upstream/kallithea Commit - r442:d66a7fa7

moved loged in user propagation out of forms,...

marcink -

r442:d66a7fa7 default

parent child

production.ini

0 +1 -1

             ################################################################################
             ################################################################################
             # pylons_app - Pylons environment configuration                                #
             #                                                                              #
             # The %(here)s variable will be replaced with the parent directory of this file#
             ################################################################################
             [DEFAULT]
             debug = true
             ############################################
             ## Uncomment and replace with the address ##
             ## which should receive any error reports ##
             ############################################
             #email_to = admin@localhost
             #smtp_server = mail.server.com
             #error_email_from = paste_error@localhost
             #smtp_username =
             #smtp_password =
             #error_message = 'mercurial crash !'
             [server:main]
             ##nr of threads to spawn
             threadpool_workers = 5
             ##max request before
             threadpool_max_requests = 2
             ##option to use threads of process
             use_threadpool = true
             use = egg:Paste#http
             host = 127.0.0.1
             port = 8001
             [app:main]
             use = egg:pylons_app
             full_stack = true
             static_files = false
             lang=en
             cache_dir = %(here)s/data
             ####################################
             ###         BEAKER CACHE        ####
             ####################################
             beaker.cache.data_dir=/%(here)s/data/cache/data
             beaker.cache.lock_dir=/%(here)s/data/cache/lock
             beaker.cache.regions=super_short_term,short_term,long_term
             beaker.cache.long_term.type=memory
             beaker.cache.long_term.expire=36000
             beaker.cache.short_term.type=memory
             beaker.cache.short_term.expire=60
             beaker.cache.super_short_term.type=memory
             beaker.cache.super_short_term.expire=10
             ####################################
             ###       BEAKER SESSION        ####
             ####################################
             ## Type of storage used for the session, current types are
-            ## “dbm”, “file”, “memcached”, “database”, and “memory”.
+            ## dbm, file, memcached, database, and memory.
             ## The storage uses the Container API
             ##that is also used by the cache system.
             beaker.session.type = file
             beaker.session.key = hg-app
             beaker.session.secret = g654dcno0-9873jhgfreyu
             beaker.session.timeout = 36000
             ##auto save the session to not to use .save()
             beaker.session.auto = False
             ##true exire at browser close
             #beaker.session.cookie_expires = 3600
             ################################################################################
             ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT*  ##
             ## Debug mode will enable the interactive debugging tool, allowing ANYONE to  ##
             ## execute malicious code after an exception is raised.                       ##
             ################################################################################
             set debug = false
             ##################################
             ###       LOGVIEW CONFIG       ###
             ##################################
             logview.sqlalchemy = #faa
             logview.pylons.templating = #bfb
             logview.pylons.util = #eee
             #########################################################
             ### DB CONFIGS - EACH DB WILL HAVE IT'S OWN CONFIG    ###
             #########################################################
             sqlalchemy.db1.url = sqlite:///%(here)s/hg_app.db
             #sqlalchemy.db1.echo = False
             #sqlalchemy.db1.pool_recycle = 3600
             sqlalchemy.convert_unicode = true
             ################################
             ### LOGGING CONFIGURATION   ####
             ################################
             [loggers]
             keys = root, routes, pylons_app, sqlalchemy
             [handlers]
             keys = console
             [formatters]
             keys = generic,color_formatter
             #############
             ## LOGGERS ##
             #############
             [logger_root]
             level = INFO
             handlers = console
             [logger_routes]
             level = INFO
             handlers = console
             qualname = routes.middleware
             # "level = DEBUG" logs the route matched and routing variables.
             [logger_pylons_app]
             level = DEBUG
             handlers = console
             qualname = pylons_app
             propagate = 0
             [logger_sqlalchemy]
             level = ERROR
             handlers = console
             qualname = sqlalchemy.engine
             propagate = 0
             ##############
             ## HANDLERS ##
             ##############
             [handler_console]
             class = StreamHandler
             args = (sys.stderr,)
             level = NOTSET
             formatter = color_formatter
             ################
             ## FORMATTERS ##
             ################
             [formatter_generic]
             format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
             datefmt = %Y-%m-%d %H:%M:%S
             [formatter_color_formatter]
             class=pylons_app.lib.colored_formatter.ColorFormatter
             format= %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
             datefmt = %Y-%m-%d %H:%M:%S

pylons_app/controllers/login.py

0 +19 -1

             #!/usr/bin/env python
             # encoding: utf-8
             # login controller for pylons
             # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; version 2
             # of the License or (at your opinion) any later version of the license.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
             # MA  02110-1301, USA.
             """
             Created on April 22, 2010
             login controller for pylons
             @author: marcink
             """
             from formencode import htmlfill
             from pylons import request, response, session, tmpl_context as c, url
             from pylons.controllers.util import abort, redirect
             from pylons_app.lib.auth import AuthUser, HasPermissionAnyDecorator
             from pylons_app.lib.base import BaseController, render
             from pylons_app.model.forms import LoginForm, RegisterForm
             from pylons_app.model.user_model import UserModel
+            from sqlalchemy.exc import OperationalError
             import formencode
+            import datetime
             import logging
             log = logging.getLogger(__name__)
             class LoginController(BaseController):
                 def __before__(self):
                     super(LoginController, self).__before__()
                 def index(self):
                     #redirect if already logged in
                     c.came_from = request.GET.get('came_from',None)
                     if c.hg_app_user.is_authenticated:
                         return redirect(url('hg_home'))
                     if request.POST:
                         #import Login Form validator class
                         login_form = LoginForm()
                         try:
                             c.form_result = login_form.to_python(dict(request.POST))
+                            username = c.form_result['username']
+                            user = UserModel().get_user_by_name(username)
+                            auth_user = AuthUser()
+                            auth_user.username = user.username
+                            auth_user.is_authenticated = True
+                            auth_user.is_admin = user.admin
+                            auth_user.user_id = user.user_id
+                            auth_user.name = user.name
+                            auth_user.lastname = user.lastname
+                            session['hg_app_user'] = auth_user
+                            session.save()
+                            log.info('user %s is now authenticated', username)
+                            user.update_lastlogin()
                             if c.came_from:
                                 return redirect(c.came_from)
                             else:
                                 return redirect(url('hg_home'))
                         except formencode.Invalid as errors:
                             return htmlfill.render(
                                 render('/login.html'),
                                 defaults=errors.value,
                                 errors=errors.error_dict or {},
                                 prefix_error=False,
                                 encoding="UTF-8")
                     return render('/login.html')
-                @HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate', 'hg.register.manual_activate')
+                @HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate',
+                                           'hg.register.manual_activate')
                 def register(self):
                     user_model = UserModel()
                     c.auto_active = False
                     for perm in user_model.get_default().user_perms:
                         if perm.permission.permission_name == 'hg.register.auto_activate':
                             c.auto_active = True
                             break
                     if request.POST:
                         register_form = RegisterForm()()
                         try:
                             form_result = register_form.to_python(dict(request.POST))
                             form_result['active'] = c.auto_active
                             user_model.create_registration(form_result)
                             return redirect(url('login_home'))
                         except formencode.Invalid as errors:
                             return htmlfill.render(
                                 render('/register.html'),
                                 defaults=errors.value,
                                 errors=errors.error_dict or {},
                                 prefix_error=False,
                                 encoding="UTF-8")
                     return render('/register.html')
                 def logout(self):
                     session['hg_app_user'] = AuthUser()
                     session.save()
                     log.info('Logging out and setting user as Empty')
                     redirect(url('hg_home'))

pylons_app/lib/auth.py

0 +1 -1

             #!/usr/bin/env python
             # encoding: utf-8
             # authentication and permission libraries
             # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; version 2
             # of the License or (at your opinion) any later version of the license.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
             # MA  02110-1301, USA.
             """
             Created on April 4, 2010
             @author: marcink
             """
             from beaker.cache import cache_region
             from pylons import config, session, url, request
             from pylons.controllers.util import abort, redirect
             from pylons_app.lib.utils import get_repo_slug
             from pylons_app.model import meta
             from pylons_app.model.db import User, RepoToPerm, Repository, Permission, \
                 UserToPerm
             from sqlalchemy.exc import OperationalError
             from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound
             import bcrypt
             from decorator import decorator
             import logging
             log = logging.getLogger(__name__)
             def get_crypt_password(password):
                 """Cryptographic function used for password hashing based on sha1
                 @param password: password to hash
                 """
                 return bcrypt.hashpw(password, bcrypt.gensalt(10))
             def check_password(password, hashed):
                 return bcrypt.hashpw(password, hashed) == hashed
             @cache_region('super_short_term', 'cached_user')
             def get_user_cached(username):
                 sa = meta.Session
                 try:
                     user = sa.query(User).filter(User.username == username).one()
                 finally:
                     meta.Session.remove()
                 return user
             def authfunc(environ, username, password):
                 try:
                     user = get_user_cached(username)
                 except (NoResultFound, MultipleResultsFound, OperationalError) as e:
                     log.error(e)
                     user = None
                 if user:
                     if user.active:
                         if user.username == username and check_password(password, user.password):
                             log.info('user %s authenticated correctly', username)
                             return True
                     else:
                         log.error('user %s is disabled', username)
                 return False
             class  AuthUser(object):
                 """
                 A simple object that handles a mercurial username for authentication
                 """
                 def __init__(self):
                     self.username = 'None'
                     self.name = ''
                     self.lastname = ''
                     self.email = ''
                     self.user_id = None
                     self.is_authenticated = False
                     self.is_admin = False
                     self.permissions = {}
             def set_available_permissions(config):
                 """
                 This function will propagate pylons globals with all available defined
                 permission given in db. We don't wannt to check each time from db for new
                 permissions since adding a new permission also requires application restart
                 ie. to decorate new views with the newly created permission
                 @param config:
                 """
                 log.info('getting information about all available permissions')
                 try:
                     sa = meta.Session
                     all_perms = sa.query(Permission).all()
                 finally:
                     meta.Session.remove()
                 config['available_permissions'] = [x.permission_name for x in all_perms]
             def set_base_path(config):
                 config['base_path'] = config['pylons.app_globals'].base_path
             def fill_data(user):
                 """
                 Fills user data with those from database and log out user if not present
                 in database
                 @param user:
                 """
                 sa = meta.Session
                 dbuser = sa.query(User).get(user.user_id)
                 if dbuser:
                     user.username = dbuser.username
                     user.is_admin = dbuser.admin
                     user.name = dbuser.name
                     user.lastname = dbuser.lastname
                     user.email = dbuser.email
                 else:
                     user.is_authenticated = False
                 meta.Session.remove()
                 return user
             def fill_perms(user):
                 """
                 Fills user permission attribute with permissions taken from database
                 @param user:
                 """
                 sa = meta.Session
                 user.permissions['repositories'] = {}
                 user.permissions['global'] = set()
                 #===========================================================================
                 # fetch default permissions
                 #===========================================================================
                 default_perms = sa.query(RepoToPerm, Repository, Permission)\
                     .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
                     .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
                     .filter(RepoToPerm.user == sa.query(User).filter(User.username ==
                                                         'default').scalar()).all()
                 if user.is_admin:
                     #=======================================================================
                     # #admin have all default rights set to admin
                     #=======================================================================
                     user.permissions['global'].add('hg.admin')
                     for perm in default_perms:
                         p = 'repository.admin'
                         user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
                 else:
                     #=======================================================================
                     # set default permissions
                     #=======================================================================
                     #default global
                     default_global_perms = sa.query(UserToPerm)\
                         .filter(UserToPerm.user == sa.query(User).filter(User.username ==
                         'default').one())
                     for perm in default_global_perms:
                         user.permissions['global'].add(perm.permission.permission_name)
                     #default repositories
                     for perm in default_perms:
                         if perm.Repository.private and not perm.Repository.user_id == user.user_id:
                             #disable defaults for private repos,
                             p = 'repository.none'
                         elif perm.Repository.user_id == user.user_id:
                             #set admin if owner
                             p = 'repository.admin'
                         else:
                             p = perm.Permission.permission_name
                         user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
                     #=======================================================================
                     # #overwrite default with user permissions if any
                     #=======================================================================
                     user_perms = sa.query(RepoToPerm, Permission, Repository)\
                         .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
                         .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
                         .filter(RepoToPerm.user_id == user.user_id).all()
                     for perm in user_perms:
                         if perm.Repository.user_id == user.user_id:#set admin if owner
                             p = 'repository.admin'
                         else:
                             p = perm.Permission.permission_name
                         user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
                 meta.Session.remove()
                 return user
             def get_user(session):
                 """
                 Gets user from session, and wraps permissions into user
                 @param session:
                 """
                 user = session.get('hg_app_user', AuthUser())
                 if user.is_authenticated:
                     user = fill_data(user)
                 user = fill_perms(user)
                 session['hg_app_user'] = user
                 session.save()
                 return user
             #===============================================================================
             # CHECK DECORATORS
             #===============================================================================
             class LoginRequired(object):
                 """Must be logged in to execute this function else redirect to login page"""
                 def __call__(self, func):
                     return decorator(self.__wrapper, func)
                 def __wrapper(self, func, *fargs, **fkwargs):
                     user = session.get('hg_app_user', AuthUser())
                     log.debug('Checking login required for user:%s', user.username)
                     if user.is_authenticated:
                         log.debug('user %s is authenticated', user.username)
                         return func(*fargs, **fkwargs)
                     else:
                         log.warn('user %s not authenticated', user.username)
                         p = request.environ.get('PATH_INFO')
                         if request.environ.get('QUERY_STRING'):
                             p+='?'+request.environ.get('QUERY_STRING')
-                        log.debug('redirecting to login page with %',p)
+                        log.debug('redirecting to login page with %s',p)
                         return redirect(url('login_home',came_from=p))
             class PermsDecorator(object):
                 """Base class for decorators"""
                 def __init__(self, *required_perms):
                     available_perms = config['available_permissions']
                     for perm in required_perms:
                         if perm not in available_perms:
                             raise Exception("'%s' permission is not defined" % perm)
                     self.required_perms = set(required_perms)
                     self.user_perms = None
                 def __call__(self, func):
                     return decorator(self.__wrapper, func)
                 def __wrapper(self, func, *fargs, **fkwargs):
             #        _wrapper.__name__ = func.__name__
             #        _wrapper.__dict__.update(func.__dict__)
             #        _wrapper.__doc__ = func.__doc__
                     self.user_perms = session.get('hg_app_user', AuthUser()).permissions
                     log.debug('checking %s permissions %s for %s',
                        self.__class__.__name__, self.required_perms, func.__name__)
                     if self.check_permissions():
                         log.debug('Permission granted for %s', func.__name__)
                         return func(*fargs, **fkwargs)
                     else:
                         log.warning('Permission denied for %s', func.__name__)
                         #redirect with forbidden ret code
                         return abort(403)
                 def check_permissions(self):
                     """Dummy function for overriding"""
                     raise Exception('You have to write this function in child class')
             class HasPermissionAllDecorator(PermsDecorator):
                 """Checks for access permission for all given predicates. All of them
                 have to be meet in order to fulfill the request
                 """
                 def check_permissions(self):
                     if self.required_perms.issubset(self.user_perms.get('global')):
                         return True
                     return False
             class HasPermissionAnyDecorator(PermsDecorator):
                 """Checks for access permission for any of given predicates. In order to
                 fulfill the request any of predicates must be meet
                 """
                 def check_permissions(self):
                     if self.required_perms.intersection(self.user_perms.get('global')):
                         return True
                     return False
             class HasRepoPermissionAllDecorator(PermsDecorator):
                 """Checks for access permission for all given predicates for specific
                 repository. All of them have to be meet in order to fulfill the request
                 """
                 def check_permissions(self):
                     repo_name = get_repo_slug(request)
                     try:
                         user_perms = set([self.user_perms['repositories'][repo_name]])
                     except KeyError:
                         return False
                     if self.required_perms.issubset(user_perms):
                         return True
                     return False
             class HasRepoPermissionAnyDecorator(PermsDecorator):
                 """Checks for access permission for any of given predicates for specific
                 repository. In order to fulfill the request any of predicates must be meet
                 """
                 def check_permissions(self):
                     repo_name = get_repo_slug(request)
                     try:
                         user_perms = set([self.user_perms['repositories'][repo_name]])
                     except KeyError:
                         return False
                     if self.required_perms.intersection(user_perms):
                         return True
                     return False
             #===============================================================================
             # CHECK FUNCTIONS
             #===============================================================================
             class PermsFunction(object):
                 """Base function for other check functions"""
                 def __init__(self, *perms):
                     available_perms = config['available_permissions']
                     for perm in perms:
                         if perm not in available_perms:
                             raise Exception("'%s' permission in not defined" % perm)
                     self.required_perms = set(perms)
                     self.user_perms = None
                     self.granted_for = ''
                     self.repo_name = None
                 def __call__(self, check_Location=''):
                     user = session.get('hg_app_user', False)
                     if not user:
                         return False
                     self.user_perms = user.permissions
                     self.granted_for = user.username
                     log.debug('checking %s %s', self.__class__.__name__, self.required_perms)
                     if self.check_permissions():
                         log.debug('Permission granted for %s @%s', self.granted_for,
                                   check_Location)
                         return True
                     else:
                         log.warning('Permission denied for %s @%s', self.granted_for,
                                     check_Location)
                         return False
                 def check_permissions(self):
                     """Dummy function for overriding"""
                     raise Exception('You have to write this function in child class')
             class HasPermissionAll(PermsFunction):
                 def check_permissions(self):
                     if self.required_perms.issubset(self.user_perms.get('global')):
                         return True
                     return False
             class HasPermissionAny(PermsFunction):
                 def check_permissions(self):
                     if self.required_perms.intersection(self.user_perms.get('global')):
                         return True
                     return False
             class HasRepoPermissionAll(PermsFunction):
                 def __call__(self, repo_name=None, check_Location=''):
                     self.repo_name = repo_name
                     return super(HasRepoPermissionAll, self).__call__(check_Location)
                 def check_permissions(self):
                     if not self.repo_name:
                         self.repo_name = get_repo_slug(request)
                     try:
                         self.user_perms = set([self.user_perms['repositories']\
                                                [self.repo_name]])
                     except KeyError:
                         return False
                     self.granted_for = self.repo_name
                     if self.required_perms.issubset(self.user_perms):
                         return True
                     return False
             class HasRepoPermissionAny(PermsFunction):
                 def __call__(self, repo_name=None, check_Location=''):
                     self.repo_name = repo_name
                     return super(HasRepoPermissionAny, self).__call__(check_Location)
                 def check_permissions(self):
                     if not self.repo_name:
                         self.repo_name = get_repo_slug(request)
                     try:
                         self.user_perms = set([self.user_perms['repositories']\
                                                [self.repo_name]])
                     except KeyError:
                         return False
                     self.granted_for = self.repo_name
                     if self.required_perms.intersection(self.user_perms):
                         return True
                     return False
             #===============================================================================
             # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
             #===============================================================================
             class HasPermissionAnyMiddleware(object):
                 def __init__(self, *perms):
                     self.required_perms = set(perms)
                 def __call__(self, user, repo_name):
                     usr = AuthUser()
                     usr.user_id = user.user_id
                     usr.username = user.username
                     usr.is_admin = user.admin
                     try:
                         self.user_perms = set([fill_perms(usr)\
                                                .permissions['repositories'][repo_name]])
                     except:
                         self.user_perms = set()
                     self.granted_for = ''
                     self.username = user.username
                     self.repo_name = repo_name
                     return self.check_permissions()
                 def check_permissions(self):
                     log.debug('checking mercurial protocol '
                               'permissions for user:%s repository:%s',
                                                             self.username, self.repo_name)
                     if self.required_perms.intersection(self.user_perms):
                         log.debug('permission granted')
                         return True
                     log.debug('permission denied')
                     return False

pylons_app/model/db.py

0 +19 -1

             from pylons_app.model.meta import Base
+            from sqlalchemy import *
             from sqlalchemy.orm import relation, backref
-            from sqlalchemy import *
+            from sqlalchemy.orm.session import Session
             from vcs.utils.lazy import LazyProperty
+            import logging
+            log = logging.getLogger(__name__)
             class HgAppSettings(Base):
                 __tablename__ = 'hg_app_settings'
                 __table_args__ = (UniqueConstraint('app_settings_name'), {'useexisting':True})
                 app_settings_id = Column("app_settings_id", INTEGER(), nullable=False, unique=True, default=None, primary_key=True)
                 app_settings_name = Column("app_settings_name", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 app_settings_value = Column("app_settings_value", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
             class HgAppUi(Base):
                 __tablename__ = 'hg_app_ui'
                 __table_args__ = {'useexisting':True}
                 ui_id = Column("ui_id", INTEGER(), nullable=False, unique=True, default=None, primary_key=True)
                 ui_section = Column("ui_section", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 ui_key = Column("ui_key", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 ui_value = Column("ui_value", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 ui_active = Column("ui_active", BOOLEAN(), nullable=True, unique=None, default=True)
             class User(Base):
                 __tablename__ = 'users'
                 __table_args__ = {'useexisting':True}
                 user_id = Column("user_id", INTEGER(), nullable=False, unique=True, default=None, primary_key=True)
                 username = Column("username", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 password = Column("password", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 active = Column("active", BOOLEAN(), nullable=True, unique=None, default=None)
                 admin = Column("admin", BOOLEAN(), nullable=True, unique=None, default=False)
                 name = Column("name", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 lastname = Column("lastname", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 email = Column("email", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 last_login = Column("last_login", DATETIME(timezone=False), nullable=True, unique=None, default=None)
                 user_log = relation('UserLog')
                 user_perms = relation('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id")
                 @LazyProperty
                 def full_contact(self):
                     return '%s %s <%s>' % (self.name, self.lastname, self.email)
                 def __repr__(self):
                     return "<User('id:%s:%s')>" % (self.user_id, self.username)
+                def update_lastlogin(self):
+                    """Update user lastlogin"""
+                    import datetime
+                    try:
+                        session = Session.object_session(self)
+                        self.last_login = datetime.datetime.now()
+                        session.add(self)
+                        session.commit()
+                        log.debug('updated user %s lastlogin',self)
+                    except Exception:
+                        session.rollback()
             class UserLog(Base):
                 __tablename__ = 'user_logs'
                 __table_args__ = {'useexisting':True}
                 user_log_id = Column("user_log_id", INTEGER(), nullable=False, unique=True, default=None, primary_key=True)
                 user_id = Column("user_id", INTEGER(), ForeignKey(u'users.user_id'), nullable=False, unique=None, default=None)
                 user_ip = Column("user_ip", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 repository = Column("repository", TEXT(length=None, convert_unicode=False, assert_unicode=None), ForeignKey(u'repositories.repo_name'), nullable=False, unique=None, default=None)
                 action = Column("action", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 action_date = Column("action_date", DATETIME(timezone=False), nullable=True, unique=None, default=None)
                 user = relation('User')
             class Repository(Base):
                 __tablename__ = 'repositories'
                 __table_args__ = (UniqueConstraint('repo_name'), {'useexisting':True},)
                 repo_id = Column("repo_id", INTEGER(), nullable=False, unique=True, default=None, primary_key=True)
                 repo_name = Column("repo_name", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
                 user_id = Column("user_id", INTEGER(), ForeignKey(u'users.user_id'), nullable=False, unique=False, default=None)
                 private = Column("private", BOOLEAN(), nullable=True, unique=None, default=None)
                 description = Column("description", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 user = relation('User')
                 repo_to_perm = relation('RepoToPerm', cascade='all')
                 def __repr__(self):
                     return "<Repository('id:%s:%s')>" % (self.repo_id, self.repo_name)
             class Permission(Base):
                 __tablename__ = 'permissions'
                 __table_args__ = {'useexisting':True}
                 permission_id = Column("permission_id", INTEGER(), nullable=False, unique=True, default=None, primary_key=True)
                 permission_name = Column("permission_name", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 permission_longname = Column("permission_longname", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 def __repr__(self):
                     return "<Permission('%s:%s')>" % (self.permission_id, self.permission_name)
             class RepoToPerm(Base):
                 __tablename__ = 'repo_to_perm'
                 __table_args__ = (UniqueConstraint('user_id', 'repository_id'), {'useexisting':True})
                 repo_to_perm_id = Column("repo_to_perm_id", INTEGER(), nullable=False, unique=True, default=None, primary_key=True)
                 user_id = Column("user_id", INTEGER(), ForeignKey(u'users.user_id'), nullable=False, unique=None, default=None)
                 permission_id = Column("permission_id", INTEGER(), ForeignKey(u'permissions.permission_id'), nullable=False, unique=None, default=None)
                 repository_id = Column("repository_id", INTEGER(), ForeignKey(u'repositories.repo_id'), nullable=False, unique=None, default=None)
                 user = relation('User')
                 permission = relation('Permission')
                 repository = relation('Repository')
             class UserToPerm(Base):
                 __tablename__ = 'user_to_perm'
                 __table_args__ = (UniqueConstraint('user_id', 'permission_id'), {'useexisting':True})
                 user_to_perm_id = Column("user_to_perm_id", INTEGER(), nullable=False, unique=True, default=None, primary_key=True)
                 user_id = Column("user_id", INTEGER(), ForeignKey(u'users.user_id'), nullable=False, unique=None, default=None)
                 permission_id = Column("permission_id", INTEGER(), ForeignKey(u'permissions.permission_id'), nullable=False, unique=None, default=None)
                 user = relation('User')
                 permission = relation('Permission')

pylons_app/model/forms.py

0 +8 -30

             """ this is forms validation classes
             http://formencode.org/module-formencode.validators.html
             for list off all availible validators
             we can create our own validators
             The table below outlines the options which can be used in a schema in addition to the validators themselves
             pre_validators          []     These validators will be applied before the schema
             chained_validators      []     These validators will be applied after the schema
             allow_extra_fields      False     If True, then it is not an error when keys that aren't associated with a validator are present
             filter_extra_fields     False     If True, then keys that aren't associated with a validator are removed
             if_key_missing          NoDefault If this is given, then any keys that aren't available but are expected will be replaced with this value (and then validated). This does not override a present .if_missing attribute on validators. NoDefault is a special FormEncode class to mean that no default values has been specified and therefore missing keys shouldn't take a default value.
             ignore_key_missing      False     If True, then missing keys will be missing in the result, if the validator doesn't have .if_missing on it already
             <name> = formencode.validators.<name of validator>
             <name> must equal form name
             list=[1,2,3,4,5]
             for SELECT use formencode.All(OneOf(list), Int())
             """
             from formencode import All
             from formencode.validators import UnicodeString, OneOf, Int, Number, Regex, \
                 Email, Bool, StringBoolean
             from pylons import session
             from pylons.i18n.translation import _
             from pylons_app.lib.auth import check_password, get_crypt_password
             from pylons_app.model import meta
+            from pylons_app.model.user_model import UserModel
             from pylons_app.model.db import User, Repository
             from sqlalchemy.exc import OperationalError
             from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound
             from webhelpers.pylonslib.secure_form import authentication_token
-            import datetime
             import formencode
             import logging
             import os
             import pylons_app.lib.helpers as h
             log = logging.getLogger(__name__)
             #this is needed to translate the messages using _() in validators
             class State_obj(object):
                 _ = staticmethod(_)
             #===============================================================================
             # VALIDATORS
             #===============================================================================
             class ValidAuthToken(formencode.validators.FancyValidator):
                 messages = {'invalid_token':_('Token mismatch')}
                 def validate_python(self, value, state):
                     if value != authentication_token():
                         raise formencode.Invalid(self.message('invalid_token', state,
                                                         search_number=value), value, state)
             def ValidUsername(edit, old_data):
                 class _ValidUsername(formencode.validators.FancyValidator):
                     def validate_python(self, value, state):
                         if value in ['default', 'new_user']:
                             raise formencode.Invalid(_('Invalid username'), value, state)
                         #check if user is uniq
                         sa = meta.Session
                         old_un = None
                         if edit:
                             old_un = sa.query(User).get(old_data.get('user_id')).username
                         if old_un != value or not edit:
                             if sa.query(User).filter(User.username == value).scalar():
                                 raise formencode.Invalid(_('This username already exists') ,
                                                          value, state)
                         meta.Session.remove()
                 return _ValidUsername
             class ValidPassword(formencode.validators.FancyValidator):
                 def to_python(self, value, state):
                     if value:
                         return get_crypt_password(value)
             class ValidAuth(formencode.validators.FancyValidator):
                 messages = {
                         'invalid_password':_('invalid password'),
                         'invalid_login':_('invalid user name'),
                         'disabled_account':_('Your acccount is disabled')
                         }
                 #error mapping
                 e_dict = {'username':messages['invalid_login'],
                           'password':messages['invalid_password']}
                 e_dict_disable = {'username':messages['disabled_account']}
                 def validate_python(self, value, state):
-                    sa = meta.Session
                     password = value['password']
                     username = value['username']
                     try:
-                        user = sa.query(User).filter(User.username == username).one()
+                        user = UserModel().get_user_by_name(username)
                     except (NoResultFound, MultipleResultsFound, OperationalError) as e:
                         log.error(e)
                         user = None
                         raise formencode.Invalid(self.message('invalid_password',
                                                  state=State_obj), value, state,
                                                  error_dict=self.e_dict)
                     if user:
                         if user.active:
-                            if user.username == username and check_password(password, user.password):
+                            if user.username == username and check_password(password,
-                                from pylons_app.lib.auth import AuthUser
+                                                                            user.password):
-                                auth_user = AuthUser()
-                                auth_user.username = username
-                                auth_user.is_authenticated = True
-                                auth_user.is_admin = user.admin
-                                auth_user.user_id = user.user_id
-                                auth_user.name = user.name
-                                auth_user.lastname = user.lastname
-                                session['hg_app_user'] = auth_user
-                                session.save()
-                                log.info('user %s is now authenticated', username)
-                                try:
-                                    user.last_login = datetime.datetime.now()
-                                    sa.add(user)
-                                    sa.commit()
-                                except (OperationalError) as e:
-                                    log.error(e)
-                                    sa.rollback()
                                 return value
                             else:
                                 log.warning('user %s not authenticated', username)
                                 raise formencode.Invalid(self.message('invalid_password',
                                                          state=State_obj), value, state,
                                                          error_dict=self.e_dict)
                         else:
                             log.warning('user %s is disabled', username)
                             raise formencode.Invalid(self.message('disabled_account',
                                                      state=State_obj),
                                                      value, state,
                                                      error_dict=self.e_dict_disable)
-                    meta.Session.remove()
             class ValidRepoUser(formencode.validators.FancyValidator):
                 def to_python(self, value, state):
-                    sa = meta.Session
                     try:
-                        self.user_db = sa.query(User)\
+                        self.user_db = meta.Session.query(User)\
                             .filter(User.active == True)\
                             .filter(User.username == value).one()
                     except Exception:
                         raise formencode.Invalid(_('This username is not valid'),
                                                  value, state)
-                    meta.Session.remove()
+                    finally:
+                        meta.Session.remove()
                     return self.user_db.user_id
             def ValidRepoName(edit, old_data):
                 class _ValidRepoName(formencode.validators.FancyValidator):
                     def to_python(self, value, state):
                         slug = h.repo_name_slug(value)
                         if slug in ['_admin']:
                             raise formencode.Invalid(_('This repository name is disallowed'),
                                                      value, state)
                         if old_data.get('repo_name') != value or not edit:
                             sa = meta.Session
                             if sa.query(Repository).filter(Repository.repo_name == slug).scalar():
                                 raise formencode.Invalid(_('This repository already exists') ,
                                                          value, state)
                             meta.Session.remove()
                         return slug
                 return _ValidRepoName
             class ValidPerms(formencode.validators.FancyValidator):
                 messages = {'perm_new_user_name':_('This username is not valid')}
                 def to_python(self, value, state):
                     perms_update = []
                     perms_new = []
                     #build a list of permission to update and new permission to create
                     for k, v in value.items():
                         if k.startswith('perm_'):
                             if  k.startswith('perm_new_user'):
                                 new_perm = value.get('perm_new_user', False)
                                 new_user = value.get('perm_new_user_name', False)
                                 if new_user and new_perm:
                                     if (new_user, new_perm) not in perms_new:
                                         perms_new.append((new_user, new_perm))
                             else:
                                 usr = k[5:]
                                 if usr == 'default':
                                     if value['private']:
                                         #set none for default when updating to private repo
                                         v = 'repository.none'
                                 perms_update.append((usr, v))
                     value['perms_updates'] = perms_update
                     value['perms_new'] = perms_new
                     sa = meta.Session
                     for k, v in perms_new:
                         try:
                             self.user_db = sa.query(User)\
                                 .filter(User.active == True)\
                                 .filter(User.username == k).one()
                         except Exception:
                             msg = self.message('perm_new_user_name',
                                                  state=State_obj)
                             raise formencode.Invalid(msg, value, state, error_dict={'perm_new_user_name':msg})
                     return value
             class ValidSettings(formencode.validators.FancyValidator):
                 def to_python(self, value, state):
                     #settings  form can't edit user
                     if value.has_key('user'):
                         del['value']['user']
                     return value
             class ValidPath(formencode.validators.FancyValidator):
                 def to_python(self, value, state):
                     isdir = os.path.isdir(value.replace('*', ''))
                     if (value.endswith('/*') or value.endswith('/**')) and isdir:
                         return value
                     elif not isdir:
                         msg = _('This is not a valid path')
                     else:
                         msg = _('You need to specify * or ** at the end of path (ie. /tmp/*)')
                     raise formencode.Invalid(msg, value, state,
                                                  error_dict={'paths_root_path':msg})
             #===============================================================================
             # FORMS
             #===============================================================================
             class LoginForm(formencode.Schema):
                 allow_extra_fields = True
                 filter_extra_fields = True
                 username = UnicodeString(
                                          strip=True,
                                          min=3,
                                          not_empty=True,
                                          messages={
                                                    'empty':_('Please enter a login'),
                                                    'tooShort':_('Enter a value %(min)i characters long or more')}
                                         )
                 password = UnicodeString(
                                         strip=True,
                                         min=3,
                                         not_empty=True,
                                         messages={
                                                   'empty':_('Please enter a password'),
                                                   'tooShort':_('Enter a value %(min)i characters long or more')}
                                             )
                 #chained validators have access to all data
                 chained_validators = [ValidAuth]
             def UserForm(edit=False, old_data={}):
                 class _UserForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     username = All(UnicodeString(strip=True, min=3, not_empty=True), ValidUsername(edit, old_data))
                     if edit:
                         new_password = All(UnicodeString(strip=True, min=3, not_empty=False), ValidPassword)
                         admin = StringBoolean(if_missing=False)
                     else:
                         password = All(UnicodeString(strip=True, min=8, not_empty=True), ValidPassword)
                     active = StringBoolean(if_missing=False)
                     name = UnicodeString(strip=True, min=3, not_empty=True)
                     lastname = UnicodeString(strip=True, min=3, not_empty=True)
                     email = Email(not_empty=True)
                 return _UserForm
             RegisterForm = UserForm
             def RepoForm(edit=False, old_data={}):
                 class _RepoForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     repo_name = All(UnicodeString(strip=True, min=1, not_empty=True), ValidRepoName(edit, old_data))
                     description = UnicodeString(strip=True, min=3, not_empty=True)
                     private = StringBoolean(if_missing=False)
                     if edit:
                         user = All(Int(not_empty=True), ValidRepoUser)
                     chained_validators = [ValidPerms]
                 return _RepoForm
             def RepoSettingsForm(edit=False, old_data={}):
                 class _RepoForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     repo_name = All(UnicodeString(strip=True, min=1, not_empty=True), ValidRepoName(edit, old_data))
                     description = UnicodeString(strip=True, min=3, not_empty=True)
                     private = StringBoolean(if_missing=False)
                     chained_validators = [ValidPerms, ValidSettings]
                 return _RepoForm
             def ApplicationSettingsForm():
                 class _ApplicationSettingsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     hg_app_title = UnicodeString(strip=True, min=3, not_empty=True)
                     hg_app_realm = UnicodeString(strip=True, min=3, not_empty=True)
                 return _ApplicationSettingsForm
             def ApplicationUiSettingsForm():
                 class _ApplicationUiSettingsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     web_push_ssl = OneOf(['true', 'false'], if_missing='false')
                     paths_root_path = All(ValidPath(), UnicodeString(strip=True, min=3, not_empty=True))
                     hooks_changegroup_update = OneOf(['True', 'False'], if_missing=False)
                     hooks_changegroup_repo_size = OneOf(['True', 'False'], if_missing=False)
                 return _ApplicationUiSettingsForm
             def DefaultPermissionsForm(perms_choices, register_choices, create_choices):
                 class _DefaultPermissionsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     overwrite_default = OneOf(['true', 'false'], if_missing='false')
                     default_perm = OneOf(perms_choices)
                     default_register = OneOf(register_choices)
                     default_create = OneOf(create_choices)
                 return _DefaultPermissionsForm

pylons_app/model/user_model.py

0 +3 0

             #!/usr/bin/env python
             # encoding: utf-8
             # Model for users
             # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; version 2
             # of the License or (at your opinion) any later version of the license.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
             # MA  02110-1301, USA.
             """
             Created on April 9, 2010
             Model for users
             @author: marcink
             """
             from pylons_app.model.db import User
             from pylons_app.model.meta import Session
             from pylons.i18n.translation import _
             import logging
             log = logging.getLogger(__name__)
             class DefaultUserException(Exception):pass
             class UserModel(object):
                 def __init__(self):
                     self.sa = Session()
                 def get_default(self):
                     return self.sa.query(User).filter(User.username == 'default').scalar()
                 def get_user(self, id):
                     return self.sa.query(User).get(id)
+                def get_user_by_name(self,name):
+                    return self.sa.query(User).filter(User.username == name).scalar()
                 def create(self, form_data):
                     try:
                         new_user = User()
                         for k, v in form_data.items():
                             setattr(new_user, k, v)
                         self.sa.add(new_user)
                         self.sa.commit()
                     except Exception as e:
                         log.error(e)
                         self.sa.rollback()
                         raise
                 def create_registration(self, form_data):
                     try:
                         new_user = User()
                         for k, v in form_data.items():
                             if k != 'admin':
                                 setattr(new_user, k, v)
                         self.sa.add(new_user)
                         self.sa.commit()
                     except Exception as e:
                         log.error(e)
                         self.sa.rollback()
                         raise
                 def update(self, uid, form_data):
                     try:
                         new_user = self.sa.query(User).get(uid)
                         if new_user.username == 'default':
                             raise DefaultUserException(
                                             _("You can't Edit this user since it's"
                                               " crucial for entire application"))
                         for k, v in form_data.items():
                             if k == 'new_password' and v != '':
                                 new_user.password = v
                             else:
                                 setattr(new_user, k, v)
                         self.sa.add(new_user)
                         self.sa.commit()
                     except Exception as e:
                         log.error(e)
                         self.sa.rollback()
                         raise
                 def update_my_account(self, uid, form_data):
                     try:
                         new_user = self.sa.query(User).get(uid)
                         if new_user.username == 'default':
                             raise DefaultUserException(
                                             _("You can't Edit this user since it's"
                                               " crucial for entire application"))
                         for k, v in form_data.items():
                             if k == 'new_password' and v != '':
                                 new_user.password = v
                             else:
                                 if k not in ['admin', 'active']:
                                     setattr(new_user, k, v)
                         self.sa.add(new_user)
                         self.sa.commit()
                     except Exception as e:
                         log.error(e)
                         self.sa.rollback()
                         raise
                 def delete(self, id):
                     try:
                         user = self.sa.query(User).get(id)
                         if user.username == 'default':
                             raise DefaultUserException(
                                             _("You can't remove this user since it's"
                                               " crucial for entire application"))
                         self.sa.delete(user)
                         self.sa.commit()
                     except Exception as e:
                         log.error(e)
                         self.sa.rollback()
                         raise

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages