##// END OF EJS Templates
Some code cleanups and fixes
marcink -
r1628:de71a4bd beta
parent child Browse files
Show More
@@ -53,6 +53,8 b' cut_off_limit = 256000'
53 53 force_https = false
54 54 commit_parse_limit = 25
55 55 use_gravatar = true
56 container_auth_enabled = false
57 proxypass_auth_enabled = false
56 58
57 59 ####################################
58 60 ### CELERY CONFIG ####
@@ -53,6 +53,8 b' cut_off_limit = 256000'
53 53 force_https = false
54 54 commit_parse_limit = 50
55 55 use_gravatar = true
56 container_auth_enabled = false
57 proxypass_auth_enabled = false
56 58
57 59 ####################################
58 60 ### CELERY CONFIG ####
@@ -125,16 +125,23 b' def get_crypt_password(password):'
125 125 def check_password(password, hashed):
126 126 return RhodeCodeCrypto.hash_check(password, hashed)
127 127
128 def generate_api_key(str_, salt=None):
129 """
130 Generates API KEY from given string
128 131
129 def generate_api_key(username, salt=None):
132 :param str_:
133 :param salt:
134 """
135
130 136 if salt is None:
131 137 salt = _RandomNameSequence().next()
132 138
133 return hashlib.sha1(username + salt).hexdigest()
139 return hashlib.sha1(str_ + salt).hexdigest()
134 140
135 141
136 142 def authfunc(environ, username, password):
137 """Dummy authentication function used in Mercurial/Git/ and access control,
143 """
144 Dummy authentication function used in Mercurial/Git/ and access control,
138 145
139 146 :param environ: needed only for using in Basic auth
140 147 """
@@ -142,7 +149,8 b' def authfunc(environ, username, password'
142 149
143 150
144 151 def authenticate(username, password):
145 """Authentication function used for access control,
152 """
153 Authentication function used for access control,
146 154 firstly checks for db authentication then if ldap is enabled for ldap
147 155 authentication, also creates ldap user if not in database
148 156
@@ -232,28 +240,30 b' def login_container_auth(username):'
232 240 'lastname': None,
233 241 'email': None,
234 242 }
235 if not user_model.create_for_container_auth(username, user_attrs):
243 user = user_model.create_for_container_auth(username, user_attrs)
244 if not user:
236 245 return None
237 user = User.get_by_username(username)
238 246 log.info('User %s was created by container authentication', username)
239 247
240 248 if not user.active:
241 249 return None
242 250
243 251 user.update_lastlogin()
244 log.debug('User %s is now logged in by container authentication', user.username)
252 log.debug('User %s is now logged in by container authentication',
253 user.username)
245 254 return user
246 255
247 def get_container_username(environ, cfg=config):
256 def get_container_username(environ, cfg):
248 257 from paste.httpheaders import REMOTE_USER
249 258 from paste.deploy.converters import asbool
250 259
260 proxy_pass_enabled = asbool(cfg.get('proxypass_auth_enabled', False))
251 261 username = REMOTE_USER(environ)
252 262
253 if not username and asbool(cfg.get('proxypass_auth_enabled', False)):
263 if not username and proxy_pass_enabled:
254 264 username = environ.get('HTTP_X_FORWARDED_USER')
255 265
256 if username:
266 if username and proxy_pass_enabled:
257 267 #Removing realm and domain from username
258 268 username = username.partition('@')[0]
259 269 username = username.rpartition('\\')[2]
@@ -290,14 +300,17 b' class AuthUser(object):'
290 300 user_model = UserModel()
291 301 self.anonymous_user = User.get_by_username('default')
292 302 is_user_loaded = False
303
304 # try go get user by api key
293 305 if self._api_key and self._api_key != self.anonymous_user.api_key:
294 #try go get user by api key
295 306 log.debug('Auth User lookup by API KEY %s', self._api_key)
296 307 is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
297 elif self.user_id is not None \
298 and self.user_id != self.anonymous_user.user_id:
308 # lookup by userid
309 elif (self.user_id is not None and
310 self.user_id != self.anonymous_user.user_id):
299 311 log.debug('Auth User lookup by USER ID %s', self.user_id)
300 312 is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
313 # lookup by username
301 314 elif self.username:
302 315 log.debug('Auth User lookup by USER NAME %s', self.username)
303 316 dbuser = login_container_auth(self.username)
@@ -308,9 +321,9 b' class AuthUser(object):'
308 321 is_user_loaded = True
309 322
310 323 if not is_user_loaded:
324 # if we cannot authenticate user try anonymous
311 325 if self.anonymous_user.active is True:
312 user_model.fill_data(self,
313 user_id=self.anonymous_user.user_id)
326 user_model.fill_data(self,user_id=self.anonymous_user.user_id)
314 327 #then we set this user is logged in
315 328 self.is_authenticated = True
316 329 else:
@@ -337,13 +350,13 b' class AuthUser(object):'
337 350 self.is_authenticated)
338 351
339 352 def set_authenticated(self, authenticated=True):
340
341 353 if self.user_id != self.anonymous_user.user_id:
342 354 self.is_authenticated = authenticated
343 355
344 356
345 357 def set_available_permissions(config):
346 """This function will propagate pylons globals with all available defined
358 """
359 This function will propagate pylons globals with all available defined
347 360 permission given in db. We don't want to check each time from db for new
348 361 permissions since adding a new permission also requires application restart
349 362 ie. to decorate new views with the newly created permission
@@ -661,3 +674,4 b' class HasPermissionAnyMiddleware(object)'
661 674 return True
662 675 log.debug('permission denied')
663 676 return False
677
@@ -33,8 +33,6 b' class BaseController(WSGIController):'
33 33 self.sa = meta.Session()
34 34 self.scm_model = ScmModel(self.sa)
35 35
36 #c.unread_journal = scm_model.get_unread_journal()
37
38 36 def __call__(self, environ, start_response):
39 37 """Invoke the Controller"""
40 38 # WSGIController.__call__ dispatches to the Controller method
@@ -42,15 +40,15 b' class BaseController(WSGIController):'
42 40 # available in environ['pylons.routes_dict']
43 41 start = time.time()
44 42 try:
45 # putting this here makes sure that we update permissions each time
43 # make sure that we update permissions each time we call controller
46 44 api_key = request.GET.get('api_key')
47 45 user_id = getattr(session.get('rhodecode_user'), 'user_id', None)
48 46 if asbool(config.get('container_auth_enabled', False)):
49 47 username = get_container_username(environ)
50 48 else:
51 49 username = None
52
53 self.rhodecode_user = c.rhodecode_user = AuthUser(user_id, api_key, username)
50 auth_user = AuthUser(user_id, api_key, username)
51 self.rhodecode_user = c.rhodecode_user = auth_user
54 52 if not self.rhodecode_user.is_authenticated and \
55 53 self.rhodecode_user.user_id is not None:
56 54 self.rhodecode_user.set_authenticated(
@@ -66,11 +64,13 b' class BaseController(WSGIController):'
66 64
67 65 class BaseRepoController(BaseController):
68 66 """
69 Base class for controllers responsible for loading all needed data
70 for those controllers, loaded items are
67 Base class for controllers responsible for loading all needed data for
68 repository loaded items are
71 69
72 c.rhodecode_repo: instance of scm repository (taken from cache)
73
70 c.rhodecode_repo: instance of scm repository
71 c.rhodecode_db_repo: instance of db
72 c.repository_followers: number of followers
73 c.repository_forks: number of forks
74 74 """
75 75
76 76 def __before__(self):
@@ -86,7 +86,6 b' class BaseRepoController(BaseController)'
86 86
87 87 redirect(url('home'))
88 88
89 c.repository_followers = \
90 self.scm_model.get_followers(c.repo_name)
89 c.repository_followers = self.scm_model.get_followers(c.repo_name)
91 90 c.repository_forks = self.scm_model.get_forks(c.repo_name)
92 91
@@ -106,20 +106,20 b' class UserModel(BaseModel):'
106 106 new_user.password = None
107 107 new_user.api_key = generate_api_key(username)
108 108 new_user.email = attrs['email']
109 new_user.active = True
109 new_user.active = attrs.get('active', True)
110 110 new_user.name = attrs['name']
111 111 new_user.lastname = attrs['lastname']
112 112
113 113 self.sa.add(new_user)
114 114 self.sa.commit()
115 return True
115 return new_user
116 116 except (DatabaseError,):
117 117 log.error(traceback.format_exc())
118 118 self.sa.rollback()
119 119 raise
120 log.debug('User %s already exists. Skipping creation of account for container auth.',
121 username)
122 return False
120 log.debug('User %s already exists. Skipping creation of account'
121 ' for container auth.', username)
122 return None
123 123
124 124 def create_ldap(self, username, password, user_dn, attrs):
125 125 """
@@ -148,14 +148,14 b' class UserModel(BaseModel):'
148 148
149 149 self.sa.add(new_user)
150 150 self.sa.commit()
151 return True
151 return new_user
152 152 except (DatabaseError,):
153 153 log.error(traceback.format_exc())
154 154 self.sa.rollback()
155 155 raise
156 156 log.debug('this %s user exists skipping creation of ldap account',
157 157 username)
158 return False
158 return None
159 159
160 160 def create_registration(self, form_data):
161 161 from rhodecode.lib.celerylib import tasks, run_task
@@ -21,7 +21,6 b' from webtest import TestApp'
21 21 from rhodecode.model import meta
22 22 import logging
23 23
24
25 24 log = logging.getLogger(__name__)
26 25
27 26 import pylons.test
1 NO CONTENT: file renamed from rhodecode/tests/test_concurency.py to rhodecode/tests/_test_concurency.py
@@ -51,6 +51,8 b' cut_off_limit = 256000'
51 51 force_https = false
52 52 commit_parse_limit = 25
53 53 use_gravatar = true
54 container_auth_enabled = false
55 proxypass_auth_enabled = false
54 56
55 57 ####################################
56 58 ### CELERY CONFIG ####
General Comments 0
You need to be logged in to leave comments. Login now