upstream/kallithea Commit - r918:b2d5868c

fixes in simplehg and simplegit, force casting to headers

marcink -

r918:b2d5868c beta

parent child

rhodecode/lib/middleware/simplegit.py

0 +99 -48

		@@ -78,8 +78,8 b' from webob.exc import HTTPNotFound, HTTP'
78	78	log = logging.getLogger(__name__)
79	79
80	80	def is_git(environ):
81		"""Returns True if request's target is git server. ~~``HTTP_USER_AGENT`` would~~
82		then have git client version given.
	81	"""Returns True if request's target is git server.
	82	``HTTP_USER_AGENT`` would then have git client version given.
83	83
84	84	:param environ:
85	85	"""
		@@ -109,63 +109,74 b' class SimpleGit(object):'
109	109	self.ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0'))
110	110	# skip passing error to error controller
111	111	environ['pylons.status_code_redirect'] = True
112		#===================================================================
113		# AUTHENTICATE THIS GIT REQUEST
114		#===================================================================
115		username = REMOTE_USER(environ)
116		if not username:
117		self.authenticate.realm = self.config['rhodecode_realm']
118		result = self.authenticate(environ)
119		if isinstance(result, str):
120		AUTH_TYPE.update(environ, 'basic')
121		REMOTE_USER.update(environ, result)
122		else:
123		return result.wsgi_application(environ, start_response)
124	112
125		#=======================================================================
126		# GET REPOSITORY
127		#=======================================================================
	113	#======================================================================
	114	# GET ACTION PULL or PUSH
	115	#======================================================================
	116	self.action = self.__get_action(environ)
128	117	try:
129		repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])
130		if repo_name.endswith('/'):
131		repo_name = repo_name.rstrip('/')
132		self.repo~~sitory~~ = ~~repo_name~~
	118	#==================================================================
	119	# GET REPOSITORY NAME
	120	#==================================================================
	121	self.repo_name = self.__get_repository(environ)
133	122	except:
134		log.error(traceback.format_exc())
135	123	return HTTPInternalServerError()(environ, start_response)
136	124
137		#===================================================================
138		# CHECK PERMISSION~~S FOR THIS REQUEST~~
139		#===================================================================
140		self.action = self.~~__get_~~action(~~environ~~)
141		if self.action:
142		username = ~~self~~.~~__get_environ_user~~(~~environ~~)
143		try:
144		user = self.__get_user(username)
145		self.username = user.username
146		except:
147		log.error(traceback.format_exc())
148		return HTTPInternalServerError()(environ, start_response)
	125	#======================================================================
	126	# CHECK ANONYMOUS PERMISSION
	127	#======================================================================
	128	if self.action in ['pull', 'push'] or self.action:
	129	anonymous_user = self.__get_user('default')
	130	self.username = anonymous_user.username
	131	anonymous_perm = self.__check_permission(self.action, anonymous_user ,
	132	self.repo_name)
	133
	134	if anonymous_perm is not True or anonymous_user.active is False:
	135	if anonymous_perm is not True:
	136	log.debug('Not enough credentials to access this repository'
	137	'as anonymous user')
	138	if anonymous_user.active is False:
	139	log.debug('Anonymous access is disabled, running '
	140	'authentication')
	141	#==============================================================
	142	# DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
	143	# NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
	144	#==============================================================
149	145
150		#check permissions for this repository
151		if self.action == 'push':
152		if not HasPermissionAnyMiddleware('repository.write',
153		'repository.admin')\
154		(user, repo_name):
155		return HTTPForbidden()(environ, start_response)
	146	if not REMOTE_USER(environ):
	147	self.authenticate.realm = str(self.config['rhodecode_realm'])
	148	result = self.authenticate(environ)
	149	if isinstance(result, str):
	150	AUTH_TYPE.update(environ, 'basic')
	151	REMOTE_USER.update(environ, result)
	152	else:
	153	return result.wsgi_application(environ, start_response)
	154
	155
	156	#==============================================================
	157	# CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM
	158	# BASIC AUTH
	159	#==============================================================
156	160
157		else:
158		#any other action need at least read permission
159		if not HasPermissionAnyMiddleware('repository.read',
160		'repository.write',
161		'repository.admin')\
162		(user, repo_name):
163		return HTTPForbidden()(environ, start_response)
	161	if self.action in ['pull', 'push'] or self.action:
	162	username = self.__get_environ_user(environ)
	163	try:
	164	user = self.__get_user(username)
	165	self.username = user.username
	166	except:
	167	log.error(traceback.format_exc())
	168	return HTTPInternalServerError()(environ, start_response)
	169
	170	#check permissions for this repository
	171	perm = self.__check_permission(self.action, user, self.repo_name)
	172	if perm is not True:
	173	print 'not allowed'
	174	return HTTPForbidden()(environ, start_response)
164	175
165	176	self.extras = {'ip':self.ipaddr,
166	177	'username':self.username,
167	178	'action':self.action,
168		'repository':self.repo~~sitory~~}
	179	'repository':self.repo_name}
169	180
170	181	#===================================================================
171	182	# GIT REQUEST HANDLING
		@@ -197,6 +208,46 b' class SimpleGit(object):'
197	208
198	209	return gitserve
199	210
	211	def __check_permission(self, action, user, repo_name):
	212	"""Checks permissions using action (push/pull) user and repository
	213	name
	214
	215	:param action: push or pull action
	216	:param user: user instance
	217	:param repo_name: repository name
	218	"""
	219	if action == 'push':
	220	if not HasPermissionAnyMiddleware('repository.write',
	221	'repository.admin')\
	222	(user, repo_name):
	223	return False
	224
	225	else:
	226	#any other action need at least read permission
	227	if not HasPermissionAnyMiddleware('repository.read',
	228	'repository.write',
	229	'repository.admin')\
	230	(user, repo_name):
	231	return False
	232
	233	return True
	234
	235
	236	def __get_repository(self, environ):
	237	"""Get's repository name out of PATH_INFO header
	238
	239	:param environ: environ where PATH_INFO is stored
	240	"""
	241	try:
	242	repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])
	243	if repo_name.endswith('/'):
	244	repo_name = repo_name.rstrip('/')
	245	except:
	246	log.error(traceback.format_exc())
	247	raise
	248	repo_name = repo_name.split('/')[0]
	249	return repo_name
	250
200	251	def __get_environ_user(self, environ):
201	252	return environ.get('REMOTE_USER')
202	253

rhodecode/lib/middleware/simplehg.py

0 +7 -7

                              if anonymous_user.active is False:
                                  log.debug('Anonymous access is disabled, running '
                                            'authentication')
-                             #==================================================================
-                             # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE NEED
-                             # TO AUTHENTICATE AND ASK FOR AUTHENTICATED USER PERMISSIONS
-                             #==================================================================
+                             #==============================================================
+                             # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
+                             # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
+                             #==============================================================
                              if not REMOTE_USER(environ):
-                                 self.authenticate.realm = self.config['rhodecode_realm']
+                                 self.authenticate.realm = str(self.config['rhodecode_realm'])
                                  result = self.authenticate(environ)
                                  if isinstance(result, str):
                                      AUTH_TYPE.update(environ, 'basic')
                                      return result.wsgi_application(environ, start_response)
-                             #==================================================================
+                             #==============================================================
                              # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM
                              # BASIC AUTH
-                             #==================================================================
+                             #==============================================================
                              if self.action in ['pull', 'push']:
                                  username = self.__get_environ_user(environ)

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages