Show More
@@ -53,6 +53,8 b' cut_off_limit = 256000' | |||||
53 | force_https = false |
|
53 | force_https = false | |
54 | commit_parse_limit = 25 |
|
54 | commit_parse_limit = 25 | |
55 | use_gravatar = true |
|
55 | use_gravatar = true | |
|
56 | container_auth_enabled = false | |||
|
57 | proxypass_auth_enabled = false | |||
56 |
|
58 | |||
57 | #################################### |
|
59 | #################################### | |
58 | ### CELERY CONFIG #### |
|
60 | ### CELERY CONFIG #### |
@@ -53,6 +53,8 b' cut_off_limit = 256000' | |||||
53 | force_https = false |
|
53 | force_https = false | |
54 | commit_parse_limit = 50 |
|
54 | commit_parse_limit = 50 | |
55 | use_gravatar = true |
|
55 | use_gravatar = true | |
|
56 | container_auth_enabled = false | |||
|
57 | proxypass_auth_enabled = false | |||
56 |
|
58 | |||
57 | #################################### |
|
59 | #################################### | |
58 | ### CELERY CONFIG #### |
|
60 | ### CELERY CONFIG #### |
@@ -49,7 +49,7 b' class LoginController(BaseController):' | |||||
49 | super(LoginController, self).__before__() |
|
49 | super(LoginController, self).__before__() | |
50 |
|
50 | |||
51 | def index(self): |
|
51 | def index(self): | |
52 | #redirect if already logged in |
|
52 | # redirect if already logged in | |
53 | c.came_from = request.GET.get('came_from', None) |
|
53 | c.came_from = request.GET.get('came_from', None) | |
54 |
|
54 | |||
55 | if self.rhodecode_user.is_authenticated \ |
|
55 | if self.rhodecode_user.is_authenticated \ | |
@@ -62,7 +62,7 b' class LoginController(BaseController):' | |||||
62 | login_form = LoginForm() |
|
62 | login_form = LoginForm() | |
63 | try: |
|
63 | try: | |
64 | c.form_result = login_form.to_python(dict(request.POST)) |
|
64 | c.form_result = login_form.to_python(dict(request.POST)) | |
65 | #form checks for username/password, now we're authenticated |
|
65 | # form checks for username/password, now we're authenticated | |
66 | username = c.form_result['username'] |
|
66 | username = c.form_result['username'] | |
67 | user = User.get_by_username(username, case_insensitive=True) |
|
67 | user = User.get_by_username(username, case_insensitive=True) | |
68 | auth_user = AuthUser(user.user_id) |
|
68 | auth_user = AuthUser(user.user_id) |
@@ -125,16 +125,23 b' def get_crypt_password(password):' | |||||
125 | def check_password(password, hashed): |
|
125 | def check_password(password, hashed): | |
126 | return RhodeCodeCrypto.hash_check(password, hashed) |
|
126 | return RhodeCodeCrypto.hash_check(password, hashed) | |
127 |
|
127 | |||
128 |
|
128 | def generate_api_key(str_, salt=None): | ||
129 | def generate_api_key(username, salt=None): |
|
129 | """ | |
|
130 | Generates API KEY from given string | |||
|
131 | ||||
|
132 | :param str_: | |||
|
133 | :param salt: | |||
|
134 | """ | |||
|
135 | ||||
130 | if salt is None: |
|
136 | if salt is None: | |
131 | salt = _RandomNameSequence().next() |
|
137 | salt = _RandomNameSequence().next() | |
132 |
|
138 | |||
133 |
return hashlib.sha1( |
|
139 | return hashlib.sha1(str_ + salt).hexdigest() | |
134 |
|
140 | |||
135 |
|
141 | |||
136 | def authfunc(environ, username, password): |
|
142 | def authfunc(environ, username, password): | |
137 | """Dummy authentication function used in Mercurial/Git/ and access control, |
|
143 | """ | |
|
144 | Dummy authentication function used in Mercurial/Git/ and access control, | |||
138 |
|
145 | |||
139 | :param environ: needed only for using in Basic auth |
|
146 | :param environ: needed only for using in Basic auth | |
140 | """ |
|
147 | """ | |
@@ -142,7 +149,8 b' def authfunc(environ, username, password' | |||||
142 |
|
149 | |||
143 |
|
150 | |||
144 | def authenticate(username, password): |
|
151 | def authenticate(username, password): | |
145 | """Authentication function used for access control, |
|
152 | """ | |
|
153 | Authentication function used for access control, | |||
146 | firstly checks for db authentication then if ldap is enabled for ldap |
|
154 | firstly checks for db authentication then if ldap is enabled for ldap | |
147 | authentication, also creates ldap user if not in database |
|
155 | authentication, also creates ldap user if not in database | |
148 |
|
156 | |||
@@ -228,33 +236,35 b' def login_container_auth(username):' | |||||
228 | if user is None: |
|
236 | if user is None: | |
229 | user_model = UserModel() |
|
237 | user_model = UserModel() | |
230 | user_attrs = { |
|
238 | user_attrs = { | |
231 |
|
|
239 | 'name': username, | |
232 |
|
|
240 | 'lastname': None, | |
233 |
|
|
241 | 'email': None, | |
234 |
|
|
242 | } | |
235 |
|
|
243 | user = user_model.create_for_container_auth(username, user_attrs) | |
|
244 | if not user: | |||
236 | return None |
|
245 | return None | |
237 | user = User.get_by_username(username) |
|
|||
238 | log.info('User %s was created by container authentication', username) |
|
246 | log.info('User %s was created by container authentication', username) | |
239 |
|
247 | |||
240 | if not user.active: |
|
248 | if not user.active: | |
241 | return None |
|
249 | return None | |
242 |
|
250 | |||
243 | user.update_lastlogin() |
|
251 | user.update_lastlogin() | |
244 |
log.debug('User %s is now logged in by container authentication', |
|
252 | log.debug('User %s is now logged in by container authentication', | |
|
253 | user.username) | |||
245 | return user |
|
254 | return user | |
246 |
|
255 | |||
247 |
def get_container_username(environ, cfg |
|
256 | def get_container_username(environ, cfg): | |
248 | from paste.httpheaders import REMOTE_USER |
|
257 | from paste.httpheaders import REMOTE_USER | |
249 | from paste.deploy.converters import asbool |
|
258 | from paste.deploy.converters import asbool | |
250 |
|
259 | |||
|
260 | proxy_pass_enabled = asbool(cfg.get('proxypass_auth_enabled', False)) | |||
251 | username = REMOTE_USER(environ) |
|
261 | username = REMOTE_USER(environ) | |
252 |
|
262 | |||
253 |
if not username and |
|
263 | if not username and proxy_pass_enabled: | |
254 | username = environ.get('HTTP_X_FORWARDED_USER') |
|
264 | username = environ.get('HTTP_X_FORWARDED_USER') | |
255 |
|
265 | |||
256 | if username: |
|
266 | if username and proxy_pass_enabled: | |
257 | #Removing realm and domain from username |
|
267 | # Removing realm and domain from username | |
258 | username = username.partition('@')[0] |
|
268 | username = username.partition('@')[0] | |
259 | username = username.rpartition('\\')[2] |
|
269 | username = username.rpartition('\\')[2] | |
260 | log.debug('Received username %s from container', username) |
|
270 | log.debug('Received username %s from container', username) | |
@@ -276,7 +286,7 b' class AuthUser(object):' | |||||
276 | self.user_id = user_id |
|
286 | self.user_id = user_id | |
277 | self.api_key = None |
|
287 | self.api_key = None | |
278 | self.username = username |
|
288 | self.username = username | |
279 |
|
289 | |||
280 | self.name = '' |
|
290 | self.name = '' | |
281 | self.lastname = '' |
|
291 | self.lastname = '' | |
282 | self.email = '' |
|
292 | self.email = '' | |
@@ -290,14 +300,17 b' class AuthUser(object):' | |||||
290 | user_model = UserModel() |
|
300 | user_model = UserModel() | |
291 | self.anonymous_user = User.get_by_username('default') |
|
301 | self.anonymous_user = User.get_by_username('default') | |
292 | is_user_loaded = False |
|
302 | is_user_loaded = False | |
|
303 | ||||
|
304 | # try go get user by api key | |||
293 | if self._api_key and self._api_key != self.anonymous_user.api_key: |
|
305 | if self._api_key and self._api_key != self.anonymous_user.api_key: | |
294 | #try go get user by api key |
|
|||
295 | log.debug('Auth User lookup by API KEY %s', self._api_key) |
|
306 | log.debug('Auth User lookup by API KEY %s', self._api_key) | |
296 | is_user_loaded = user_model.fill_data(self, api_key=self._api_key) |
|
307 | is_user_loaded = user_model.fill_data(self, api_key=self._api_key) | |
297 | elif self.user_id is not None \ |
|
308 | # lookup by userid | |
298 | and self.user_id != self.anonymous_user.user_id: |
|
309 | elif (self.user_id is not None and | |
|
310 | self.user_id != self.anonymous_user.user_id): | |||
299 | log.debug('Auth User lookup by USER ID %s', self.user_id) |
|
311 | log.debug('Auth User lookup by USER ID %s', self.user_id) | |
300 | is_user_loaded = user_model.fill_data(self, user_id=self.user_id) |
|
312 | is_user_loaded = user_model.fill_data(self, user_id=self.user_id) | |
|
313 | # lookup by username | |||
301 | elif self.username: |
|
314 | elif self.username: | |
302 | log.debug('Auth User lookup by USER NAME %s', self.username) |
|
315 | log.debug('Auth User lookup by USER NAME %s', self.username) | |
303 | dbuser = login_container_auth(self.username) |
|
316 | dbuser = login_container_auth(self.username) | |
@@ -308,10 +321,10 b' class AuthUser(object):' | |||||
308 | is_user_loaded = True |
|
321 | is_user_loaded = True | |
309 |
|
322 | |||
310 | if not is_user_loaded: |
|
323 | if not is_user_loaded: | |
|
324 | # if we cannot authenticate user try anonymous | |||
311 | if self.anonymous_user.active is True: |
|
325 | if self.anonymous_user.active is True: | |
312 | user_model.fill_data(self, |
|
326 | user_model.fill_data(self,user_id=self.anonymous_user.user_id) | |
313 | user_id=self.anonymous_user.user_id) |
|
327 | # then we set this user is logged in | |
314 | #then we set this user is logged in |
|
|||
315 | self.is_authenticated = True |
|
328 | self.is_authenticated = True | |
316 | else: |
|
329 | else: | |
317 | self.user_id = None |
|
330 | self.user_id = None | |
@@ -337,13 +350,13 b' class AuthUser(object):' | |||||
337 | self.is_authenticated) |
|
350 | self.is_authenticated) | |
338 |
|
351 | |||
339 | def set_authenticated(self, authenticated=True): |
|
352 | def set_authenticated(self, authenticated=True): | |
340 |
|
||||
341 | if self.user_id != self.anonymous_user.user_id: |
|
353 | if self.user_id != self.anonymous_user.user_id: | |
342 | self.is_authenticated = authenticated |
|
354 | self.is_authenticated = authenticated | |
343 |
|
355 | |||
344 |
|
356 | |||
345 | def set_available_permissions(config): |
|
357 | def set_available_permissions(config): | |
346 | """This function will propagate pylons globals with all available defined |
|
358 | """ | |
|
359 | This function will propagate pylons globals with all available defined | |||
347 | permission given in db. We don't want to check each time from db for new |
|
360 | permission given in db. We don't want to check each time from db for new | |
348 | permissions since adding a new permission also requires application restart |
|
361 | permissions since adding a new permission also requires application restart | |
349 | ie. to decorate new views with the newly created permission |
|
362 | ie. to decorate new views with the newly created permission | |
@@ -474,7 +487,7 b' class PermsDecorator(object):' | |||||
474 | return redirect(url('login_home', came_from=p)) |
|
487 | return redirect(url('login_home', came_from=p)) | |
475 |
|
488 | |||
476 | else: |
|
489 | else: | |
477 | #redirect with forbidden ret code |
|
490 | # redirect with forbidden ret code | |
478 | return abort(403) |
|
491 | return abort(403) | |
479 |
|
492 | |||
480 | def check_permissions(self): |
|
493 | def check_permissions(self): | |
@@ -661,3 +674,4 b' class HasPermissionAnyMiddleware(object)' | |||||
661 | return True |
|
674 | return True | |
662 | log.debug('permission denied') |
|
675 | log.debug('permission denied') | |
663 | return False |
|
676 | return False | |
|
677 |
@@ -33,8 +33,6 b' class BaseController(WSGIController):' | |||||
33 | self.sa = meta.Session() |
|
33 | self.sa = meta.Session() | |
34 | self.scm_model = ScmModel(self.sa) |
|
34 | self.scm_model = ScmModel(self.sa) | |
35 |
|
35 | |||
36 | #c.unread_journal = scm_model.get_unread_journal() |
|
|||
37 |
|
||||
38 | def __call__(self, environ, start_response): |
|
36 | def __call__(self, environ, start_response): | |
39 | """Invoke the Controller""" |
|
37 | """Invoke the Controller""" | |
40 | # WSGIController.__call__ dispatches to the Controller method |
|
38 | # WSGIController.__call__ dispatches to the Controller method | |
@@ -42,15 +40,15 b' class BaseController(WSGIController):' | |||||
42 | # available in environ['pylons.routes_dict'] |
|
40 | # available in environ['pylons.routes_dict'] | |
43 | start = time.time() |
|
41 | start = time.time() | |
44 | try: |
|
42 | try: | |
45 |
# |
|
43 | # make sure that we update permissions each time we call controller | |
46 | api_key = request.GET.get('api_key') |
|
44 | api_key = request.GET.get('api_key') | |
47 | user_id = getattr(session.get('rhodecode_user'), 'user_id', None) |
|
45 | user_id = getattr(session.get('rhodecode_user'), 'user_id', None) | |
48 | if asbool(config.get('container_auth_enabled', False)): |
|
46 | if asbool(config.get('container_auth_enabled', False)): | |
49 | username = get_container_username(environ) |
|
47 | username = get_container_username(environ) | |
50 | else: |
|
48 | else: | |
51 | username = None |
|
49 | username = None | |
52 |
|
50 | auth_user = AuthUser(user_id, api_key, username) | ||
53 |
self.rhodecode_user = c.rhodecode_user = |
|
51 | self.rhodecode_user = c.rhodecode_user = auth_user | |
54 | if not self.rhodecode_user.is_authenticated and \ |
|
52 | if not self.rhodecode_user.is_authenticated and \ | |
55 | self.rhodecode_user.user_id is not None: |
|
53 | self.rhodecode_user.user_id is not None: | |
56 | self.rhodecode_user.set_authenticated( |
|
54 | self.rhodecode_user.set_authenticated( | |
@@ -66,11 +64,13 b' class BaseController(WSGIController):' | |||||
66 |
|
64 | |||
67 | class BaseRepoController(BaseController): |
|
65 | class BaseRepoController(BaseController): | |
68 | """ |
|
66 | """ | |
69 | Base class for controllers responsible for loading all needed data |
|
67 | Base class for controllers responsible for loading all needed data for | |
70 |
|
|
68 | repository loaded items are | |
71 |
|
69 | |||
72 |
c.rhodecode_repo: instance of scm repository |
|
70 | c.rhodecode_repo: instance of scm repository | |
73 |
|
71 | c.rhodecode_db_repo: instance of db | ||
|
72 | c.repository_followers: number of followers | |||
|
73 | c.repository_forks: number of forks | |||
74 | """ |
|
74 | """ | |
75 |
|
75 | |||
76 | def __before__(self): |
|
76 | def __before__(self): | |
@@ -86,7 +86,6 b' class BaseRepoController(BaseController)' | |||||
86 |
|
86 | |||
87 | redirect(url('home')) |
|
87 | redirect(url('home')) | |
88 |
|
88 | |||
89 |
c.repository_followers = |
|
89 | c.repository_followers = self.scm_model.get_followers(c.repo_name) | |
90 | self.scm_model.get_followers(c.repo_name) |
|
|||
91 | c.repository_forks = self.scm_model.get_forks(c.repo_name) |
|
90 | c.repository_forks = self.scm_model.get_forks(c.repo_name) | |
92 |
|
91 |
@@ -208,7 +208,7 b' class ValidAuth(formencode.validators.Fa' | |||||
208 | password = value['password'] |
|
208 | password = value['password'] | |
209 | username = value['username'] |
|
209 | username = value['username'] | |
210 | user = User.get_by_username(username) |
|
210 | user = User.get_by_username(username) | |
211 |
|
211 | |||
212 | if authenticate(username, password): |
|
212 | if authenticate(username, password): | |
213 | return value |
|
213 | return value | |
214 | else: |
|
214 | else: |
@@ -106,20 +106,20 b' class UserModel(BaseModel):' | |||||
106 | new_user.password = None |
|
106 | new_user.password = None | |
107 | new_user.api_key = generate_api_key(username) |
|
107 | new_user.api_key = generate_api_key(username) | |
108 | new_user.email = attrs['email'] |
|
108 | new_user.email = attrs['email'] | |
109 | new_user.active = True |
|
109 | new_user.active = attrs.get('active', True) | |
110 | new_user.name = attrs['name'] |
|
110 | new_user.name = attrs['name'] | |
111 | new_user.lastname = attrs['lastname'] |
|
111 | new_user.lastname = attrs['lastname'] | |
112 |
|
112 | |||
113 | self.sa.add(new_user) |
|
113 | self.sa.add(new_user) | |
114 | self.sa.commit() |
|
114 | self.sa.commit() | |
115 |
return |
|
115 | return new_user | |
116 | except (DatabaseError,): |
|
116 | except (DatabaseError,): | |
117 | log.error(traceback.format_exc()) |
|
117 | log.error(traceback.format_exc()) | |
118 | self.sa.rollback() |
|
118 | self.sa.rollback() | |
119 | raise |
|
119 | raise | |
120 |
log.debug('User %s already exists. Skipping creation of account |
|
120 | log.debug('User %s already exists. Skipping creation of account' | |
121 | username) |
|
121 | ' for container auth.', username) | |
122 |
return |
|
122 | return None | |
123 |
|
123 | |||
124 | def create_ldap(self, username, password, user_dn, attrs): |
|
124 | def create_ldap(self, username, password, user_dn, attrs): | |
125 | """ |
|
125 | """ | |
@@ -141,21 +141,21 b' class UserModel(BaseModel):' | |||||
141 | new_user.password = get_crypt_password(password) |
|
141 | new_user.password = get_crypt_password(password) | |
142 | new_user.api_key = generate_api_key(username) |
|
142 | new_user.api_key = generate_api_key(username) | |
143 | new_user.email = attrs['email'] |
|
143 | new_user.email = attrs['email'] | |
144 | new_user.active = attrs.get('active',True) |
|
144 | new_user.active = attrs.get('active', True) | |
145 | new_user.ldap_dn = safe_unicode(user_dn) |
|
145 | new_user.ldap_dn = safe_unicode(user_dn) | |
146 | new_user.name = attrs['name'] |
|
146 | new_user.name = attrs['name'] | |
147 | new_user.lastname = attrs['lastname'] |
|
147 | new_user.lastname = attrs['lastname'] | |
148 |
|
148 | |||
149 | self.sa.add(new_user) |
|
149 | self.sa.add(new_user) | |
150 | self.sa.commit() |
|
150 | self.sa.commit() | |
151 |
return |
|
151 | return new_user | |
152 | except (DatabaseError,): |
|
152 | except (DatabaseError,): | |
153 | log.error(traceback.format_exc()) |
|
153 | log.error(traceback.format_exc()) | |
154 | self.sa.rollback() |
|
154 | self.sa.rollback() | |
155 | raise |
|
155 | raise | |
156 | log.debug('this %s user exists skipping creation of ldap account', |
|
156 | log.debug('this %s user exists skipping creation of ldap account', | |
157 | username) |
|
157 | username) | |
158 |
return |
|
158 | return None | |
159 |
|
159 | |||
160 | def create_registration(self, form_data): |
|
160 | def create_registration(self, form_data): | |
161 | from rhodecode.lib.celerylib import tasks, run_task |
|
161 | from rhodecode.lib.celerylib import tasks, run_task |
@@ -21,7 +21,6 b' from webtest import TestApp' | |||||
21 | from rhodecode.model import meta |
|
21 | from rhodecode.model import meta | |
22 | import logging |
|
22 | import logging | |
23 |
|
23 | |||
24 |
|
||||
25 | log = logging.getLogger(__name__) |
|
24 | log = logging.getLogger(__name__) | |
26 |
|
25 | |||
27 | import pylons.test |
|
26 | import pylons.test | |
@@ -31,7 +30,7 b' import pylons.test' | |||||
31 | 'TEST_USER_ADMIN_LOGIN', 'TEST_USER_ADMIN_PASS' ] |
|
30 | 'TEST_USER_ADMIN_LOGIN', 'TEST_USER_ADMIN_PASS' ] | |
32 |
|
31 | |||
33 | # Invoke websetup with the current config file |
|
32 | # Invoke websetup with the current config file | |
34 | #SetupCommand('setup-app').run([config_file]) |
|
33 | # SetupCommand('setup-app').run([config_file]) | |
35 |
|
34 | |||
36 | ##RUNNING DESIRED TESTS |
|
35 | ##RUNNING DESIRED TESTS | |
37 | # nosetests -x rhodecode.tests.functional.test_admin_settings:TestSettingsController.test_my_account |
|
36 | # nosetests -x rhodecode.tests.functional.test_admin_settings:TestSettingsController.test_my_account | |
@@ -69,7 +68,7 b' class TestController(TestCase):' | |||||
69 | response = self.app.post(url(controller='login', action='index'), |
|
68 | response = self.app.post(url(controller='login', action='index'), | |
70 | {'username':username, |
|
69 | {'username':username, | |
71 | 'password':password}) |
|
70 | 'password':password}) | |
72 |
|
71 | |||
73 | if 'invalid user name' in response.body: |
|
72 | if 'invalid user name' in response.body: | |
74 | self.fail('could not login using %s %s' % (username, password)) |
|
73 | self.fail('could not login using %s %s' % (username, password)) | |
75 |
|
74 |
1 | NO CONTENT: file renamed from rhodecode/tests/test_concurency.py to rhodecode/tests/_test_concurency.py |
|
NO CONTENT: file renamed from rhodecode/tests/test_concurency.py to rhodecode/tests/_test_concurency.py |
@@ -51,6 +51,8 b' cut_off_limit = 256000' | |||||
51 | force_https = false |
|
51 | force_https = false | |
52 | commit_parse_limit = 25 |
|
52 | commit_parse_limit = 25 | |
53 | use_gravatar = true |
|
53 | use_gravatar = true | |
|
54 | container_auth_enabled = false | |||
|
55 | proxypass_auth_enabled = false | |||
54 |
|
56 | |||
55 | #################################### |
|
57 | #################################### | |
56 | ### CELERY CONFIG #### |
|
58 | ### CELERY CONFIG #### |
General Comments 0
You need to be logged in to leave comments.
Login now