upstream/kallithea Commit - r2100:f0649c7c

fixed some unicode problems with waitress...

marcink -

r2100:f0649c7c beta

parent child

rhodecode/lib/auth.py

0 +6 -1

             # -*- coding: utf-8 -*-
             """
                 rhodecode.lib.auth
                 ~~~~~~~~~~~~~~~~~~
                 authentication and permission libraries
                 :created_on: Apr 4, 2010
                 :author: marcink
                 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import random
             import logging
             import traceback
             import hashlib
             from tempfile import _RandomNameSequence
             from decorator import decorator
             from pylons import config, url, request
             from pylons.controllers.util import abort, redirect
             from pylons.i18n.translation import _
             from rhodecode import __platform__, PLATFORM_WIN, PLATFORM_OTHERS
             from rhodecode.model.meta import Session
             if __platform__ in PLATFORM_WIN:
                 from hashlib import sha256
             if __platform__ in PLATFORM_OTHERS:
                 import bcrypt
             from rhodecode.lib import str2bool, safe_unicode
             from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError
             from rhodecode.lib.utils import get_repo_slug, get_repos_group_slug
             from rhodecode.lib.auth_ldap import AuthLdap
             from rhodecode.model import meta
             from rhodecode.model.user import UserModel
             from rhodecode.model.db import Permission, RhodeCodeSetting, User
             log = logging.getLogger(__name__)
             class PasswordGenerator(object):
                 """
                 This is a simple class for generating password from different sets of
                 characters
                 usage::
                     passwd_gen = PasswordGenerator()
                     #print 8-letter password containing only big and small letters
                         of alphabet
                     print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
                 """
                 ALPHABETS_NUM = r'''1234567890'''
                 ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''
                 ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''
                 ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''
                 ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \
                     + ALPHABETS_NUM + ALPHABETS_SPECIAL
                 ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM
                 ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
                 ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM
                 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM
                 def __init__(self, passwd=''):
                     self.passwd = passwd
                 def gen_password(self, length, type_=None):
                     if type_ is None:
                         type_ = self.ALPHABETS_FULL
                     self.passwd = ''.join([random.choice(type_) for _ in xrange(length)])
                     return self.passwd
             class RhodeCodeCrypto(object):
                 @classmethod
                 def hash_string(cls, str_):
                     """
                     Cryptographic function used for password hashing based on pybcrypt
                     or pycrypto in windows
                     :param password: password to hash
                     """
                     if __platform__ in PLATFORM_WIN:
                         return sha256(str_).hexdigest()
                     elif __platform__ in PLATFORM_OTHERS:
                         return bcrypt.hashpw(str_, bcrypt.gensalt(10))
                     else:
                         raise Exception('Unknown or unsupported platform %s' \
                                         % __platform__)
                 @classmethod
                 def hash_check(cls, password, hashed):
                     """
                     Checks matching password with it's hashed value, runs different
                     implementation based on platform it runs on
                     :param password: password
                     :param hashed: password in hashed form
                     """
                     if __platform__ in PLATFORM_WIN:
                         return sha256(password).hexdigest() == hashed
                     elif __platform__ in PLATFORM_OTHERS:
                         return bcrypt.hashpw(password, hashed) == hashed
                     else:
                         raise Exception('Unknown or unsupported platform %s' \
                                         % __platform__)
             def get_crypt_password(password):
                 return RhodeCodeCrypto.hash_string(password)
             def check_password(password, hashed):
                 return RhodeCodeCrypto.hash_check(password, hashed)
             def generate_api_key(str_, salt=None):
                 """
                 Generates API KEY from given string
                 :param str_:
                 :param salt:
                 """
                 if salt is None:
                     salt = _RandomNameSequence().next()
                 return hashlib.sha1(str_ + salt).hexdigest()
             def authfunc(environ, username, password):
                 """
                 Dummy authentication wrapper function used in Mercurial and Git for
                 access control.
                 :param environ: needed only for using in Basic auth
                 """
                 return authenticate(username, password)
             def authenticate(username, password):
                 """
                 Authentication function used for access control,
                 firstly checks for db authentication then if ldap is enabled for ldap
                 authentication, also creates ldap user if not in database
                 :param username: username
                 :param password: password
                 """
                 user_model = UserModel()
                 user = User.get_by_username(username)
                 log.debug('Authenticating user using RhodeCode account')
                 if user is not None and not user.ldap_dn:
                     if user.active:
                         if user.username == 'default' and user.active:
                             log.info('user %s authenticated correctly as anonymous user' %
                                      username)
                             return True
                         elif user.username == username and check_password(password,
                                                                           user.password):
                             log.info('user %s authenticated correctly' % username)
                             return True
                     else:
                         log.warning('user %s tried auth but is disabled' % username)
                 else:
                     log.debug('Regular authentication failed')
                     user_obj = User.get_by_username(username, case_insensitive=True)
                     if user_obj is not None and not user_obj.ldap_dn:
                         log.debug('this user already exists as non ldap')
                         return False
                     ldap_settings = RhodeCodeSetting.get_ldap_settings()
                     #======================================================================
                     # FALLBACK TO LDAP AUTH IF ENABLE
                     #======================================================================
                     if str2bool(ldap_settings.get('ldap_active')):
                         log.debug("Authenticating user using ldap")
                         kwargs = {
                               'server': ldap_settings.get('ldap_host', ''),
                               'base_dn': ldap_settings.get('ldap_base_dn', ''),
                               'port': ldap_settings.get('ldap_port'),
                               'bind_dn': ldap_settings.get('ldap_dn_user'),
                               'bind_pass': ldap_settings.get('ldap_dn_pass'),
                               'tls_kind': ldap_settings.get('ldap_tls_kind'),
                               'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),
                               'ldap_filter': ldap_settings.get('ldap_filter'),
                               'search_scope': ldap_settings.get('ldap_search_scope'),
                               'attr_login': ldap_settings.get('ldap_attr_login'),
                               'ldap_version': 3,
                               }
                         log.debug('Checking for ldap authentication')
                         try:
                             aldap = AuthLdap(**kwargs)
                             (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,
                                                                             password)
                             log.debug('Got ldap DN response %s' % user_dn)
                             get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\
                                                                        .get(k), [''])[0]
                             user_attrs = {
                              'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),
                              'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),
                              'email': get_ldap_attr('ldap_attr_email'),
                             }
                             # don't store LDAP password since we don't need it. Override
                             # with some random generated password
                             _password = PasswordGenerator().gen_password(length=8)
                             # create this user on the fly if it doesn't exist in rhodecode
                             # database
                             if user_model.create_ldap(username, _password, user_dn,
                                                       user_attrs):
                                 log.info('created new ldap user %s' % username)
                             Session.commit()
                             return True
                         except (LdapUsernameError, LdapPasswordError,):
                             pass
                         except (Exception,):
                             log.error(traceback.format_exc())
                             pass
                 return False
             def login_container_auth(username):
                 user = User.get_by_username(username)
                 if user is None:
                     user_attrs = {
                         'name': username,
                         'lastname': None,
                         'email': None,
                     }
                     user = UserModel().create_for_container_auth(username, user_attrs)
                     if not user:
                         return None
                     log.info('User %s was created by container authentication' % username)
                 if not user.active:
                     return None
                 user.update_lastlogin()
                 Session.commit()
                 log.debug('User %s is now logged in by container authentication',
                           user.username)
                 return user
             def get_container_username(environ, config):
                 username = None
                 if str2bool(config.get('container_auth_enabled', False)):
                     from paste.httpheaders import REMOTE_USER
                     username = REMOTE_USER(environ)
                 if not username and str2bool(config.get('proxypass_auth_enabled', False)):
                     username = environ.get('HTTP_X_FORWARDED_USER')
                 if username:
                     # Removing realm and domain from username
                     username = username.partition('@')[0]
                     username = username.rpartition('\\')[2]
                     log.debug('Received username %s from container' % username)
                 return username
             class CookieStoreWrapper(object):
                 def __init__(self, cookie_store):
                     self.cookie_store = cookie_store
                 def __repr__(self):
                     return 'CookieStore<%s>' % (self.cookie_store)
                 def get(self, key, other=None):
                     if isinstance(self.cookie_store, dict):
                         return self.cookie_store.get(key, other)
                     elif isinstance(self.cookie_store, AuthUser):
                         return self.cookie_store.__dict__.get(key, other)
             class  AuthUser(object):
                 """
                 A simple object that handles all attributes of user in RhodeCode
                 It does lookup based on API key,given user, or user present in session
                 Then it fills all required information for such user. It also checks if
                 anonymous access is enabled and if so, it returns default user as logged
                 in
                 """
                 def __init__(self, user_id=None, api_key=None, username=None):
                     self.user_id = user_id
                     self.api_key = None
                     self.username = username
                     self.name = ''
                     self.lastname = ''
                     self.email = ''
                     self.is_authenticated = False
                     self.admin = False
                     self.permissions = {}
                     self._api_key = api_key
                     self.propagate_data()
                     self._instance = None
                 def propagate_data(self):
                     user_model = UserModel()
                     self.anonymous_user = User.get_by_username('default', cache=True)
                     is_user_loaded = False
                     # try go get user by api key
                     if self._api_key and self._api_key != self.anonymous_user.api_key:
                         log.debug('Auth User lookup by API KEY %s' % self._api_key)
                         is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
                     # lookup by userid
                     elif (self.user_id is not None and
                           self.user_id != self.anonymous_user.user_id):
                         log.debug('Auth User lookup by USER ID %s' % self.user_id)
                         is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
                     # lookup by username
                     elif self.username and \
                         str2bool(config.get('container_auth_enabled', False)):
                         log.debug('Auth User lookup by USER NAME %s' % self.username)
                         dbuser = login_container_auth(self.username)
                         if dbuser is not None:
                             for k, v in dbuser.get_dict().items():
                                 setattr(self, k, v)
                             self.set_authenticated()
                             is_user_loaded = True
                     else:
                         log.debug('No data in %s that could been used to log in' % self)
                     if not is_user_loaded:
                         # if we cannot authenticate user try anonymous
                         if self.anonymous_user.active is True:
                             user_model.fill_data(self, user_id=self.anonymous_user.user_id)
                             # then we set this user is logged in
                             self.is_authenticated = True
                         else:
                             self.user_id = None
                             self.username = None
                             self.is_authenticated = False
                     if not self.username:
                         self.username = 'None'
                     log.debug('Auth User is now %s' % self)
                     user_model.fill_perms(self)
                 @property
                 def is_admin(self):
                     return self.admin
                 def __repr__(self):
                     return "<AuthUser('id:%s:%s|%s')>" % (self.user_id, self.username,
                                                           self.is_authenticated)
                 def set_authenticated(self, authenticated=True):
                     if self.user_id != self.anonymous_user.user_id:
                         self.is_authenticated = authenticated
                 def get_cookie_store(self):
                     return {'username': self.username,
                             'user_id': self.user_id,
                             'is_authenticated': self.is_authenticated}
                 @classmethod
                 def from_cookie_store(cls, cookie_store):
                     """
                     Creates AuthUser from a cookie store
                     :param cls:
                     :param cookie_store:
                     """
                     user_id = cookie_store.get('user_id')
                     username = cookie_store.get('username')
                     api_key = cookie_store.get('api_key')
                     return AuthUser(user_id, api_key, username)
             def set_available_permissions(config):
                 """
                 This function will propagate pylons globals with all available defined
                 permission given in db. We don't want to check each time from db for new
                 permissions since adding a new permission also requires application restart
                 ie. to decorate new views with the newly created permission
                 :param config: current pylons config instance
                 """
                 log.info('getting information about all available permissions')
                 try:
                     sa = meta.Session
                     all_perms = sa.query(Permission).all()
                 except Exception:
                     pass
                 finally:
                     meta.Session.remove()
                 config['available_permissions'] = [x.permission_name for x in all_perms]
             #==============================================================================
             # CHECK DECORATORS
             #==============================================================================
             class LoginRequired(object):
                 """
                 Must be logged in to execute this function else
                 redirect to login page
                 :param api_access: if enabled this checks only for valid auth token
                     and grants access based on valid token
                 """
                 def __init__(self, api_access=False):
                     self.api_access = api_access
                 def __call__(self, func):
                     return decorator(self.__wrapper, func)
                 def __wrapper(self, func, *fargs, **fkwargs):
                     cls = fargs[0]
                     user = cls.rhodecode_user
                     api_access_ok = False
                     if self.api_access:
                         log.debug('Checking API KEY access for %s' % cls)
                         if user.api_key == request.GET.get('api_key'):
                             api_access_ok = True
                         else:
                             log.debug("API KEY token not valid")
                     loc = "%s:%s" % (cls.__class__.__name__, func.__name__)
                     log.debug('Checking if %s is authenticated @ %s' % (user.username, loc))
                     if user.is_authenticated or api_access_ok:
                         log.info('user %s is authenticated and granted access to %s' % (
                                    user.username, loc)
                         )
                         return func(*fargs, **fkwargs)
                     else:
                         log.warn('user %s NOT authenticated on func: %s' % (
                             user, loc)
                         )
                         p = url.current()
                         log.debug('redirecting to login page with %s' % p)
                         return redirect(url('login_home', came_from=p))
             class NotAnonymous(object):
                 """
                 Must be logged in to execute this function else
                 redirect to login page"""
                 def __call__(self, func):
                     return decorator(self.__wrapper, func)
                 def __wrapper(self, func, *fargs, **fkwargs):
                     cls = fargs[0]
                     self.user = cls.rhodecode_user
                     log.debug('Checking if user is not anonymous @%s' % cls)
                     anonymous = self.user.username == 'default'
                     if anonymous:
                         p = url.current()
                         import rhodecode.lib.helpers as h
                         h.flash(_('You need to be a registered user to '
                                   'perform this action'),
                                 category='warning')
                         return redirect(url('login_home', came_from=p))
                     else:
                         return func(*fargs, **fkwargs)
             class PermsDecorator(object):
                 """Base class for controller decorators"""
                 def __init__(self, *required_perms):
                     available_perms = config['available_permissions']
                     for perm in required_perms:
                         if perm not in available_perms:
                             raise Exception("'%s' permission is not defined" % perm)
                     self.required_perms = set(required_perms)
                     self.user_perms = None
                 def __call__(self, func):
                     return decorator(self.__wrapper, func)
                 def __wrapper(self, func, *fargs, **fkwargs):
                     cls = fargs[0]
                     self.user = cls.rhodecode_user
                     self.user_perms = self.user.permissions
                     log.debug('checking %s permissions %s for %s %s',
                        self.__class__.__name__, self.required_perms, cls,
                            self.user)
                     if self.check_permissions():
                         log.debug('Permission granted for %s %s' % (cls, self.user))
                         return func(*fargs, **fkwargs)
                     else:
                         log.debug('Permission denied for %s %s' % (cls, self.user))
                         anonymous = self.user.username == 'default'
                         if anonymous:
                             p = url.current()
                             import rhodecode.lib.helpers as h
                             h.flash(_('You need to be a signed in to '
                                       'view this page'),
                                     category='warning')
                             return redirect(url('login_home', came_from=p))
                         else:
                             # redirect with forbidden ret code
                             return abort(403)
                 def check_permissions(self):
                     """Dummy function for overriding"""
                     raise Exception('You have to write this function in child class')
             class HasPermissionAllDecorator(PermsDecorator):
                 """
                 Checks for access permission for all given predicates. All of them
                 have to be meet in order to fulfill the request
                 """
                 def check_permissions(self):
                     if self.required_perms.issubset(self.user_perms.get('global')):
                         return True
                     return False
             class HasPermissionAnyDecorator(PermsDecorator):
                 """
                 Checks for access permission for any of given predicates. In order to
                 fulfill the request any of predicates must be meet
                 """
                 def check_permissions(self):
                     if self.required_perms.intersection(self.user_perms.get('global')):
                         return True
                     return False
             class HasRepoPermissionAllDecorator(PermsDecorator):
                 """
                 Checks for access permission for all given predicates for specific
                 repository. All of them have to be meet in order to fulfill the request
                 """
                 def check_permissions(self):
                     repo_name = get_repo_slug(request)
                     try:
                         user_perms = set([self.user_perms['repositories'][repo_name]])
                     except KeyError:
                         return False
                     if self.required_perms.issubset(user_perms):
                         return True
                     return False
             class HasRepoPermissionAnyDecorator(PermsDecorator):
                 """
                 Checks for access permission for any of given predicates for specific
                 repository. In order to fulfill the request any of predicates must be meet
                 """
                 def check_permissions(self):
                     repo_name = get_repo_slug(request)
                     try:
                         user_perms = set([self.user_perms['repositories'][repo_name]])
                     except KeyError:
                         return False
                     if self.required_perms.intersection(user_perms):
                         return True
                     return False
             class HasReposGroupPermissionAllDecorator(PermsDecorator):
                 """
                 Checks for access permission for all given predicates for specific
                 repository. All of them have to be meet in order to fulfill the request
                 """
                 def check_permissions(self):
                     group_name = get_repos_group_slug(request)
                     try:
                         user_perms = set([self.user_perms['repositories_groups'][group_name]])
                     except KeyError:
                         return False
                     if self.required_perms.issubset(user_perms):
                         return True
                     return False
             class HasReposGroupPermissionAnyDecorator(PermsDecorator):
                 """
                 Checks for access permission for any of given predicates for specific
                 repository. In order to fulfill the request any of predicates must be meet
                 """
                 def check_permissions(self):
                     group_name = get_repos_group_slug(request)
                     try:
                         user_perms = set([self.user_perms['repositories_groups'][group_name]])
                     except KeyError:
                         return False
                     if self.required_perms.intersection(user_perms):
                         return True
                     return False
             #==============================================================================
             # CHECK FUNCTIONS
             #==============================================================================
             class PermsFunction(object):
                 """Base function for other check functions"""
                 def __init__(self, *perms):
                     available_perms = config['available_permissions']
                     for perm in perms:
                         if perm not in available_perms:
                             raise Exception("'%s' permission in not defined" % perm)
                     self.required_perms = set(perms)
                     self.user_perms = None
                     self.granted_for = ''
                     self.repo_name = None
                 def __call__(self, check_Location=''):
                     user = request.user
                     log.debug('checking %s %s %s', self.__class__.__name__,
                               self.required_perms, user)
                     if not user:
                         log.debug('Empty request user')
                         return False
                     self.user_perms = user.permissions
                     self.granted_for = user
                     if self.check_permissions():
                         log.debug('Permission granted %s @ %s', self.granted_for,
                                   check_Location or 'unspecified location')
                         return True
                     else:
                         log.debug('Permission denied for %s @ %s', self.granted_for,
                                     check_Location or 'unspecified location')
                         return False
                 def check_permissions(self):
                     """Dummy function for overriding"""
                     raise Exception('You have to write this function in child class')
             class HasPermissionAll(PermsFunction):
                 def check_permissions(self):
                     if self.required_perms.issubset(self.user_perms.get('global')):
                         return True
                     return False
             class HasPermissionAny(PermsFunction):
                 def check_permissions(self):
                     if self.required_perms.intersection(self.user_perms.get('global')):
                         return True
                     return False
             class HasRepoPermissionAll(PermsFunction):
                 def __call__(self, repo_name=None, check_Location=''):
                     self.repo_name = repo_name
                     return super(HasRepoPermissionAll, self).__call__(check_Location)
                 def check_permissions(self):
                     if not self.repo_name:
                         self.repo_name = get_repo_slug(request)
                     try:
                         self.user_perms = set(
                             [self.user_perms['repositories'][self.repo_name]]
                         )
                     except KeyError:
                         return False
                     self.granted_for = self.repo_name
                     if self.required_perms.issubset(self.user_perms):
                         return True
                     return False
             class HasRepoPermissionAny(PermsFunction):
                 def __call__(self, repo_name=None, check_Location=''):
                     self.repo_name = repo_name
                     return super(HasRepoPermissionAny, self).__call__(check_Location)
                 def check_permissions(self):
                     if not self.repo_name:
                         self.repo_name = get_repo_slug(request)
                     try:
                         self.user_perms = set(
                             [self.user_perms['repositories'][self.repo_name]]
                         )
                     except KeyError:
                         return False
                     self.granted_for = self.repo_name
                     if self.required_perms.intersection(self.user_perms):
                         return True
                     return False
             class HasReposGroupPermissionAny(PermsFunction):
                 def __call__(self, group_name=None, check_Location=''):
                     self.group_name = group_name
                     return super(HasReposGroupPermissionAny, self).__call__(check_Location)
                 def check_permissions(self):
                     try:
                         self.user_perms = set(
                             [self.user_perms['repositories_groups'][self.group_name]]
                         )
                     except KeyError:
                         return False
                     self.granted_for = self.repo_name
                     if self.required_perms.intersection(self.user_perms):
                         return True
                     return False
             class HasReposGroupPermissionAll(PermsFunction):
                 def __call__(self, group_name=None, check_Location=''):
                     self.group_name = group_name
                     return super(HasReposGroupPermissionAny, self).__call__(check_Location)
                 def check_permissions(self):
                     try:
                         self.user_perms = set(
                             [self.user_perms['repositories_groups'][self.group_name]]
                         )
                     except KeyError:
                         return False
                     self.granted_for = self.repo_name
                     if self.required_perms.issubset(self.user_perms):
                         return True
                     return False
             #==============================================================================
             # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
             #==============================================================================
             class HasPermissionAnyMiddleware(object):
                 def __init__(self, *perms):
                     self.required_perms = set(perms)
                 def __call__(self, user, repo_name):
+                    # repo_name MUST be unicode, since we handle keys in permission
+                    # dict by unicode
+                    repo_name = safe_unicode(repo_name)
                     usr = AuthUser(user.user_id)
                     try:
                         self.user_perms = set([usr.permissions['repositories'][repo_name]])
-                    except:
+                    except Exception:
+                        log.error('Exception while accessing permissions %s' %
+                                  traceback.format_exc())
                         self.user_perms = set()
                     self.granted_for = ''
                     self.username = user.username
                     self.repo_name = repo_name
                     return self.check_permissions()
                 def check_permissions(self):
                     log.debug('checking mercurial protocol '
                               'permissions %s for user:%s repository:%s', self.user_perms,
                                                             self.username, self.repo_name)
                     if self.required_perms.intersection(self.user_perms):
                         log.debug('permission granted')
                         return True
                     log.debug('permission denied')
                     return False

rhodecode/lib/middleware/simplegit.py

0 +4 -3

             # -*- coding: utf-8 -*-
             """
                 rhodecode.lib.middleware.simplegit
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                 SimpleGit middleware for handling git protocol request (push/clone etc.)
                 It's implemented with basic auth function
                 :created_on: Apr 28, 2010
                 :author: marcink
                 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import os
             import re
             import logging
             import traceback
             from dulwich import server as dulserver
             class SimpleGitUploadPackHandler(dulserver.UploadPackHandler):
                 def handle(self):
                     write = lambda x: self.proto.write_sideband(1, x)
                     graph_walker = dulserver.ProtocolGraphWalker(self,
                                                                  self.repo.object_store,
                                                                  self.repo.get_peeled)
                     objects_iter = self.repo.fetch_objects(
                       graph_walker.determine_wants, graph_walker, self.progress,
                       get_tagged=self.get_tagged)
                     # Do they want any objects?
                     if objects_iter is None or len(objects_iter) == 0:
                         return
                     self.progress("counting objects: %d, done.\n" % len(objects_iter))
                     dulserver.write_pack_objects(dulserver.ProtocolFile(None, write),
                                               objects_iter, len(objects_iter))
                     messages = []
                     messages.append('thank you for using rhodecode')
                     for msg in messages:
                         self.progress(msg + "\n")
                     # we are done
                     self.proto.write("0000")
             dulserver.DEFAULT_HANDLERS = {
               'git-upload-pack': SimpleGitUploadPackHandler,
               'git-receive-pack': dulserver.ReceivePackHandler,
             }
             from dulwich.repo import Repo
             from dulwich.web import HTTPGitApplication
             from paste.httpheaders import REMOTE_USER, AUTH_TYPE
             from rhodecode.lib import safe_str
             from rhodecode.lib.base import BaseVCSController
             from rhodecode.lib.auth import get_container_username
             from rhodecode.lib.utils import is_valid_repo
             from rhodecode.model.db import User
             from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError
             log = logging.getLogger(__name__)
             GIT_PROTO_PAT = re.compile(r'^/(.+)/(info/refs|git-upload-pack|git-receive-pack)')
             def is_git(environ):
                 path_info = environ['PATH_INFO']
                 isgit_path = GIT_PROTO_PAT.match(path_info)
-                log.debug('is a git path %s pathinfo : %s' % (isgit_path, path_info))
+                log.debug('pathinfo: %s detected as GIT %s' % (
+                    path_info, isgit_path != None)
+                )
                 return isgit_path
             class SimpleGit(BaseVCSController):
                 def _handle_request(self, environ, start_response):
                     if not is_git(environ):
                         return self.application(environ, start_response)
                     proxy_key = 'HTTP_X_REAL_IP'
                     def_key = 'REMOTE_ADDR'
                     ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0'))
                     username = None
                     # skip passing error to error controller
                     environ['pylons.status_code_redirect'] = True
                     #======================================================================
                     # EXTRACT REPOSITORY NAME FROM ENV
                     #======================================================================
                     try:
                         repo_name = self.__get_repository(environ)
                         log.debug('Extracted repo name is %s' % repo_name)
                     except:
                         return HTTPInternalServerError()(environ, start_response)
                     #======================================================================
                     # GET ACTION PULL or PUSH
                     #======================================================================
                     action = self.__get_action(environ)
                     #======================================================================
                     # CHECK ANONYMOUS PERMISSION
                     #======================================================================
                     if action in ['pull', 'push']:
                         anonymous_user = self.__get_user('default')
                         username = anonymous_user.username
                         anonymous_perm = self._check_permission(action, anonymous_user,
                                                                 repo_name)
                         if anonymous_perm is not True or anonymous_user.active is False:
                             if anonymous_perm is not True:
                                 log.debug('Not enough credentials to access this '
                                           'repository as anonymous user')
                             if anonymous_user.active is False:
                                 log.debug('Anonymous access is disabled, running '
                                           'authentication')
                             #==============================================================
                             # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
                             # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
                             #==============================================================
                             # Attempting to retrieve username from the container
                             username = get_container_username(environ, self.config)
                             # If not authenticated by the container, running basic auth
                             if not username:
                                 self.authenticate.realm = \
                                     safe_str(self.config['rhodecode_realm'])
                                 result = self.authenticate(environ)
                                 if isinstance(result, str):
                                     AUTH_TYPE.update(environ, 'basic')
                                     REMOTE_USER.update(environ, result)
                                     username = result
                                 else:
                                     return result.wsgi_application(environ, start_response)
                             #==============================================================
                             # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME
                             #==============================================================
                             if action in ['pull', 'push']:
                                 try:
                                     user = self.__get_user(username)
                                     if user is None or not user.active:
                                         return HTTPForbidden()(environ, start_response)
                                     username = user.username
                                 except:
                                     log.error(traceback.format_exc())
                                     return HTTPInternalServerError()(environ,
                                                                      start_response)
                                 #check permissions for this repository
                                 perm = self._check_permission(action, user, repo_name)
                                 if perm is not True:
                                     return HTTPForbidden()(environ, start_response)
                     #===================================================================
                     # GIT REQUEST HANDLING
                     #===================================================================
-                    repo_path = safe_str(os.path.join(self.basepath, repo_name))
+                    repo_path = os.path.join(safe_str(self.basepath), safe_str(repo_name))
                     log.debug('Repository path is %s' % repo_path)
                     # quick check if that dir exists...
                     if is_valid_repo(repo_name, self.basepath) is False:
                         return HTTPNotFound()(environ, start_response)
                     try:
                         #invalidate cache on push
                         if action == 'push':
                             self._invalidate_cache(repo_name)
                         log.info('%s action on GIT repo "%s"' % (action, repo_name))
                         app = self.__make_app(repo_name, repo_path)
                         return app(environ, start_response)
                     except Exception:
                         log.error(traceback.format_exc())
                         return HTTPInternalServerError()(environ, start_response)
                 def __make_app(self, repo_name, repo_path):
                     """
                     Make an wsgi application using dulserver
                     :param repo_name: name of the repository
                     :param repo_path: full path to the repository
                     """
                     _d = {'/' + repo_name: Repo(repo_path)}
                     backend = dulserver.DictBackend(_d)
                     gitserve = HTTPGitApplication(backend)
                     return gitserve
                 def __get_repository(self, environ):
                     """
                     Get's repository name out of PATH_INFO header
                     :param environ: environ where PATH_INFO is stored
                     """
                     try:
                         environ['PATH_INFO'] = self._get_by_id(environ['PATH_INFO'])
                         repo_name = GIT_PROTO_PAT.match(environ['PATH_INFO']).group(1)
                     except:
                         log.error(traceback.format_exc())
                         raise
                     return repo_name
                 def __get_user(self, username):
                     return User.get_by_username(username)
                 def __get_action(self, environ):
                     """
                     Maps git request commands into a pull or push command.
                     :param environ:
                     """
                     service = environ['QUERY_STRING'].split('=')
                     if len(service) > 1:
                         service_cmd = service[1]
                         mapping = {
                             'git-receive-pack': 'push',
                             'git-upload-pack': 'pull',
                         }
                         op = mapping[service_cmd]
                         self._git_stored_op = op
                         return op
                     else:
                         # try to fallback to stored variable as we don't know if the last
                         # operation is pull/push
                         op = getattr(self, '_git_stored_op', 'pull')
                     return op

rhodecode/lib/middleware/simplehg.py

0 +23 -12

             # -*- coding: utf-8 -*-
             """
                 rhodecode.lib.middleware.simplehg
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                 SimpleHG middleware for handling mercurial protocol request
                 (push/clone etc.). It's implemented with basic auth function
                 :created_on: Apr 28, 2010
                 :author: marcink
                 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import os
             import logging
             import traceback
+            import urllib
             from mercurial.error import RepoError
             from mercurial.hgweb import hgweb_mod
             from paste.httpheaders import REMOTE_USER, AUTH_TYPE
             from rhodecode.lib import safe_str
             from rhodecode.lib.base import BaseVCSController
             from rhodecode.lib.auth import get_container_username
             from rhodecode.lib.utils import make_ui, is_valid_repo, ui_sections
             from rhodecode.model.db import User
             from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError
             log = logging.getLogger(__name__)
             def is_mercurial(environ):
-                """Returns True if request's target is mercurial server - header
+                """
+                Returns True if request's target is mercurial server - header
                 ``HTTP_ACCEPT`` of such request would start with ``application/mercurial``.
                 """
                 http_accept = environ.get('HTTP_ACCEPT')
+                path_info = environ['PATH_INFO']
                 if http_accept and http_accept.startswith('application/mercurial'):
-                    return True
+                    ishg_path = True
-                return False
+                else:
+                    ishg_path = False
+                log.debug('pathinfo: %s detected as HG %s' % (
+                    path_info, ishg_path)
+                )
+                return ishg_path
             class SimpleHg(BaseVCSController):
                 def _handle_request(self, environ, start_response):
                     if not is_mercurial(environ):
                         return self.application(environ, start_response)
                     proxy_key = 'HTTP_X_REAL_IP'
                     def_key = 'REMOTE_ADDR'
                     ipaddr = environ.get(proxy_key, environ.get(def_key, '0.0.0.0'))
                     # skip passing error to error controller
                     environ['pylons.status_code_redirect'] = True
                     #======================================================================
                     # EXTRACT REPOSITORY NAME FROM ENV
                     #======================================================================
                     try:
                         repo_name = environ['REPO_NAME'] = self.__get_repository(environ)
                         log.debug('Extracted repo name is %s' % repo_name)
                     except:
                         return HTTPInternalServerError()(environ, start_response)
                     #======================================================================
                     # GET ACTION PULL or PUSH
                     #======================================================================
                     action = self.__get_action(environ)
                     #======================================================================
                     # CHECK ANONYMOUS PERMISSION
                     #======================================================================
                     if action in ['pull', 'push']:
                         anonymous_user = self.__get_user('default')
                         username = anonymous_user.username
                         anonymous_perm = self._check_permission(action, anonymous_user,
                                                                 repo_name)
                         if anonymous_perm is not True or anonymous_user.active is False:
                             if anonymous_perm is not True:
                                 log.debug('Not enough credentials to access this '
                                           'repository as anonymous user')
                             if anonymous_user.active is False:
                                 log.debug('Anonymous access is disabled, running '
                                           'authentication')
                             #==============================================================
                             # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
                             # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
                             #==============================================================
                             # Attempting to retrieve username from the container
                             username = get_container_username(environ, self.config)
                             # If not authenticated by the container, running basic auth
                             if not username:
                                 self.authenticate.realm = \
                                     safe_str(self.config['rhodecode_realm'])
                                 result = self.authenticate(environ)
                                 if isinstance(result, str):
                                     AUTH_TYPE.update(environ, 'basic')
                                     REMOTE_USER.update(environ, result)
                                     username = result
                                 else:
                                     return result.wsgi_application(environ, start_response)
                             #==============================================================
                             # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME
                             #==============================================================
                             if action in ['pull', 'push']:
                                 try:
                                     user = self.__get_user(username)
                                     if user is None or not user.active:
                                         return HTTPForbidden()(environ, start_response)
                                     username = user.username
                                 except:
                                     log.error(traceback.format_exc())
                                     return HTTPInternalServerError()(environ,
                                                                      start_response)
                                 #check permissions for this repository
-                                perm = self._check_permission(action, user,
+                                perm = self._check_permission(action, user, repo_name)
-                                                               repo_name)
                                 if perm is not True:
                                     return HTTPForbidden()(environ, start_response)
-                    extras = {'ip': ipaddr,
+                    # extras are injected into mercurial UI object and later available
-                              'username': username,
+                    # in hg hooks executed by rhodecode
-                              'action': action,
+                    extras = {
-                              'repository': repo_name}
+                        'ip': ipaddr,
+                        'username': username,
+                        'action': action,
+                        'repository': repo_name
+                    }
                     #======================================================================
                     # MERCURIAL REQUEST HANDLING
                     #======================================================================
+                    repo_path = os.path.join(safe_str(self.basepath), safe_str(repo_name))
-                    repo_path = safe_str(os.path.join(self.basepath, repo_name))
                     log.debug('Repository path is %s' % repo_path)
                     baseui = make_ui('db')
                     self.__inject_extras(repo_path, baseui, extras)
                     # quick check if that dir exists...
                     if is_valid_repo(repo_name, self.basepath) is False:
                         return HTTPNotFound()(environ, start_response)
                     try:
                         # invalidate cache on push
                         if action == 'push':
                             self._invalidate_cache(repo_name)
                         log.info('%s action on HG repo "%s"' % (action, repo_name))
                         app = self.__make_app(repo_path, baseui, extras)
                         return app(environ, start_response)
                     except RepoError, e:
                         if str(e).find('not found') != -1:
                             return HTTPNotFound()(environ, start_response)
                     except Exception:
                         log.error(traceback.format_exc())
                         return HTTPInternalServerError()(environ, start_response)
                 def __make_app(self, repo_name, baseui, extras):
                     """
                     Make an wsgi application using hgweb, and inject generated baseui
                     instance, additionally inject some extras into ui object
                     """
                     return hgweb_mod.hgweb(repo_name, name=repo_name, baseui=baseui)
                 def __get_repository(self, environ):
                     """
                     Get's repository name out of PATH_INFO header
                     :param environ: environ where PATH_INFO is stored
                     """
                     try:
                         environ['PATH_INFO'] = self._get_by_id(environ['PATH_INFO'])
                         repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])
                         if repo_name.endswith('/'):
                             repo_name = repo_name.rstrip('/')
                     except:
                         log.error(traceback.format_exc())
                         raise
                     return repo_name
                 def __get_user(self, username):
                     return User.get_by_username(username)
                 def __get_action(self, environ):
                     """
                     Maps mercurial request commands into a clone,pull or push command.
                     This should always return a valid command string
                     :param environ:
                     """
                     mapping = {'changegroup': 'pull',
                                'changegroupsubset': 'pull',
                                'stream_out': 'pull',
                                'listkeys': 'pull',
                                'unbundle': 'push',
                                'pushkey': 'push', }
                     for qry in environ['QUERY_STRING'].split('&'):
                         if qry.startswith('cmd'):
                             cmd = qry.split('=')[-1]
                             if cmd in mapping:
                                 return mapping[cmd]
                             else:
                                 return 'pull'
                 def __inject_extras(self, repo_path, baseui, extras={}):
                     """
                     Injects some extra params into baseui instance
                     also overwrites global settings with those takes from local hgrc file
                     :param baseui: baseui instance
                     :param extras: dict with extra params to put into baseui
                     """
                     hgrc = os.path.join(repo_path, '.hg', 'hgrc')
                     # make our hgweb quiet so it doesn't print output
                     baseui.setconfig('ui', 'quiet', 'true')
                     #inject some additional parameters that will be available in ui
                     #for hooks
                     for k, v in extras.items():
                         baseui.setconfig('rhodecode_extras', k, v)
                     repoui = make_ui('file', hgrc, False)
                     if repoui:
                         #overwrite our ui instance with the section from hgrc file
                         for section in ui_sections:
                             for k, v in repoui.configitems(section):
                                 baseui.setconfig(section, k, v)

rhodecode/lib/utils.py

0 +8 -3

             # -*- coding: utf-8 -*-
             """
                 rhodecode.lib.utils
                 ~~~~~~~~~~~~~~~~~~~
                 Utilities library for RhodeCode
                 :created_on: Apr 18, 2010
                 :author: marcink
                 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import os
             import re
             import logging
             import datetime
             import traceback
             import paste
             import beaker
             import tarfile
             import shutil
             from os.path import abspath
             from os.path import dirname as dn, join as jn
             from paste.script.command import Command, BadCommand
             from mercurial import ui, config
             from webhelpers.text import collapse, remove_formatting, strip_tags
             from rhodecode.lib.vcs import get_backend
             from rhodecode.lib.vcs.backends.base import BaseChangeset
             from rhodecode.lib.vcs.utils.lazy import LazyProperty
             from rhodecode.lib.vcs.utils.helpers import get_scm
             from rhodecode.lib.vcs.exceptions import VCSError
             from rhodecode.lib.caching_query import FromCache
             from rhodecode.model import meta
             from rhodecode.model.db import Repository, User, RhodeCodeUi, \
                 UserLog, RepoGroup, RhodeCodeSetting, UserRepoGroupToPerm
             from rhodecode.model.meta import Session
             from rhodecode.model.repos_group import ReposGroupModel
+            from rhodecode.lib import safe_str, safe_unicode
             log = logging.getLogger(__name__)
             REMOVED_REPO_PAT = re.compile(r'rm__\d{8}_\d{6}_\d{6}__.*')
             def recursive_replace(str_, replace=' '):
                 """Recursive replace of given sign to just one instance
                 :param str_: given string
                 :param replace: char to find and replace multiple instances
                 Examples::
                 >>> recursive_replace("Mighty---Mighty-Bo--sstones",'-')
                 'Mighty-Mighty-Bo-sstones'
                 """
                 if str_.find(replace * 2) == -1:
                     return str_
                 else:
                     str_ = str_.replace(replace * 2, replace)
                     return recursive_replace(str_, replace)
             def repo_name_slug(value):
                 """Return slug of name of repository
                 This function is called on each creation/modification
                 of repository to prevent bad names in repo
                 """
                 slug = remove_formatting(value)
                 slug = strip_tags(slug)
                 for c in """=[]\;'"<>,/~!@#$%^&*()+{}|: """:
                     slug = slug.replace(c, '-')
                 slug = recursive_replace(slug, '-')
                 slug = collapse(slug, '-')
                 return slug
             def get_repo_slug(request):
                 _repo = request.environ['pylons.routes_dict'].get('repo_name')
                 if _repo:
                     _repo = _repo.rstrip('/')
                 return _repo
             def get_repos_group_slug(request):
                 _group = request.environ['pylons.routes_dict'].get('group_name')
                 if _group:
                     _group = _group.rstrip('/')
                 return _group
             def action_logger(user, action, repo, ipaddr='', sa=None, commit=False):
                 """
                 Action logger for various actions made by users
                 :param user: user that made this action, can be a unique username string or
                     object containing user_id attribute
                 :param action: action to log, should be on of predefined unique actions for
                     easy translations
                 :param repo: string name of repository or object containing repo_id,
                     that action was made on
                 :param ipaddr: optional ip address from what the action was made
                 :param sa: optional sqlalchemy session
                 """
                 if not sa:
                     sa = meta.Session
                 try:
                     if hasattr(user, 'user_id'):
                         user_obj = user
                     elif isinstance(user, basestring):
                         user_obj = User.get_by_username(user)
                     else:
                         raise Exception('You have to provide user object or username')
                     if hasattr(repo, 'repo_id'):
                         repo_obj = Repository.get(repo.repo_id)
                         repo_name = repo_obj.repo_name
                     elif  isinstance(repo, basestring):
                         repo_name = repo.lstrip('/')
                         repo_obj = Repository.get_by_repo_name(repo_name)
                     else:
                         raise Exception('You have to provide repository to action logger')
                     user_log = UserLog()
                     user_log.user_id = user_obj.user_id
                     user_log.action = action
                     user_log.repository_id = repo_obj.repo_id
                     user_log.repository_name = repo_name
                     user_log.action_date = datetime.datetime.now()
                     user_log.user_ip = ipaddr
                     sa.add(user_log)
-                    log.info('Adding user %s, action %s on %s' % (user_obj, action, repo))
+                    log.info(
+                        'Adding user %s, action %s on %s' % (user_obj, action,
+                                                             safe_unicode(repo))
+                    )
                     if commit:
                         sa.commit()
                 except:
                     log.error(traceback.format_exc())
                     raise
             def get_repos(path, recursive=False):
                 """
                 Scans given path for repos and return (name,(type,path)) tuple
                 :param path: path to scan for repositories
                 :param recursive: recursive search and return names with subdirs in front
                 """
                 # remove ending slash for better results
                 path = path.rstrip(os.sep)
                 def _get_repos(p):
                     if not os.access(p, os.W_OK):
                         return
                     for dirpath in os.listdir(p):
                         if os.path.isfile(os.path.join(p, dirpath)):
                             continue
                         cur_path = os.path.join(p, dirpath)
                         try:
                             scm_info = get_scm(cur_path)
                             yield scm_info[1].split(path, 1)[-1].lstrip(os.sep), scm_info
                         except VCSError:
                             if not recursive:
                                 continue
                             #check if this dir containts other repos for recursive scan
                             rec_path = os.path.join(p, dirpath)
                             if os.path.isdir(rec_path):
                                 for inner_scm in _get_repos(rec_path):
                                     yield inner_scm
                 return _get_repos(path)
             def is_valid_repo(repo_name, base_path):
                 """
                 Returns True if given path is a valid repository False otherwise
                 :param repo_name:
                 :param base_path:
                 :return True: if given path is a valid repository
                 """
-                full_path = os.path.join(base_path, repo_name)
+                full_path = os.path.join(safe_str(base_path), safe_str(repo_name))
                 try:
                     get_scm(full_path)
                     return True
                 except VCSError:
                     return False
             def is_valid_repos_group(repos_group_name, base_path):
                 """
                 Returns True if given path is a repos group False otherwise
                 :param repo_name:
                 :param base_path:
                 """
-                full_path = os.path.join(base_path, repos_group_name)
+                full_path = os.path.join(safe_str(base_path), safe_str(repos_group_name))
                 # check if it's not a repo
                 if is_valid_repo(repos_group_name, base_path):
                     return False
                 # check if it's a valid path
                 if os.path.isdir(full_path):
                     return True
                 return False
             def ask_ok(prompt, retries=4, complaint='Yes or no, please!'):
                 while True:
                     ok = raw_input(prompt)
                     if ok in ('y', 'ye', 'yes'):
                         return True
                     if ok in ('n', 'no', 'nop', 'nope'):
                         return False
                     retries = retries - 1
                     if retries < 0:
                         raise IOError
                     print complaint
             #propagated from mercurial documentation
             ui_sections = ['alias', 'auth',
                             'decode/encode', 'defaults',
                             'diff', 'email',
                             'extensions', 'format',
                             'merge-patterns', 'merge-tools',
                             'hooks', 'http_proxy',
                             'smtp', 'patch',
                             'paths', 'profiling',
                             'server', 'trusted',
                             'ui', 'web', ]
             def make_ui(read_from='file', path=None, checkpaths=True):
                 """A function that will read python rc files or database
                 and make an mercurial ui object from read options
                 :param path: path to mercurial config file
                 :param checkpaths: check the path
                 :param read_from: read from 'file' or 'db'
                 """
                 baseui = ui.ui()
                 # clean the baseui object
                 baseui._ocfg = config.config()
                 baseui._ucfg = config.config()
                 baseui._tcfg = config.config()
                 if read_from == 'file':
                     if not os.path.isfile(path):
                         log.debug('hgrc file is not present at %s skipping...' % path)
                         return False
                     log.debug('reading hgrc from %s' % path)
                     cfg = config.config()
                     cfg.read(path)
                     for section in ui_sections:
                         for k, v in cfg.items(section):
                             log.debug('settings ui from file[%s]%s:%s' % (section, k, v))
                             baseui.setconfig(section, k, v)
                 elif read_from == 'db':
                     sa = meta.Session
                     ret = sa.query(RhodeCodeUi)\
                         .options(FromCache("sql_cache_short", "get_hg_ui_settings"))\
                         .all()
                     hg_ui = ret
                     for ui_ in hg_ui:
                         if ui_.ui_active:
                             log.debug('settings ui from db[%s]%s:%s', ui_.ui_section,
                                       ui_.ui_key, ui_.ui_value)
                             baseui.setconfig(ui_.ui_section, ui_.ui_key, ui_.ui_value)
                     meta.Session.remove()
                 return baseui
             def set_rhodecode_config(config):
                 """
                 Updates pylons config with new settings from database
                 :param config:
                 """
                 hgsettings = RhodeCodeSetting.get_app_settings()
                 for k, v in hgsettings.items():
                     config[k] = v
             def invalidate_cache(cache_key, *args):
                 """
                 Puts cache invalidation task into db for
                 further global cache invalidation
                 """
                 from rhodecode.model.scm import ScmModel
                 if cache_key.startswith('get_repo_cached_'):
                     name = cache_key.split('get_repo_cached_')[-1]
                     ScmModel().mark_for_invalidation(name)
             class EmptyChangeset(BaseChangeset):
                 """
                 An dummy empty changeset. It's possible to pass hash when creating
                 an EmptyChangeset
                 """
                 def __init__(self, cs='0' * 40, repo=None, requested_revision=None,
                              alias=None):
                     self._empty_cs = cs
                     self.revision = -1
                     self.message = ''
                     self.author = ''
                     self.date = ''
                     self.repository = repo
                     self.requested_revision = requested_revision
                     self.alias = alias
                 @LazyProperty
                 def raw_id(self):
                     """
                     Returns raw string identifying this changeset, useful for web
                     representation.
                     """
                     return self._empty_cs
                 @LazyProperty
                 def branch(self):
                     return get_backend(self.alias).DEFAULT_BRANCH_NAME
                 @LazyProperty
                 def short_id(self):
                     return self.raw_id[:12]
                 def get_file_changeset(self, path):
                     return self
                 def get_file_content(self, path):
                     return u''
                 def get_file_size(self, path):
                     return 0
             def map_groups(groups):
                 """
                 Checks for groups existence, and creates groups structures.
                 It returns last group in structure
                 :param groups: list of groups structure
                 """
                 sa = meta.Session
                 parent = None
                 group = None
                 # last element is repo in nested groups structure
                 groups = groups[:-1]
                 rgm = ReposGroupModel(sa)
                 for lvl, group_name in enumerate(groups):
                     group_name = '/'.join(groups[:lvl] + [group_name])
                     group = RepoGroup.get_by_group_name(group_name)
                     desc = '%s group' % group_name
             #        # WTF that doesn't work !?
             #        if group is None:
             #            group = rgm.create(group_name, desc, parent, just_db=True)
             #            sa.commit()
                     # skip folders that are now removed repos
                     if REMOVED_REPO_PAT.match(group_name):
                         break
                     if group is None:
                         log.debug('creating group level: %s group_name: %s' % (lvl, group_name))
                         group = RepoGroup(group_name, parent)
                         group.group_description = desc
                         sa.add(group)
                         rgm._create_default_perms(group)
                         sa.commit()
                     parent = group
                 return group
             def repo2db_mapper(initial_repo_list, remove_obsolete=False):
                 """
                 maps all repos given in initial_repo_list, non existing repositories
                 are created, if remove_obsolete is True it also check for db entries
                 that are not in initial_repo_list and removes them.
                 :param initial_repo_list: list of repositories found by scanning methods
                 :param remove_obsolete: check for obsolete entries in database
                 """
                 from rhodecode.model.repo import RepoModel
                 sa = meta.Session
                 rm = RepoModel()
                 user = sa.query(User).filter(User.admin == True).first()
                 if user is None:
                     raise Exception('Missing administrative account !')
                 added = []
                 for name, repo in initial_repo_list.items():
                     group = map_groups(name.split(Repository.url_sep()))
                     if not rm.get_by_repo_name(name, cache=False):
                         log.info('repository %s not found creating default' % name)
                         added.append(name)
                         form_data = {
                          'repo_name': name,
                          'repo_name_full': name,
                          'repo_type': repo.alias,
                          'description': repo.description \
                             if repo.description != 'unknown' else '%s repository' % name,
                          'private': False,
                          'group_id': getattr(group, 'group_id', None)
                         }
                         rm.create(form_data, user, just_db=True)
                 sa.commit()
                 removed = []
                 if remove_obsolete:
                     #remove from database those repositories that are not in the filesystem
                     for repo in sa.query(Repository).all():
                         if repo.repo_name not in initial_repo_list.keys():
                             removed.append(repo.repo_name)
                             sa.delete(repo)
                             sa.commit()
                 return added, removed
             # set cache regions for beaker so celery can utilise it
             def add_cache(settings):
                 cache_settings = {'regions': None}
                 for key in settings.keys():
                     for prefix in ['beaker.cache.', 'cache.']:
                         if key.startswith(prefix):
                             name = key.split(prefix)[1].strip()
                             cache_settings[name] = settings[key].strip()
                 if cache_settings['regions']:
                     for region in cache_settings['regions'].split(','):
                         region = region.strip()
                         region_settings = {}
                         for key, value in cache_settings.items():
                             if key.startswith(region):
                                 region_settings[key.split('.')[1]] = value
                         region_settings['expire'] = int(region_settings.get('expire',
 ))
                         region_settings.setdefault('lock_dir',
                                                    cache_settings.get('lock_dir'))
                         region_settings.setdefault('data_dir',
                                                    cache_settings.get('data_dir'))
                         if 'type' not in region_settings:
                             region_settings['type'] = cache_settings.get('type',
                                                                          'memory')
                         beaker.cache.cache_regions[region] = region_settings
             #==============================================================================
             # TEST FUNCTIONS AND CREATORS
             #==============================================================================
             def create_test_index(repo_location, config, full_index):
                 """
                 Makes default test index
                 :param config: test config
                 :param full_index:
                 """
                 from rhodecode.lib.indexers.daemon import WhooshIndexingDaemon
                 from rhodecode.lib.pidlock import DaemonLock, LockHeld
                 repo_location = repo_location
                 index_location = os.path.join(config['app_conf']['index_dir'])
                 if not os.path.exists(index_location):
                     os.makedirs(index_location)
                 try:
                     l = DaemonLock(file_=jn(dn(index_location), 'make_index.lock'))
                     WhooshIndexingDaemon(index_location=index_location,
                                          repo_location=repo_location)\
                         .run(full_index=full_index)
                     l.release()
                 except LockHeld:
                     pass
             def create_test_env(repos_test_path, config):
                 """
                 Makes a fresh database and
                 install test repository into tmp dir
                 """
                 from rhodecode.lib.db_manage import DbManage
                 from rhodecode.tests import HG_REPO, TESTS_TMP_PATH
                 # PART ONE create db
                 dbconf = config['sqlalchemy.db1.url']
                 log.debug('making test db %s' % dbconf)
                 # create test dir if it doesn't exist
                 if not os.path.isdir(repos_test_path):
                     log.debug('Creating testdir %s' % repos_test_path)
                     os.makedirs(repos_test_path)
                 dbmanage = DbManage(log_sql=True, dbconf=dbconf, root=config['here'],
                                     tests=True)
                 dbmanage.create_tables(override=True)
                 dbmanage.create_settings(dbmanage.config_prompt(repos_test_path))
                 dbmanage.create_default_user()
                 dbmanage.admin_prompt()
                 dbmanage.create_permissions()
                 dbmanage.populate_default_permissions()
                 Session.commit()
                 # PART TWO make test repo
                 log.debug('making test vcs repositories')
                 idx_path = config['app_conf']['index_dir']
                 data_path = config['app_conf']['cache_dir']
                 #clean index and data
                 if idx_path and os.path.exists(idx_path):
                     log.debug('remove %s' % idx_path)
                     shutil.rmtree(idx_path)
                 if data_path and os.path.exists(data_path):
                     log.debug('remove %s' % data_path)
                     shutil.rmtree(data_path)
                 #CREATE DEFAULT HG REPOSITORY
                 cur_dir = dn(dn(abspath(__file__)))
                 tar = tarfile.open(jn(cur_dir, 'tests', "vcs_test_hg.tar.gz"))
                 tar.extractall(jn(TESTS_TMP_PATH, HG_REPO))
                 tar.close()
             #==============================================================================
             # PASTER COMMANDS
             #==============================================================================
             class BasePasterCommand(Command):
                 """
                 Abstract Base Class for paster commands.
                 The celery commands are somewhat aggressive about loading
                 celery.conf, and since our module sets the `CELERY_LOADER`
                 environment variable to our loader, we have to bootstrap a bit and
                 make sure we've had a chance to load the pylons config off of the
                 command line, otherwise everything fails.
                 """
                 min_args = 1
                 min_args_error = "Please provide a paster config file as an argument."
                 takes_config_file = 1
                 requires_config_file = True
                 def notify_msg(self, msg, log=False):
                     """Make a notification to user, additionally if logger is passed
                     it logs this action using given logger
                     :param msg: message that will be printed to user
                     :param log: logging instance, to use to additionally log this message
                     """
                     if log and isinstance(log, logging):
                         log(msg)
                 def run(self, args):
                     """
                     Overrides Command.run
                     Checks for a config file argument and loads it.
                     """
                     if len(args) < self.min_args:
                         raise BadCommand(
                             self.min_args_error % {'min_args': self.min_args,
                                                    'actual_args': len(args)})
                     # Decrement because we're going to lob off the first argument.
                     # @@ This is hacky
                     self.min_args -= 1
                     self.bootstrap_config(args[0])
                     self.update_parser()
                     return super(BasePasterCommand, self).run(args[1:])
                 def update_parser(self):
                     """
                     Abstract method.  Allows for the class's parser to be updated
                     before the superclass's `run` method is called.  Necessary to
                     allow options/arguments to be passed through to the underlying
                     celery command.
                     """
                     raise NotImplementedError("Abstract Method.")
                 def bootstrap_config(self, conf):
                     """
                     Loads the pylons configuration.
                     """
                     from pylons import config as pylonsconfig
                     path_to_ini_file = os.path.realpath(conf)
                     conf = paste.deploy.appconfig('config:' + path_to_ini_file)
                     pylonsconfig.init_app(conf.global_conf, conf.local_conf)

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages