoToPerm.
                                                              repository.repo_name] = p
                         #==================================================================
                         # check if user is part of groups for this repository and fill in
                         # (or replace with higher) permissions
                         #==================================================================
                         #users group global
                         user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\
                             .options(joinedload(UsersGroupToPerm.permission))\
                             .join((UsersGroupMember, UsersGroupToPerm.users_group_id ==
                                    UsersGroupMember.users_group_id))\
                             .filter(UsersGroupMember.user_id == uid).all()
                         for perm in user_perms_from_users_groups:
                             user.permissions['global'].add(perm.permission.permission_name)
                         #users group repositories
                         user_repo_perms_from_users_groups = self.sa.query(
                                                             UsersGroupRepoToPerm,
                                                             Permission, Repository,)\
                             .join((Repository, UsersGroupRepoToPerm.repository_id ==
                                    Repository.repo_id))\
                             .join((Permission, UsersGroupRepoToPerm.permission_id ==
                                    Permission.permission_id))\
                             .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id ==
                                    UsersGroupMember.users_group_id))\
                             .filter(UsersGroupMember.user_id == uid).all()
                         for perm in user_repo_perms_from_users_groups:
                             p = perm.Permission.permission_name
                             cur_perm = user.permissions['repositories'][perm.
                                                                 UsersGroupRepoToPerm.
                                                                 repository.repo_name]
                             #overwrite permission only if it's greater than permission
                             # given from other sources
                             if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:
                                 user.permissions['repositories'][perm.UsersGroupRepoToPerm.
                                                                  repository.repo_name] = p
                     return user

rhodecode/tests/functional/test_login.py

0 0 -1

             # -*- coding: utf-8 -*-
             from rhodecode.tests import *
             from rhodecode.model.db import User
             from rhodecode.lib import generate_api_key
             from rhodecode.lib.auth import check_password
             class TestLoginController(TestController):
                 def test_index(self):
                     response = self.app.get(url(controller='login', action='index'))
                     self.assertEqual(response.status, '200 OK')
                     # Test response...
                 def test_login_admin_ok(self):
                     response = self.app.post(url(controller='login', action='index'),
                                              {'username':'test_admin',
                                               'password':'test12'})
                     self.assertEqual(response.status, '302 Found')
                     self.assertEqual(response.session['rhodecode_user'].username ,
                                      'test_admin')
                     response = response.follow()
                     self.assertTrue('%s repository' % HG_REPO in response.body)
                 def test_login_regular_ok(self):
                     response = self.app.post(url(controller='login', action='index'),
                                              {'username':'test_regular',
                                               'password':'test12'})
                     self.assertEqual(response.status, '302 Found')
                     self.assertEqual(response.session['rhodecode_user'].username ,
                                      'test_regular')
                     response = response.follow()
                     self.assertTrue('%s repository' % HG_REPO in response.body)
                     self.assertTrue('<a title="Admin" href="/_admin">' not in response.body)
                 def test_login_ok_came_from(self):
                     test_came_from = '/_admin/users'
                     response = self.app.post(url(controller='login', action='index',
                                                  came_from=test_came_from),
                                              {'username':'test_admin',
                                               'password':'test12'})
                     self.assertEqual(response.status, '302 Found')
                     response = response.follow()
                     self.assertEqual(response.status, '200 OK')
                     self.assertTrue('Users administration' in response.body)
                 def test_login_short_password(self):
                     response = self.app.post(url(controller='login', action='index'),
                                              {'username':'test_admin',
                                               'password':'as'})
                     self.assertEqual(response.status, '200 OK')
                     self.assertTrue('Enter 3 characters or more' in response.body)
                 def test_login_wrong_username_password(self):
                     response = self.app.post(url(controller='login', action='index'),
                                              {'username':'error',
                                               'password':'test12'})
                     self.assertEqual(response.status , '200 OK')
                     self.assertTrue('invalid user name' in response.body)
                     self.assertTrue('invalid password' in response.body)
                 #==========================================================================
                 # REGISTRATIONS
                 #==========================================================================
                 def test_register(self):
                     response = self.app.get(url(controller='login', action='register'))
                     self.assertTrue('Sign Up to RhodeCode' in response.body)
                 def test_register_err_same_username(self):
                     response = self.app.post(url(controller='login', action='register'),
                                                         {'username':'test_admin',
                                                          'password':'test12',
                                                          'password_confirmation':'test12',
                                                          'email':'goodmail@domain.com',
                                                          'name':'test',
                                                          'lastname':'test'})
                     self.assertEqual(response.status , '200 OK')
                     self.assertTrue('This username already exists' in response.body)
                 def test_register_err_same_email(self):
                     response = self.app.post(url(controller='login', action='register'),
                                                         {'username':'test_admin_0',
                                                          'password':'test12',
                                                          'password_confirmation':'test12',
                                                          'email':'test_admin@mail.com',
                                                          'name':'test',
                                                          'lastname':'test'})
                     self.assertEqual(response.status , '200 OK')
                     assert 'This e-mail address is already taken' in response.body
                 def test_register_err_same_email_case_sensitive(self):
                     response = self.app.post(url(controller='login', action='register'),
                                                         {'username':'test_admin_1',
                                                          'password':'test12',
                                                          'password_confirmation':'test12',
                                                          'email':'TesT_Admin@mail.COM',
                                                          'name':'test',
                                                          'lastname':'test'})
                     self.assertEqual(response.status , '200 OK')
                     assert 'This e-mail address is already taken' in response.body
                 def test_register_err_wrong_data(self):
                     response = self.app.post(url(controller='login', action='register'),
                                                         {'username':'xs',
                                                          'password':'test',
                                                          'password_confirmation':'test',
                                                          'email':'goodmailm',
                                                          'name':'test',
                                                          'lastname':'test'})
                     self.assertEqual(response.status , '200 OK')
                     assert 'An email address must contain a single @' in response.body
                     assert 'Enter a value 6 characters long or more' in response.body
                 def test_register_err_username(self):
                     response = self.app.post(url(controller='login', action='register'),
                                                         {'username':'error user',
                                                          'password':'test12',
                                                          'password_confirmation':'test12',
                                                          'email':'goodmailm',
                                                          'name':'test',
                                                          'lastname':'test'})
                     self.assertEqual(response.status , '200 OK')
                     assert 'An email address must contain a single @' in response.body
                     assert ('Username may only contain '
                             'alphanumeric characters underscores, '
                             'periods or dashes and must begin with '
                             'alphanumeric character') in response.body
                 def test_register_err_case_sensitive(self):
                     response = self.app.post(url(controller='login', action='register'),
                                                         {'username':'Test_Admin',
                                                          'password':'test12',
                                                          'password_confirmation':'test12',
                                                          'email':'goodmailm',
                                                          'name':'test',
                                                          'lastname':'test'})
                     self.assertEqual(response.status , '200 OK')
                     self.assertTrue('An email address must contain a single @' in response.body)
                     self.assertTrue('This username already exists' in response.body)
                 def test_register_special_chars(self):
                     response = self.app.post(url(controller='login', action='register'),
                                                         {'username':'xxxaxn',
                                                          'password':'ąćźżąśśśś',
                                                          'password_confirmation':'ąćźżąśśśś',
                                                          'email':'goodmailm@test.plx',
                                                          'name':'test',
                                                          'lastname':'test'})
                     self.assertEqual(response.status , '200 OK')
                     self.assertTrue('Invalid characters in password' in response.body)
                 def test_register_password_mismatch(self):
                     response = self.app.post(url(controller='login', action='register'),
                                                         {'username':'xs',
                                                          'password':'123qwe',
                                                          'password_confirmation':'qwe123',
                                                          'email':'goodmailm@test.plxa',
                                                          'name':'test',
                                                          'lastname':'test'})
                     self.assertEqual(response.status , '200 OK')
                     assert 'Passwords do not match' in response.body
                 def test_register_ok(self):
                     username = 'test_regular4'
                     password = 'qweqwe'
                     email = 'marcin@test.com'
                     name = 'testname'
                     lastname = 'testlastname'
                     response = self.app.post(url(controller='login', action='register'),
                                                         {'username':username,
                                                          'password':password,
                                                          'password_confirmation':password,
                                                          'email':email,
                                                          'name':name,
                                                          'lastname':lastname})
                     self.assertEqual(response.status , '302 Found')
                     assert 'You have successfully registered into rhodecode' in response.session['flash'][0], 'No flash message about user registration'
                     ret = self.sa.query(User).filter(User.username == 'test_regular4').one()
                     assert ret.username == username , 'field mismatch %s %s' % (ret.username, username)
                     assert check_password(password, ret.password) == True , 'password mismatch'
                     assert ret.email == email , 'field mismatch %s %s' % (ret.email, email)
                     assert ret.name == name , 'field mismatch %s %s' % (ret.name, name)
                     assert ret.lastname == lastname , 'field mismatch %s %s' % (ret.lastname, lastname)
                 def test_forgot_password_wrong_mail(self):
                     response = self.app.post(url(controller='login', action='password_reset'),
                                                         {'email':'marcin@wrongmail.org', })
                     assert "This e-mail address doesn't exist" in response.body, 'Missing error message about wrong email'
                 def test_forgot_password(self):
                     response = self.app.get(url(controller='login',
                                                 action='password_reset'))
                     self.assertEqual(response.status , '200 OK')
                     username = 'test_password_reset_1'
                     password = 'qweqwe'
                     email = 'marcin@python-works.com'
                     name = 'passwd'
                     lastname = 'reset'
                     new = User()
                     new.username = username
                     new.password = password
                     new.email = email
                     new.name = name
                     new.lastname = lastname
                     new.api_key = generate_api_key(username)
                     self.sa.add(new)
                     self.sa.commit()
                     response = self.app.post(url(controller='login',
                                                  action='password_reset'),
                                              {'email':email, })
                     self.checkSessionFlash(response, 'Your password reset link was sent')
                     response = response.follow()
                     # BAD KEY
                     key = "bad"
                     response = self.app.get(url(controller='login',
                                                 action='password_reset_confirmation',
                                                 key=key))
                     self.assertEqual(response.status, '302 Found')
                     self.assertTrue(response.location.endswith(url('reset_password')))
                     # GOOD KEY
                     key = User.get_by_username(username).api_key
                     response = self.app.get(url(controller='login',
                                                 action='password_reset_confirmation',
                                                 key=key))
                     self.assertEqual(response.status, '302 Found')
                     self.assertTrue(response.location.endswith(url('login_home')))
                     self.checkSessionFlash(response,
                                            ('Your password reset was successful, '
                                             'new password has been sent to your email'))
                     response = response.follow()

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages