Show More
| @@ -53,6 +53,8 b' cut_off_limit = 256000' | |||||
| 53 | force_https = false |
|
53 | force_https = false | |
| 54 | commit_parse_limit = 25 |
|
54 | commit_parse_limit = 25 | |
| 55 | use_gravatar = true |
|
55 | use_gravatar = true | |
|
|
56 | container_auth_enabled = false | |||
|
|
57 | proxypass_auth_enabled = false | |||
| 56 |
|
58 | |||
| 57 | #################################### |
|
59 | #################################### | |
| 58 | ### CELERY CONFIG #### |
|
60 | ### CELERY CONFIG #### | |
| @@ -53,6 +53,8 b' cut_off_limit = 256000' | |||||
| 53 | force_https = false |
|
53 | force_https = false | |
| 54 | commit_parse_limit = 50 |
|
54 | commit_parse_limit = 50 | |
| 55 | use_gravatar = true |
|
55 | use_gravatar = true | |
|
|
56 | container_auth_enabled = false | |||
|
|
57 | proxypass_auth_enabled = false | |||
| 56 |
|
58 | |||
| 57 | #################################### |
|
59 | #################################### | |
| 58 | ### CELERY CONFIG #### |
|
60 | ### CELERY CONFIG #### | |
| @@ -125,16 +125,23 b' def get_crypt_password(password):' | |||||
| 125 | def check_password(password, hashed): |
|
125 | def check_password(password, hashed): | |
| 126 | return RhodeCodeCrypto.hash_check(password, hashed) |
|
126 | return RhodeCodeCrypto.hash_check(password, hashed) | |
| 127 |
|
127 | |||
|
|
128 | def generate_api_key(str_, salt=None): | |||
|
|
129 | """ | |||
|
|
130 | Generates API KEY from given string | |||
| 128 |
|
131 | |||
| 129 | def generate_api_key(username, salt=None): |
|
132 | :param str_: | |
|
|
133 | :param salt: | |||
|
|
134 | """ | |||
|
|
135 | ||||
| 130 | if salt is None: |
|
136 | if salt is None: | |
| 131 | salt = _RandomNameSequence().next() |
|
137 | salt = _RandomNameSequence().next() | |
| 132 |
|
138 | |||
| 133 |
return hashlib.sha1( |
|
139 | return hashlib.sha1(str_ + salt).hexdigest() | |
| 134 |
|
140 | |||
| 135 |
|
141 | |||
| 136 | def authfunc(environ, username, password): |
|
142 | def authfunc(environ, username, password): | |
| 137 | """Dummy authentication function used in Mercurial/Git/ and access control, |
|
143 | """ | |
|
|
144 | Dummy authentication function used in Mercurial/Git/ and access control, | |||
| 138 |
|
145 | |||
| 139 | :param environ: needed only for using in Basic auth |
|
146 | :param environ: needed only for using in Basic auth | |
| 140 | """ |
|
147 | """ | |
| @@ -142,7 +149,8 b' def authfunc(environ, username, password' | |||||
| 142 |
|
149 | |||
| 143 |
|
150 | |||
| 144 | def authenticate(username, password): |
|
151 | def authenticate(username, password): | |
| 145 | """Authentication function used for access control, |
|
152 | """ | |
|
|
153 | Authentication function used for access control, | |||
| 146 | firstly checks for db authentication then if ldap is enabled for ldap |
|
154 | firstly checks for db authentication then if ldap is enabled for ldap | |
| 147 | authentication, also creates ldap user if not in database |
|
155 | authentication, also creates ldap user if not in database | |
| 148 |
|
156 | |||
| @@ -232,28 +240,30 b' def login_container_auth(username):' | |||||
| 232 |
|
|
240 | 'lastname': None, | |
| 233 |
|
|
241 | 'email': None, | |
| 234 |
|
|
242 | } | |
| 235 |
|
|
243 | user = user_model.create_for_container_auth(username, user_attrs) | |
|
|
244 | if not user: | |||
| 236 | return None |
|
245 | return None | |
| 237 | user = User.get_by_username(username) |
|
|||
| 238 | log.info('User %s was created by container authentication', username) |
|
246 | log.info('User %s was created by container authentication', username) | |
| 239 |
|
247 | |||
| 240 | if not user.active: |
|
248 | if not user.active: | |
| 241 | return None |
|
249 | return None | |
| 242 |
|
250 | |||
| 243 | user.update_lastlogin() |
|
251 | user.update_lastlogin() | |
| 244 |
log.debug('User %s is now logged in by container authentication', |
|
252 | log.debug('User %s is now logged in by container authentication', | |
|
|
253 | user.username) | |||
| 245 | return user |
|
254 | return user | |
| 246 |
|
255 | |||
| 247 |
def get_container_username(environ, cfg |
|
256 | def get_container_username(environ, cfg): | |
| 248 | from paste.httpheaders import REMOTE_USER |
|
257 | from paste.httpheaders import REMOTE_USER | |
| 249 | from paste.deploy.converters import asbool |
|
258 | from paste.deploy.converters import asbool | |
| 250 |
|
259 | |||
|
|
260 | proxy_pass_enabled = asbool(cfg.get('proxypass_auth_enabled', False)) | |||
| 251 | username = REMOTE_USER(environ) |
|
261 | username = REMOTE_USER(environ) | |
| 252 |
|
262 | |||
| 253 |
if not username and |
|
263 | if not username and proxy_pass_enabled: | |
| 254 | username = environ.get('HTTP_X_FORWARDED_USER') |
|
264 | username = environ.get('HTTP_X_FORWARDED_USER') | |
| 255 |
|
265 | |||
| 256 | if username: |
|
266 | if username and proxy_pass_enabled: | |
| 257 | #Removing realm and domain from username |
|
267 | # Removing realm and domain from username | |
| 258 | username = username.partition('@')[0] |
|
268 | username = username.partition('@')[0] | |
| 259 | username = username.rpartition('\\')[2] |
|
269 | username = username.rpartition('\\')[2] | |
| @@ -290,14 +300,17 b' class AuthUser(object):' | |||||
| 290 | user_model = UserModel() |
|
300 | user_model = UserModel() | |
| 291 | self.anonymous_user = User.get_by_username('default') |
|
301 | self.anonymous_user = User.get_by_username('default') | |
| 292 | is_user_loaded = False |
|
302 | is_user_loaded = False | |
|
|
303 | ||||
|
|
304 | # try go get user by api key | |||
| 293 | if self._api_key and self._api_key != self.anonymous_user.api_key: |
|
305 | if self._api_key and self._api_key != self.anonymous_user.api_key: | |
| 294 | #try go get user by api key |
|
|||
| 295 | log.debug('Auth User lookup by API KEY %s', self._api_key) |
|
306 | log.debug('Auth User lookup by API KEY %s', self._api_key) | |
| 296 | is_user_loaded = user_model.fill_data(self, api_key=self._api_key) |
|
307 | is_user_loaded = user_model.fill_data(self, api_key=self._api_key) | |
| 297 | elif self.user_id is not None \ |
|
308 | # lookup by userid | |
| 298 | and self.user_id != self.anonymous_user.user_id: |
|
309 | elif (self.user_id is not None and | |
|
|
310 | self.user_id != self.anonymous_user.user_id): | |||
| 299 | log.debug('Auth User lookup by USER ID %s', self.user_id) |
|
311 | log.debug('Auth User lookup by USER ID %s', self.user_id) | |
| 300 | is_user_loaded = user_model.fill_data(self, user_id=self.user_id) |
|
312 | is_user_loaded = user_model.fill_data(self, user_id=self.user_id) | |
|
|
313 | # lookup by username | |||
| 301 | elif self.username: |
|
314 | elif self.username: | |
| 302 | log.debug('Auth User lookup by USER NAME %s', self.username) |
|
315 | log.debug('Auth User lookup by USER NAME %s', self.username) | |
| 303 | dbuser = login_container_auth(self.username) |
|
316 | dbuser = login_container_auth(self.username) | |
| @@ -308,9 +321,9 b' class AuthUser(object):' | |||||
| 308 | is_user_loaded = True |
|
321 | is_user_loaded = True | |
| 309 |
|
322 | |||
| 310 | if not is_user_loaded: |
|
323 | if not is_user_loaded: | |
|
|
324 | # if we cannot authenticate user try anonymous | |||
| 311 | if self.anonymous_user.active is True: |
|
325 | if self.anonymous_user.active is True: | |
| 312 | user_model.fill_data(self, |
|
326 | user_model.fill_data(self,user_id=self.anonymous_user.user_id) | |
| 313 | user_id=self.anonymous_user.user_id) |
|
|||
| 314 | #then we set this user is logged in |
|
327 | # then we set this user is logged in | |
| 315 | self.is_authenticated = True |
|
328 | self.is_authenticated = True | |
| 316 | else: |
|
329 | else: | |
| @@ -337,13 +350,13 b' class AuthUser(object):' | |||||
| 337 | self.is_authenticated) |
|
350 | self.is_authenticated) | |
| 338 |
|
351 | |||
| 339 | def set_authenticated(self, authenticated=True): |
|
352 | def set_authenticated(self, authenticated=True): | |
| 340 |
|
||||
| 341 | if self.user_id != self.anonymous_user.user_id: |
|
353 | if self.user_id != self.anonymous_user.user_id: | |
| 342 | self.is_authenticated = authenticated |
|
354 | self.is_authenticated = authenticated | |
| 343 |
|
355 | |||
| 344 |
|
356 | |||
| 345 | def set_available_permissions(config): |
|
357 | def set_available_permissions(config): | |
| 346 | """This function will propagate pylons globals with all available defined |
|
358 | """ | |
|
|
359 | This function will propagate pylons globals with all available defined | |||
| 347 | permission given in db. We don't want to check each time from db for new |
|
360 | permission given in db. We don't want to check each time from db for new | |
| 348 | permissions since adding a new permission also requires application restart |
|
361 | permissions since adding a new permission also requires application restart | |
| 349 | ie. to decorate new views with the newly created permission |
|
362 | ie. to decorate new views with the newly created permission | |
| @@ -661,3 +674,4 b' class HasPermissionAnyMiddleware(object)' | |||||
| 661 | return True |
|
674 | return True | |
| 662 | log.debug('permission denied') |
|
675 | log.debug('permission denied') | |
| 663 | return False |
|
676 | return False | |
|
|
677 | ||||
| @@ -33,8 +33,6 b' class BaseController(WSGIController):' | |||||
| 33 | self.sa = meta.Session() |
|
33 | self.sa = meta.Session() | |
| 34 | self.scm_model = ScmModel(self.sa) |
|
34 | self.scm_model = ScmModel(self.sa) | |
| 35 |
|
35 | |||
| 36 | #c.unread_journal = scm_model.get_unread_journal() |
|
|||
| 37 |
|
||||
| 38 | def __call__(self, environ, start_response): |
|
36 | def __call__(self, environ, start_response): | |
| 39 | """Invoke the Controller""" |
|
37 | """Invoke the Controller""" | |
| 40 | # WSGIController.__call__ dispatches to the Controller method |
|
38 | # WSGIController.__call__ dispatches to the Controller method | |
| @@ -42,15 +40,15 b' class BaseController(WSGIController):' | |||||
| 42 | # available in environ['pylons.routes_dict'] |
|
40 | # available in environ['pylons.routes_dict'] | |
| 43 | start = time.time() |
|
41 | start = time.time() | |
| 44 | try: |
|
42 | try: | |
| 45 |
# |
|
43 | # make sure that we update permissions each time we call controller | |
| 46 | api_key = request.GET.get('api_key') |
|
44 | api_key = request.GET.get('api_key') | |
| 47 | user_id = getattr(session.get('rhodecode_user'), 'user_id', None) |
|
45 | user_id = getattr(session.get('rhodecode_user'), 'user_id', None) | |
| 48 | if asbool(config.get('container_auth_enabled', False)): |
|
46 | if asbool(config.get('container_auth_enabled', False)): | |
| 49 | username = get_container_username(environ) |
|
47 | username = get_container_username(environ) | |
| 50 | else: |
|
48 | else: | |
| 51 | username = None |
|
49 | username = None | |
| 52 |
|
50 | auth_user = AuthUser(user_id, api_key, username) | ||
| 53 |
self.rhodecode_user = c.rhodecode_user = |
|
51 | self.rhodecode_user = c.rhodecode_user = auth_user | |
| 54 | if not self.rhodecode_user.is_authenticated and \ |
|
52 | if not self.rhodecode_user.is_authenticated and \ | |
| 55 | self.rhodecode_user.user_id is not None: |
|
53 | self.rhodecode_user.user_id is not None: | |
| 56 | self.rhodecode_user.set_authenticated( |
|
54 | self.rhodecode_user.set_authenticated( | |
| @@ -66,11 +64,13 b' class BaseController(WSGIController):' | |||||
| 66 |
|
64 | |||
| 67 | class BaseRepoController(BaseController): |
|
65 | class BaseRepoController(BaseController): | |
| 68 | """ |
|
66 | """ | |
| 69 | Base class for controllers responsible for loading all needed data |
|
67 | Base class for controllers responsible for loading all needed data for | |
| 70 |
|
|
68 | repository loaded items are | |
| 71 |
|
69 | |||
| 72 |
c.rhodecode_repo: instance of scm repository |
|
70 | c.rhodecode_repo: instance of scm repository | |
| 73 |
|
71 | c.rhodecode_db_repo: instance of db | ||
|
|
72 | c.repository_followers: number of followers | |||
|
|
73 | c.repository_forks: number of forks | |||
| 74 | """ |
|
74 | """ | |
| 75 |
|
75 | |||
| 76 | def __before__(self): |
|
76 | def __before__(self): | |
| @@ -86,7 +86,6 b' class BaseRepoController(BaseController)' | |||||
| 86 |
|
86 | |||
| 87 | redirect(url('home')) |
|
87 | redirect(url('home')) | |
| 88 |
|
88 | |||
| 89 |
c.repository_followers = |
|
89 | c.repository_followers = self.scm_model.get_followers(c.repo_name) | |
| 90 | self.scm_model.get_followers(c.repo_name) |
|
|||
| 91 | c.repository_forks = self.scm_model.get_forks(c.repo_name) |
|
90 | c.repository_forks = self.scm_model.get_forks(c.repo_name) | |
| 92 |
|
91 | |||
| @@ -106,20 +106,20 b' class UserModel(BaseModel):' | |||||
| 106 | new_user.password = None |
|
106 | new_user.password = None | |
| 107 | new_user.api_key = generate_api_key(username) |
|
107 | new_user.api_key = generate_api_key(username) | |
| 108 | new_user.email = attrs['email'] |
|
108 | new_user.email = attrs['email'] | |
| 109 | new_user.active = True |
|
109 | new_user.active = attrs.get('active', True) | |
| 110 | new_user.name = attrs['name'] |
|
110 | new_user.name = attrs['name'] | |
| 111 | new_user.lastname = attrs['lastname'] |
|
111 | new_user.lastname = attrs['lastname'] | |
| 112 |
|
112 | |||
| 113 | self.sa.add(new_user) |
|
113 | self.sa.add(new_user) | |
| 114 | self.sa.commit() |
|
114 | self.sa.commit() | |
| 115 |
return |
|
115 | return new_user | |
| 116 | except (DatabaseError,): |
|
116 | except (DatabaseError,): | |
| 117 | log.error(traceback.format_exc()) |
|
117 | log.error(traceback.format_exc()) | |
| 118 | self.sa.rollback() |
|
118 | self.sa.rollback() | |
| 119 | raise |
|
119 | raise | |
| 120 |
log.debug('User %s already exists. Skipping creation of account |
|
120 | log.debug('User %s already exists. Skipping creation of account' | |
| 121 | username) |
|
121 | ' for container auth.', username) | |
| 122 |
return |
|
122 | return None | |
| 123 |
|
123 | |||
| 124 | def create_ldap(self, username, password, user_dn, attrs): |
|
124 | def create_ldap(self, username, password, user_dn, attrs): | |
| 125 | """ |
|
125 | """ | |
| @@ -148,14 +148,14 b' class UserModel(BaseModel):' | |||||
| 148 |
|
148 | |||
| 149 | self.sa.add(new_user) |
|
149 | self.sa.add(new_user) | |
| 150 | self.sa.commit() |
|
150 | self.sa.commit() | |
| 151 |
return |
|
151 | return new_user | |
| 152 | except (DatabaseError,): |
|
152 | except (DatabaseError,): | |
| 153 | log.error(traceback.format_exc()) |
|
153 | log.error(traceback.format_exc()) | |
| 154 | self.sa.rollback() |
|
154 | self.sa.rollback() | |
| 155 | raise |
|
155 | raise | |
| 156 | log.debug('this %s user exists skipping creation of ldap account', |
|
156 | log.debug('this %s user exists skipping creation of ldap account', | |
| 157 | username) |
|
157 | username) | |
| 158 |
return |
|
158 | return None | |
| 159 |
|
159 | |||
| 160 | def create_registration(self, form_data): |
|
160 | def create_registration(self, form_data): | |
| 161 | from rhodecode.lib.celerylib import tasks, run_task |
|
161 | from rhodecode.lib.celerylib import tasks, run_task | |
| @@ -21,7 +21,6 b' from webtest import TestApp' | |||||
| 21 | from rhodecode.model import meta |
|
21 | from rhodecode.model import meta | |
| 22 | import logging |
|
22 | import logging | |
| 23 |
|
23 | |||
| 24 |
|
||||
| 25 | log = logging.getLogger(__name__) |
|
24 | log = logging.getLogger(__name__) | |
| 26 |
|
25 | |||
| 27 | import pylons.test |
|
26 | import pylons.test | |
| 1 | NO CONTENT: file renamed from rhodecode/tests/test_concurency.py to rhodecode/tests/_test_concurency.py |
|
NO CONTENT: file renamed from rhodecode/tests/test_concurency.py to rhodecode/tests/_test_concurency.py |
| @@ -51,6 +51,8 b' cut_off_limit = 256000' | |||||
| 51 | force_https = false |
|
51 | force_https = false | |
| 52 | commit_parse_limit = 25 |
|
52 | commit_parse_limit = 25 | |
| 53 | use_gravatar = true |
|
53 | use_gravatar = true | |
|
|
54 | container_auth_enabled = false | |||
|
|
55 | proxypass_auth_enabled = false | |||
| 54 |
|
56 | |||
| 55 | #################################### |
|
57 | #################################### | |
| 56 | ### CELERY CONFIG #### |
|
58 | ### CELERY CONFIG #### | |
General Comments 0
You need to be logged in to leave comments.
Login now