##// END OF EJS Templates
Some code cleanups and fixes
marcink -
r1628:de71a4bd beta
parent child Browse files
Show More
@@ -53,6 +53,8 b' cut_off_limit = 256000'
53 force_https = false
53 force_https = false
54 commit_parse_limit = 25
54 commit_parse_limit = 25
55 use_gravatar = true
55 use_gravatar = true
56 container_auth_enabled = false
57 proxypass_auth_enabled = false
56
58
57 ####################################
59 ####################################
58 ### CELERY CONFIG ####
60 ### CELERY CONFIG ####
@@ -53,6 +53,8 b' cut_off_limit = 256000'
53 force_https = false
53 force_https = false
54 commit_parse_limit = 50
54 commit_parse_limit = 50
55 use_gravatar = true
55 use_gravatar = true
56 container_auth_enabled = false
57 proxypass_auth_enabled = false
56
58
57 ####################################
59 ####################################
58 ### CELERY CONFIG ####
60 ### CELERY CONFIG ####
@@ -49,7 +49,7 b' class LoginController(BaseController):'
49 super(LoginController, self).__before__()
49 super(LoginController, self).__before__()
50
50
51 def index(self):
51 def index(self):
52 #redirect if already logged in
52 # redirect if already logged in
53 c.came_from = request.GET.get('came_from', None)
53 c.came_from = request.GET.get('came_from', None)
54
54
55 if self.rhodecode_user.is_authenticated \
55 if self.rhodecode_user.is_authenticated \
@@ -62,7 +62,7 b' class LoginController(BaseController):'
62 login_form = LoginForm()
62 login_form = LoginForm()
63 try:
63 try:
64 c.form_result = login_form.to_python(dict(request.POST))
64 c.form_result = login_form.to_python(dict(request.POST))
65 #form checks for username/password, now we're authenticated
65 # form checks for username/password, now we're authenticated
66 username = c.form_result['username']
66 username = c.form_result['username']
67 user = User.get_by_username(username, case_insensitive=True)
67 user = User.get_by_username(username, case_insensitive=True)
68 auth_user = AuthUser(user.user_id)
68 auth_user = AuthUser(user.user_id)
@@ -125,16 +125,23 b' def get_crypt_password(password):'
125 def check_password(password, hashed):
125 def check_password(password, hashed):
126 return RhodeCodeCrypto.hash_check(password, hashed)
126 return RhodeCodeCrypto.hash_check(password, hashed)
127
127
128
128 def generate_api_key(str_, salt=None):
129 def generate_api_key(username, salt=None):
129 """
130 Generates API KEY from given string
131
132 :param str_:
133 :param salt:
134 """
135
130 if salt is None:
136 if salt is None:
131 salt = _RandomNameSequence().next()
137 salt = _RandomNameSequence().next()
132
138
133 return hashlib.sha1(username + salt).hexdigest()
139 return hashlib.sha1(str_ + salt).hexdigest()
134
140
135
141
136 def authfunc(environ, username, password):
142 def authfunc(environ, username, password):
137 """Dummy authentication function used in Mercurial/Git/ and access control,
143 """
144 Dummy authentication function used in Mercurial/Git/ and access control,
138
145
139 :param environ: needed only for using in Basic auth
146 :param environ: needed only for using in Basic auth
140 """
147 """
@@ -142,7 +149,8 b' def authfunc(environ, username, password'
142
149
143
150
144 def authenticate(username, password):
151 def authenticate(username, password):
145 """Authentication function used for access control,
152 """
153 Authentication function used for access control,
146 firstly checks for db authentication then if ldap is enabled for ldap
154 firstly checks for db authentication then if ldap is enabled for ldap
147 authentication, also creates ldap user if not in database
155 authentication, also creates ldap user if not in database
148
156
@@ -228,33 +236,35 b' def login_container_auth(username):'
228 if user is None:
236 if user is None:
229 user_model = UserModel()
237 user_model = UserModel()
230 user_attrs = {
238 user_attrs = {
231 'name': username,
239 'name': username,
232 'lastname': None,
240 'lastname': None,
233 'email': None,
241 'email': None,
234 }
242 }
235 if not user_model.create_for_container_auth(username, user_attrs):
243 user = user_model.create_for_container_auth(username, user_attrs)
244 if not user:
236 return None
245 return None
237 user = User.get_by_username(username)
238 log.info('User %s was created by container authentication', username)
246 log.info('User %s was created by container authentication', username)
239
247
240 if not user.active:
248 if not user.active:
241 return None
249 return None
242
250
243 user.update_lastlogin()
251 user.update_lastlogin()
244 log.debug('User %s is now logged in by container authentication', user.username)
252 log.debug('User %s is now logged in by container authentication',
253 user.username)
245 return user
254 return user
246
255
247 def get_container_username(environ, cfg=config):
256 def get_container_username(environ, cfg):
248 from paste.httpheaders import REMOTE_USER
257 from paste.httpheaders import REMOTE_USER
249 from paste.deploy.converters import asbool
258 from paste.deploy.converters import asbool
250
259
260 proxy_pass_enabled = asbool(cfg.get('proxypass_auth_enabled', False))
251 username = REMOTE_USER(environ)
261 username = REMOTE_USER(environ)
252
262
253 if not username and asbool(cfg.get('proxypass_auth_enabled', False)):
263 if not username and proxy_pass_enabled:
254 username = environ.get('HTTP_X_FORWARDED_USER')
264 username = environ.get('HTTP_X_FORWARDED_USER')
255
265
256 if username:
266 if username and proxy_pass_enabled:
257 #Removing realm and domain from username
267 # Removing realm and domain from username
258 username = username.partition('@')[0]
268 username = username.partition('@')[0]
259 username = username.rpartition('\\')[2]
269 username = username.rpartition('\\')[2]
260 log.debug('Received username %s from container', username)
270 log.debug('Received username %s from container', username)
@@ -276,7 +286,7 b' class AuthUser(object):'
276 self.user_id = user_id
286 self.user_id = user_id
277 self.api_key = None
287 self.api_key = None
278 self.username = username
288 self.username = username
279
289
280 self.name = ''
290 self.name = ''
281 self.lastname = ''
291 self.lastname = ''
282 self.email = ''
292 self.email = ''
@@ -290,14 +300,17 b' class AuthUser(object):'
290 user_model = UserModel()
300 user_model = UserModel()
291 self.anonymous_user = User.get_by_username('default')
301 self.anonymous_user = User.get_by_username('default')
292 is_user_loaded = False
302 is_user_loaded = False
303
304 # try go get user by api key
293 if self._api_key and self._api_key != self.anonymous_user.api_key:
305 if self._api_key and self._api_key != self.anonymous_user.api_key:
294 #try go get user by api key
295 log.debug('Auth User lookup by API KEY %s', self._api_key)
306 log.debug('Auth User lookup by API KEY %s', self._api_key)
296 is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
307 is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
297 elif self.user_id is not None \
308 # lookup by userid
298 and self.user_id != self.anonymous_user.user_id:
309 elif (self.user_id is not None and
310 self.user_id != self.anonymous_user.user_id):
299 log.debug('Auth User lookup by USER ID %s', self.user_id)
311 log.debug('Auth User lookup by USER ID %s', self.user_id)
300 is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
312 is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
313 # lookup by username
301 elif self.username:
314 elif self.username:
302 log.debug('Auth User lookup by USER NAME %s', self.username)
315 log.debug('Auth User lookup by USER NAME %s', self.username)
303 dbuser = login_container_auth(self.username)
316 dbuser = login_container_auth(self.username)
@@ -308,10 +321,10 b' class AuthUser(object):'
308 is_user_loaded = True
321 is_user_loaded = True
309
322
310 if not is_user_loaded:
323 if not is_user_loaded:
324 # if we cannot authenticate user try anonymous
311 if self.anonymous_user.active is True:
325 if self.anonymous_user.active is True:
312 user_model.fill_data(self,
326 user_model.fill_data(self,user_id=self.anonymous_user.user_id)
313 user_id=self.anonymous_user.user_id)
327 # then we set this user is logged in
314 #then we set this user is logged in
315 self.is_authenticated = True
328 self.is_authenticated = True
316 else:
329 else:
317 self.user_id = None
330 self.user_id = None
@@ -337,13 +350,13 b' class AuthUser(object):'
337 self.is_authenticated)
350 self.is_authenticated)
338
351
339 def set_authenticated(self, authenticated=True):
352 def set_authenticated(self, authenticated=True):
340
341 if self.user_id != self.anonymous_user.user_id:
353 if self.user_id != self.anonymous_user.user_id:
342 self.is_authenticated = authenticated
354 self.is_authenticated = authenticated
343
355
344
356
345 def set_available_permissions(config):
357 def set_available_permissions(config):
346 """This function will propagate pylons globals with all available defined
358 """
359 This function will propagate pylons globals with all available defined
347 permission given in db. We don't want to check each time from db for new
360 permission given in db. We don't want to check each time from db for new
348 permissions since adding a new permission also requires application restart
361 permissions since adding a new permission also requires application restart
349 ie. to decorate new views with the newly created permission
362 ie. to decorate new views with the newly created permission
@@ -474,7 +487,7 b' class PermsDecorator(object):'
474 return redirect(url('login_home', came_from=p))
487 return redirect(url('login_home', came_from=p))
475
488
476 else:
489 else:
477 #redirect with forbidden ret code
490 # redirect with forbidden ret code
478 return abort(403)
491 return abort(403)
479
492
480 def check_permissions(self):
493 def check_permissions(self):
@@ -661,3 +674,4 b' class HasPermissionAnyMiddleware(object)'
661 return True
674 return True
662 log.debug('permission denied')
675 log.debug('permission denied')
663 return False
676 return False
677
@@ -33,8 +33,6 b' class BaseController(WSGIController):'
33 self.sa = meta.Session()
33 self.sa = meta.Session()
34 self.scm_model = ScmModel(self.sa)
34 self.scm_model = ScmModel(self.sa)
35
35
36 #c.unread_journal = scm_model.get_unread_journal()
37
38 def __call__(self, environ, start_response):
36 def __call__(self, environ, start_response):
39 """Invoke the Controller"""
37 """Invoke the Controller"""
40 # WSGIController.__call__ dispatches to the Controller method
38 # WSGIController.__call__ dispatches to the Controller method
@@ -42,15 +40,15 b' class BaseController(WSGIController):'
42 # available in environ['pylons.routes_dict']
40 # available in environ['pylons.routes_dict']
43 start = time.time()
41 start = time.time()
44 try:
42 try:
45 # putting this here makes sure that we update permissions each time
43 # make sure that we update permissions each time we call controller
46 api_key = request.GET.get('api_key')
44 api_key = request.GET.get('api_key')
47 user_id = getattr(session.get('rhodecode_user'), 'user_id', None)
45 user_id = getattr(session.get('rhodecode_user'), 'user_id', None)
48 if asbool(config.get('container_auth_enabled', False)):
46 if asbool(config.get('container_auth_enabled', False)):
49 username = get_container_username(environ)
47 username = get_container_username(environ)
50 else:
48 else:
51 username = None
49 username = None
52
50 auth_user = AuthUser(user_id, api_key, username)
53 self.rhodecode_user = c.rhodecode_user = AuthUser(user_id, api_key, username)
51 self.rhodecode_user = c.rhodecode_user = auth_user
54 if not self.rhodecode_user.is_authenticated and \
52 if not self.rhodecode_user.is_authenticated and \
55 self.rhodecode_user.user_id is not None:
53 self.rhodecode_user.user_id is not None:
56 self.rhodecode_user.set_authenticated(
54 self.rhodecode_user.set_authenticated(
@@ -66,11 +64,13 b' class BaseController(WSGIController):'
66
64
67 class BaseRepoController(BaseController):
65 class BaseRepoController(BaseController):
68 """
66 """
69 Base class for controllers responsible for loading all needed data
67 Base class for controllers responsible for loading all needed data for
70 for those controllers, loaded items are
68 repository loaded items are
71
69
72 c.rhodecode_repo: instance of scm repository (taken from cache)
70 c.rhodecode_repo: instance of scm repository
73
71 c.rhodecode_db_repo: instance of db
72 c.repository_followers: number of followers
73 c.repository_forks: number of forks
74 """
74 """
75
75
76 def __before__(self):
76 def __before__(self):
@@ -86,7 +86,6 b' class BaseRepoController(BaseController)'
86
86
87 redirect(url('home'))
87 redirect(url('home'))
88
88
89 c.repository_followers = \
89 c.repository_followers = self.scm_model.get_followers(c.repo_name)
90 self.scm_model.get_followers(c.repo_name)
91 c.repository_forks = self.scm_model.get_forks(c.repo_name)
90 c.repository_forks = self.scm_model.get_forks(c.repo_name)
92
91
@@ -208,7 +208,7 b' class ValidAuth(formencode.validators.Fa'
208 password = value['password']
208 password = value['password']
209 username = value['username']
209 username = value['username']
210 user = User.get_by_username(username)
210 user = User.get_by_username(username)
211
211
212 if authenticate(username, password):
212 if authenticate(username, password):
213 return value
213 return value
214 else:
214 else:
@@ -106,20 +106,20 b' class UserModel(BaseModel):'
106 new_user.password = None
106 new_user.password = None
107 new_user.api_key = generate_api_key(username)
107 new_user.api_key = generate_api_key(username)
108 new_user.email = attrs['email']
108 new_user.email = attrs['email']
109 new_user.active = True
109 new_user.active = attrs.get('active', True)
110 new_user.name = attrs['name']
110 new_user.name = attrs['name']
111 new_user.lastname = attrs['lastname']
111 new_user.lastname = attrs['lastname']
112
112
113 self.sa.add(new_user)
113 self.sa.add(new_user)
114 self.sa.commit()
114 self.sa.commit()
115 return True
115 return new_user
116 except (DatabaseError,):
116 except (DatabaseError,):
117 log.error(traceback.format_exc())
117 log.error(traceback.format_exc())
118 self.sa.rollback()
118 self.sa.rollback()
119 raise
119 raise
120 log.debug('User %s already exists. Skipping creation of account for container auth.',
120 log.debug('User %s already exists. Skipping creation of account'
121 username)
121 ' for container auth.', username)
122 return False
122 return None
123
123
124 def create_ldap(self, username, password, user_dn, attrs):
124 def create_ldap(self, username, password, user_dn, attrs):
125 """
125 """
@@ -141,21 +141,21 b' class UserModel(BaseModel):'
141 new_user.password = get_crypt_password(password)
141 new_user.password = get_crypt_password(password)
142 new_user.api_key = generate_api_key(username)
142 new_user.api_key = generate_api_key(username)
143 new_user.email = attrs['email']
143 new_user.email = attrs['email']
144 new_user.active = attrs.get('active',True)
144 new_user.active = attrs.get('active', True)
145 new_user.ldap_dn = safe_unicode(user_dn)
145 new_user.ldap_dn = safe_unicode(user_dn)
146 new_user.name = attrs['name']
146 new_user.name = attrs['name']
147 new_user.lastname = attrs['lastname']
147 new_user.lastname = attrs['lastname']
148
148
149 self.sa.add(new_user)
149 self.sa.add(new_user)
150 self.sa.commit()
150 self.sa.commit()
151 return True
151 return new_user
152 except (DatabaseError,):
152 except (DatabaseError,):
153 log.error(traceback.format_exc())
153 log.error(traceback.format_exc())
154 self.sa.rollback()
154 self.sa.rollback()
155 raise
155 raise
156 log.debug('this %s user exists skipping creation of ldap account',
156 log.debug('this %s user exists skipping creation of ldap account',
157 username)
157 username)
158 return False
158 return None
159
159
160 def create_registration(self, form_data):
160 def create_registration(self, form_data):
161 from rhodecode.lib.celerylib import tasks, run_task
161 from rhodecode.lib.celerylib import tasks, run_task
@@ -21,7 +21,6 b' from webtest import TestApp'
21 from rhodecode.model import meta
21 from rhodecode.model import meta
22 import logging
22 import logging
23
23
24
25 log = logging.getLogger(__name__)
24 log = logging.getLogger(__name__)
26
25
27 import pylons.test
26 import pylons.test
@@ -31,7 +30,7 b' import pylons.test'
31 'TEST_USER_ADMIN_LOGIN', 'TEST_USER_ADMIN_PASS' ]
30 'TEST_USER_ADMIN_LOGIN', 'TEST_USER_ADMIN_PASS' ]
32
31
33 # Invoke websetup with the current config file
32 # Invoke websetup with the current config file
34 #SetupCommand('setup-app').run([config_file])
33 # SetupCommand('setup-app').run([config_file])
35
34
36 ##RUNNING DESIRED TESTS
35 ##RUNNING DESIRED TESTS
37 # nosetests -x rhodecode.tests.functional.test_admin_settings:TestSettingsController.test_my_account
36 # nosetests -x rhodecode.tests.functional.test_admin_settings:TestSettingsController.test_my_account
@@ -69,7 +68,7 b' class TestController(TestCase):'
69 response = self.app.post(url(controller='login', action='index'),
68 response = self.app.post(url(controller='login', action='index'),
70 {'username':username,
69 {'username':username,
71 'password':password})
70 'password':password})
72
71
73 if 'invalid user name' in response.body:
72 if 'invalid user name' in response.body:
74 self.fail('could not login using %s %s' % (username, password))
73 self.fail('could not login using %s %s' % (username, password))
75
74
1 NO CONTENT: file renamed from rhodecode/tests/test_concurency.py to rhodecode/tests/_test_concurency.py
NO CONTENT: file renamed from rhodecode/tests/test_concurency.py to rhodecode/tests/_test_concurency.py
@@ -51,6 +51,8 b' cut_off_limit = 256000'
51 force_https = false
51 force_https = false
52 commit_parse_limit = 25
52 commit_parse_limit = 25
53 use_gravatar = true
53 use_gravatar = true
54 container_auth_enabled = false
55 proxypass_auth_enabled = false
54
56
55 ####################################
57 ####################################
56 ### CELERY CONFIG ####
58 ### CELERY CONFIG ####
General Comments 0
You need to be logged in to leave comments. Login now