Show More
| @@ -78,8 +78,8 from webob.exc import HTTPNotFound, HTTP | |||
|
|
78 | 78 | log = logging.getLogger(__name__) |
|
|
79 | 79 | |
|
|
80 | 80 | def is_git(environ): |
|
|
81 |
"""Returns True if request's target is git server. |
|
|
|
82 | then have git client version given. | |
|
|
81 | """Returns True if request's target is git server. | |
|
|
82 | ``HTTP_USER_AGENT`` would then have git client version given. | |
|
|
83 | 83 | |
|
|
84 | 84 | :param environ: |
|
|
85 | 85 | """ |
| @@ -109,12 +109,42 class SimpleGit(object): | |||
|
|
109 | 109 | self.ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0')) |
|
|
110 | 110 | # skip passing error to error controller |
|
|
111 | 111 | environ['pylons.status_code_redirect'] = True |
|
|
112 | #=================================================================== | |
|
|
113 | # AUTHENTICATE THIS GIT REQUEST | |
|
|
114 | #=================================================================== | |
|
|
115 | username = REMOTE_USER(environ) | |
|
|
116 | if not username: | |
|
|
117 | self.authenticate.realm = self.config['rhodecode_realm'] | |
|
|
112 | ||
|
|
113 | #====================================================================== | |
|
|
114 | # GET ACTION PULL or PUSH | |
|
|
115 | #====================================================================== | |
|
|
116 | self.action = self.__get_action(environ) | |
|
|
117 | try: | |
|
|
118 | #================================================================== | |
|
|
119 | # GET REPOSITORY NAME | |
|
|
120 | #================================================================== | |
|
|
121 | self.repo_name = self.__get_repository(environ) | |
|
|
122 | except: | |
|
|
123 | return HTTPInternalServerError()(environ, start_response) | |
|
|
124 | ||
|
|
125 | #====================================================================== | |
|
|
126 | # CHECK ANONYMOUS PERMISSION | |
|
|
127 | #====================================================================== | |
|
|
128 | if self.action in ['pull', 'push'] or self.action: | |
|
|
129 | anonymous_user = self.__get_user('default') | |
|
|
130 | self.username = anonymous_user.username | |
|
|
131 | anonymous_perm = self.__check_permission(self.action, anonymous_user , | |
|
|
132 | self.repo_name) | |
|
|
133 | ||
|
|
134 | if anonymous_perm is not True or anonymous_user.active is False: | |
|
|
135 | if anonymous_perm is not True: | |
|
|
136 | log.debug('Not enough credentials to access this repository' | |
|
|
137 | 'as anonymous user') | |
|
|
138 | if anonymous_user.active is False: | |
|
|
139 | log.debug('Anonymous access is disabled, running ' | |
|
|
140 | 'authentication') | |
|
|
141 | #============================================================== | |
|
|
142 | # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE | |
|
|
143 | # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS | |
|
|
144 | #============================================================== | |
|
|
145 | ||
|
|
146 | if not REMOTE_USER(environ): | |
|
|
147 | self.authenticate.realm = str(self.config['rhodecode_realm']) | |
|
|
118 | 148 | result = self.authenticate(environ) |
|
|
119 | 149 | if isinstance(result, str): |
|
|
120 | 150 | AUTH_TYPE.update(environ, 'basic') |
| @@ -122,23 +152,13 class SimpleGit(object): | |||
|
|
122 | 152 | else: |
|
|
123 | 153 | return result.wsgi_application(environ, start_response) |
|
|
124 | 154 | |
|
|
125 | #======================================================================= | |
|
|
126 | # GET REPOSITORY | |
|
|
127 | #======================================================================= | |
|
|
128 | try: | |
|
|
129 | repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:]) | |
|
|
130 | if repo_name.endswith('/'): | |
|
|
131 | repo_name = repo_name.rstrip('/') | |
|
|
132 | self.repository = repo_name | |
|
|
133 | except: | |
|
|
134 | log.error(traceback.format_exc()) | |
|
|
135 | return HTTPInternalServerError()(environ, start_response) | |
|
|
136 | 155 | |
|
|
137 |
# |
|
|
|
138 | # CHECK PERMISSIONS FOR THIS REQUEST | |
|
|
139 | #=================================================================== | |
|
|
140 | self.action = self.__get_action(environ) | |
|
|
141 | if self.action: | |
|
|
156 | #============================================================== | |
|
|
157 | # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM | |
|
|
158 | # BASIC AUTH | |
|
|
159 | #============================================================== | |
|
|
160 | ||
|
|
161 | if self.action in ['pull', 'push'] or self.action: | |
|
|
142 | 162 | username = self.__get_environ_user(environ) |
|
|
143 | 163 | try: |
|
|
144 | 164 | user = self.__get_user(username) |
| @@ -148,24 +168,15 class SimpleGit(object): | |||
|
|
148 | 168 | return HTTPInternalServerError()(environ, start_response) |
|
|
149 | 169 | |
|
|
150 | 170 | #check permissions for this repository |
|
|
151 | if self.action == 'push': | |
|
|
152 | if not HasPermissionAnyMiddleware('repository.write', | |
|
|
153 | 'repository.admin')\ | |
|
|
154 | (user, repo_name): | |
|
|
155 | return HTTPForbidden()(environ, start_response) | |
|
|
156 | ||
|
|
157 | else: | |
|
|
158 | #any other action need at least read permission | |
|
|
159 | if not HasPermissionAnyMiddleware('repository.read', | |
|
|
160 | 'repository.write', | |
|
|
161 | 'repository.admin')\ | |
|
|
162 | (user, repo_name): | |
|
|
171 | perm = self.__check_permission(self.action, user, self.repo_name) | |
|
|
172 | if perm is not True: | |
|
|
173 | print 'not allowed' | |
|
|
163 | 174 | return HTTPForbidden()(environ, start_response) |
|
|
164 | 175 | |
|
|
165 | 176 | self.extras = {'ip':self.ipaddr, |
|
|
166 | 177 | 'username':self.username, |
|
|
167 | 178 | 'action':self.action, |
|
|
168 |
'repository':self.repo |
|
|
|
179 | 'repository':self.repo_name} | |
|
|
169 | 180 | |
|
|
170 | 181 | #=================================================================== |
|
|
171 | 182 | # GIT REQUEST HANDLING |
| @@ -197,6 +208,46 class SimpleGit(object): | |||
|
|
197 | 208 | |
|
|
198 | 209 | return gitserve |
|
|
199 | 210 | |
|
|
211 | def __check_permission(self, action, user, repo_name): | |
|
|
212 | """Checks permissions using action (push/pull) user and repository | |
|
|
213 | name | |
|
|
214 | ||
|
|
215 | :param action: push or pull action | |
|
|
216 | :param user: user instance | |
|
|
217 | :param repo_name: repository name | |
|
|
218 | """ | |
|
|
219 | if action == 'push': | |
|
|
220 | if not HasPermissionAnyMiddleware('repository.write', | |
|
|
221 | 'repository.admin')\ | |
|
|
222 | (user, repo_name): | |
|
|
223 | return False | |
|
|
224 | ||
|
|
225 | else: | |
|
|
226 | #any other action need at least read permission | |
|
|
227 | if not HasPermissionAnyMiddleware('repository.read', | |
|
|
228 | 'repository.write', | |
|
|
229 | 'repository.admin')\ | |
|
|
230 | (user, repo_name): | |
|
|
231 | return False | |
|
|
232 | ||
|
|
233 | return True | |
|
|
234 | ||
|
|
235 | ||
|
|
236 | def __get_repository(self, environ): | |
|
|
237 | """Get's repository name out of PATH_INFO header | |
|
|
238 | ||
|
|
239 | :param environ: environ where PATH_INFO is stored | |
|
|
240 | """ | |
|
|
241 | try: | |
|
|
242 | repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:]) | |
|
|
243 | if repo_name.endswith('/'): | |
|
|
244 | repo_name = repo_name.rstrip('/') | |
|
|
245 | except: | |
|
|
246 | log.error(traceback.format_exc()) | |
|
|
247 | raise | |
|
|
248 | repo_name = repo_name.split('/')[0] | |
|
|
249 | return repo_name | |
|
|
250 | ||
|
|
200 | 251 | def __get_environ_user(self, environ): |
|
|
201 | 252 | return environ.get('REMOTE_USER') |
|
|
202 | 253 | |
| @@ -105,13 +105,13 class SimpleHg(object): | |||
|
|
105 | 105 | if anonymous_user.active is False: |
|
|
106 | 106 | log.debug('Anonymous access is disabled, running ' |
|
|
107 | 107 | 'authentication') |
|
|
108 |
#============================================================== |
|
|
|
109 |
# DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE |
|
|
|
110 |
# TO AUTHENTICATE AND ASK FOR AUTH |
|
|
|
111 |
#============================================================== |
|
|
|
108 | #============================================================== | |
|
|
109 | # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE | |
|
|
110 | # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS | |
|
|
111 | #============================================================== | |
|
|
112 | 112 | |
|
|
113 | 113 | if not REMOTE_USER(environ): |
|
|
114 | self.authenticate.realm = self.config['rhodecode_realm'] | |
|
|
114 | self.authenticate.realm = str(self.config['rhodecode_realm']) | |
|
|
115 | 115 | result = self.authenticate(environ) |
|
|
116 | 116 | if isinstance(result, str): |
|
|
117 | 117 | AUTH_TYPE.update(environ, 'basic') |
| @@ -120,10 +120,10 class SimpleHg(object): | |||
|
|
120 | 120 | return result.wsgi_application(environ, start_response) |
|
|
121 | 121 | |
|
|
122 | 122 | |
|
|
123 |
#============================================================== |
|
|
|
123 | #============================================================== | |
|
|
124 | 124 | # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM |
|
|
125 | 125 | # BASIC AUTH |
|
|
126 |
#============================================================== |
|
|
|
126 | #============================================================== | |
|
|
127 | 127 | |
|
|
128 | 128 | if self.action in ['pull', 'push']: |
|
|
129 | 129 | username = self.__get_environ_user(environ) |
General Comments 0
You need to be logged in to leave comments.
Login now