upstream/kallithea Commit - r3987:b58ed6d6

1

"""The base Controller API

1

"""The base Controller API

2

3

Provides the BaseController class for subclassing.

3

Provides the BaseController class for subclassing.

4

"""

4

"""

5

import logging

5

import logging

6

import time

6

import time

7

import traceback

7

import traceback

8

9

from paste.auth.basic import AuthBasicAuthenticator

9

from paste.auth.basic import AuthBasicAuthenticator

10

from paste.httpexceptions import HTTPUnauthorized, HTTPForbidden

10

from paste.httpexceptions import HTTPUnauthorized, HTTPForbidden

11

from paste.httpheaders import WWW_AUTHENTICATE, AUTHORIZATION

11

from paste.httpheaders import WWW_AUTHENTICATE, AUTHORIZATION

12

13

from pylons import config, tmpl_context as c, request, session, url

13

from pylons import config, tmpl_context as c, request, session, url

14

from pylons.controllers import WSGIController

14

from pylons.controllers import WSGIController

15

from pylons.controllers.util import redirect

15

from pylons.controllers.util import redirect

16

from pylons.templating import render_mako as render

16

from pylons.templating import render_mako as render

17

18

from rhodecode import __version__, BACKENDS

18

from rhodecode import __version__, BACKENDS

19

20

from rhodecode.lib.utils2 import str2bool, safe_unicode, AttributeDict,\

20

from rhodecode.lib.utils2 import str2bool, safe_unicode, AttributeDict,\

21

safe_str, safe_int

21

safe_str, safe_int

22

from rhodecode.lib.auth import AuthUser, get_container_username, authfunc,\

22

from rhodecode.lib.auth import AuthUser, get_container_username, authfunc,\

23

HasPermissionAnyMiddleware, CookieStoreWrapper

23

HasPermissionAnyMiddleware, CookieStoreWrapper

24

from rhodecode.lib.utils import get_repo_slug

24

from rhodecode.lib.utils import get_repo_slug

25

from rhodecode.model import meta

25

from rhodecode.model import meta

26

27

from rhodecode.model.db import Repository, RhodeCodeUi, User, RhodeCodeSetting

27

from rhodecode.model.db import Repository, RhodeCodeUi, User, RhodeCodeSetting

28

from rhodecode.model.notification import NotificationModel

28

from rhodecode.model.notification import NotificationModel

29

from rhodecode.model.scm import ScmModel

29

from rhodecode.model.scm import ScmModel

30

from rhodecode.model.meta import Session

30

from rhodecode.model.meta import Session

31

32

log = logging.getLogger(__name__)

32

log = logging.getLogger(__name__)

33

34

35

def _filter_proxy(ip):

35

def _filter_proxy(ip):

36

"""

36

"""

37

HEADERS can have mutliple ips inside the left-most being the original

37

HEADERS can have multiple ips inside the left-most being the original

38

client, and each successive proxy that passed the request adding the IP

38

client, and each successive proxy that passed the request adding the IP

39

address where it received the request from.

39

address where it received the request from.

40

41

:param ip:

41

:param ip:

42

"""

42

"""

43

if ',' in ip:

43

if ',' in ip:

44

_ips = ip.split(',')

44

_ips = ip.split(',')

45

_first_ip = _ips[0].strip()

45

_first_ip = _ips[0].strip()

46

log.debug('Got multiple IPs %s, using %s' % (','.join(_ips), _first_ip))

46

log.debug('Got multiple IPs %s, using %s' % (','.join(_ips), _first_ip))

47

return _first_ip

47

return _first_ip

48

return ip

48

return ip

49

50

51

def _get_ip_addr(environ):

51

def _get_ip_addr(environ):

52

proxy_key = 'HTTP_X_REAL_IP'

52

proxy_key = 'HTTP_X_REAL_IP'

53

proxy_key2 = 'HTTP_X_FORWARDED_FOR'

53

proxy_key2 = 'HTTP_X_FORWARDED_FOR'

54

def_key = 'REMOTE_ADDR'

54

def_key = 'REMOTE_ADDR'

55

56

ip = environ.get(proxy_key)

56

ip = environ.get(proxy_key)

57

if ip:

57

if ip:

58

return _filter_proxy(ip)

58

return _filter_proxy(ip)

59

60

ip = environ.get(proxy_key2)

60

ip = environ.get(proxy_key2)

61

if ip:

61

if ip:

62

return _filter_proxy(ip)

62

return _filter_proxy(ip)

63

64

ip = environ.get(def_key, '0.0.0.0')

64

ip = environ.get(def_key, '0.0.0.0')

65

return _filter_proxy(ip)

65

return _filter_proxy(ip)

66

67

68

def _get_access_path(environ):

68

def _get_access_path(environ):

69

path = environ.get('PATH_INFO')

69

path = environ.get('PATH_INFO')

70

org_req = environ.get('pylons.original_request')

70

org_req = environ.get('pylons.original_request')

71

if org_req:

71

if org_req:

72

path = org_req.environ.get('PATH_INFO')

72

path = org_req.environ.get('PATH_INFO')

73

return path

73

return path

74

75

76

class BasicAuth(AuthBasicAuthenticator):

76

class BasicAuth(AuthBasicAuthenticator):

77

78

def __init__(self, realm, authfunc, auth_http_code=None):

78

def __init__(self, realm, authfunc, auth_http_code=None):

79

self.realm = realm

79

self.realm = realm

80

self.authfunc = authfunc

80

self.authfunc = authfunc

81

self._rc_auth_http_code = auth_http_code

81

self._rc_auth_http_code = auth_http_code

82

83

def build_authentication(self):

83

def build_authentication(self):

84

head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)

84

head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)

85

if self._rc_auth_http_code and self._rc_auth_http_code == '403':

85

if self._rc_auth_http_code and self._rc_auth_http_code == '403':

86

# return 403 if alternative http return code is specified in

86

# return 403 if alternative http return code is specified in

87

# RhodeCode config

87

# RhodeCode config

88

return HTTPForbidden(headers=head)

88

return HTTPForbidden(headers=head)

89

return HTTPUnauthorized(headers=head)

89

return HTTPUnauthorized(headers=head)

90

91

def authenticate(self, environ):

91

def authenticate(self, environ):

92

authorization = AUTHORIZATION(environ)

92

authorization = AUTHORIZATION(environ)

93

if not authorization:

93

if not authorization:

94

return self.build_authentication()

94

return self.build_authentication()

95

(authmeth, auth) = authorization.split(' ', 1)

95

(authmeth, auth) = authorization.split(' ', 1)

96

if 'basic' != authmeth.lower():

96

if 'basic' != authmeth.lower():

97

return self.build_authentication()

97

return self.build_authentication()

98

auth = auth.strip().decode('base64')

98

auth = auth.strip().decode('base64')

99

_parts = auth.split(':', 1)

99

_parts = auth.split(':', 1)

100

if len(_parts) == 2:

100

if len(_parts) == 2:

101

username, password = _parts

101

username, password = _parts

102

if self.authfunc(environ, username, password):

102

if self.authfunc(environ, username, password):

103

return username

103

return username

104

return self.build_authentication()

104

return self.build_authentication()

105

106

__call__ = authenticate

106

__call__ = authenticate

107

108

109

class BaseVCSController(object):

109

class BaseVCSController(object):

110

111

def __init__(self, application, config):

111

def __init__(self, application, config):

112

self.application = application

112

self.application = application

113

self.config = config

113

self.config = config

114

# base path of repo locations

114

# base path of repo locations

115

self.basepath = self.config['base_path']

115

self.basepath = self.config['base_path']

116

#authenticate this mercurial request using authfunc

116

#authenticate this mercurial request using authfunc

117

self.authenticate = BasicAuth('', authfunc,

117

self.authenticate = BasicAuth('', authfunc,

118

config.get('auth_ret_code'))

118

config.get('auth_ret_code'))

119

self.ip_addr = '0.0.0.0'

119

self.ip_addr = '0.0.0.0'

120

121

def _handle_request(self, environ, start_response):

121

def _handle_request(self, environ, start_response):

122

raise NotImplementedError()

122

raise NotImplementedError()

123

124

def _get_by_id(self, repo_name):

124

def _get_by_id(self, repo_name):

125

"""

125

"""

126

Get's a special pattern _<ID> from clone url and tries to replace it

126

Get's a special pattern _<ID> from clone url and tries to replace it

127

with a repository_name for support of _<ID> non changable urls

127

with a repository_name for support of _<ID> non changable urls

128

129

:param repo_name:

129

:param repo_name:

130

"""

130

"""

131

try:

131

try:

132

data = repo_name.split('/')

132

data = repo_name.split('/')

133

if len(data) >= 2:

133

if len(data) >= 2:

134

by_id = data[1].split('_')

134

by_id = data[1].split('_')

135

if len(by_id) == 2 and by_id[1].isdigit():

135

if len(by_id) == 2 and by_id[1].isdigit():

136

_repo_name = Repository.get(by_id[1]).repo_name

136

_repo_name = Repository.get(by_id[1]).repo_name

137

data[1] = _repo_name

137

data[1] = _repo_name

138

except Exception:

138

except Exception:

139

log.debug('Failed to extract repo_name from id %s' % (

139

log.debug('Failed to extract repo_name from id %s' % (

140

traceback.format_exc()

140

traceback.format_exc()

141

)

141

)

142

)

142

)

143

144

return '/'.join(data)

144

return '/'.join(data)

145

146

def _invalidate_cache(self, repo_name):

146

def _invalidate_cache(self, repo_name):

147

"""

147

"""

148

Set's cache for this repository for invalidation on next access

148

Set's cache for this repository for invalidation on next access

149

150

:param repo_name: full repo name, also a cache key

150

:param repo_name: full repo name, also a cache key

151

"""

151

"""

152

ScmModel().mark_for_invalidation(repo_name)

152

ScmModel().mark_for_invalidation(repo_name)

153

154

def _check_permission(self, action, user, repo_name, ip_addr=None):

154

def _check_permission(self, action, user, repo_name, ip_addr=None):

155

"""

155

"""

156

Checks permissions using action (push/pull) user and repository

156

Checks permissions using action (push/pull) user and repository

157

name

157

name

158

159

:param action: push or pull action

159

:param action: push or pull action

160

:param user: user instance

160

:param user: user instance

161

:param repo_name: repository name

161

:param repo_name: repository name

162

"""

162

"""

163

#check IP

163

#check IP

164

authuser = AuthUser(user_id=user.user_id, ip_addr=ip_addr)

164

authuser = AuthUser(user_id=user.user_id, ip_addr=ip_addr)

165

if not authuser.ip_allowed:

165

if not authuser.ip_allowed:

166

return False

166

return False

167

else:

167

else:

168

log.info('Access for IP:%s allowed' % (ip_addr))

168

log.info('Access for IP:%s allowed' % (ip_addr))

169

if action == 'push':

169

if action == 'push':

170

if not HasPermissionAnyMiddleware('repository.write',

170

if not HasPermissionAnyMiddleware('repository.write',

171

'repository.admin')(user,

171

'repository.admin')(user,

172

repo_name):

172

repo_name):

173

return False

173

return False

174

175

else:

175

else:

176

#any other action need at least read permission

176

#any other action need at least read permission

177

if not HasPermissionAnyMiddleware('repository.read',

177

if not HasPermissionAnyMiddleware('repository.read',

178

'repository.write',

178

'repository.write',

179

'repository.admin')(user,

179

'repository.admin')(user,

180

repo_name):

180

repo_name):

181

return False

181

return False

182

183

return True

183

return True

184

185

def _get_ip_addr(self, environ):

185

def _get_ip_addr(self, environ):

186

return _get_ip_addr(environ)

186

return _get_ip_addr(environ)

187

188

def _check_ssl(self, environ, start_response):

188

def _check_ssl(self, environ, start_response):

189

"""

189

"""

190

Checks the SSL check flag and returns False if SSL is not present

190

Checks the SSL check flag and returns False if SSL is not present

191

and required True otherwise

191

and required True otherwise

192

"""

192

"""

193

org_proto = environ['wsgi._org_proto']

193

org_proto = environ['wsgi._org_proto']

194

#check if we have SSL required ! if not it's a bad request !

194

#check if we have SSL required ! if not it's a bad request !

195

require_ssl = str2bool(RhodeCodeUi.get_by_key('push_ssl').ui_value)

195

require_ssl = str2bool(RhodeCodeUi.get_by_key('push_ssl').ui_value)

196

if require_ssl and org_proto == 'http':

196

if require_ssl and org_proto == 'http':

197

log.debug('proto is %s and SSL is required BAD REQUEST !'

197

log.debug('proto is %s and SSL is required BAD REQUEST !'

198

% org_proto)

198

% org_proto)

199

return False

199

return False

200

return True

200

return True

201

202

def _check_locking_state(self, environ, action, repo, user_id):

202

def _check_locking_state(self, environ, action, repo, user_id):

203

"""

203

"""

204

Checks locking on this repository, if locking is enabled and lock is

204

Checks locking on this repository, if locking is enabled and lock is

205

present returns a tuple of make_lock, locked, locked_by.

205

present returns a tuple of make_lock, locked, locked_by.

206

make_lock can have 3 states None (do nothing) True, make lock

206

make_lock can have 3 states None (do nothing) True, make lock

207

False release lock, This value is later propagated to hooks, which

207

False release lock, This value is later propagated to hooks, which

208

do the locking. Think about this as signals passed to hooks what to do.

208

do the locking. Think about this as signals passed to hooks what to do.

209

210

"""

210

"""

211

locked = False # defines that locked error should be thrown to user

211

locked = False # defines that locked error should be thrown to user

212

make_lock = None

212

make_lock = None

213

repo = Repository.get_by_repo_name(repo)

213

repo = Repository.get_by_repo_name(repo)

214

user = User.get(user_id)

214

user = User.get(user_id)

215

216

# this is kind of hacky, but due to how mercurial handles client-server

216

# this is kind of hacky, but due to how mercurial handles client-server

217

# server see all operation on changeset; bookmarks, phases and

217

# server see all operation on changeset; bookmarks, phases and

218

# obsolescence marker in different transaction, we don't want to check

218

# obsolescence marker in different transaction, we don't want to check

219

# locking on those

219

# locking on those

220

obsolete_call = environ['QUERY_STRING'] in ['cmd=listkeys',]

220

obsolete_call = environ['QUERY_STRING'] in ['cmd=listkeys',]

221

locked_by = repo.locked

221

locked_by = repo.locked

222

if repo and repo.enable_locking and not obsolete_call:

222

if repo and repo.enable_locking and not obsolete_call:

223

if action == 'push':

223

if action == 'push':

224

#check if it's already locked !, if it is compare users

224

#check if it's already locked !, if it is compare users

225

user_id, _date = repo.locked

225

user_id, _date = repo.locked

226

if user.user_id == user_id:

226

if user.user_id == user_id:

227

log.debug('Got push from user %s, now unlocking' % (user))

227

log.debug('Got push from user %s, now unlocking' % (user))

228

# unlock if we have push from user who locked

228

# unlock if we have push from user who locked

229

make_lock = False

229

make_lock = False

230

else:

230

else:

231

# we're not the same user who locked, ban with 423 !

231

# we're not the same user who locked, ban with 423 !

232

locked = True

232

locked = True

233

if action == 'pull':

233

if action == 'pull':

234

if repo.locked[0] and repo.locked[1]:

234

if repo.locked[0] and repo.locked[1]:

235

locked = True

235

locked = True

236

else:

236

else:

237

log.debug('Setting lock on repo %s by %s' % (repo, user))

237

log.debug('Setting lock on repo %s by %s' % (repo, user))

238

make_lock = True

238

make_lock = True

239

240

else:

240

else:

241

log.debug('Repository %s do not have locking enabled' % (repo))

241

log.debug('Repository %s do not have locking enabled' % (repo))

242

log.debug('FINAL locking values make_lock:%s,locked:%s,locked_by:%s'

242

log.debug('FINAL locking values make_lock:%s,locked:%s,locked_by:%s'

243

% (make_lock, locked, locked_by))

243

% (make_lock, locked, locked_by))

244

return make_lock, locked, locked_by

244

return make_lock, locked, locked_by

245

246

def __call__(self, environ, start_response):

246

def __call__(self, environ, start_response):

247

start = time.time()

247

start = time.time()

248

try:

248

try:

249

return self._handle_request(environ, start_response)

249

return self._handle_request(environ, start_response)

250

finally:

250

finally:

251

log = logging.getLogger('rhodecode.' + self.__class__.__name__)

251

log = logging.getLogger('rhodecode.' + self.__class__.__name__)

252

log.debug('Request time: %.3fs' % (time.time() - start))

252

log.debug('Request time: %.3fs' % (time.time() - start))

253

meta.Session.remove()

253

meta.Session.remove()

254

255

256

class BaseController(WSGIController):

256

class BaseController(WSGIController):

257

258

def __before__(self):

258

def __before__(self):

259

"""

259

"""

260

__before__ is called before controller methods and after __call__

260

__before__ is called before controller methods and after __call__

261

"""

261

"""

262

c.rhodecode_version = __version__

262

c.rhodecode_version = __version__

263

c.rhodecode_instanceid = config.get('instance_id')

263

c.rhodecode_instanceid = config.get('instance_id')

264

c.rhodecode_name = config.get('rhodecode_title')

264

c.rhodecode_name = config.get('rhodecode_title')

265

c.use_gravatar = str2bool(config.get('use_gravatar'))

265

c.use_gravatar = str2bool(config.get('use_gravatar'))

266

c.ga_code = config.get('rhodecode_ga_code')

266

c.ga_code = config.get('rhodecode_ga_code')

267

# Visual options

267

# Visual options

268

c.visual = AttributeDict({})

268

c.visual = AttributeDict({})

269

rc_config = RhodeCodeSetting.get_app_settings()

269

rc_config = RhodeCodeSetting.get_app_settings()

270

## DB stored

270

## DB stored

271

c.visual.show_public_icon = str2bool(rc_config.get('rhodecode_show_public_icon'))

271

c.visual.show_public_icon = str2bool(rc_config.get('rhodecode_show_public_icon'))

272

c.visual.show_private_icon = str2bool(rc_config.get('rhodecode_show_private_icon'))

272

c.visual.show_private_icon = str2bool(rc_config.get('rhodecode_show_private_icon'))

273

c.visual.stylify_metatags = str2bool(rc_config.get('rhodecode_stylify_metatags'))

273

c.visual.stylify_metatags = str2bool(rc_config.get('rhodecode_stylify_metatags'))

274

c.visual.dashboard_items = safe_int(rc_config.get('rhodecode_dashboard_items', 100))

274

c.visual.dashboard_items = safe_int(rc_config.get('rhodecode_dashboard_items', 100))

275

c.visual.repository_fields = str2bool(rc_config.get('rhodecode_repository_fields'))

275

c.visual.repository_fields = str2bool(rc_config.get('rhodecode_repository_fields'))

276

c.visual.show_version = str2bool(rc_config.get('rhodecode_show_version'))

276

c.visual.show_version = str2bool(rc_config.get('rhodecode_show_version'))

277

278

## INI stored

278

## INI stored

279

self.cut_off_limit = int(config.get('cut_off_limit'))

279

self.cut_off_limit = int(config.get('cut_off_limit'))

280

c.visual.allow_repo_location_change = str2bool(config.get('allow_repo_location_change', True))

280

c.visual.allow_repo_location_change = str2bool(config.get('allow_repo_location_change', True))

281

282

c.repo_name = get_repo_slug(request) # can be empty

282

c.repo_name = get_repo_slug(request) # can be empty

283

c.backends = BACKENDS.keys()

283

c.backends = BACKENDS.keys()

284

c.unread_notifications = NotificationModel()\

284

c.unread_notifications = NotificationModel()\

285

.get_unread_cnt_for_user(c.rhodecode_user.user_id)

285

.get_unread_cnt_for_user(c.rhodecode_user.user_id)

286

self.sa = meta.Session

286

self.sa = meta.Session

287

self.scm_model = ScmModel(self.sa)

287

self.scm_model = ScmModel(self.sa)

288

289

def __call__(self, environ, start_response):

289

def __call__(self, environ, start_response):

290

"""Invoke the Controller"""

290

"""Invoke the Controller"""

291

# WSGIController.__call__ dispatches to the Controller method

291

# WSGIController.__call__ dispatches to the Controller method

292

# the request is routed to. This routing information is

292

# the request is routed to. This routing information is

293

# available in environ['pylons.routes_dict']

293

# available in environ['pylons.routes_dict']

294

try:

294

try:

295

self.ip_addr = _get_ip_addr(environ)

295

self.ip_addr = _get_ip_addr(environ)

296

# make sure that we update permissions each time we call controller

296

# make sure that we update permissions each time we call controller

297

api_key = request.GET.get('api_key')

297

api_key = request.GET.get('api_key')

298

cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))

298

cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))

299

user_id = cookie_store.get('user_id', None)

299

user_id = cookie_store.get('user_id', None)

300

username = get_container_username(environ, config)

300

username = get_container_username(environ, config)

301

auth_user = AuthUser(user_id, api_key, username, self.ip_addr)

301

auth_user = AuthUser(user_id, api_key, username, self.ip_addr)

302

request.user = auth_user

302

request.user = auth_user

303

self.rhodecode_user = c.rhodecode_user = auth_user

303

self.rhodecode_user = c.rhodecode_user = auth_user

304

if not self.rhodecode_user.is_authenticated and \

304

if not self.rhodecode_user.is_authenticated and \

305

self.rhodecode_user.user_id is not None:

305

self.rhodecode_user.user_id is not None:

306

self.rhodecode_user.set_authenticated(

306

self.rhodecode_user.set_authenticated(

307

cookie_store.get('is_authenticated')

307

cookie_store.get('is_authenticated')

308

)

308

)

309

log.info('IP: %s User: %s accessed %s' % (

309

log.info('IP: %s User: %s accessed %s' % (

310

self.ip_addr, auth_user, safe_unicode(_get_access_path(environ)))

310

self.ip_addr, auth_user, safe_unicode(_get_access_path(environ)))

311

)

311

)

312

return WSGIController.__call__(self, environ, start_response)

312

return WSGIController.__call__(self, environ, start_response)

313

finally:

313

finally:

314

meta.Session.remove()

314

meta.Session.remove()

315

316

317

class BaseRepoController(BaseController):

317

class BaseRepoController(BaseController):

318

"""

318

"""

319

Base class for controllers responsible for loading all needed data for

319

Base class for controllers responsible for loading all needed data for

320

repository loaded items are

320

repository loaded items are

321

322

c.rhodecode_repo: instance of scm repository

322

c.rhodecode_repo: instance of scm repository

323

c.rhodecode_db_repo: instance of db

323

c.rhodecode_db_repo: instance of db

324

c.repository_followers: number of followers

324

c.repository_followers: number of followers

325

c.repository_forks: number of forks

325

c.repository_forks: number of forks

326

c.repository_following: weather the current user is following the current repo

326

c.repository_following: weather the current user is following the current repo

327

"""

327

"""

328

329

def __before__(self):

329

def __before__(self):

330

super(BaseRepoController, self).__before__()

330

super(BaseRepoController, self).__before__()

331

if c.repo_name:

331

if c.repo_name:

332

333

dbr = c.rhodecode_db_repo = Repository.get_by_repo_name(c.repo_name)

333

dbr = c.rhodecode_db_repo = Repository.get_by_repo_name(c.repo_name)

334

c.rhodecode_repo = c.rhodecode_db_repo.scm_instance

334

c.rhodecode_repo = c.rhodecode_db_repo.scm_instance

335

# update last change according to VCS data

335

# update last change according to VCS data

336

dbr.update_changeset_cache(dbr.get_changeset())

336

dbr.update_changeset_cache(dbr.get_changeset())

337

if c.rhodecode_repo is None:

337

if c.rhodecode_repo is None:

338

log.error('%s this repository is present in database but it '

338

log.error('%s this repository is present in database but it '

339

'cannot be created as an scm instance', c.repo_name)

339

'cannot be created as an scm instance', c.repo_name)

340

341

redirect(url('home'))

341

redirect(url('home'))

342

343

# some globals counter for menu

343

# some globals counter for menu

344

c.repository_followers = self.scm_model.get_followers(dbr)

344

c.repository_followers = self.scm_model.get_followers(dbr)

345

c.repository_forks = self.scm_model.get_forks(dbr)

345

c.repository_forks = self.scm_model.get_forks(dbr)

346

c.repository_pull_requests = self.scm_model.get_pull_requests(dbr)

346

c.repository_pull_requests = self.scm_model.get_pull_requests(dbr)

347

c.repository_following = self.scm_model.is_following_repo(c.repo_name,

347

c.repository_following = self.scm_model.is_following_repo(c.repo_name,

348

self.rhodecode_user.user_id)

348

self.rhodecode_user.user_id)

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             """The base Controller API
             Provides the BaseController class for subclassing.
             """
             import logging
             import time
             import traceback
             from paste.auth.basic import AuthBasicAuthenticator
             from paste.httpexceptions import HTTPUnauthorized, HTTPForbidden
             from paste.httpheaders import WWW_AUTHENTICATE, AUTHORIZATION
             from pylons import config, tmpl_context as c, request, session, url
             from pylons.controllers import WSGIController
             from pylons.controllers.util import redirect
             from pylons.templating import render_mako as render
             from rhodecode import __version__, BACKENDS
             from rhodecode.lib.utils2 import str2bool, safe_unicode, AttributeDict,\
                 safe_str, safe_int
             from rhodecode.lib.auth import AuthUser, get_container_username, authfunc,\
                 HasPermissionAnyMiddleware, CookieStoreWrapper
             from rhodecode.lib.utils import get_repo_slug
             from rhodecode.model import meta
             from rhodecode.model.db import Repository, RhodeCodeUi, User, RhodeCodeSetting
             from rhodecode.model.notification import NotificationModel
             from rhodecode.model.scm import ScmModel
             from rhodecode.model.meta import Session
             log = logging.getLogger(__name__)
             def _filter_proxy(ip):
                 """
-                HEADERS can have mutliple ips inside the left-most being the original
+                HEADERS can have multiple ips inside the left-most being the original
                 client, and each successive proxy that passed the request adding the IP
                 address where it received the request from.
                 :param ip:
                 """
                 if ',' in ip:
                     _ips = ip.split(',')
                     _first_ip = _ips[0].strip()
                     log.debug('Got multiple IPs %s, using %s' % (','.join(_ips), _first_ip))
                     return _first_ip
                 return ip
             def _get_ip_addr(environ):
                 proxy_key = 'HTTP_X_REAL_IP'
                 proxy_key2 = 'HTTP_X_FORWARDED_FOR'
                 def_key = 'REMOTE_ADDR'
                 ip = environ.get(proxy_key)
                 if ip:
                     return _filter_proxy(ip)
                 ip = environ.get(proxy_key2)
                 if ip:
                     return _filter_proxy(ip)
                 ip = environ.get(def_key, '0.0.0.0')
                 return _filter_proxy(ip)
             def _get_access_path(environ):
                 path = environ.get('PATH_INFO')
                 org_req = environ.get('pylons.original_request')
                 if org_req:
                     path = org_req.environ.get('PATH_INFO')
                 return path
             class BasicAuth(AuthBasicAuthenticator):
                 def __init__(self, realm, authfunc, auth_http_code=None):
                     self.realm = realm
                     self.authfunc = authfunc
                     self._rc_auth_http_code = auth_http_code
                 def build_authentication(self):
                     head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)
                     if self._rc_auth_http_code and self._rc_auth_http_code == '403':
                         # return 403 if alternative http return code is specified in
                         # RhodeCode config
                         return HTTPForbidden(headers=head)
                     return HTTPUnauthorized(headers=head)
                 def authenticate(self, environ):
                     authorization = AUTHORIZATION(environ)
                     if not authorization:
                         return self.build_authentication()
                     (authmeth, auth) = authorization.split(' ', 1)
                     if 'basic' != authmeth.lower():
                         return self.build_authentication()
                     auth = auth.strip().decode('base64')
                     _parts = auth.split(':', 1)
                     if len(_parts) == 2:
                         username, password = _parts
                         if self.authfunc(environ, username, password):
                             return username
                     return self.build_authentication()
                 __call__ = authenticate
             class BaseVCSController(object):
                 def __init__(self, application, config):
                     self.application = application
                     self.config = config
                     # base path of repo locations
                     self.basepath = self.config['base_path']
                     #authenticate this mercurial request using authfunc
                     self.authenticate = BasicAuth('', authfunc,
                                                   config.get('auth_ret_code'))
                     self.ip_addr = '0.0.0.0'
                 def _handle_request(self, environ, start_response):
                     raise NotImplementedError()
                 def _get_by_id(self, repo_name):
                     """
                     Get's a special pattern _<ID> from clone url and tries to replace it
                     with a repository_name for support of _<ID> non changable urls
                     :param repo_name:
                     """
                     try:
                         data = repo_name.split('/')
                         if len(data) >= 2:
                             by_id = data[1].split('_')
                             if len(by_id) == 2 and by_id[1].isdigit():
                                 _repo_name = Repository.get(by_id[1]).repo_name
                                 data[1] = _repo_name
                     except Exception:
                         log.debug('Failed to extract repo_name from id %s' % (
                                   traceback.format_exc()
                                   )
                         )
                     return '/'.join(data)
                 def _invalidate_cache(self, repo_name):
                     """
                     Set's cache for this repository for invalidation on next access
                     :param repo_name: full repo name, also a cache key
                     """
                     ScmModel().mark_for_invalidation(repo_name)
                 def _check_permission(self, action, user, repo_name, ip_addr=None):
                     """
                     Checks permissions using action (push/pull) user and repository
                     name
                     :param action: push or pull action
                     :param user: user instance
                     :param repo_name: repository name
                     """
                     #check IP
                     authuser = AuthUser(user_id=user.user_id, ip_addr=ip_addr)
                     if not authuser.ip_allowed:
                         return False
                     else:
                         log.info('Access for IP:%s allowed' % (ip_addr))
                     if action == 'push':
                         if not HasPermissionAnyMiddleware('repository.write',
                                                           'repository.admin')(user,
                                                                               repo_name):
                             return False
                     else:
                         #any other action need at least read permission
                         if not HasPermissionAnyMiddleware('repository.read',
                                                           'repository.write',
                                                           'repository.admin')(user,
                                                                               repo_name):
                             return False
                     return True
                 def _get_ip_addr(self, environ):
                     return _get_ip_addr(environ)
                 def _check_ssl(self, environ, start_response):
                     """
                     Checks the SSL check flag and returns False if SSL is not present
                     and required True otherwise
                     """
                     org_proto = environ['wsgi._org_proto']
                     #check if we have SSL required  ! if not it's a bad request !
                     require_ssl = str2bool(RhodeCodeUi.get_by_key('push_ssl').ui_value)
                     if require_ssl and org_proto == 'http':
                         log.debug('proto is %s and SSL is required BAD REQUEST !'
                                   % org_proto)
                         return False
                     return True
                 def _check_locking_state(self, environ, action, repo, user_id):
                     """
                     Checks locking on this repository, if locking is enabled and lock is
                     present returns a tuple of make_lock, locked, locked_by.
                     make_lock can have 3 states None (do nothing) True, make lock
                     False release lock, This value is later propagated to hooks, which
                     do the locking. Think about this as signals passed to hooks what to do.
                     """
                     locked = False  # defines that locked error should be thrown to user
                     make_lock = None
                     repo = Repository.get_by_repo_name(repo)
                     user = User.get(user_id)
                     # this is kind of hacky, but due to how mercurial handles client-server
                     # server see all operation on changeset; bookmarks, phases and
                     # obsolescence marker in different transaction, we don't want to check
                     # locking on those
                     obsolete_call = environ['QUERY_STRING'] in ['cmd=listkeys',]
                     locked_by = repo.locked
                     if repo and repo.enable_locking and not obsolete_call:
                         if action == 'push':
                             #check if it's already locked !, if it is compare users
                             user_id, _date = repo.locked
                             if user.user_id == user_id:
                                 log.debug('Got push from user %s, now unlocking' % (user))
                                 # unlock if we have push from user who locked
                                 make_lock = False
                             else:
                                 # we're not the same user who locked, ban with 423 !
                                 locked = True
                         if action == 'pull':
                             if repo.locked[0] and repo.locked[1]:
                                 locked = True
                             else:
                                 log.debug('Setting lock on repo %s by %s' % (repo, user))
                                 make_lock = True
                     else:
                         log.debug('Repository %s do not have locking enabled' % (repo))
                     log.debug('FINAL locking values make_lock:%s,locked:%s,locked_by:%s'
                               % (make_lock, locked, locked_by))
                     return make_lock, locked, locked_by
                 def __call__(self, environ, start_response):
                     start = time.time()
                     try:
                         return self._handle_request(environ, start_response)
                     finally:
                         log = logging.getLogger('rhodecode.' + self.__class__.__name__)
                         log.debug('Request time: %.3fs' % (time.time() - start))
                         meta.Session.remove()
             class BaseController(WSGIController):
                 def __before__(self):
                     """
                     __before__ is called before controller methods and after __call__
                     """
                     c.rhodecode_version = __version__
                     c.rhodecode_instanceid = config.get('instance_id')
                     c.rhodecode_name = config.get('rhodecode_title')
                     c.use_gravatar = str2bool(config.get('use_gravatar'))
                     c.ga_code = config.get('rhodecode_ga_code')
                     # Visual options
                     c.visual = AttributeDict({})
                     rc_config = RhodeCodeSetting.get_app_settings()
                     ## DB stored
                     c.visual.show_public_icon = str2bool(rc_config.get('rhodecode_show_public_icon'))
                     c.visual.show_private_icon = str2bool(rc_config.get('rhodecode_show_private_icon'))
                     c.visual.stylify_metatags = str2bool(rc_config.get('rhodecode_stylify_metatags'))
                     c.visual.dashboard_items = safe_int(rc_config.get('rhodecode_dashboard_items', 100))
                     c.visual.repository_fields = str2bool(rc_config.get('rhodecode_repository_fields'))
                     c.visual.show_version = str2bool(rc_config.get('rhodecode_show_version'))
                     ## INI stored
                     self.cut_off_limit = int(config.get('cut_off_limit'))
                     c.visual.allow_repo_location_change = str2bool(config.get('allow_repo_location_change', True))
                     c.repo_name = get_repo_slug(request)  # can be empty
                     c.backends = BACKENDS.keys()
                     c.unread_notifications = NotificationModel()\
                                     .get_unread_cnt_for_user(c.rhodecode_user.user_id)
                     self.sa = meta.Session
                     self.scm_model = ScmModel(self.sa)
                 def __call__(self, environ, start_response):
                     """Invoke the Controller"""
                     # WSGIController.__call__ dispatches to the Controller method
                     # the request is routed to. This routing information is
                     # available in environ['pylons.routes_dict']
                     try:
                         self.ip_addr = _get_ip_addr(environ)
                         # make sure that we update permissions each time we call controller
                         api_key = request.GET.get('api_key')
                         cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))
                         user_id = cookie_store.get('user_id', None)
                         username = get_container_username(environ, config)
                         auth_user = AuthUser(user_id, api_key, username, self.ip_addr)
                         request.user = auth_user
                         self.rhodecode_user = c.rhodecode_user = auth_user
                         if not self.rhodecode_user.is_authenticated and \
                                    self.rhodecode_user.user_id is not None:
                             self.rhodecode_user.set_authenticated(
                                 cookie_store.get('is_authenticated')
                             )
                         log.info('IP: %s User: %s accessed %s' % (
                            self.ip_addr, auth_user, safe_unicode(_get_access_path(environ)))
                         )
                         return WSGIController.__call__(self, environ, start_response)
                     finally:
                         meta.Session.remove()
             class BaseRepoController(BaseController):
                 """
                 Base class for controllers responsible for loading all needed data for
                 repository loaded items are
                 c.rhodecode_repo: instance of scm repository
                 c.rhodecode_db_repo: instance of db
                 c.repository_followers: number of followers
                 c.repository_forks: number of forks
                 c.repository_following: weather the current user is following the current repo
                 """
                 def __before__(self):
                     super(BaseRepoController, self).__before__()
                     if c.repo_name:
                         dbr = c.rhodecode_db_repo = Repository.get_by_repo_name(c.repo_name)
                         c.rhodecode_repo = c.rhodecode_db_repo.scm_instance
                         # update last change according to VCS data
                         dbr.update_changeset_cache(dbr.get_changeset())
                         if c.rhodecode_repo is None:
                             log.error('%s this repository is present in database but it '
                                       'cannot be created as an scm instance', c.repo_name)
                             redirect(url('home'))
                         # some globals counter for menu
                         c.repository_followers = self.scm_model.get_followers(dbr)
                         c.repository_forks = self.scm_model.get_forks(dbr)
                         c.repository_pull_requests = self.scm_model.get_pull_requests(dbr)
                         c.repository_following = self.scm_model.is_following_repo(c.repo_name,
                                                             self.rhodecode_user.user_id)