kallithea: rhodecode/lib/auth.py annotate

annotate rhodecode/lib/auth.py @ 1532:2afe9320d5e6 beta

updated docstrings

author	Marcin Kuzminski <marcin@python-works.com>
date	Sat, 08 Oct 2011 03:00:03 +0200
parents	04027bdb876c
children	752b0a7b7679 59ae82850e76

rev	line source
895 62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	1 # -- coding: utf-8 --
62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	2 """
62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	3 rhodecode.lib.auth
62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	4 ~~~~~~~~~~~~~~~~~~
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	5
895 62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	6 authentication and permission libraries
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	7
895 62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	8 :created_on: Apr 4, 2010
1532 2afe9320d5e6 updated docstrings Marcin Kuzminski <marcin@python-works.com> parents: 1530 diff changeset	9 :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
2afe9320d5e6 updated docstrings Marcin Kuzminski <marcin@python-works.com> parents: 1530 diff changeset	10 :license: GPLv3, see COPYING for more details.
895 62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	11 """
1206 a671db5bdd58 fixed license issue #149 Marcin Kuzminski <marcin@python-works.com> parents: 1203 diff changeset	12 # This program is free software: you can redistribute it and/or modify
a671db5bdd58 fixed license issue #149 Marcin Kuzminski <marcin@python-works.com> parents: 1203 diff changeset	13 # it under the terms of the GNU General Public License as published by
a671db5bdd58 fixed license issue #149 Marcin Kuzminski <marcin@python-works.com> parents: 1203 diff changeset	14 # the Free Software Foundation, either version 3 of the License, or
a671db5bdd58 fixed license issue #149 Marcin Kuzminski <marcin@python-works.com> parents: 1203 diff changeset	15 # (at your option) any later version.
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	16 #
252 3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	17 # This program is distributed in the hope that it will be useful,
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	18 # but WITHOUT ANY WARRANTY; without even the implied warranty of
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	19 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	20 # GNU General Public License for more details.
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	21 #
252 3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	22 # You should have received a copy of the GNU General Public License
1206 a671db5bdd58 fixed license issue #149 Marcin Kuzminski <marcin@python-works.com> parents: 1203 diff changeset	23 # along with this program. If not, see <http://www.gnu.org/licenses/>.
381 55377fdc1fc6 cleared global application settings. Marcin Kuzminski <marcin@python-works.com> parents: 380 diff changeset	24
895 62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	25 import random
62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	26 import logging
62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	27 import traceback
1116 716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 1056 diff changeset	28 import hashlib
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	29
1116 716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 1056 diff changeset	30 from tempfile import _RandomNameSequence
895 62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	31 from decorator import decorator
62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	32
343 6484963056cd implemented cache for repeated queries in simplehg mercurial requests Marcin Kuzminski <marcin@python-works.com> parents: 339 diff changeset	33 from pylons import config, session, url, request
52 25e516447a33 implemented autentication marcink parents: 48 diff changeset	34 from pylons.controllers.util import abort, redirect
1056 520d27f40b51 #113 removed anonymous access from forking, added system messages in login box. Marcin Kuzminski <marcin@python-works.com> parents: 1040 diff changeset	35 from pylons.i18n.translation import _
895 62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	36
1195 74251f8004d2 merged freebsd support issue from default Marcin Kuzminski <marcin@python-works.com> parents: 1135 diff changeset	37 from rhodecode import __platform__, PLATFORM_WIN, PLATFORM_OTHERS
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	38
1195 74251f8004d2 merged freebsd support issue from default Marcin Kuzminski <marcin@python-works.com> parents: 1135 diff changeset	39 if __platform__ in PLATFORM_WIN:
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	40 from hashlib import sha256
1195 74251f8004d2 merged freebsd support issue from default Marcin Kuzminski <marcin@python-works.com> parents: 1135 diff changeset	41 if __platform__ in PLATFORM_OTHERS:
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	42 import bcrypt
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	43
1425 3dedf3991d40 fixes #173, many thanks for slestak for contributing into this one. Marcin Kuzminski <marcin@python-works.com> parents: 1336 diff changeset	44 from rhodecode.lib import str2bool, safe_unicode
895 62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	45 from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError
547 1e757ac98988 renamed project to rhodecode Marcin Kuzminski <marcin@python-works.com> parents: 508 diff changeset	46 from rhodecode.lib.utils import get_repo_slug
713 1bb0fcdec895 fixed #72 show warning on removal when user still is owner of existing repositories Marcin Kuzminski <marcin@python-works.com> parents: 705 diff changeset	47 from rhodecode.lib.auth_ldap import AuthLdap
895 62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	48
547 1e757ac98988 renamed project to rhodecode Marcin Kuzminski <marcin@python-works.com> parents: 508 diff changeset	49 from rhodecode.model import meta
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	50 from rhodecode.model.user import UserModel
1530 04027bdb876c Refactoring of model get functions Marcin Kuzminski <marcin@python-works.com> parents: 1425 diff changeset	51 from rhodecode.model.db import Permission, RhodeCodeSettings, User
895 62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	52
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	53 log = logging.getLogger(__name__)
343 6484963056cd implemented cache for repeated queries in simplehg mercurial requests Marcin Kuzminski <marcin@python-works.com> parents: 339 diff changeset	54
41 71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	55
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	56 class PasswordGenerator(object):
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	57 """This is a simple class for generating password from
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	58 different sets of characters
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	59 usage:
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	60 passwd_gen = PasswordGenerator()
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	61 #print 8-letter password containing only big and small letters
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	62 of alphabet
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	63 print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	64 """
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	65 ALPHABETS_NUM = r'''1234567890'''
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	66 ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	67 ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	68 ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}\|:"<>?'''
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	69 ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	70 + ALPHABETS_NUM + ALPHABETS_SPECIAL
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	71 ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	72 ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	73 ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	74 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	75
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	76 def __init__(self, passwd=''):
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	77 self.passwd = passwd
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	78
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	79 def gen_password(self, len, type):
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	80 self.passwd = ''.join([random.choice(type) for _ in xrange(len)])
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	81 return self.passwd
a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	82
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	83
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	84 class RhodeCodeCrypto(object):
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	85
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	86 @classmethod
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	87 def hash_string(cls, str_):
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	88 """
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	89 Cryptographic function used for password hashing based on pybcrypt
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	90 or pycrypto in windows
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	91
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	92 :param password: password to hash
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	93 """
1195 74251f8004d2 merged freebsd support issue from default Marcin Kuzminski <marcin@python-works.com> parents: 1135 diff changeset	94 if __platform__ in PLATFORM_WIN:
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	95 return sha256(str_).hexdigest()
1195 74251f8004d2 merged freebsd support issue from default Marcin Kuzminski <marcin@python-works.com> parents: 1135 diff changeset	96 elif __platform__ in PLATFORM_OTHERS:
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	97 return bcrypt.hashpw(str_, bcrypt.gensalt(10))
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	98 else:
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	99 raise Exception('Unknown or unsupported platform %s' \
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	100 % __platform__)
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	101
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	102 @classmethod
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	103 def hash_check(cls, password, hashed):
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	104 """
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	105 Checks matching password with it's hashed value, runs different
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	106 implementation based on platform it runs on
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	107
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	108 :param password: password
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	109 :param hashed: password in hashed form
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	110 """
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	111
1195 74251f8004d2 merged freebsd support issue from default Marcin Kuzminski <marcin@python-works.com> parents: 1135 diff changeset	112 if __platform__ in PLATFORM_WIN:
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	113 return sha256(password).hexdigest() == hashed
1195 74251f8004d2 merged freebsd support issue from default Marcin Kuzminski <marcin@python-works.com> parents: 1135 diff changeset	114 elif __platform__ in PLATFORM_OTHERS:
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	115 return bcrypt.hashpw(password, hashed) == hashed
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	116 else:
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	117 raise Exception('Unknown or unsupported platform %s' \
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	118 % __platform__)
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	119
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	120
64 08707974eae4 Changed auth lib for sqlalchemy Marcin Kuzminski <marcin@python-blog.com> parents: 52 diff changeset	121 def get_crypt_password(password):
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	122 return RhodeCodeCrypto.hash_string(password)
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	123
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	124
1118 b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	125 def check_password(password, hashed):
b0e2c949c34b Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier" Marcin Kuzminski <marcin@python-works.com> parents: 1117 diff changeset	126 return RhodeCodeCrypto.hash_check(password, hashed)
415 04e8b31fb245 Changed password crypting scheme to bcrypt, added dependency for setup Marcin Kuzminski <marcin@python-works.com> parents: 412 diff changeset	127
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	128
1116 716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 1056 diff changeset	129 def generate_api_key(username, salt=None):
716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 1056 diff changeset	130 if salt is None:
716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 1056 diff changeset	131 salt = _RandomNameSequence().next()
716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 1056 diff changeset	132
716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 1056 diff changeset	133 return hashlib.sha1(username + salt).hexdigest()
716911af91e1 Added api_key into user, api key get's generated again after password change Marcin Kuzminski <marcin@python-works.com> parents: 1056 diff changeset	134
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	135
41 71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	136 def authfunc(environ, username, password):
1016 3790279d2538 #56 added propagation of permission from group Marcin Kuzminski <marcin@python-works.com> parents: 991 diff changeset	137 """Dummy authentication function used in Mercurial/Git/ and access control,
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	138
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 749 diff changeset	139 :param environ: needed only for using in Basic auth
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 749 diff changeset	140 """
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 749 diff changeset	141 return authenticate(username, password)
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 749 diff changeset	142
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 749 diff changeset	143
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 749 diff changeset	144 def authenticate(username, password):
1016 3790279d2538 #56 added propagation of permission from group Marcin Kuzminski <marcin@python-works.com> parents: 991 diff changeset	145 """Authentication function used for access control,
699 52da7cba88a6 Code refactor for auth func, preparing for ldap support Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	146 firstly checks for db authentication then if ldap is enabled for ldap
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	147 authentication, also creates ldap user if not in database
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	148
699 52da7cba88a6 Code refactor for auth func, preparing for ldap support Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	149 :param username: username
52da7cba88a6 Code refactor for auth func, preparing for ldap support Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	150 :param password: password
52da7cba88a6 Code refactor for auth func, preparing for ldap support Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	151 """
1292 c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter. Marcin Kuzminski <marcin@python-works.com> parents: 1290 diff changeset	152
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	153 user_model = UserModel()
1530 04027bdb876c Refactoring of model get functions Marcin Kuzminski <marcin@python-works.com> parents: 1425 diff changeset	154 user = User.get_by_username(username)
699 52da7cba88a6 Code refactor for auth func, preparing for ldap support Marcin Kuzminski <marcin@python-works.com> parents: 692 diff changeset	155
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 749 diff changeset	156 log.debug('Authenticating user using RhodeCode account')
991 b232a36cc51f Improve LDAP authentication Thayne Harbaugh <thayne@fusionio.com> parents: 895 diff changeset	157 if user is not None and not user.ldap_dn:
64 08707974eae4 Changed auth lib for sqlalchemy Marcin Kuzminski <marcin@python-blog.com> parents: 52 diff changeset	158 if user.active:
674 99875a8f2ad1 #49 Enabled anonymous access push and pull commands Marcin Kuzminski <marcin@python-works.com> parents: 673 diff changeset	159 if user.username == 'default' and user.active:
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 749 diff changeset	160 log.info('user %s authenticated correctly as anonymous user',
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 749 diff changeset	161 username)
674 99875a8f2ad1 #49 Enabled anonymous access push and pull commands Marcin Kuzminski <marcin@python-works.com> parents: 673 diff changeset	162 return True
99875a8f2ad1 #49 Enabled anonymous access push and pull commands Marcin Kuzminski <marcin@python-works.com> parents: 673 diff changeset	163
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	164 elif user.username == username and check_password(password,
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	165 user.password):
41 71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	166 log.info('user %s authenticated correctly', username)
71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	167 return True
71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	168 else:
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 749 diff changeset	169 log.warning('user %s is disabled', username)
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	170
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	171 else:
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 749 diff changeset	172 log.debug('Regular authentication failed')
1530 04027bdb876c Refactoring of model get functions Marcin Kuzminski <marcin@python-works.com> parents: 1425 diff changeset	173 user_obj = User.get_by_username(username, case_insensitive=True)
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 749 diff changeset	174
991 b232a36cc51f Improve LDAP authentication Thayne Harbaugh <thayne@fusionio.com> parents: 895 diff changeset	175 if user_obj is not None and not user_obj.ldap_dn:
749 fcd4fb51526e added debug message for ldap auth Marcin Kuzminski <marcin@python-works.com> parents: 748 diff changeset	176 log.debug('this user already exists as non ldap')
748 88338675a0f7 fixed ldap issue and small template fix Marcin Kuzminski <marcin@python-works.com> parents: 742 diff changeset	177 return False
88338675a0f7 fixed ldap issue and small template fix Marcin Kuzminski <marcin@python-works.com> parents: 742 diff changeset	178
1292 c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter. Marcin Kuzminski <marcin@python-works.com> parents: 1290 diff changeset	179 ldap_settings = RhodeCodeSettings.get_ldap_settings()
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	180 #======================================================================
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	181 # FALLBACK TO LDAP AUTH IF ENABLE
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	182 #======================================================================
1135 1aa1655bf019 fixed some config bool converter problems with ldap Marcin Kuzminski <marcin@python-works.com> parents: 1122 diff changeset	183 if str2bool(ldap_settings.get('ldap_active')):
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 749 diff changeset	184 log.debug("Authenticating user using ldap")
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	185 kwargs = {
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	186 'server': ldap_settings.get('ldap_host', ''),
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	187 'base_dn': ldap_settings.get('ldap_base_dn', ''),
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	188 'port': ldap_settings.get('ldap_port'),
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	189 'bind_dn': ldap_settings.get('ldap_dn_user'),
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	190 'bind_pass': ldap_settings.get('ldap_dn_pass'),
1290 74685a31cc43 Enable start_tls connection encryption. "Lorenzo M. Catucci" <lorenzo@sancho.ccd.uniroma2.it> parents: 1288 diff changeset	191 'tls_kind': ldap_settings.get('ldap_tls_kind'),
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	192 'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	193 'ldap_filter': ldap_settings.get('ldap_filter'),
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	194 'search_scope': ldap_settings.get('ldap_search_scope'),
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	195 'attr_login': ldap_settings.get('ldap_attr_login'),
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	196 'ldap_version': 3,
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	197 }
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	198 log.debug('Checking for ldap authentication')
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	199 try:
9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	200 aldap = AuthLdap(**kwargs)
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	201 (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	202 password)
991 b232a36cc51f Improve LDAP authentication Thayne Harbaugh <thayne@fusionio.com> parents: 895 diff changeset	203 log.debug('Got ldap DN response %s', user_dn)
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	204
1307 c1516b35f91d pep8ify Marcin Kuzminski <marcin@python-works.com> parents: 1305 diff changeset	205 get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\
1292 c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter. Marcin Kuzminski <marcin@python-works.com> parents: 1290 diff changeset	206 .get(k), [''])[0]
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter. Marcin Kuzminski <marcin@python-works.com> parents: 1290 diff changeset	207
991 b232a36cc51f Improve LDAP authentication Thayne Harbaugh <thayne@fusionio.com> parents: 895 diff changeset	208 user_attrs = {
1425 3dedf3991d40 fixes #173, many thanks for slestak for contributing into this one. Marcin Kuzminski <marcin@python-works.com> parents: 1336 diff changeset	209 'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),
3dedf3991d40 fixes #173, many thanks for slestak for contributing into this one. Marcin Kuzminski <marcin@python-works.com> parents: 1336 diff changeset	210 'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),
3dedf3991d40 fixes #173, many thanks for slestak for contributing into this one. Marcin Kuzminski <marcin@python-works.com> parents: 1336 diff changeset	211 'email': get_ldap_attr('ldap_attr_email'),
3dedf3991d40 fixes #173, many thanks for slestak for contributing into this one. Marcin Kuzminski <marcin@python-works.com> parents: 1336 diff changeset	212 }
991 b232a36cc51f Improve LDAP authentication Thayne Harbaugh <thayne@fusionio.com> parents: 895 diff changeset	213
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	214 if user_model.create_ldap(username, password, user_dn,
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	215 user_attrs):
1016 3790279d2538 #56 added propagation of permission from group Marcin Kuzminski <marcin@python-works.com> parents: 991 diff changeset	216 log.info('created new ldap user %s', username)
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	217
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 749 diff changeset	218 return True
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 749 diff changeset	219 except (LdapUsernameError, LdapPasswordError,):
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 749 diff changeset	220 pass
56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 749 diff changeset	221 except (Exception,):
705 9e9f1b919c0c implements #60, ldap configuration and authentication. Marcin Kuzminski <marcin@python-works.com> parents: 699 diff changeset	222 log.error(traceback.format_exc())
761 56c2850a5b5f ldap auth rewrite, moved split authfunc into two functions, Marcin Kuzminski <marcin@python-works.com> parents: 749 diff changeset	223 pass
41 71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	224 return False
71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	225
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	226
190 d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	227 class AuthUser(object):
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	228 """
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	229 A simple object that handles all attributes of user in RhodeCode
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	230
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	231 It does lookup based on API key,given user, or user present in session
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	232 Then it fills all required information for such user. It also checks if
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	233 anonymous access is enabled and if so, it returns default user as logged
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	234 in
190 d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	235 """
1016 3790279d2538 #56 added propagation of permission from group Marcin Kuzminski <marcin@python-works.com> parents: 991 diff changeset	236
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	237 def __init__(self, user_id=None, api_key=None):
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	238
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	239 self.user_id = user_id
1120 a8d759613d8f fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal Marcin Kuzminski <marcin@python-works.com> parents: 1118 diff changeset	240 self.api_key = None
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	241
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	242 self.username = 'None'
355 5bbcc0cac389 added session remove in forms, and added name and lastname to auth user Marcin Kuzminski <marcin@python-works.com> parents: 350 diff changeset	243 self.name = ''
5bbcc0cac389 added session remove in forms, and added name and lastname to auth user Marcin Kuzminski <marcin@python-works.com> parents: 350 diff changeset	244 self.lastname = ''
404 a10bdd0b05a7 fixed user email for gravatars Marcin Kuzminski <marcin@python-works.com> parents: 399 diff changeset	245 self.email = ''
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	246 self.is_authenticated = False
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	247 self.admin = False
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	248 self.permissions = {}
1120 a8d759613d8f fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal Marcin Kuzminski <marcin@python-works.com> parents: 1118 diff changeset	249 self._api_key = api_key
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	250 self.propagate_data()
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	251
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	252 def propagate_data(self):
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	253 user_model = UserModel()
1530 04027bdb876c Refactoring of model get functions Marcin Kuzminski <marcin@python-works.com> parents: 1425 diff changeset	254 self.anonymous_user = User.get_by_username('default')
1122 31e82d872631 disabled api key for anonymous users, and added api_key to rss/atom links for other users Marcin Kuzminski <marcin@python-works.com> parents: 1120 diff changeset	255 if self._api_key and self._api_key != self.anonymous_user.api_key:
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	256 #try go get user by api key
1120 a8d759613d8f fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal Marcin Kuzminski <marcin@python-works.com> parents: 1118 diff changeset	257 log.debug('Auth User lookup by API KEY %s', self._api_key)
a8d759613d8f fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal Marcin Kuzminski <marcin@python-works.com> parents: 1118 diff changeset	258 user_model.fill_data(self, api_key=self._api_key)
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	259 else:
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	260 log.debug('Auth User lookup by USER ID %s', self.user_id)
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	261 if self.user_id is not None \
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	262 and self.user_id != self.anonymous_user.user_id:
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	263 user_model.fill_data(self, user_id=self.user_id)
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	264 else:
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	265 if self.anonymous_user.active is True:
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	266 user_model.fill_data(self,
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	267 user_id=self.anonymous_user.user_id)
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	268 #then we set this user is logged in
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	269 self.is_authenticated = True
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	270 else:
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	271 self.is_authenticated = False
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	272
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	273 log.debug('Auth User is now %s', self)
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	274 user_model.fill_perms(self)
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	275
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	276 @property
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	277 def is_admin(self):
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	278 return self.admin
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	279
1305 166317d464f3 Added server side file editing with commit Marcin Kuzminski <marcin@python-works.com> parents: 1292 diff changeset	280 @property
166317d464f3 Added server side file editing with commit Marcin Kuzminski <marcin@python-works.com> parents: 1292 diff changeset	281 def full_contact(self):
166317d464f3 Added server side file editing with commit Marcin Kuzminski <marcin@python-works.com> parents: 1292 diff changeset	282 return '%s %s <%s>' % (self.name, self.lastname, self.email)
166317d464f3 Added server side file editing with commit Marcin Kuzminski <marcin@python-works.com> parents: 1292 diff changeset	283
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	284 def __repr__(self):
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	285 return "<AuthUser('id:%s:%s\|%s')>" % (self.user_id, self.username,
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	286 self.is_authenticated)
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	287
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	288 def set_authenticated(self, authenticated=True):
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	289
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	290 if self.user_id != self.anonymous_user.user_id:
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	291 self.is_authenticated = authenticated
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	292
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	293
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	294 def set_available_permissions(config):
895 62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	295 """This function will propagate pylons globals with all available defined
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	296 permission given in db. We don't want to check each time from db for new
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	297 permissions since adding a new permission also requires application restart
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	298 ie. to decorate new views with the newly created permission
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	299
895 62c04c5cc971 Added some more details into user edit permissions view Marcin Kuzminski <marcin@python-works.com> parents: 779 diff changeset	300 :param config: current pylons config instance
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	301
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	302 """
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	303 log.info('getting information about all available permissions')
350 664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	304 try:
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 612 diff changeset	305 sa = meta.Session()
350 664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	306 all_perms = sa.query(Permission).all()
629 7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 612 diff changeset	307 except:
7e536d1af60d Code refactoring,models renames Marcin Kuzminski <marcin@python-works.com> parents: 612 diff changeset	308 pass
350 664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	309 finally:
664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	310 meta.Session.remove()
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	311
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	312 config['available_permissions'] = [x.permission_name for x in all_perms]
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	313
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	314
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	315 #==============================================================================
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	316 # CHECK DECORATORS
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	317 #==============================================================================
190 d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	318 class LoginRequired(object):
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	319 """
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	320 Must be logged in to execute this function else
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	321 redirect to login page
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	322
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	323 :param api_access: if enabled this checks only for valid auth token
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	324 and grants access based on valid token
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	325 """
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	326
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	327 def __init__(self, api_access=False):
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	328 self.api_access = api_access
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	329
190 d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	330 def __call__(self, func):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	331 return decorator(self.__wrapper, func)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	332
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	333 def __wrapper(self, func, fargs, *fkwargs):
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	334 cls = fargs[0]
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	335 user = cls.rhodecode_user
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	336
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	337 api_access_ok = False
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	338 if self.api_access:
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	339 log.debug('Checking API KEY access for %s', cls)
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	340 if user.api_key == request.GET.get('api_key'):
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	341 api_access_ok = True
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	342 else:
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	343 log.debug("API KEY token not valid")
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	344
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	345 log.debug('Checking if %s is authenticated @ %s', user.username, cls)
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	346 if user.is_authenticated or api_access_ok:
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	347 log.debug('user %s is authenticated', user.username)
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	348 return func(fargs, *fkwargs)
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	349 else:
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	350 log.warn('user %s NOT authenticated', user.username)
1207 e61b7ba293db changed the way of generating url for came_from Marcin Kuzminski <marcin@python-works.com> parents: 1206 diff changeset	351 p = url.current()
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	352
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	353 log.debug('redirecting to login page with %s', p)
474 a3d9d24acbec Implemented password reset(forms/models/ tasks) and mailing tasks. Marcin Kuzminski <marcin@python-works.com> parents: 442 diff changeset	354 return redirect(url('login_home', came_from=p))
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	355
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	356
779 389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	357 class NotAnonymous(object):
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	358 """Must be logged in to execute this function else
779 389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	359 redirect to login page"""
389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	360
389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	361 def __call__(self, func):
389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	362 return decorator(self.__wrapper, func)
389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	363
389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	364 def __wrapper(self, func, fargs, *fkwargs):
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	365 cls = fargs[0]
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	366 self.user = cls.rhodecode_user
779 389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	367
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	368 log.debug('Checking if user is not anonymous @%s', cls)
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	369
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	370 anonymous = self.user.username == 'default'
779 389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	371
389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	372 if anonymous:
1335 40c8d18102a9 fixed redirection link in notAnonymous decorator Marcin Kuzminski <marcin@python-works.com> parents: 1307 diff changeset	373 p = url.current()
1056 520d27f40b51 #113 removed anonymous access from forking, added system messages in login box. Marcin Kuzminski <marcin@python-works.com> parents: 1040 diff changeset	374
520d27f40b51 #113 removed anonymous access from forking, added system messages in login box. Marcin Kuzminski <marcin@python-works.com> parents: 1040 diff changeset	375 import rhodecode.lib.helpers as h
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	376 h.flash(_('You need to be a registered user to '
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	377 'perform this action'),
1056 520d27f40b51 #113 removed anonymous access from forking, added system messages in login box. Marcin Kuzminski <marcin@python-works.com> parents: 1040 diff changeset	378 category='warning')
779 389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	379 return redirect(url('login_home', came_from=p))
389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	380 else:
389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	381 return func(fargs, *fkwargs)
389d02a5df52 Added isanonymous decorator for checking permissions for anonymous access Marcin Kuzminski <marcin@python-works.com> parents: 761 diff changeset	382
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	383
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	384 class PermsDecorator(object):
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	385 """Base class for controller decorators"""
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	386
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	387 def __init__(self, *required_perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	388 available_perms = config['available_permissions']
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	389 for perm in required_perms:
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	390 if perm not in available_perms:
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	391 raise Exception("'%s' permission is not defined" % perm)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	392 self.required_perms = set(required_perms)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	393 self.user_perms = None
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	394
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	395 def __call__(self, func):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	396 return decorator(self.__wrapper, func)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	397
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	398 def __wrapper(self, func, fargs, *fkwargs):
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	399 cls = fargs[0]
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	400 self.user = cls.rhodecode_user
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	401 self.user_perms = self.user.permissions
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	402 log.debug('checking %s permissions %s for %s %s',
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	403 self.__class__.__name__, self.required_perms, cls,
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	404 self.user)
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	405
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	406 if self.check_permissions():
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	407 log.debug('Permission granted for %s %s', cls, self.user)
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	408 return func(fargs, *fkwargs)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	409
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	410 else:
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	411 log.warning('Permission denied for %s %s', cls, self.user)
1336 e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	412
e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	413
e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	414 anonymous = self.user.username == 'default'
e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	415
e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	416 if anonymous:
e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	417 p = url.current()
e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	418
e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	419 import rhodecode.lib.helpers as h
e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	420 h.flash(_('You need to be a signed in to '
e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	421 'view this page'),
e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	422 category='warning')
e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	423 return redirect(url('login_home', came_from=p))
e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	424
e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	425 else:
e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	426 #redirect with forbidden ret code
e9fe4ff57cbb Do a redirect to login for anonymous users Marcin Kuzminski <marcin@python-works.com> parents: 1335 diff changeset	427 return abort(403)
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	428
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	429 def check_permissions(self):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	430 """Dummy function for overriding"""
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	431 raise Exception('You have to write this function in child class')
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	432
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	433
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	434 class HasPermissionAllDecorator(PermsDecorator):
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	435 """Checks for access permission for all given predicates. All of them
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	436 have to be meet in order to fulfill the request
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	437 """
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	438
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	439 def check_permissions(self):
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	440 if self.required_perms.issubset(self.user_perms.get('global')):
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	441 return True
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	442 return False
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	443
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	444
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	445 class HasPermissionAnyDecorator(PermsDecorator):
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	446 """Checks for access permission for any of given predicates. In order to
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	447 fulfill the request any of predicates must be meet
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	448 """
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	449
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	450 def check_permissions(self):
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	451 if self.required_perms.intersection(self.user_perms.get('global')):
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	452 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	453 return False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	454
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	455
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	456 class HasRepoPermissionAllDecorator(PermsDecorator):
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	457 """Checks for access permission for all given predicates for specific
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	458 repository. All of them have to be meet in order to fulfill the request
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	459 """
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	460
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	461 def check_permissions(self):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	462 repo_name = get_repo_slug(request)
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	463 try:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	464 user_perms = set([self.user_perms['repositories'][repo_name]])
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	465 except KeyError:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	466 return False
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	467 if self.required_perms.issubset(user_perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	468 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	469 return False
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	470
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	471
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	472 class HasRepoPermissionAnyDecorator(PermsDecorator):
1203 6832ef664673 source code cleanup: remove trailing white space, normalize file endings Marcin Kuzminski <marcin@python-works.com> parents: 1195 diff changeset	473 """Checks for access permission for any of given predicates for specific
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	474 repository. In order to fulfill the request any of predicates must be meet
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	475 """
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	476
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	477 def check_permissions(self):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	478 repo_name = get_repo_slug(request)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	479
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	480 try:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	481 user_perms = set([self.user_perms['repositories'][repo_name]])
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	482 except KeyError:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	483 return False
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	484 if self.required_perms.intersection(user_perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	485 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	486 return False
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	487
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	488
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	489 #==============================================================================
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	490 # CHECK FUNCTIONS
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	491 #==============================================================================
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	492 class PermsFunction(object):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	493 """Base function for other check functions"""
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	494
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	495 def __init__(self, *perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	496 available_perms = config['available_permissions']
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	497
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	498 for perm in perms:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	499 if perm not in available_perms:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	500 raise Exception("'%s' permission in not defined" % perm)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	501 self.required_perms = set(perms)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	502 self.user_perms = None
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	503 self.granted_for = ''
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	504 self.repo_name = None
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	505
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	506 def __call__(self, check_Location=''):
548 b75b77ef649d renamed hg_app to rhodecode Marcin Kuzminski <marcin@python-works.com> parents: 547 diff changeset	507 user = session.get('rhodecode_user', False)
333 f5f290d68646 fixed auth bug Marcin Kuzminski <marcin@python-works.com> parents: 316 diff changeset	508 if not user:
f5f290d68646 fixed auth bug Marcin Kuzminski <marcin@python-works.com> parents: 316 diff changeset	509 return False
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	510 self.user_perms = user.permissions
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	511 self.granted_for = user
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	512 log.debug('checking %s %s %s', self.__class__.__name__,
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	513 self.required_perms, user)
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	514
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	515 if self.check_permissions():
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	516 log.debug('Permission granted %s @ %s', self.granted_for,
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	517 check_Location or 'unspecified location')
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	518 return True
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	519
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	520 else:
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	521 log.warning('Permission denied for %s @ %s', self.granted_for,
6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	522 check_Location or 'unspecified location')
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	523 return False
dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	524
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	525 def check_permissions(self):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	526 """Dummy function for overriding"""
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	527 raise Exception('You have to write this function in child class')
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	528
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	529
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	530 class HasPermissionAll(PermsFunction):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	531 def check_permissions(self):
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	532 if self.required_perms.issubset(self.user_perms.get('global')):
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	533 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	534 return False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	535
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	536
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	537 class HasPermissionAny(PermsFunction):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	538 def check_permissions(self):
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	539 if self.required_perms.intersection(self.user_perms.get('global')):
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	540 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	541 return False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	542
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	543
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	544 class HasRepoPermissionAll(PermsFunction):
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	545
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	546 def __call__(self, repo_name=None, check_Location=''):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	547 self.repo_name = repo_name
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	548 return super(HasRepoPermissionAll, self).__call__(check_Location)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	549
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	550 def check_permissions(self):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	551 if not self.repo_name:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	552 self.repo_name = get_repo_slug(request)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	553
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	554 try:
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	555 self.user_perms = set([self.user_perms['reposit'
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	556 'ories'][self.repo_name]])
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	557 except KeyError:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	558 return False
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	559 self.granted_for = self.repo_name
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	560 if self.required_perms.issubset(self.user_perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	561 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	562 return False
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	563
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	564
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	565 class HasRepoPermissionAny(PermsFunction):
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	566
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	567 def __call__(self, repo_name=None, check_Location=''):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	568 self.repo_name = repo_name
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	569 return super(HasRepoPermissionAny, self).__call__(check_Location)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	570
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	571 def check_permissions(self):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	572 if not self.repo_name:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	573 self.repo_name = get_repo_slug(request)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	574
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	575 try:
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	576 self.user_perms = set([self.user_perms['reposi'
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	577 'tories'][self.repo_name]])
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	578 except KeyError:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	579 return False
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	580 self.granted_for = self.repo_name
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	581 if self.required_perms.intersection(self.user_perms):
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	582 return True
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	583 return False
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	584
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	585
9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	586 #==============================================================================
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	587 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
1246 9365a893ad4e PEP8ify Marcin Kuzminski <marcin@python-works.com> parents: 1207 diff changeset	588 #==============================================================================
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	589 class HasPermissionAnyMiddleware(object):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	590 def __init__(self, *perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	591 self.required_perms = set(perms)
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	592
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	593 def __call__(self, user, repo_name):
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	594 usr = AuthUser(user.user_id)
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	595 try:
1117 6eb5bb24a948 Major rewrite of auth objects. Moved parts of filling user data into user model. Marcin Kuzminski <marcin@python-works.com> parents: 1116 diff changeset	596 self.user_perms = set([usr.permissions['repositories'][repo_name]])
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	597 except:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	598 self.user_perms = set()
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	599 self.granted_for = ''
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	600 self.username = user.username
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	601 self.repo_name = repo_name
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	602 return self.check_permissions()
673 dd532af216d9 #49 Enabled anonymous access for web interface controllable from permissions pannel Marcin Kuzminski <marcin@python-works.com> parents: 629 diff changeset	603
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	604 def check_permissions(self):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	605 log.debug('checking mercurial protocol '
1040 8e49b6ceffe1 fixes fixes fixes ! optimized queries on journal Marcin Kuzminski <marcin@python-works.com> parents: 1036 diff changeset	606 'permissions %s for user:%s repository:%s', self.user_perms,
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	607 self.username, self.repo_name)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	608 if self.required_perms.intersection(self.user_perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	609 log.debug('permission granted')
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	610 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	611 log.debug('permission denied')
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	612 return False

Mercurial > kallithea

annotate rhodecode/lib/auth.py @ 1532:2afe9320d5e6 beta