##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

Some code cleanups and fixes
marcink -
r1628:de71a4bd beta
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -53,6 +53,8 b' cut_off_limit = 256000'
53 53 force_https = false
54 54 commit_parse_limit = 25
55 55 use_gravatar = true
56 container_auth_enabled = false
57 proxypass_auth_enabled = false
56 58
57 59 ####################################
58 60 ### CELERY CONFIG ####
Show file before | Show file after | Hide comments
@@ -53,6 +53,8 b' cut_off_limit = 256000'
53 53 force_https = false
54 54 commit_parse_limit = 50
55 55 use_gravatar = true
56 container_auth_enabled = false
57 proxypass_auth_enabled = false
56 58
57 59 ####################################
58 60 ### CELERY CONFIG ####
Show file before | Show file after | Hide comments
@@ -49,7 +49,7 b' class LoginController(BaseController):'
49 49 super(LoginController, self).__before__()
50 50
51 51 def index(self):
52 #redirect if already logged in
52 # redirect if already logged in
53 53 c.came_from = request.GET.get('came_from', None)
54 54
55 55 if self.rhodecode_user.is_authenticated \
@@ -62,7 +62,7 b' class LoginController(BaseController):'
62 62 login_form = LoginForm()
63 63 try:
64 64 c.form_result = login_form.to_python(dict(request.POST))
65 #form checks for username/password, now we're authenticated
65 # form checks for username/password, now we're authenticated
66 66 username = c.form_result['username']
67 67 user = User.get_by_username(username, case_insensitive=True)
68 68 auth_user = AuthUser(user.user_id)
Show file before | Show file after | Hide comments
@@ -125,16 +125,23 b' def get_crypt_password(password):'
125 125 def check_password(password, hashed):
126 126 return RhodeCodeCrypto.hash_check(password, hashed)
127 127
128
129 def generate_api_key(username, salt=None):
128 def generate_api_key(str_, salt=None):
129 """
130 Generates API KEY from given string
131
132 :param str_:
133 :param salt:
134 """
135
130 136 if salt is None:
131 137 salt = _RandomNameSequence().next()
132 138
133 return hashlib.sha1(username + salt).hexdigest()
139 return hashlib.sha1(str_ + salt).hexdigest()
134 140
135 141
136 142 def authfunc(environ, username, password):
137 """Dummy authentication function used in Mercurial/Git/ and access control,
143 """
144 Dummy authentication function used in Mercurial/Git/ and access control,
138 145
139 146 :param environ: needed only for using in Basic auth
140 147 """
@@ -142,7 +149,8 b' def authfunc(environ, username, password'
142 149
143 150
144 151 def authenticate(username, password):
145 """Authentication function used for access control,
152 """
153 Authentication function used for access control,
146 154 firstly checks for db authentication then if ldap is enabled for ldap
147 155 authentication, also creates ldap user if not in database
148 156
@@ -228,33 +236,35 b' def login_container_auth(username):'
228 236 if user is None:
229 237 user_model = UserModel()
230 238 user_attrs = {
231 'name': username,
232 'lastname': None,
233 'email': None,
234 }
235 if not user_model.create_for_container_auth(username, user_attrs):
239 'name': username,
240 'lastname': None,
241 'email': None,
242 }
243 user = user_model.create_for_container_auth(username, user_attrs)
244 if not user:
236 245 return None
237 user = User.get_by_username(username)
238 246 log.info('User %s was created by container authentication', username)
239 247
240 248 if not user.active:
241 249 return None
242 250
243 251 user.update_lastlogin()
244 log.debug('User %s is now logged in by container authentication', user.username)
252 log.debug('User %s is now logged in by container authentication',
253 user.username)
245 254 return user
246 255
247 def get_container_username(environ, cfg=config):
256 def get_container_username(environ, cfg):
248 257 from paste.httpheaders import REMOTE_USER
249 258 from paste.deploy.converters import asbool
250 259
260 proxy_pass_enabled = asbool(cfg.get('proxypass_auth_enabled', False))
251 261 username = REMOTE_USER(environ)
252
253 if not username and asbool(cfg.get('proxypass_auth_enabled', False)):
262
263 if not username and proxy_pass_enabled:
254 264 username = environ.get('HTTP_X_FORWARDED_USER')
255 265
256 if username:
257 #Removing realm and domain from username
266 if username and proxy_pass_enabled:
267 # Removing realm and domain from username
258 268 username = username.partition('@')[0]
259 269 username = username.rpartition('\\')[2]
260 270 log.debug('Received username %s from container', username)
@@ -276,7 +286,7 b' class AuthUser(object):'
276 286 self.user_id = user_id
277 287 self.api_key = None
278 288 self.username = username
279
289
280 290 self.name = ''
281 291 self.lastname = ''
282 292 self.email = ''
@@ -290,14 +300,17 b' class AuthUser(object):'
290 300 user_model = UserModel()
291 301 self.anonymous_user = User.get_by_username('default')
292 302 is_user_loaded = False
303
304 # try go get user by api key
293 305 if self._api_key and self._api_key != self.anonymous_user.api_key:
294 #try go get user by api key
295 306 log.debug('Auth User lookup by API KEY %s', self._api_key)
296 307 is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
297 elif self.user_id is not None \
298 and self.user_id != self.anonymous_user.user_id:
308 # lookup by userid
309 elif (self.user_id is not None and
310 self.user_id != self.anonymous_user.user_id):
299 311 log.debug('Auth User lookup by USER ID %s', self.user_id)
300 312 is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
313 # lookup by username
301 314 elif self.username:
302 315 log.debug('Auth User lookup by USER NAME %s', self.username)
303 316 dbuser = login_container_auth(self.username)
@@ -308,10 +321,10 b' class AuthUser(object):'
308 321 is_user_loaded = True
309 322
310 323 if not is_user_loaded:
324 # if we cannot authenticate user try anonymous
311 325 if self.anonymous_user.active is True:
312 user_model.fill_data(self,
313 user_id=self.anonymous_user.user_id)
314 #then we set this user is logged in
326 user_model.fill_data(self,user_id=self.anonymous_user.user_id)
327 # then we set this user is logged in
315 328 self.is_authenticated = True
316 329 else:
317 330 self.user_id = None
@@ -337,13 +350,13 b' class AuthUser(object):'
337 350 self.is_authenticated)
338 351
339 352 def set_authenticated(self, authenticated=True):
340
341 353 if self.user_id != self.anonymous_user.user_id:
342 354 self.is_authenticated = authenticated
343 355
344 356
345 357 def set_available_permissions(config):
346 """This function will propagate pylons globals with all available defined
358 """
359 This function will propagate pylons globals with all available defined
347 360 permission given in db. We don't want to check each time from db for new
348 361 permissions since adding a new permission also requires application restart
349 362 ie. to decorate new views with the newly created permission
@@ -474,7 +487,7 b' class PermsDecorator(object):'
474 487 return redirect(url('login_home', came_from=p))
475 488
476 489 else:
477 #redirect with forbidden ret code
490 # redirect with forbidden ret code
478 491 return abort(403)
479 492
480 493 def check_permissions(self):
@@ -661,3 +674,4 b' class HasPermissionAnyMiddleware(object)'
661 674 return True
662 675 log.debug('permission denied')
663 676 return False
677
Show file before | Show file after | Hide comments
@@ -33,8 +33,6 b' class BaseController(WSGIController):'
33 33 self.sa = meta.Session()
34 34 self.scm_model = ScmModel(self.sa)
35 35
36 #c.unread_journal = scm_model.get_unread_journal()
37
38 36 def __call__(self, environ, start_response):
39 37 """Invoke the Controller"""
40 38 # WSGIController.__call__ dispatches to the Controller method
@@ -42,15 +40,15 b' class BaseController(WSGIController):'
42 40 # available in environ['pylons.routes_dict']
43 41 start = time.time()
44 42 try:
45 # putting this here makes sure that we update permissions each time
43 # make sure that we update permissions each time we call controller
46 44 api_key = request.GET.get('api_key')
47 45 user_id = getattr(session.get('rhodecode_user'), 'user_id', None)
48 46 if asbool(config.get('container_auth_enabled', False)):
49 47 username = get_container_username(environ)
50 48 else:
51 49 username = None
52
53 self.rhodecode_user = c.rhodecode_user = AuthUser(user_id, api_key, username)
50 auth_user = AuthUser(user_id, api_key, username)
51 self.rhodecode_user = c.rhodecode_user = auth_user
54 52 if not self.rhodecode_user.is_authenticated and \
55 53 self.rhodecode_user.user_id is not None:
56 54 self.rhodecode_user.set_authenticated(
@@ -66,11 +64,13 b' class BaseController(WSGIController):'
66 64
67 65 class BaseRepoController(BaseController):
68 66 """
69 Base class for controllers responsible for loading all needed data
70 for those controllers, loaded items are
67 Base class for controllers responsible for loading all needed data for
68 repository loaded items are
71 69
72 c.rhodecode_repo: instance of scm repository (taken from cache)
73
70 c.rhodecode_repo: instance of scm repository
71 c.rhodecode_db_repo: instance of db
72 c.repository_followers: number of followers
73 c.repository_forks: number of forks
74 74 """
75 75
76 76 def __before__(self):
@@ -86,7 +86,6 b' class BaseRepoController(BaseController)'
86 86
87 87 redirect(url('home'))
88 88
89 c.repository_followers = \
90 self.scm_model.get_followers(c.repo_name)
89 c.repository_followers = self.scm_model.get_followers(c.repo_name)
91 90 c.repository_forks = self.scm_model.get_forks(c.repo_name)
92 91
Show file before | Show file after | Hide comments
@@ -208,7 +208,7 b' class ValidAuth(formencode.validators.Fa'
208 208 password = value['password']
209 209 username = value['username']
210 210 user = User.get_by_username(username)
211
211
212 212 if authenticate(username, password):
213 213 return value
214 214 else:
Show file before | Show file after | Hide comments
@@ -106,20 +106,20 b' class UserModel(BaseModel):'
106 106 new_user.password = None
107 107 new_user.api_key = generate_api_key(username)
108 108 new_user.email = attrs['email']
109 new_user.active = True
109 new_user.active = attrs.get('active', True)
110 110 new_user.name = attrs['name']
111 111 new_user.lastname = attrs['lastname']
112 112
113 113 self.sa.add(new_user)
114 114 self.sa.commit()
115 return True
115 return new_user
116 116 except (DatabaseError,):
117 117 log.error(traceback.format_exc())
118 118 self.sa.rollback()
119 119 raise
120 log.debug('User %s already exists. Skipping creation of account for container auth.',
121 username)
122 return False
120 log.debug('User %s already exists. Skipping creation of account'
121 ' for container auth.', username)
122 return None
123 123
124 124 def create_ldap(self, username, password, user_dn, attrs):
125 125 """
@@ -141,21 +141,21 b' class UserModel(BaseModel):'
141 141 new_user.password = get_crypt_password(password)
142 142 new_user.api_key = generate_api_key(username)
143 143 new_user.email = attrs['email']
144 new_user.active = attrs.get('active',True)
144 new_user.active = attrs.get('active', True)
145 145 new_user.ldap_dn = safe_unicode(user_dn)
146 146 new_user.name = attrs['name']
147 147 new_user.lastname = attrs['lastname']
148 148
149 149 self.sa.add(new_user)
150 150 self.sa.commit()
151 return True
151 return new_user
152 152 except (DatabaseError,):
153 153 log.error(traceback.format_exc())
154 154 self.sa.rollback()
155 155 raise
156 156 log.debug('this %s user exists skipping creation of ldap account',
157 157 username)
158 return False
158 return None
159 159
160 160 def create_registration(self, form_data):
161 161 from rhodecode.lib.celerylib import tasks, run_task
Show file before | Show file after | Hide comments
@@ -21,7 +21,6 b' from webtest import TestApp'
21 21 from rhodecode.model import meta
22 22 import logging
23 23
24
25 24 log = logging.getLogger(__name__)
26 25
27 26 import pylons.test
@@ -31,7 +30,7 b' import pylons.test'
31 30 'TEST_USER_ADMIN_LOGIN', 'TEST_USER_ADMIN_PASS' ]
32 31
33 32 # Invoke websetup with the current config file
34 #SetupCommand('setup-app').run([config_file])
33 # SetupCommand('setup-app').run([config_file])
35 34
36 35 ##RUNNING DESIRED TESTS
37 36 # nosetests -x rhodecode.tests.functional.test_admin_settings:TestSettingsController.test_my_account
@@ -69,7 +68,7 b' class TestController(TestCase):'
69 68 response = self.app.post(url(controller='login', action='index'),
70 69 {'username':username,
71 70 'password':password})
72
71
73 72 if 'invalid user name' in response.body:
74 73 self.fail('could not login using %s %s' % (username, password))
75 74
Show file before | Show file after | Hide comments
1 NO CONTENT: file renamed from rhodecode/tests/test_concurency.py to rhodecode/tests/_test_concurency.py
Show file before | Show file after | Hide comments
@@ -51,6 +51,8 b' cut_off_limit = 256000'
51 51 force_https = false
52 52 commit_parse_limit = 25
53 53 use_gravatar = true
54 container_auth_enabled = false
55 proxypass_auth_enabled = false
54 56
55 57 ####################################
56 58 ### CELERY CONFIG ####
General Comments 0
You need to be logged in to leave comments. Login now