upstream/kallithea Commit - r1693:60249224

fix for api key lookup, reuse same function in user model

marcink -

r1693:60249224 beta

parent child

rhodecode/controllers/api/__init__.py

0 +2 0

              # -*- coding: utf-8 -*-
              """
                  rhodecode.controllers.api
                  ~~~~~~~~~~~~~~~~~~~~~~~~~
                  JSON RPC controller
                  :created_on: Aug 20, 2011
                  :author: marcink
                  :copyright: (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
                  :license: GPLv3, see COPYING for more details.
              """
              # This program is free software; you can redistribute it and/or
              # modify it under the terms of the GNU General Public License
              # as published by the Free Software Foundation; version 2
              # of the License or (at your opinion) any later version of the license.
              #
              # This program is distributed in the hope that it will be useful,
              # but WITHOUT ANY WARRANTY; without even the implied warranty of
              # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
              # GNU General Public License for more details.
              #
              # You should have received a copy of the GNU General Public License
              # along with this program; if not, write to the Free Software
              # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
              # MA  02110-1301, USA.
              import inspect
              import logging
              import types
              import urllib
              import traceback
              from rhodecode.lib.compat import izip_longest, json
              from paste.response import replace_header
              from pylons.controllers import WSGIController
              from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \
              HTTPBadRequest, HTTPError
              from rhodecode.model.db import User
              from rhodecode.lib.auth import AuthUser
              log = logging.getLogger('JSONRPC')
              class JSONRPCError(BaseException):
                  def __init__(self, message):
                      self.message = message
                  def __str__(self):
                      return str(self.message)
              def jsonrpc_error(message, code=None):
                  """
                  Generate a Response object with a JSON-RPC error body
                  """
                  from pylons.controllers.util import Response
                  resp = Response(body=json.dumps(dict(result=None, error=message)),
                                  status=code,
                                  content_type='application/json')
                  return resp
              class JSONRPCController(WSGIController):
                  """
                   A WSGI-speaking JSON-RPC controller class
                   See the specification:
                   <http://json-rpc.org/wiki/specification>`.
                   Valid controller return values should be json-serializable objects.
                   Sub-classes should catch their exceptions and raise JSONRPCError
                   if they want to pass meaningful errors to the client.
                   """
                  def _get_method_args(self):
                      """
                      Return `self._rpc_args` to dispatched controller method
                      chosen by __call__
                      """
                      return self._rpc_args
                  def __call__(self, environ, start_response):
                      """
                      Parse the request body as JSON, look up the method on the
                      controller and if it exists, dispatch to it.
                      """
                      if 'CONTENT_LENGTH' not in environ:
                          log.debug("No Content-Length")
                          return jsonrpc_error(message="No Content-Length in request")
                      else:
                          length = environ['CONTENT_LENGTH'] or 0
                          length = int(environ['CONTENT_LENGTH'])
                          log.debug('Content-Length: %s', length)
                      if length == 0:
                          log.debug("Content-Length is 0")
                          return jsonrpc_error(message="Content-Length is 0")
                      raw_body = environ['wsgi.input'].read(length)
                      try:
                          json_body = json.loads(urllib.unquote_plus(raw_body))
                      except ValueError, e:
                          #catch JSON errors Here
                          return jsonrpc_error(message="JSON parse error ERR:%s RAW:%r" \
                                               % (e, urllib.unquote_plus(raw_body)))
                      #check AUTH based on API KEY
                      try:
                          self._req_api_key = json_body['api_key']
                          self._req_method = json_body['method']
                          self._req_params = json_body['args']
                          log.debug('method: %s, params: %s',
                                    self._req_method,
                                    self._req_params)
                      except KeyError, e:
                          return jsonrpc_error(message='Incorrect JSON query missing %s' % e)
                      #check if we can find this session using api_key
                      try:
                          u = User.get_by_api_key(self._req_api_key)
+                         if u is None:
+                             return jsonrpc_error(message='Invalid API KEY')
                          auth_u = AuthUser(u.user_id, self._req_api_key)
                      except Exception, e:
                          return jsonrpc_error(message='Invalid API KEY')
                      self._error = None
                      try:
                          self._func = self._find_method()
                      except AttributeError, e:
                          return jsonrpc_error(message=str(e))
                      # now that we have a method, add self._req_params to
                      # self.kargs and dispatch control to WGIController
                      argspec = inspect.getargspec(self._func)
                      arglist = argspec[0][1:]
                      defaults = argspec[3] or []
                      default_empty = types.NotImplementedType
                      kwarglist = list(izip_longest(reversed(arglist), reversed(defaults),
                                              fillvalue=default_empty))
                      # this is little trick to inject logged in user for
                      # perms decorators to work they expect the controller class to have
                      # rhodecode_user attribute set
                      self.rhodecode_user = auth_u
                      # This attribute will need to be first param of a method that uses
                      # api_key, which is translated to instance of user at that name
                      USER_SESSION_ATTR = 'apiuser'
                      if USER_SESSION_ATTR not in arglist:
                          return jsonrpc_error(message='This method [%s] does not support '
                                               'authentication (missing %s param)' %
                                               (self._func.__name__, USER_SESSION_ATTR))
                      # get our arglist and check if we provided them as args
                      for arg, default in kwarglist:
                          if arg == USER_SESSION_ATTR:
                              # USER_SESSION_ATTR is something translated from api key and
                              # this is checked before so we don't need validate it
                              continue
                          # skip the required param check if it's default value is
                          # NotImplementedType (default_empty)
                          if not self._req_params or (type(default) == default_empty
                                                      and arg not in self._req_params):
                              return jsonrpc_error(message=('Missing non optional %s arg '
                                                            'in JSON DATA') % arg)
                      self._rpc_args = {USER_SESSION_ATTR:u}
                      self._rpc_args.update(self._req_params)
                      self._rpc_args['action'] = self._req_method
                      self._rpc_args['environ'] = environ
                      self._rpc_args['start_response'] = start_response
                      status = []
                      headers = []
                      exc_info = []
                      def change_content(new_status, new_headers, new_exc_info=None):
                          status.append(new_status)
                          headers.extend(new_headers)
                          exc_info.append(new_exc_info)
                      output = WSGIController.__call__(self, environ, change_content)
                      output = list(output)
                      headers.append(('Content-Length', str(len(output[0]))))
                      replace_header(headers, 'Content-Type', 'application/json')
                      start_response(status[0], headers, exc_info[0])
                      return output
                  def _dispatch_call(self):
                      """
                      Implement dispatch interface specified by WSGIController
                      """
                      try:
                          raw_response = self._inspect_call(self._func)
                          if isinstance(raw_response, HTTPError):
                              self._error = str(raw_response)
                      except JSONRPCError, e:
                          self._error = str(e)
                      except Exception, e:
                          log.error('Encountered unhandled exception: %s' \
                                    % traceback.format_exc())
                          json_exc = JSONRPCError('Internal server error')
                          self._error = str(json_exc)
                      if self._error is not None:
                          raw_response = None
                      response = dict(result=raw_response, error=self._error)
                      try:
                          return json.dumps(response)
                      except TypeError, e:
                          log.debug('Error encoding response: %s', e)
                          return json.dumps(dict(result=None,
                                                 error="Error encoding response"))
                  def _find_method(self):
                      """
                      Return method named by `self._req_method` in controller if able
                      """
                      log.debug('Trying to find JSON-RPC method: %s', self._req_method)
                      if self._req_method.startswith('_'):
                          raise AttributeError("Method not allowed")
                      try:
                          func = getattr(self, self._req_method, None)
                      except UnicodeEncodeError:
                          raise AttributeError("Problem decoding unicode in requested "
                                               "method name.")
                      if isinstance(func, types.MethodType):
                          return func
                      else:
                          raise AttributeError("No such method: %s" % self._req_method)

rhodecode/model/db.py

0 +1 -1

              # -*- coding: utf-8 -*-
              """
                  rhodecode.model.db
                  ~~~~~~~~~~~~~~~~~~
                  Database Models for RhodeCode
                  :created_on: Apr 08, 2010
                  :author: marcink
                  :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
                  :license: GPLv3, see COPYING for more details.
              """
              # This program is free software: you can redistribute it and/or modify
              # it under the terms of the GNU General Public License as published by
              # the Free Software Foundation, either version 3 of the License, or
              # (at your option) any later version.
              #
              # This program is distributed in the hope that it will be useful,
              # but WITHOUT ANY WARRANTY; without even the implied warranty of
              # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
              # GNU General Public License for more details.
              #
              # You should have received a copy of the GNU General Public License
              # along with this program.  If not, see <http://www.gnu.org/licenses/>.
              import os
              import logging
              import datetime
              import traceback
              from datetime import date
              from sqlalchemy import *
              from sqlalchemy.exc import DatabaseError
              from sqlalchemy.ext.hybrid import hybrid_property
              from sqlalchemy.orm import relationship, joinedload, class_mapper, validates
              from beaker.cache import cache_region, region_invalidate
              from vcs import get_backend
              from vcs.utils.helpers import get_scm
              from vcs.exceptions import VCSError
              from vcs.utils.lazy import LazyProperty
              from rhodecode.lib import str2bool, safe_str, get_changeset_safe, \
                  generate_api_key, safe_unicode
              from rhodecode.lib.exceptions import UsersGroupsAssignedException
              from rhodecode.lib.compat import json
              from rhodecode.lib.caching_query import FromCache
              from rhodecode.model.meta import Base, Session
              log = logging.getLogger(__name__)
              #==============================================================================
              # BASE CLASSES
              #==============================================================================
              class ModelSerializer(json.JSONEncoder):
                  """
                  Simple Serializer for JSON,
                  usage::
                      to make object customized for serialization implement a __json__
                      method that will return a dict for serialization into json
                  example::
                      class Task(object):
                          def __init__(self, name, value):
                              self.name = name
                              self.value = value
                          def __json__(self):
                              return dict(name=self.name,
                                          value=self.value)
                  """
                  def default(self, obj):
                      if hasattr(obj, '__json__'):
                          return obj.__json__()
                      else:
                          return json.JSONEncoder.default(self, obj)
              class BaseModel(object):
                  """Base Model for all classess
                  """
                  @classmethod
                  def _get_keys(cls):
                      """return column names for this model """
                      return class_mapper(cls).c.keys()
                  def get_dict(self):
                      """return dict with keys and values corresponding
                      to this model data """
                      d = {}
                      for k in self._get_keys():
                          d[k] = getattr(self, k)
                      return d
                  def get_appstruct(self):
                      """return list with keys and values tupples corresponding
                      to this model data """
                      l = []
                      for k in self._get_keys():
                          l.append((k, getattr(self, k),))
                      return l
                  def populate_obj(self, populate_dict):
                      """populate model with data from given populate_dict"""
                      for k in self._get_keys():
                          if k in populate_dict:
                              setattr(self, k, populate_dict[k])
                  @classmethod
                  def query(cls):
                      return Session.query(cls)
                  @classmethod
                  def get(cls, id_):
                      if id_:
                          return cls.query().get(id_)
                  @classmethod
                  def getAll(cls):
                      return cls.query().all()
                  @classmethod
                  def delete(cls, id_):
                      obj = cls.query().get(id_)
                      Session.delete(obj)
                      Session.commit()
              class RhodeCodeSetting(Base, BaseModel):
                  __tablename__ = 'rhodecode_settings'
                  __table_args__ = (UniqueConstraint('app_settings_name'), {'extend_existing':True})
                  app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                  app_settings_name = Column("app_settings_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                  _app_settings_value = Column("app_settings_value", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                  def __init__(self, k='', v=''):
                      self.app_settings_name = k
                      self.app_settings_value = v
                  @validates('_app_settings_value')
                  def validate_settings_value(self, key, val):
                      assert type(val) == unicode
                      return val
                  @hybrid_property
                  def app_settings_value(self):
                      v = self._app_settings_value
                      if v == 'ldap_active':
                          v = str2bool(v)
                      return v
                  @app_settings_value.setter
                  def app_settings_value(self, val):
                      """
                      Setter that will always make sure we use unicode in app_settings_value
                      :param val:
                      """
                      self._app_settings_value = safe_unicode(val)
                  def __repr__(self):
                      return "<%s('%s:%s')>" % (self.__class__.__name__,
                                                self.app_settings_name, self.app_settings_value)
                  @classmethod
                  def get_by_name(cls, ldap_key):
                      return cls.query()\
                          .filter(cls.app_settings_name == ldap_key).scalar()
                  @classmethod
                  def get_app_settings(cls, cache=False):
                      ret = cls.query()
                      if cache:
                          ret = ret.options(FromCache("sql_cache_short", "get_hg_settings"))
                      if not ret:
                          raise Exception('Could not get application settings !')
                      settings = {}
                      for each in ret:
                          settings['rhodecode_' + each.app_settings_name] = \
                              each.app_settings_value
                      return settings
                  @classmethod
                  def get_ldap_settings(cls, cache=False):
                      ret = cls.query()\
                              .filter(cls.app_settings_name.startswith('ldap_')).all()
                      fd = {}
                      for row in ret:
                          fd.update({row.app_settings_name:row.app_settings_value})
                      return fd
              class RhodeCodeUi(Base, BaseModel):
                  __tablename__ = 'rhodecode_ui'
                  __table_args__ = (UniqueConstraint('ui_key'), {'extend_existing':True})
                  HOOK_UPDATE = 'changegroup.update'
                  HOOK_REPO_SIZE = 'changegroup.repo_size'
                  HOOK_PUSH = 'pretxnchangegroup.push_logger'
                  HOOK_PULL = 'preoutgoing.pull_logger'
                  ui_id = Column("ui_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                  ui_section = Column("ui_section", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                  ui_key = Column("ui_key", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                  ui_value = Column("ui_value", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                  ui_active = Column("ui_active", Boolean(), nullable=True, unique=None, default=True)
                  @classmethod
                  def get_by_key(cls, key):
                      return cls.query().filter(cls.ui_key == key)
                  @classmethod
                  def get_builtin_hooks(cls):
                      q = cls.query()
                      q = q.filter(cls.ui_key.in_([cls.HOOK_UPDATE,
                                                  cls.HOOK_REPO_SIZE,
                                                  cls.HOOK_PUSH, cls.HOOK_PULL]))
                      return q.all()
                  @classmethod
                  def get_custom_hooks(cls):
                      q = cls.query()
                      q = q.filter(~cls.ui_key.in_([cls.HOOK_UPDATE,
                                                  cls.HOOK_REPO_SIZE,
                                                  cls.HOOK_PUSH, cls.HOOK_PULL]))
                      q = q.filter(cls.ui_section == 'hooks')
                      return q.all()
                  @classmethod
                  def create_or_update_hook(cls, key, val):
                      new_ui = cls.get_by_key(key).scalar() or cls()
                      new_ui.ui_section = 'hooks'
                      new_ui.ui_active = True
                      new_ui.ui_key = key
                      new_ui.ui_value = val
                      Session.add(new_ui)
                      Session.commit()
              class User(Base, BaseModel):
                  __tablename__ = 'users'
                  __table_args__ = (UniqueConstraint('username'), UniqueConstraint('email'), {'extend_existing':True})
                  user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                  username = Column("username", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                  password = Column("password", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                  active = Column("active", Boolean(), nullable=True, unique=None, default=None)
                  admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)
                  name = Column("name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                  lastname = Column("lastname", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                  email = Column("email", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                  last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)
                  ldap_dn = Column("ldap_dn", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                  api_key = Column("api_key", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                  user_log = relationship('UserLog', cascade='all')
                  user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')
                  repositories = relationship('Repository')
                  user_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all')
                  repo_to_perm = relationship('UserRepoToPerm', primaryjoin='UserRepoToPerm.user_id==User.user_id', cascade='all')
                  group_member = relationship('UsersGroupMember', cascade='all')
                  @property
                  def full_contact(self):
                      return '%s %s <%s>' % (self.name, self.lastname, self.email)
                  @property
                  def short_contact(self):
                      return '%s %s' % (self.name, self.lastname)
                  @property
                  def is_admin(self):
                      return self.admin
                  def __repr__(self):
                      try:
                          return "<%s('id:%s:%s')>" % (self.__class__.__name__,
                                                           self.user_id, self.username)
                      except:
                          return self.__class__.__name__
                  @classmethod
                  def get_by_username(cls, username, case_insensitive=False, cache=False):
                      if case_insensitive:
                          q = cls.query().filter(cls.username.ilike(username))
                      else:
                          q = cls.query().filter(cls.username == username)
                      if cache:
                          q = q.options(FromCache("sql_cache_short",
                                                  "get_user_%s" % username))
                      return q.scalar()
                  @classmethod
                  def get_by_api_key(cls, api_key, cache=False):
                      q = cls.query().filter(cls.api_key == api_key)
                      if cache:
                          q = q.options(FromCache("sql_cache_short",
                                                  "get_api_key_%s" % api_key))
-                     q.one()
+                     return q.scalar()
                  def update_lastlogin(self):
                      """Update user lastlogin"""
                      self.last_login = datetime.datetime.now()
                      Session.add(self)
                      Session.commit()
                      log.debug('updated user %s lastlogin', self.username)
              class UserLog(Base, BaseModel):
                  __tablename__ = 'user_logs'
                  __table_args__ = {'extend_existing':True}
                  user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                  user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
                  repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
                  repository_name = Column("repository_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                  user_ip = Column("user_ip", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                  action = Column("action", UnicodeText(length=1200000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                  action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None)
                  @property
                  def action_as_day(self):
                      return date(*self.action_date.timetuple()[:3])
                  user = relationship('User')
                  repository = relationship('Repository')
              class UsersGroup(Base, BaseModel):
                  __tablename__ = 'users_groups'
                  __table_args__ = {'extend_existing':True}
                  users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                  users_group_name = Column("users_group_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
                  users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)
                  members = relationship('UsersGroupMember', cascade="all, delete, delete-orphan", lazy="joined")
                  def __repr__(self):
                      return '<userGroup(%s)>' % (self.users_group_name)
                  @classmethod
                  def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):
                      if case_insensitive:
                          gr = cls.query()\
                              .filter(cls.users_group_name.ilike(group_name))
                      else:
                          gr = cls.query()\
                              .filter(cls.users_group_name == group_name)
                      if cache:
                          gr = gr.options(FromCache("sql_cache_short",
                                                        "get_user_%s" % group_name))
                      return gr.scalar()
                  @classmethod
                  def get(cls, users_group_id, cache=False):
                      users_group = cls.query()
                      if cache:
                          users_group = users_group.options(FromCache("sql_cache_short",
                                                  "get_users_group_%s" % users_group_id))
                      return users_group.get(users_group_id)
                  @classmethod
                  def create(cls, form_data):
                      try:
                          new_users_group = cls()
                          for k, v in form_data.items():
                              setattr(new_users_group, k, v)
                          Session.add(new_users_group)
                          Session.commit()
                          return new_users_group
                      except:
                          log.error(traceback.format_exc())
                          Session.rollback()
                          raise
                  @classmethod
                  def update(cls, users_group_id, form_data):
                      try:
                          users_group = cls.get(users_group_id, cache=False)
                          for k, v in form_data.items():
                              if k == 'users_group_members':
                                  users_group.members = []
                                  Session.flush()
                                  members_list = []
                                  if v:
                                      v = [v] if isinstance(v, basestring) else v
                                      for u_id in set(v):
                                          member = UsersGroupMember(users_group_id, u_id)
                                          members_list.append(member)
                                  setattr(users_group, 'members', members_list)
                              setattr(users_group, k, v)
                          Session.add(users_group)
                          Session.commit()
                      except:
                          log.error(traceback.format_exc())
                          Session.rollback()
                          raise
                  @classmethod
                  def delete(cls, users_group_id):
                      try:
                          # check if this group is not assigned to repo
                          assigned_groups = UsersGroupRepoToPerm.query()\
                              .filter(UsersGroupRepoToPerm.users_group_id ==
                                      users_group_id).all()
                          if assigned_groups:
                              raise UsersGroupsAssignedException('RepoGroup assigned to %s' %
                                                                 assigned_groups)
                          users_group = cls.get(users_group_id, cache=False)
                          Session.delete(users_group)
                          Session.commit()
                      except:
                          log.error(traceback.format_exc())
                          Session.rollback()
                          raise
              class UsersGroupMember(Base, BaseModel):
                  __tablename__ = 'users_groups_members'
                  __table_args__ = {'extend_existing':True}
                  users_group_member_id = Column("users_group_member_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                  users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
                  user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
                  user = relationship('User', lazy='joined')
                  users_group = relationship('UsersGroup')
                  def __init__(self, gr_id='', u_id=''):
                      self.users_group_id = gr_id
                      self.user_id = u_id
                  @staticmethod
                  def add_user_to_group(group, user):
                      ugm = UsersGroupMember()
                      ugm.users_group = group
                      ugm.user = user
                      Session.add(ugm)
                      Session.commit()
                      return ugm
              class Repository(Base, BaseModel):
                  __tablename__ = 'repositories'
                  __table_args__ = (UniqueConstraint('repo_name'), {'extend_existing':True},)
                  repo_id = Column("repo_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                  repo_name = Column("repo_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
                  clone_uri = Column("clone_uri", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=False, default=None)
                  repo_type = Column("repo_type", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=False, default='hg')
                  user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
                  private = Column("private", Boolean(), nullable=True, unique=None, default=None)
                  enable_statistics = Column("statistics", Boolean(), nullable=True, unique=None, default=True)
                  enable_downloads = Column("downloads", Boolean(), nullable=True, unique=None, default=True)
                  description = Column("description", String(length=10000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                  created_on = Column('created_on', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
                  fork_id = Column("fork_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=False, default=None)
                  group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=False, default=None)
                  user = relationship('User')
                  fork = relationship('Repository', remote_side=repo_id)
                  group = relationship('RepoGroup')
                  repo_to_perm = relationship('UserRepoToPerm', cascade='all', order_by='UserRepoToPerm.repo_to_perm_id')
                  users_group_to_perm = relationship('UsersGroupRepoToPerm', cascade='all')
                  stats = relationship('Statistics', cascade='all', uselist=False)
                  followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id', cascade='all')
                  logs = relationship('UserLog', cascade='all')
                  def __repr__(self):
                      return "<%s('%s:%s')>" % (self.__class__.__name__,
                                                self.repo_id, self.repo_name)
                  @classmethod
                  def url_sep(cls):
                      return '/'
                  @classmethod
                  def get_by_repo_name(cls, repo_name):
                      q = Session.query(cls).filter(cls.repo_name == repo_name)
                      q = q.options(joinedload(Repository.fork))\
                              .options(joinedload(Repository.user))\
                              .options(joinedload(Repository.group))
                      return q.one()
                  @classmethod
                  def get_repo_forks(cls, repo_id):
                      return cls.query().filter(Repository.fork_id == repo_id)
                  @classmethod
                  def base_path(cls):
                      """
                      Returns base path when all repos are stored
                      :param cls:
                      """
                      q = Session.query(RhodeCodeUi).filter(RhodeCodeUi.ui_key ==
                                                            cls.url_sep())
                      q.options(FromCache("sql_cache_short", "repository_repo_path"))
                      return q.one().ui_value
                  @property
                  def just_name(self):
                      return self.repo_name.split(Repository.url_sep())[-1]
                  @property
                  def groups_with_parents(self):
                      groups = []
                      if self.group is None:
                          return groups
                      cur_gr = self.group
                      groups.insert(0, cur_gr)
                      while 1:
                          gr = getattr(cur_gr, 'parent_group', None)
                          cur_gr = cur_gr.parent_group
                          if gr is None:
                              break
                          groups.insert(0, gr)
                      return groups
                  @property
                  def groups_and_repo(self):
                      return self.groups_with_parents, self.just_name
                  @LazyProperty
                  def repo_path(self):
                      """
                      Returns base full path for that repository means where it actually
                      exists on a filesystem
                      """
                      q = Session.query(RhodeCodeUi).filter(RhodeCodeUi.ui_key ==
                                                            Repository.url_sep())
                      q.options(FromCache("sql_cache_short", "repository_repo_path"))
                      return q.one().ui_value
                  @property
                  def repo_full_path(self):
                      p = [self.repo_path]
                      # we need to split the name by / since this is how we store the
                      # names in the database, but that eventually needs to be converted
                      # into a valid system path
                      p += self.repo_name.split(Repository.url_sep())
                      return os.path.join(*p)
                  def get_new_name(self, repo_name):
                      """
                      returns new full repository name based on assigned group and new new
                      :param group_name:
                      """
                      path_prefix = self.group.full_path_splitted if self.group else []
                      return Repository.url_sep().join(path_prefix + [repo_name])
                  @property
                  def _ui(self):
                      """
                      Creates an db based ui object for this repository
                      """
                      from mercurial import ui
                      from mercurial import config
                      baseui = ui.ui()
                      #clean the baseui object
                      baseui._ocfg = config.config()
                      baseui._ucfg = config.config()
                      baseui._tcfg = config.config()
                      ret = RhodeCodeUi.query()\
                          .options(FromCache("sql_cache_short", "repository_repo_ui")).all()
                      hg_ui = ret
                      for ui_ in hg_ui:
                          if ui_.ui_active:
                              log.debug('settings ui from db[%s]%s:%s', ui_.ui_section,
                                        ui_.ui_key, ui_.ui_value)
                              baseui.setconfig(ui_.ui_section, ui_.ui_key, ui_.ui_value)
                      return baseui
                  @classmethod
                  def is_valid(cls, repo_name):
                      """
                      returns True if given repo name is a valid filesystem repository
                      @param cls:
                      @param repo_name:
                      """
                      from rhodecode.lib.utils import is_valid_repo
                      return is_valid_repo(repo_name, cls.base_path())
                  #==========================================================================
                  # SCM PROPERTIES
                  #==========================================================================
                  def get_changeset(self, rev):
                      return get_changeset_safe(self.scm_instance, rev)
                  @property
                  def tip(self):
                      return self.get_changeset('tip')
                  @property
                  def author(self):
                      return self.tip.author
                  @property
                  def last_change(self):
                      return self.scm_instance.last_change
                  #==========================================================================
                  # SCM CACHE INSTANCE
                  #==========================================================================
                  @property
                  def invalidate(self):
                      return CacheInvalidation.invalidate(self.repo_name)
                  def set_invalidate(self):
                      """
                      set a cache for invalidation for this instance
                      """
                      CacheInvalidation.set_invalidate(self.repo_name)
                  @LazyProperty
                  def scm_instance(self):
                      return self.__get_instance()
                  @property
                  def scm_instance_cached(self):
                      @cache_region('long_term')
                      def _c(repo_name):
                          return self.__get_instance()
                      rn = self.repo_name
                      inv = self.invalidate
                      if inv is not None:
                          region_invalidate(_c, None, rn)
                          # update our cache
                          CacheInvalidation.set_valid(inv.cache_key)
                      return _c(rn)
                  def __get_instance(self):
                      repo_full_path = self.repo_full_path
                      try:
                          alias = get_scm(repo_full_path)[0]
                          log.debug('Creating instance of %s repository', alias)
                          backend = get_backend(alias)
                      except VCSError:
                          log.error(traceback.format_exc())
                          log.error('Perhaps this repository is in db and not in '
                                    'filesystem run rescan repositories with '
                                    '"destroy old data " option from admin panel')
                          return
                      if alias == 'hg':
                          repo = backend(safe_str(repo_full_path), create=False,
                                         baseui=self._ui)
                          # skip hidden web repository
                          if repo._get_hidden():
                              return
                      else:
                          repo = backend(repo_full_path, create=False)
                      return repo
              class RepoGroup(Base, BaseModel):
                  __tablename__ = 'groups'
                  __table_args__ = (UniqueConstraint('group_name', 'group_parent_id'),
                                    CheckConstraint('group_id != group_parent_id'), {'extend_existing':True},)
                  __mapper_args__ = {'order_by':'group_name'}
                  group_id = Column("group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                  group_name = Column("group_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
                  group_parent_id = Column("group_parent_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=None, default=None)
                  group_description = Column("group_description", String(length=10000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                  parent_group = relationship('RepoGroup', remote_side=group_id)
                  def __init__(self, group_name='', parent_group=None):
                      self.group_name = group_name
                      self.parent_group = parent_group
                  def __repr__(self):
                      return "<%s('%s:%s')>" % (self.__class__.__name__, self.group_id,
                                                self.group_name)
                  @classmethod
                  def groups_choices(cls):
                      from webhelpers.html import literal as _literal
                      repo_groups = [('', '')]
                      sep = ' &raquo; '
                      _name = lambda k: _literal(sep.join(k))
                      repo_groups.extend([(x.group_id, _name(x.full_path_splitted))
                                            for x in cls.query().all()])
                      repo_groups = sorted(repo_groups, key=lambda t: t[1].split(sep)[0])
                      return repo_groups
                  @classmethod
                  def url_sep(cls):
                      return '/'
                  @classmethod
                  def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):
                      if case_insensitive:
                          gr = cls.query()\
                              .filter(cls.group_name.ilike(group_name))
                      else:
                          gr = cls.query()\
                              .filter(cls.group_name == group_name)
                      if cache:
                          gr = gr.options(FromCache("sql_cache_short",
                                                        "get_group_%s" % group_name))
                      return gr.scalar()
                  @property
                  def parents(self):
                      parents_recursion_limit = 5
                      groups = []
                      if self.parent_group is None:
                          return groups
                      cur_gr = self.parent_group
                      groups.insert(0, cur_gr)
                      cnt = 0
                      while 1:
                          cnt += 1
                          gr = getattr(cur_gr, 'parent_group', None)
                          cur_gr = cur_gr.parent_group
                          if gr is None:
                              break
                          if cnt == parents_recursion_limit:
                              # this will prevent accidental infinit loops
                              log.error('group nested more than %s' %
                                        parents_recursion_limit)
                              break
                          groups.insert(0, gr)
                      return groups
                  @property
                  def children(self):
                      return RepoGroup.query().filter(RepoGroup.parent_group == self)
                  @property
                  def name(self):
                      return self.group_name.split(RepoGroup.url_sep())[-1]
                  @property
                  def full_path(self):
                      return self.group_name
                  @property
                  def full_path_splitted(self):
                      return self.group_name.split(RepoGroup.url_sep())
                  @property
                  def repositories(self):
                      return Repository.query().filter(Repository.group == self)
                  @property
                  def repositories_recursive_count(self):
                      cnt = self.repositories.count()
                      def children_count(group):
                          cnt = 0
                          for child in group.children:
                              cnt += child.repositories.count()
                              cnt += children_count(child)
                          return cnt
                      return cnt + children_count(self)
                  def get_new_name(self, group_name):
                      """
                      returns new full group name based on parent and new name
                      :param group_name:
                      """
                      path_prefix = (self.parent_group.full_path_splitted if
                                     self.parent_group else [])
                      return RepoGroup.url_sep().join(path_prefix + [group_name])
              class Permission(Base, BaseModel):
                  __tablename__ = 'permissions'
                  __table_args__ = {'extend_existing':True}
                  permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                  permission_name = Column("permission_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                  permission_longname = Column("permission_longname", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                  def __repr__(self):
                      return "<%s('%s:%s')>" % (self.__class__.__name__,
                                                self.permission_id, self.permission_name)
                  @classmethod
                  def get_by_key(cls, key):
                      return cls.query().filter(cls.permission_name == key).scalar()
              class UserRepoToPerm(Base, BaseModel):
                  __tablename__ = 'repo_to_perm'
                  __table_args__ = (UniqueConstraint('user_id', 'repository_id'), {'extend_existing':True})
                  repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                  user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
                  permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
                  repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
                  user = relationship('User')
                  permission = relationship('Permission')
                  repository = relationship('Repository')
              class UserToPerm(Base, BaseModel):
                  __tablename__ = 'user_to_perm'
                  __table_args__ = (UniqueConstraint('user_id', 'permission_id'), {'extend_existing':True})
                  user_to_perm_id = Column("user_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                  user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
                  permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
                  user = relationship('User')
                  permission = relationship('Permission')
                  @classmethod
                  def has_perm(cls, user_id, perm):
                      if not isinstance(perm, Permission):
                          raise Exception('perm needs to be an instance of Permission class')
                      return cls.query().filter(cls.user_id == user_id)\
                          .filter(cls.permission == perm).scalar() is not None
                  @classmethod
                  def grant_perm(cls, user_id, perm):
                      if not isinstance(perm, Permission):
                          raise Exception('perm needs to be an instance of Permission class')
                      new = cls()
                      new.user_id = user_id
                      new.permission = perm
                      try:
                          Session.add(new)
                          Session.commit()
                      except:
                          Session.rollback()
                  @classmethod
                  def revoke_perm(cls, user_id, perm):
                      if not isinstance(perm, Permission):
                          raise Exception('perm needs to be an instance of Permission class')
                      try:
                          cls.query().filter(cls.user_id == user_id)\
                              .filter(cls.permission == perm).delete()
                          Session.commit()
                      except:
                          Session.rollback()
              class UsersGroupRepoToPerm(Base, BaseModel):
                  __tablename__ = 'users_group_repo_to_perm'
                  __table_args__ = (UniqueConstraint('repository_id', 'users_group_id', 'permission_id'), {'extend_existing':True})
                  users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                  users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
                  permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
                  repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
                  users_group = relationship('UsersGroup')
                  permission = relationship('Permission')
                  repository = relationship('Repository')
                  def __repr__(self):
                      return '<userGroup:%s => %s >' % (self.users_group, self.repository)
              class UsersGroupToPerm(Base, BaseModel):
                  __tablename__ = 'users_group_to_perm'
                  users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                  users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
                  permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
                  users_group = relationship('UsersGroup')
                  permission = relationship('Permission')
                  @classmethod
                  def has_perm(cls, users_group_id, perm):
                      if not isinstance(perm, Permission):
                          raise Exception('perm needs to be an instance of Permission class')
                      return cls.query().filter(cls.users_group_id ==
                                                       users_group_id)\
                                                       .filter(cls.permission == perm)\
                                                       .scalar() is not None
                  @classmethod
                  def grant_perm(cls, users_group_id, perm):
                      if not isinstance(perm, Permission):
                          raise Exception('perm needs to be an instance of Permission class')
                      new = cls()
                      new.users_group_id = users_group_id
                      new.permission = perm
                      try:
                          Session.add(new)
                          Session.commit()
                      except:
                          Session.rollback()
                  @classmethod
                  def revoke_perm(cls, users_group_id, perm):
                      if not isinstance(perm, Permission):
                          raise Exception('perm needs to be an instance of Permission class')
                      try:
                          cls.query().filter(cls.users_group_id == users_group_id)\
                              .filter(cls.permission == perm).delete()
                          Session.commit()
                      except:
                          Session.rollback()
              class UserRepoGroupToPerm(Base, BaseModel):
                  __tablename__ = 'group_to_perm'
                  __table_args__ = (UniqueConstraint('group_id', 'permission_id'), {'extend_existing':True})
                  group_to_perm_id = Column("group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                  user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
                  permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
                  group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
                  user = relationship('User')
                  permission = relationship('Permission')
                  group = relationship('RepoGroup')
              class UsersGroupRepoGroupToPerm(Base, BaseModel):
                  __tablename__ = 'users_group_repo_group_to_perm'
                  __table_args__ = (UniqueConstraint('group_id', 'permission_id'), {'extend_existing':True})
                  users_group_repo_group_to_perm_id = Column("users_group_repo_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                  users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
                  permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
                  group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
                  users_group = relationship('UsersGroup')
                  permission = relationship('Permission')
                  group = relationship('RepoGroup')
              class Statistics(Base, BaseModel):
                  __tablename__ = 'statistics'
                  __table_args__ = (UniqueConstraint('repository_id'), {'extend_existing':True})
                  stat_id = Column("stat_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                  repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=True, default=None)
                  stat_on_revision = Column("stat_on_revision", Integer(), nullable=False)
                  commit_activity = Column("commit_activity", LargeBinary(1000000), nullable=False)#JSON data
                  commit_activity_combined = Column("commit_activity_combined", LargeBinary(), nullable=False)#JSON data
                  languages = Column("languages", LargeBinary(1000000), nullable=False)#JSON data
                  repository = relationship('Repository', single_parent=True)
              class UserFollowing(Base, BaseModel):
                  __tablename__ = 'user_followings'
                  __table_args__ = (UniqueConstraint('user_id', 'follows_repository_id'),
                                    UniqueConstraint('user_id', 'follows_user_id')
                                    , {'extend_existing':True})
                  user_following_id = Column("user_following_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                  user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
                  follows_repo_id = Column("follows_repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=None, default=None)
                  follows_user_id = Column("follows_user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
                  follows_from = Column('follows_from', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
                  user = relationship('User', primaryjoin='User.user_id==UserFollowing.user_id')
                  follows_user = relationship('User', primaryjoin='User.user_id==UserFollowing.follows_user_id')
                  follows_repository = relationship('Repository', order_by='Repository.repo_name')
                  @classmethod
                  def get_repo_followers(cls, repo_id):
                      return cls.query().filter(cls.follows_repo_id == repo_id)
              class CacheInvalidation(Base, BaseModel):
                  __tablename__ = 'cache_invalidation'
                  __table_args__ = (UniqueConstraint('cache_key'), {'extend_existing':True})
                  cache_id = Column("cache_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                  cache_key = Column("cache_key", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                  cache_args = Column("cache_args", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                  cache_active = Column("cache_active", Boolean(), nullable=True, unique=None, default=False)
                  def __init__(self, cache_key, cache_args=''):
                      self.cache_key = cache_key
                      self.cache_args = cache_args
                      self.cache_active = False
                  def __repr__(self):
                      return "<%s('%s:%s')>" % (self.__class__.__name__,
                                                self.cache_id, self.cache_key)
                  @classmethod
                  def invalidate(cls, key):
                      """
                      Returns Invalidation object if this given key should be invalidated
                      None otherwise. `cache_active = False` means that this cache
                      state is not valid and needs to be invalidated
                      :param key:
                      """
                      return cls.query()\
                              .filter(CacheInvalidation.cache_key == key)\
                              .filter(CacheInvalidation.cache_active == False)\
                              .scalar()
                  @classmethod
                  def set_invalidate(cls, key):
                      """
                      Mark this Cache key for invalidation
                      :param key:
                      """
                      log.debug('marking %s for invalidation' % key)
                      inv_obj = Session().query(cls)\
                          .filter(cls.cache_key == key).scalar()
                      if inv_obj:
                          inv_obj.cache_active = False
                      else:
                          log.debug('cache key not found in invalidation db -> creating one')
                          inv_obj = CacheInvalidation(key)
                      try:
                          Session.add(inv_obj)
                          Session.commit()
                      except Exception:
                          log.error(traceback.format_exc())
                          Session.rollback()
                  @classmethod
                  def set_valid(cls, key):
                      """
                      Mark this cache key as active and currently cached
                      :param key:
                      """
                      inv_obj = Session().query(CacheInvalidation)\
                          .filter(CacheInvalidation.cache_key == key).scalar()
                      inv_obj.cache_active = True
                      Session.add(inv_obj)
                      Session.commit()
              class ChangesetComment(Base, BaseModel):
                  __tablename__ = 'changeset_comments'
                  __table_args__ = ({'extend_existing':True},)
                  comment_id = Column('comment_id', Integer(), nullable=False, primary_key=True)
                  repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
                  revision = Column('revision', String(40), nullable=False)
                  line_no = Column('line_no', Unicode(10), nullable=True)
                  f_path = Column('f_path', Unicode(1000), nullable=True)
                  user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)
                  text = Column('text', Unicode(25000), nullable=False)
                  modified_at = Column('modified_at', DateTime(), nullable=False, default=datetime.datetime.now)
                  author = relationship('User')
                  repo = relationship('Repository')
              class DbMigrateVersion(Base, BaseModel):
                  __tablename__ = 'db_migrate_version'
                  __table_args__ = {'extend_existing':True}
                  repository_id = Column('repository_id', String(250), primary_key=True)
                  repository_path = Column('repository_path', Text)
                  version = Column('version', Integer)

rhodecode/model/user.py

0 +1 -7

              # -*- coding: utf-8 -*-
              """
                  rhodecode.model.user
                  ~~~~~~~~~~~~~~~~~~~~
                  users model for RhodeCode
                  :created_on: Apr 9, 2010
                  :author: marcink
                  :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
                  :license: GPLv3, see COPYING for more details.
              """
              # This program is free software: you can redistribute it and/or modify
              # it under the terms of the GNU General Public License as published by
              # the Free Software Foundation, either version 3 of the License, or
              # (at your option) any later version.
              #
              # This program is distributed in the hope that it will be useful,
              # but WITHOUT ANY WARRANTY; without even the implied warranty of
              # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
              # GNU General Public License for more details.
              #
              # You should have received a copy of the GNU General Public License
              # along with this program.  If not, see <http://www.gnu.org/licenses/>.
              import logging
              import traceback
              from pylons.i18n.translation import _
              from rhodecode.lib import safe_unicode
              from rhodecode.lib.caching_query import FromCache
              from rhodecode.model import BaseModel
              from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \
                  UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember
              from rhodecode.lib.exceptions import DefaultUserException, \
                  UserOwnsReposException
              from sqlalchemy.exc import DatabaseError
              from rhodecode.lib import generate_api_key
              from sqlalchemy.orm import joinedload
              log = logging.getLogger(__name__)
              PERM_WEIGHTS = {'repository.none': 0,
                              'repository.read': 1,
                              'repository.write': 3,
                              'repository.admin': 3}
              class UserModel(BaseModel):
                  def get(self, user_id, cache=False):
                      user = self.sa.query(User)
                      if cache:
                          user = user.options(FromCache("sql_cache_short",
                                                        "get_user_%s" % user_id))
                      return user.get(user_id)
                  def get_by_username(self, username, cache=False, case_insensitive=False):
                      if case_insensitive:
                          user = self.sa.query(User).filter(User.username.ilike(username))
                      else:
                          user = self.sa.query(User)\
                              .filter(User.username == username)
                      if cache:
                          user = user.options(FromCache("sql_cache_short",
                                                        "get_user_%s" % username))
                      return user.scalar()
                  def get_by_api_key(self, api_key, cache=False):
-                     user = self.sa.query(User)\
-                             .filter(User.api_key == api_key)
-                     if cache:
-                         user = user.options(FromCache("sql_cache_short",
-                                                       "get_user_%s" % api_key))
-                     return user.scalar()
+                     return User.get_by_api_key(api_key, cache)
                  def create(self, form_data):
                      try:
                          new_user = User()
                          for k, v in form_data.items():
                              setattr(new_user, k, v)
                          new_user.api_key = generate_api_key(form_data['username'])
                          self.sa.add(new_user)
                          self.sa.commit()
                          return new_user
                      except:
                          log.error(traceback.format_exc())
                          self.sa.rollback()
                          raise
                  def create_or_update(self, username, password, email, name, lastname,
                                       active=True, admin=False, ldap_dn=None):
                      """
                      Creates a new instance if not found, or updates current one
                      :param username:
                      :param password:
                      :param email:
                      :param active:
                      :param name:
                      :param lastname:
                      :param active:
                      :param admin:
                      :param ldap_dn:
                      """
                      from rhodecode.lib.auth import get_crypt_password
                      log.debug('Checking for %s account in RhodeCode database', username)
                      user = User.get_by_username(username, case_insensitive=True)
                      if user is None:
                          log.debug('creating new user %s', username)
                          new_user = User()
                      else:
                          log.debug('updating user %s', username)
                          new_user = user
                      try:
                          new_user.username = username
                          new_user.admin = admin
                          new_user.password = get_crypt_password(password)
                          new_user.api_key = generate_api_key(username)
                          new_user.email = email
                          new_user.active = active
                          new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
                          new_user.name = name
                          new_user.lastname = lastname
                          self.sa.add(new_user)
                          self.sa.commit()
                          return new_user
                      except (DatabaseError,):
                          log.error(traceback.format_exc())
                          self.sa.rollback()
                          raise
                  def create_for_container_auth(self, username, attrs):
                      """
                      Creates the given user if it's not already in the database
                      :param username:
                      :param attrs:
                      """
                      if self.get_by_username(username, case_insensitive=True) is None:
                          # autogenerate email for container account without one
                          generate_email = lambda usr: '%s@container_auth.account' % usr
                          try:
                              new_user = User()
                              new_user.username = username
                              new_user.password = None
                              new_user.api_key = generate_api_key(username)
                              new_user.email = attrs['email']
                              new_user.active = attrs.get('active', True)
                              new_user.name = attrs['name'] or generate_email(username)
                              new_user.lastname = attrs['lastname']
                              self.sa.add(new_user)
                              self.sa.commit()
                              return new_user
                          except (DatabaseError,):
                              log.error(traceback.format_exc())
                              self.sa.rollback()
                              raise
                      log.debug('User %s already exists. Skipping creation of account'
                                ' for container auth.', username)
                      return None
                  def create_ldap(self, username, password, user_dn, attrs):
                      """
                      Checks if user is in database, if not creates this user marked
                      as ldap user
                      :param username:
                      :param password:
                      :param user_dn:
                      :param attrs:
                      """
                      from rhodecode.lib.auth import get_crypt_password
                      log.debug('Checking for such ldap account in RhodeCode database')
                      if self.get_by_username(username, case_insensitive=True) is None:
                          # autogenerate email for ldap account without one
                          generate_email = lambda usr: '%s@ldap.account' % usr
                          try:
                              new_user = User()
                              username = username.lower()
                              # add ldap account always lowercase
                              new_user.username = username
                              new_user.password = get_crypt_password(password)
                              new_user.api_key = generate_api_key(username)
                              new_user.email = attrs['email'] or generate_email(username)
                              new_user.active = attrs.get('active', True)
                              new_user.ldap_dn = safe_unicode(user_dn)
                              new_user.name = attrs['name']
                              new_user.lastname = attrs['lastname']
                              self.sa.add(new_user)
                              self.sa.commit()
                              return new_user
                          except (DatabaseError,):
                              log.error(traceback.format_exc())
                              self.sa.rollback()
                              raise
                      log.debug('this %s user exists skipping creation of ldap account',
                                username)
                      return None
                  def create_registration(self, form_data):
                      from rhodecode.lib.celerylib import tasks, run_task
                      try:
                          new_user = User()
                          for k, v in form_data.items():
                              if k != 'admin':
                                  setattr(new_user, k, v)
                          self.sa.add(new_user)
                          self.sa.commit()
                          body = ('New user registration\n'
                                  'username: %s\n'
                                  'email: %s\n')
                          body = body % (form_data['username'], form_data['email'])
                          run_task(tasks.send_email, None,
                                   _('[RhodeCode] New User registration'),
                                   body)
                      except:
                          log.error(traceback.format_exc())
                          self.sa.rollback()
                          raise
                  def update(self, user_id, form_data):
                      try:
                          user = self.get(user_id, cache=False)
                          if user.username == 'default':
                              raise DefaultUserException(
                                              _("You can't Edit this user since it's"
                                                " crucial for entire application"))
                          for k, v in form_data.items():
                              if k == 'new_password' and v != '':
                                  user.password = v
                                  user.api_key = generate_api_key(user.username)
                              else:
                                  setattr(user, k, v)
                          self.sa.add(user)
                          self.sa.commit()
                      except:
                          log.error(traceback.format_exc())
                          self.sa.rollback()
                          raise
                  def update_my_account(self, user_id, form_data):
                      try:
                          user = self.get(user_id, cache=False)
                          if user.username == 'default':
                              raise DefaultUserException(
                                              _("You can't Edit this user since it's"
                                                " crucial for entire application"))
                          for k, v in form_data.items():
                              if k == 'new_password' and v != '':
                                  user.password = v
                                  user.api_key = generate_api_key(user.username)
                              else:
                                  if k not in ['admin', 'active']:
                                      setattr(user, k, v)
                          self.sa.add(user)
                          self.sa.commit()
                      except:
                          log.error(traceback.format_exc())
                          self.sa.rollback()
                          raise
                  def delete(self, user_id):
                      try:
                          user = self.get(user_id, cache=False)
                          if user.username == 'default':
                              raise DefaultUserException(
                                              _("You can't remove this user since it's"
                                                " crucial for entire application"))
                          if user.repositories:
                              raise UserOwnsReposException(_('This user still owns %s '
                                                             'repositories and cannot be '
                                                             'removed. Switch owners or '
                                                             'remove those repositories') \
                                                             % user.repositories)
                          self.sa.delete(user)
                          self.sa.commit()
                      except:
                          log.error(traceback.format_exc())
                          self.sa.rollback()
                          raise
                  def reset_password_link(self, data):
                      from rhodecode.lib.celerylib import tasks, run_task
                      run_task(tasks.send_password_link, data['email'])
                  def reset_password(self, data):
                      from rhodecode.lib.celerylib import tasks, run_task
                      run_task(tasks.reset_user_password, data['email'])
                  def fill_data(self, auth_user, user_id=None, api_key=None):
                      """
                      Fetches auth_user by user_id,or api_key if present.
                      Fills auth_user attributes with those taken from database.
                      Additionally set's is_authenitated if lookup fails
                      present in database
                      :param auth_user: instance of user to set attributes
                      :param user_id: user id to fetch by
                      :param api_key: api key to fetch by
                      """
                      if user_id is None and api_key is None:
                          raise Exception('You need to pass user_id or api_key')
                      try:
                          if api_key:
                              dbuser = self.get_by_api_key(api_key)
                          else:
                              dbuser = self.get(user_id)
                          if dbuser is not None and dbuser.active:
                              log.debug('filling %s data', dbuser)
                              for k, v in dbuser.get_dict().items():
                                  setattr(auth_user, k, v)
                          else:
                              return False
                      except:
                          log.error(traceback.format_exc())
                          auth_user.is_authenticated = False
                          return False
                      return True
                  def fill_perms(self, user):
                      """
                      Fills user permission attribute with permissions taken from database
                      works for permissions given for repositories, and for permissions that
                      are granted to groups
                      :param user: user instance to fill his perms
                      """
                      user.permissions['repositories'] = {}
                      user.permissions['global'] = set()
                      #======================================================================
                      # fetch default permissions
                      #======================================================================
                      default_user = self.get_by_username('default', cache=True)
                      default_perms = self.sa.query(UserRepoToPerm, Repository, Permission)\
                          .join((Repository, UserRepoToPerm.repository_id ==
                                 Repository.repo_id))\
                          .join((Permission, UserRepoToPerm.permission_id ==
                                 Permission.permission_id))\
                          .filter(UserRepoToPerm.user == default_user).all()
                      if user.is_admin:
                          #==================================================================
                          # #admin have all default rights set to admin
                          #==================================================================
                          user.permissions['global'].add('hg.admin')
                          for perm in default_perms:
                              p = 'repository.admin'
                              user.permissions['repositories'][perm.UserRepoToPerm.
                                                               repository.repo_name] = p
                      else:
                          #==================================================================
                          # set default permissions
                          #==================================================================
                          uid = user.user_id
                          #default global
                          default_global_perms = self.sa.query(UserToPerm)\
                              .filter(UserToPerm.user == default_user)
                          for perm in default_global_perms:
                              user.permissions['global'].add(perm.permission.permission_name)
                          #default for repositories
                          for perm in default_perms:
                              if perm.Repository.private and not (perm.Repository.user_id ==
                                                                  uid):
                                  #diself.sable defaults for private repos,
                                  p = 'repository.none'
                              elif perm.Repository.user_id == uid:
                                  #set admin if owner
                                  p = 'repository.admin'
                              else:
                                  p = perm.Permission.permission_name
                              user.permissions['repositories'][perm.UserRepoToPerm.
                                                               repository.repo_name] = p
                          #==================================================================
                          # overwrite default with user permissions if any
                          #==================================================================
                          #user global
                          user_perms = self.sa.query(UserToPerm)\
                                  .options(joinedload(UserToPerm.permission))\
                                  .filter(UserToPerm.user_id == uid).all()
                          for perm in user_perms:
                              user.permissions['global'].add(perm.permission.
                                                             permission_name)
                          #user repositories
                          user_repo_perms = self.sa.query(UserRepoToPerm, Permission,
                                                          Repository)\
                              .join((Repository, UserRepoToPerm.repository_id ==
                                     Repository.repo_id))\
                              .join((Permission, UserRepoToPerm.permission_id ==
                                     Permission.permission_id))\
                              .filter(UserRepoToPerm.user_id == uid).all()
                          for perm in user_repo_perms:
                              # set admin if owner
                              if perm.Repository.user_id == uid:
                                  p = 'repository.admin'
                              else:
                                  p = perm.Permission.permission_name
                              user.permissions['repositories'][perm.UserRepoToPerm.
                                                               repository.repo_name] = p
                          #==================================================================
                          # check if user is part of groups for this repository and fill in
                          # (or replace with higher) permissions
                          #==================================================================
                          #users group global
                          user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\
                              .options(joinedload(UsersGroupToPerm.permission))\
                              .join((UsersGroupMember, UsersGroupToPerm.users_group_id ==
                                     UsersGroupMember.users_group_id))\
                              .filter(UsersGroupMember.user_id == uid).all()
                          for perm in user_perms_from_users_groups:
                              user.permissions['global'].add(perm.permission.permission_name)
                          #users group repositories
                          user_repo_perms_from_users_groups = self.sa.query(
                                                              UsersGroupRepoToPerm,
                                                              Permission, Repository,)\
                              .join((Repository, UsersGroupRepoToPerm.repository_id ==
                                     Repository.repo_id))\
                              .join((Permission, UsersGroupRepoToPerm.permission_id ==
                                     Permission.permission_id))\
                              .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id ==
                                     UsersGroupMember.users_group_id))\
                              .filter(UsersGroupMember.user_id == uid).all()
                          for perm in user_repo_perms_from_users_groups:
                              p = perm.Permission.permission_name
                              cur_perm = user.permissions['repositories'][perm.
                                                                  UsersGroupRepoToPerm.
                                                                  repository.repo_name]
                              #overwrite permission only if it's greater than permission
                              # given from other sources
                              if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:
                                  user.permissions['repositories'][perm.UsersGroupRepoToPerm.
                                                                   repository.repo_name] = p
                      return user

rhodecode/tests/functional/test_login.py

0 0 -1

              # -*- coding: utf-8 -*-
              from rhodecode.tests import *
              from rhodecode.model.db import User
              from rhodecode.lib import generate_api_key
              from rhodecode.lib.auth import check_password
              class TestLoginController(TestController):
                  def test_index(self):
                      response = self.app.get(url(controller='login', action='index'))
                      self.assertEqual(response.status, '200 OK')
                      # Test response...
                  def test_login_admin_ok(self):
                      response = self.app.post(url(controller='login', action='index'),
                                               {'username':'test_admin',
                                                'password':'test12'})
                      self.assertEqual(response.status, '302 Found')
                      self.assertEqual(response.session['rhodecode_user'].username ,
                                       'test_admin')
                      response = response.follow()
                      self.assertTrue('%s repository' % HG_REPO in response.body)
                  def test_login_regular_ok(self):
                      response = self.app.post(url(controller='login', action='index'),
                                               {'username':'test_regular',
                                                'password':'test12'})
                      self.assertEqual(response.status, '302 Found')
                      self.assertEqual(response.session['rhodecode_user'].username ,
                                       'test_regular')
                      response = response.follow()
                      self.assertTrue('%s repository' % HG_REPO in response.body)
                      self.assertTrue('<a title="Admin" href="/_admin">' not in response.body)
                  def test_login_ok_came_from(self):
                      test_came_from = '/_admin/users'
                      response = self.app.post(url(controller='login', action='index',
                                                   came_from=test_came_from),
                                               {'username':'test_admin',
                                                'password':'test12'})
                      self.assertEqual(response.status, '302 Found')
                      response = response.follow()
                      self.assertEqual(response.status, '200 OK')
                      self.assertTrue('Users administration' in response.body)
                  def test_login_short_password(self):
                      response = self.app.post(url(controller='login', action='index'),
                                               {'username':'test_admin',
                                                'password':'as'})
                      self.assertEqual(response.status, '200 OK')
                      self.assertTrue('Enter 3 characters or more' in response.body)
                  def test_login_wrong_username_password(self):
                      response = self.app.post(url(controller='login', action='index'),
                                               {'username':'error',
                                                'password':'test12'})
                      self.assertEqual(response.status , '200 OK')
                      self.assertTrue('invalid user name' in response.body)
                      self.assertTrue('invalid password' in response.body)
                  #==========================================================================
                  # REGISTRATIONS
                  #==========================================================================
                  def test_register(self):
                      response = self.app.get(url(controller='login', action='register'))
                      self.assertTrue('Sign Up to RhodeCode' in response.body)
                  def test_register_err_same_username(self):
                      response = self.app.post(url(controller='login', action='register'),
                                                          {'username':'test_admin',
                                                           'password':'test12',
                                                           'password_confirmation':'test12',
                                                           'email':'goodmail@domain.com',
                                                           'name':'test',
                                                           'lastname':'test'})
                      self.assertEqual(response.status , '200 OK')
                      self.assertTrue('This username already exists' in response.body)
                  def test_register_err_same_email(self):
                      response = self.app.post(url(controller='login', action='register'),
                                                          {'username':'test_admin_0',
                                                           'password':'test12',
                                                           'password_confirmation':'test12',
                                                           'email':'test_admin@mail.com',
                                                           'name':'test',
                                                           'lastname':'test'})
                      self.assertEqual(response.status , '200 OK')
                      assert 'This e-mail address is already taken' in response.body
                  def test_register_err_same_email_case_sensitive(self):
                      response = self.app.post(url(controller='login', action='register'),
                                                          {'username':'test_admin_1',
                                                           'password':'test12',
                                                           'password_confirmation':'test12',
                                                           'email':'TesT_Admin@mail.COM',
                                                           'name':'test',
                                                           'lastname':'test'})
                      self.assertEqual(response.status , '200 OK')
                      assert 'This e-mail address is already taken' in response.body
                  def test_register_err_wrong_data(self):
                      response = self.app.post(url(controller='login', action='register'),
                                                          {'username':'xs',
                                                           'password':'test',
                                                           'password_confirmation':'test',
                                                           'email':'goodmailm',
                                                           'name':'test',
                                                           'lastname':'test'})
                      self.assertEqual(response.status , '200 OK')
                      assert 'An email address must contain a single @' in response.body
                      assert 'Enter a value 6 characters long or more' in response.body
                  def test_register_err_username(self):
                      response = self.app.post(url(controller='login', action='register'),
                                                          {'username':'error user',
                                                           'password':'test12',
                                                           'password_confirmation':'test12',
                                                           'email':'goodmailm',
                                                           'name':'test',
                                                           'lastname':'test'})
                      self.assertEqual(response.status , '200 OK')
                      assert 'An email address must contain a single @' in response.body
                      assert ('Username may only contain '
                              'alphanumeric characters underscores, '
                              'periods or dashes and must begin with '
                              'alphanumeric character') in response.body
                  def test_register_err_case_sensitive(self):
                      response = self.app.post(url(controller='login', action='register'),
                                                          {'username':'Test_Admin',
                                                           'password':'test12',
                                                           'password_confirmation':'test12',
                                                           'email':'goodmailm',
                                                           'name':'test',
                                                           'lastname':'test'})
                      self.assertEqual(response.status , '200 OK')
                      self.assertTrue('An email address must contain a single @' in response.body)
                      self.assertTrue('This username already exists' in response.body)
                  def test_register_special_chars(self):
                      response = self.app.post(url(controller='login', action='register'),
                                                          {'username':'xxxaxn',
                                                           'password':'ąćźżąśśśś',
                                                           'password_confirmation':'ąćźżąśśśś',
                                                           'email':'goodmailm@test.plx',
                                                           'name':'test',
                                                           'lastname':'test'})
                      self.assertEqual(response.status , '200 OK')
                      self.assertTrue('Invalid characters in password' in response.body)
                  def test_register_password_mismatch(self):
                      response = self.app.post(url(controller='login', action='register'),
                                                          {'username':'xs',
                                                           'password':'123qwe',
                                                           'password_confirmation':'qwe123',
                                                           'email':'goodmailm@test.plxa',
                                                           'name':'test',
                                                           'lastname':'test'})
                      self.assertEqual(response.status , '200 OK')
                      assert 'Passwords do not match' in response.body
                  def test_register_ok(self):
                      username = 'test_regular4'
                      password = 'qweqwe'
                      email = 'marcin@test.com'
                      name = 'testname'
                      lastname = 'testlastname'
                      response = self.app.post(url(controller='login', action='register'),
                                                          {'username':username,
                                                           'password':password,
                                                           'password_confirmation':password,
                                                           'email':email,
                                                           'name':name,
                                                           'lastname':lastname})
                      self.assertEqual(response.status , '302 Found')
                      assert 'You have successfully registered into rhodecode' in response.session['flash'][0], 'No flash message about user registration'
                      ret = self.sa.query(User).filter(User.username == 'test_regular4').one()
                      assert ret.username == username , 'field mismatch %s %s' % (ret.username, username)
                      assert check_password(password, ret.password) == True , 'password mismatch'
                      assert ret.email == email , 'field mismatch %s %s' % (ret.email, email)
                      assert ret.name == name , 'field mismatch %s %s' % (ret.name, name)
                      assert ret.lastname == lastname , 'field mismatch %s %s' % (ret.lastname, lastname)
                  def test_forgot_password_wrong_mail(self):
                      response = self.app.post(url(controller='login', action='password_reset'),
                                                          {'email':'marcin@wrongmail.org', })
                      assert "This e-mail address doesn't exist" in response.body, 'Missing error message about wrong email'
                  def test_forgot_password(self):
                      response = self.app.get(url(controller='login',
                                                  action='password_reset'))
                      self.assertEqual(response.status , '200 OK')
                      username = 'test_password_reset_1'
                      password = 'qweqwe'
                      email = 'marcin@python-works.com'
                      name = 'passwd'
                      lastname = 'reset'
                      new = User()
                      new.username = username
                      new.password = password
                      new.email = email
                      new.name = name
                      new.lastname = lastname
                      new.api_key = generate_api_key(username)
                      self.sa.add(new)
                      self.sa.commit()
                      response = self.app.post(url(controller='login',
                                                   action='password_reset'),
                                               {'email':email, })
                      self.checkSessionFlash(response, 'Your password reset link was sent')
                      response = response.follow()
                      # BAD KEY
                      key = "bad"
                      response = self.app.get(url(controller='login',
                                                  action='password_reset_confirmation',
                                                  key=key))
                      self.assertEqual(response.status, '302 Found')
                      self.assertTrue(response.location.endswith(url('reset_password')))
                      # GOOD KEY
                      key = User.get_by_username(username).api_key
                      response = self.app.get(url(controller='login',
                                                  action='password_reset_confirmation',
                                                  key=key))
                      self.assertEqual(response.status, '302 Found')
                      self.assertTrue(response.location.endswith(url('login_home')))
                      self.checkSessionFlash(response,
                                             ('Your password reset was successful, '
                                              'new password has been sent to your email'))
                      response = response.follow()

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages