Mercurial > kallithea
annotate rhodecode/lib/auth.py @ 1950:4ae17f819ee8 beta
#344 optional firstname lastname on user creation
- on display fallback to username if both empty
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Fri, 27 Jan 2012 04:46:00 +0200 |
| parents | 89efedac4e6c |
| children | a76e9bacbedc |
| rev | line source |
|---|---|
|
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
1 # -*- coding: utf-8 -*- |
|
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
2 """ |
|
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
3 rhodecode.lib.auth |
|
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
4 ~~~~~~~~~~~~~~~~~~ |
|
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
5 |
|
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
6 authentication and permission libraries |
|
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
7 |
|
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
8 :created_on: Apr 4, 2010 |
|
1824
89efedac4e6c
2012 copyrights
Marcin Kuzminski <marcin@python-works.com>
parents:
1818
diff
changeset
|
9 :author: marcink |
|
89efedac4e6c
2012 copyrights
Marcin Kuzminski <marcin@python-works.com>
parents:
1818
diff
changeset
|
10 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> |
|
1532
2afe9320d5e6
updated docstrings
Marcin Kuzminski <marcin@python-works.com>
parents:
1530
diff
changeset
|
11 :license: GPLv3, see COPYING for more details. |
|
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
12 """ |
|
1206
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
13 # This program is free software: you can redistribute it and/or modify |
|
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
14 # it under the terms of the GNU General Public License as published by |
|
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
15 # the Free Software Foundation, either version 3 of the License, or |
|
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
16 # (at your option) any later version. |
|
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
17 # |
|
252
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
239
diff
changeset
|
18 # This program is distributed in the hope that it will be useful, |
|
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
239
diff
changeset
|
19 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
239
diff
changeset
|
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
239
diff
changeset
|
21 # GNU General Public License for more details. |
|
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
22 # |
|
252
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
239
diff
changeset
|
23 # You should have received a copy of the GNU General Public License |
|
1206
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
24 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
381
55377fdc1fc6
cleared global application settings.
Marcin Kuzminski <marcin@python-works.com>
parents:
380
diff
changeset
|
25 |
|
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
26 import random |
|
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
27 import logging |
|
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
28 import traceback |
|
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
1056
diff
changeset
|
29 import hashlib |
|
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
30 |
|
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
1056
diff
changeset
|
31 from tempfile import _RandomNameSequence |
|
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
32 from decorator import decorator |
|
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
33 |
|
343
6484963056cd
implemented cache for repeated queries in simplehg mercurial requests
Marcin Kuzminski <marcin@python-works.com>
parents:
339
diff
changeset
|
34 from pylons import config, session, url, request |
| 52 | 35 from pylons.controllers.util import abort, redirect |
|
1056
520d27f40b51
#113 removed anonymous access from forking, added system messages in login box.
Marcin Kuzminski <marcin@python-works.com>
parents:
1040
diff
changeset
|
36 from pylons.i18n.translation import _ |
|
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
37 |
|
1195
74251f8004d2
merged freebsd support issue from default
Marcin Kuzminski <marcin@python-works.com>
parents:
1135
diff
changeset
|
38 from rhodecode import __platform__, PLATFORM_WIN, PLATFORM_OTHERS |
|
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1728
diff
changeset
|
39 from rhodecode.model.meta import Session |
|
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
40 |
|
1195
74251f8004d2
merged freebsd support issue from default
Marcin Kuzminski <marcin@python-works.com>
parents:
1135
diff
changeset
|
41 if __platform__ in PLATFORM_WIN: |
|
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
42 from hashlib import sha256 |
|
1195
74251f8004d2
merged freebsd support issue from default
Marcin Kuzminski <marcin@python-works.com>
parents:
1135
diff
changeset
|
43 if __platform__ in PLATFORM_OTHERS: |
|
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
44 import bcrypt |
|
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
45 |
|
1425
3dedf3991d40
fixes #173, many thanks for slestak for contributing into this one.
Marcin Kuzminski <marcin@python-works.com>
parents:
1336
diff
changeset
|
46 from rhodecode.lib import str2bool, safe_unicode |
|
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
47 from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError |
|
547
1e757ac98988
renamed project to rhodecode
Marcin Kuzminski <marcin@python-works.com>
parents:
508
diff
changeset
|
48 from rhodecode.lib.utils import get_repo_slug |
|
713
1bb0fcdec895
fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents:
705
diff
changeset
|
49 from rhodecode.lib.auth_ldap import AuthLdap |
|
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
50 |
|
547
1e757ac98988
renamed project to rhodecode
Marcin Kuzminski <marcin@python-works.com>
parents:
508
diff
changeset
|
51 from rhodecode.model import meta |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
52 from rhodecode.model.user import UserModel |
|
1633
2c0d35e336b5
refactoring of models names for repoGroup permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
1630
diff
changeset
|
53 from rhodecode.model.db import Permission, RhodeCodeSetting, User |
|
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
54 |
| 1246 | 55 log = logging.getLogger(__name__) |
|
343
6484963056cd
implemented cache for repeated queries in simplehg mercurial requests
Marcin Kuzminski <marcin@python-works.com>
parents:
339
diff
changeset
|
56 |
|
41
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
57 |
|
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
58 class PasswordGenerator(object): |
|
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
59 """ |
|
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1808
diff
changeset
|
60 This is a simple class for generating password from different sets of |
|
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
61 characters |
|
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
62 usage:: |
|
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
63 |
|
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
64 passwd_gen = PasswordGenerator() |
| 1246 | 65 #print 8-letter password containing only big and small letters |
| 66 of alphabet | |
|
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
67 print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL) |
|
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
68 """ |
| 1246 | 69 ALPHABETS_NUM = r'''1234567890''' |
| 70 ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm''' | |
| 71 ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM''' | |
| 72 ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?''' | |
| 73 ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \ | |
| 74 + ALPHABETS_NUM + ALPHABETS_SPECIAL | |
| 75 ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM | |
|
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
76 ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL |
| 1246 | 77 ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM |
| 78 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM | |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
79 |
|
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
80 def __init__(self, passwd=''): |
|
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
81 self.passwd = passwd |
|
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
82 |
|
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
83 def gen_password(self, len, type): |
|
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
84 self.passwd = ''.join([random.choice(type) for _ in xrange(len)]) |
|
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
85 return self.passwd |
|
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
86 |
| 1246 | 87 |
|
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
88 class RhodeCodeCrypto(object): |
|
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
89 |
|
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
90 @classmethod |
|
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
91 def hash_string(cls, str_): |
|
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
92 """ |
|
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
93 Cryptographic function used for password hashing based on pybcrypt |
|
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
94 or pycrypto in windows |
|
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
95 |
|
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
96 :param password: password to hash |
|
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
97 """ |
|
1195
74251f8004d2
merged freebsd support issue from default
Marcin Kuzminski <marcin@python-works.com>
parents:
1135
diff
changeset
|
98 if __platform__ in PLATFORM_WIN: |
|
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
99 return sha256(str_).hexdigest() |
|
1195
74251f8004d2
merged freebsd support issue from default
Marcin Kuzminski <marcin@python-works.com>
parents:
1135
diff
changeset
|
100 elif __platform__ in PLATFORM_OTHERS: |
|
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
101 return bcrypt.hashpw(str_, bcrypt.gensalt(10)) |
|
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
102 else: |
| 1246 | 103 raise Exception('Unknown or unsupported platform %s' \ |
| 104 % __platform__) | |
|
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
105 |
|
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
106 @classmethod |
|
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
107 def hash_check(cls, password, hashed): |
|
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
108 """ |
|
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
109 Checks matching password with it's hashed value, runs different |
|
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
110 implementation based on platform it runs on |
|
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
111 |
|
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
112 :param password: password |
|
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
113 :param hashed: password in hashed form |
|
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
114 """ |
|
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
115 |
|
1195
74251f8004d2
merged freebsd support issue from default
Marcin Kuzminski <marcin@python-works.com>
parents:
1135
diff
changeset
|
116 if __platform__ in PLATFORM_WIN: |
|
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
117 return sha256(password).hexdigest() == hashed |
|
1195
74251f8004d2
merged freebsd support issue from default
Marcin Kuzminski <marcin@python-works.com>
parents:
1135
diff
changeset
|
118 elif __platform__ in PLATFORM_OTHERS: |
|
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
119 return bcrypt.hashpw(password, hashed) == hashed |
|
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
120 else: |
| 1246 | 121 raise Exception('Unknown or unsupported platform %s' \ |
| 122 % __platform__) | |
|
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
123 |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
124 |
|
64
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
125 def get_crypt_password(password): |
|
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
126 return RhodeCodeCrypto.hash_string(password) |
|
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
127 |
| 1246 | 128 |
|
1118
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
129 def check_password(password, hashed): |
|
b0e2c949c34b
Fixed Windows installation based on work of Mantis406 fork: "Replace py-bcrypt to make Windows installation easier"
Marcin Kuzminski <marcin@python-works.com>
parents:
1117
diff
changeset
|
130 return RhodeCodeCrypto.hash_check(password, hashed) |
|
415
04e8b31fb245
Changed password crypting scheme to bcrypt, added dependency for setup
Marcin Kuzminski <marcin@python-works.com>
parents:
412
diff
changeset
|
131 |
|
1950
4ae17f819ee8
#344 optional firstname lastname on user creation
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
132 |
|
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
133 def generate_api_key(str_, salt=None): |
|
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
134 """ |
|
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
135 Generates API KEY from given string |
|
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1808
diff
changeset
|
136 |
|
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
137 :param str_: |
|
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
138 :param salt: |
|
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
139 """ |
|
1718
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
140 |
|
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
1056
diff
changeset
|
141 if salt is None: |
|
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
1056
diff
changeset
|
142 salt = _RandomNameSequence().next() |
|
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
1056
diff
changeset
|
143 |
|
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
144 return hashlib.sha1(str_ + salt).hexdigest() |
|
1116
716911af91e1
Added api_key into user, api key get's generated again after password change
Marcin Kuzminski <marcin@python-works.com>
parents:
1056
diff
changeset
|
145 |
| 1246 | 146 |
|
41
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
147 def authfunc(environ, username, password): |
|
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
148 """ |
|
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1808
diff
changeset
|
149 Dummy authentication wrapper function used in Mercurial and Git for |
| 1644 | 150 access control. |
|
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
151 |
|
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
152 :param environ: needed only for using in Basic auth |
|
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
153 """ |
|
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
154 return authenticate(username, password) |
|
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
155 |
|
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
156 |
|
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
157 def authenticate(username, password): |
|
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
158 """ |
|
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
159 Authentication function used for access control, |
|
699
52da7cba88a6
Code refactor for auth func, preparing for ldap support
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
160 firstly checks for db authentication then if ldap is enabled for ldap |
|
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
161 authentication, also creates ldap user if not in database |
|
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
162 |
|
699
52da7cba88a6
Code refactor for auth func, preparing for ldap support
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
163 :param username: username |
|
52da7cba88a6
Code refactor for auth func, preparing for ldap support
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
164 :param password: password |
|
52da7cba88a6
Code refactor for auth func, preparing for ldap support
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
165 """ |
|
1292
c0335c1dee36
added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents:
1290
diff
changeset
|
166 |
|
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
167 user_model = UserModel() |
|
1530
04027bdb876c
Refactoring of model get functions
Marcin Kuzminski <marcin@python-works.com>
parents:
1425
diff
changeset
|
168 user = User.get_by_username(username) |
|
699
52da7cba88a6
Code refactor for auth func, preparing for ldap support
Marcin Kuzminski <marcin@python-works.com>
parents:
692
diff
changeset
|
169 |
|
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
170 log.debug('Authenticating user using RhodeCode account') |
|
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
895
diff
changeset
|
171 if user is not None and not user.ldap_dn: |
|
64
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
172 if user.active: |
|
674
99875a8f2ad1
#49 Enabled anonymous access push and pull commands
Marcin Kuzminski <marcin@python-works.com>
parents:
673
diff
changeset
|
173 if user.username == 'default' and user.active: |
|
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
174 log.info('user %s authenticated correctly as anonymous user', |
|
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
175 username) |
|
674
99875a8f2ad1
#49 Enabled anonymous access push and pull commands
Marcin Kuzminski <marcin@python-works.com>
parents:
673
diff
changeset
|
176 return True |
|
99875a8f2ad1
#49 Enabled anonymous access push and pull commands
Marcin Kuzminski <marcin@python-works.com>
parents:
673
diff
changeset
|
177 |
| 1246 | 178 elif user.username == username and check_password(password, |
| 179 user.password): | |
|
41
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
180 log.info('user %s authenticated correctly', username) |
|
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
181 return True |
|
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
182 else: |
|
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
183 log.warning('user %s is disabled', username) |
|
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
184 |
|
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
185 else: |
|
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
186 log.debug('Regular authentication failed') |
|
1530
04027bdb876c
Refactoring of model get functions
Marcin Kuzminski <marcin@python-works.com>
parents:
1425
diff
changeset
|
187 user_obj = User.get_by_username(username, case_insensitive=True) |
|
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
188 |
|
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
895
diff
changeset
|
189 if user_obj is not None and not user_obj.ldap_dn: |
|
749
fcd4fb51526e
added debug message for ldap auth
Marcin Kuzminski <marcin@python-works.com>
parents:
748
diff
changeset
|
190 log.debug('this user already exists as non ldap') |
|
748
88338675a0f7
fixed ldap issue and small template fix
Marcin Kuzminski <marcin@python-works.com>
parents:
742
diff
changeset
|
191 return False |
|
88338675a0f7
fixed ldap issue and small template fix
Marcin Kuzminski <marcin@python-works.com>
parents:
742
diff
changeset
|
192 |
|
1633
2c0d35e336b5
refactoring of models names for repoGroup permissions
Marcin Kuzminski <marcin@python-works.com>
parents:
1630
diff
changeset
|
193 ldap_settings = RhodeCodeSetting.get_ldap_settings() |
|
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
194 #====================================================================== |
|
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
195 # FALLBACK TO LDAP AUTH IF ENABLE |
|
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
196 #====================================================================== |
|
1135
1aa1655bf019
fixed some config bool converter problems with ldap
Marcin Kuzminski <marcin@python-works.com>
parents:
1122
diff
changeset
|
197 if str2bool(ldap_settings.get('ldap_active')): |
|
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
198 log.debug("Authenticating user using ldap") |
|
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
199 kwargs = { |
| 1246 | 200 'server': ldap_settings.get('ldap_host', ''), |
| 201 'base_dn': ldap_settings.get('ldap_base_dn', ''), | |
| 202 'port': ldap_settings.get('ldap_port'), | |
| 203 'bind_dn': ldap_settings.get('ldap_dn_user'), | |
| 204 'bind_pass': ldap_settings.get('ldap_dn_pass'), | |
|
1290
74685a31cc43
Enable start_tls connection encryption.
"Lorenzo M. Catucci" <lorenzo@sancho.ccd.uniroma2.it>
parents:
1288
diff
changeset
|
205 'tls_kind': ldap_settings.get('ldap_tls_kind'), |
| 1246 | 206 'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'), |
| 207 'ldap_filter': ldap_settings.get('ldap_filter'), | |
| 208 'search_scope': ldap_settings.get('ldap_search_scope'), | |
| 209 'attr_login': ldap_settings.get('ldap_attr_login'), | |
| 210 'ldap_version': 3, | |
|
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
211 } |
|
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
212 log.debug('Checking for ldap authentication') |
|
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
213 try: |
|
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
214 aldap = AuthLdap(**kwargs) |
| 1246 | 215 (user_dn, ldap_attrs) = aldap.authenticate_ldap(username, |
| 216 password) | |
|
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
895
diff
changeset
|
217 log.debug('Got ldap DN response %s', user_dn) |
|
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
218 |
| 1307 | 219 get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\ |
|
1292
c0335c1dee36
added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents:
1290
diff
changeset
|
220 .get(k), [''])[0] |
|
c0335c1dee36
added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents:
1290
diff
changeset
|
221 |
|
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
895
diff
changeset
|
222 user_attrs = { |
|
1425
3dedf3991d40
fixes #173, many thanks for slestak for contributing into this one.
Marcin Kuzminski <marcin@python-works.com>
parents:
1336
diff
changeset
|
223 'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')), |
|
3dedf3991d40
fixes #173, many thanks for slestak for contributing into this one.
Marcin Kuzminski <marcin@python-works.com>
parents:
1336
diff
changeset
|
224 'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')), |
|
3dedf3991d40
fixes #173, many thanks for slestak for contributing into this one.
Marcin Kuzminski <marcin@python-works.com>
parents:
1336
diff
changeset
|
225 'email': get_ldap_attr('ldap_attr_email'), |
|
3dedf3991d40
fixes #173, many thanks for slestak for contributing into this one.
Marcin Kuzminski <marcin@python-works.com>
parents:
1336
diff
changeset
|
226 } |
|
991
b232a36cc51f
Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents:
895
diff
changeset
|
227 |
| 1246 | 228 if user_model.create_ldap(username, password, user_dn, |
| 229 user_attrs): | |
|
1016
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
230 log.info('created new ldap user %s', username) |
|
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1808
diff
changeset
|
231 |
|
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1808
diff
changeset
|
232 Session.commit() |
|
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
233 return True |
|
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
234 except (LdapUsernameError, LdapPasswordError,): |
|
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
235 pass |
|
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
236 except (Exception,): |
|
705
9e9f1b919c0c
implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents:
699
diff
changeset
|
237 log.error(traceback.format_exc()) |
|
761
56c2850a5b5f
ldap auth rewrite, moved split authfunc into two functions,
Marcin Kuzminski <marcin@python-works.com>
parents:
749
diff
changeset
|
238 pass |
|
41
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
239 return False |
|
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
240 |
|
1950
4ae17f819ee8
#344 optional firstname lastname on user creation
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
241 |
|
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
242 def login_container_auth(username): |
|
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
243 user = User.get_by_username(username) |
|
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
244 if user is None: |
|
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
245 user_attrs = { |
|
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
246 'name': username, |
|
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
247 'lastname': None, |
|
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
248 'email': None, |
|
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
249 } |
|
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1728
diff
changeset
|
250 user = UserModel().create_for_container_auth(username, user_attrs) |
|
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
251 if not user: |
|
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
252 return None |
|
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
253 log.info('User %s was created by container authentication', username) |
|
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
254 |
|
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
255 if not user.active: |
|
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
256 return None |
|
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
257 |
|
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
258 user.update_lastlogin() |
|
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1728
diff
changeset
|
259 Session.commit() |
|
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1808
diff
changeset
|
260 |
|
1718
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
261 log.debug('User %s is now logged in by container authentication', |
|
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
262 user.username) |
|
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
263 return user |
|
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
264 |
|
1950
4ae17f819ee8
#344 optional firstname lastname on user creation
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
265 |
|
1630
25d8e4836bc2
Improved container-based auth support for middleware
Liad Shani <liadff@gmail.com>
parents:
1628
diff
changeset
|
266 def get_container_username(environ, config): |
|
25d8e4836bc2
Improved container-based auth support for middleware
Liad Shani <liadff@gmail.com>
parents:
1628
diff
changeset
|
267 username = None |
|
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
268 |
|
1630
25d8e4836bc2
Improved container-based auth support for middleware
Liad Shani <liadff@gmail.com>
parents:
1628
diff
changeset
|
269 if str2bool(config.get('container_auth_enabled', False)): |
|
25d8e4836bc2
Improved container-based auth support for middleware
Liad Shani <liadff@gmail.com>
parents:
1628
diff
changeset
|
270 from paste.httpheaders import REMOTE_USER |
|
25d8e4836bc2
Improved container-based auth support for middleware
Liad Shani <liadff@gmail.com>
parents:
1628
diff
changeset
|
271 username = REMOTE_USER(environ) |
|
25d8e4836bc2
Improved container-based auth support for middleware
Liad Shani <liadff@gmail.com>
parents:
1628
diff
changeset
|
272 |
|
25d8e4836bc2
Improved container-based auth support for middleware
Liad Shani <liadff@gmail.com>
parents:
1628
diff
changeset
|
273 if not username and str2bool(config.get('proxypass_auth_enabled', False)): |
|
1617
cf128ced8c85
Improved container-based auth implementation and added support for a reverse-proxy setup (using the X-Forwarded-User header)
Liad Shani <liadff@gmail.com>
parents:
1614
diff
changeset
|
274 username = environ.get('HTTP_X_FORWARDED_USER') |
|
cf128ced8c85
Improved container-based auth implementation and added support for a reverse-proxy setup (using the X-Forwarded-User header)
Liad Shani <liadff@gmail.com>
parents:
1614
diff
changeset
|
275 |
|
1630
25d8e4836bc2
Improved container-based auth support for middleware
Liad Shani <liadff@gmail.com>
parents:
1628
diff
changeset
|
276 if username: |
|
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
277 # Removing realm and domain from username |
|
1617
cf128ced8c85
Improved container-based auth implementation and added support for a reverse-proxy setup (using the X-Forwarded-User header)
Liad Shani <liadff@gmail.com>
parents:
1614
diff
changeset
|
278 username = username.partition('@')[0] |
|
cf128ced8c85
Improved container-based auth implementation and added support for a reverse-proxy setup (using the X-Forwarded-User header)
Liad Shani <liadff@gmail.com>
parents:
1614
diff
changeset
|
279 username = username.rpartition('\\')[2] |
|
cf128ced8c85
Improved container-based auth implementation and added support for a reverse-proxy setup (using the X-Forwarded-User header)
Liad Shani <liadff@gmail.com>
parents:
1614
diff
changeset
|
280 log.debug('Received username %s from container', username) |
|
cf128ced8c85
Improved container-based auth implementation and added support for a reverse-proxy setup (using the X-Forwarded-User header)
Liad Shani <liadff@gmail.com>
parents:
1614
diff
changeset
|
281 |
|
cf128ced8c85
Improved container-based auth implementation and added support for a reverse-proxy setup (using the X-Forwarded-User header)
Liad Shani <liadff@gmail.com>
parents:
1614
diff
changeset
|
282 return username |
| 1246 | 283 |
|
1950
4ae17f819ee8
#344 optional firstname lastname on user creation
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
284 |
|
190
d8eb7ee27b4c
Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents:
96
diff
changeset
|
285 class AuthUser(object): |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
286 """ |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
287 A simple object that handles all attributes of user in RhodeCode |
|
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
288 |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
289 It does lookup based on API key,given user, or user present in session |
|
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
290 Then it fills all required information for such user. It also checks if |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
291 anonymous access is enabled and if so, it returns default user as logged |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
292 in |
|
190
d8eb7ee27b4c
Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents:
96
diff
changeset
|
293 """ |
|
1016
3790279d2538
#56 added propagation of permission from group
Marcin Kuzminski <marcin@python-works.com>
parents:
991
diff
changeset
|
294 |
|
1613
6cab36e31f09
Added container-based authentication support
Liad Shani <liadff@gmail.com>
parents:
1425
diff
changeset
|
295 def __init__(self, user_id=None, api_key=None, username=None): |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
296 |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
297 self.user_id = user_id |
|
1120
a8d759613d8f
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal
Marcin Kuzminski <marcin@python-works.com>
parents:
1118
diff
changeset
|
298 self.api_key = None |
|
1617
cf128ced8c85
Improved container-based auth implementation and added support for a reverse-proxy setup (using the X-Forwarded-User header)
Liad Shani <liadff@gmail.com>
parents:
1614
diff
changeset
|
299 self.username = username |
|
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
300 |
|
355
5bbcc0cac389
added session remove in forms, and added name and lastname to auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
350
diff
changeset
|
301 self.name = '' |
|
5bbcc0cac389
added session remove in forms, and added name and lastname to auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
350
diff
changeset
|
302 self.lastname = '' |
|
404
a10bdd0b05a7
fixed user email for gravatars
Marcin Kuzminski <marcin@python-works.com>
parents:
399
diff
changeset
|
303 self.email = '' |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
304 self.is_authenticated = False |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
305 self.admin = False |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
306 self.permissions = {} |
|
1120
a8d759613d8f
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal
Marcin Kuzminski <marcin@python-works.com>
parents:
1118
diff
changeset
|
307 self._api_key = api_key |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
308 self.propagate_data() |
|
1950
4ae17f819ee8
#344 optional firstname lastname on user creation
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
309 self._instance = None |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
310 |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
311 def propagate_data(self): |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
312 user_model = UserModel() |
|
1728
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1718
diff
changeset
|
313 self.anonymous_user = User.get_by_username('default', cache=True) |
|
1613
6cab36e31f09
Added container-based authentication support
Liad Shani <liadff@gmail.com>
parents:
1425
diff
changeset
|
314 is_user_loaded = False |
|
1718
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
315 |
|
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
316 # try go get user by api key |
|
1122
31e82d872631
disabled api key for anonymous users, and added api_key to rss/atom links for other users
Marcin Kuzminski <marcin@python-works.com>
parents:
1120
diff
changeset
|
317 if self._api_key and self._api_key != self.anonymous_user.api_key: |
|
1120
a8d759613d8f
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal
Marcin Kuzminski <marcin@python-works.com>
parents:
1118
diff
changeset
|
318 log.debug('Auth User lookup by API KEY %s', self._api_key) |
|
1618
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1617
diff
changeset
|
319 is_user_loaded = user_model.fill_data(self, api_key=self._api_key) |
|
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1808
diff
changeset
|
320 # lookup by userid |
|
1718
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
321 elif (self.user_id is not None and |
|
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
322 self.user_id != self.anonymous_user.user_id): |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
323 log.debug('Auth User lookup by USER ID %s', self.user_id) |
|
1618
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1617
diff
changeset
|
324 is_user_loaded = user_model.fill_data(self, user_id=self.user_id) |
|
1808
ff788e390497
fix issue #323 auth by suername only if container auth is enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
325 # lookup by username |
|
ff788e390497
fix issue #323 auth by suername only if container auth is enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
326 elif self.username and \ |
|
ff788e390497
fix issue #323 auth by suername only if container auth is enabled
Marcin Kuzminski <marcin@python-works.com>
parents:
1749
diff
changeset
|
327 str2bool(config.get('container_auth_enabled', False)): |
|
1818
cf51bbfb120e
auto white-space removal
Marcin Kuzminski <marcin@python-works.com>
parents:
1808
diff
changeset
|
328 |
|
1613
6cab36e31f09
Added container-based authentication support
Liad Shani <liadff@gmail.com>
parents:
1425
diff
changeset
|
329 log.debug('Auth User lookup by USER NAME %s', self.username) |
|
1621
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
330 dbuser = login_container_auth(self.username) |
|
cbc2b1913cdf
Added basic automatic user creation for container auth
Liad Shani <liadff@gmail.com>
parents:
1618
diff
changeset
|
331 if dbuser is not None: |
|
1613
6cab36e31f09
Added container-based authentication support
Liad Shani <liadff@gmail.com>
parents:
1425
diff
changeset
|
332 for k, v in dbuser.get_dict().items(): |
|
6cab36e31f09
Added container-based authentication support
Liad Shani <liadff@gmail.com>
parents:
1425
diff
changeset
|
333 setattr(self, k, v) |
|
6cab36e31f09
Added container-based authentication support
Liad Shani <liadff@gmail.com>
parents:
1425
diff
changeset
|
334 self.set_authenticated() |
|
6cab36e31f09
Added container-based authentication support
Liad Shani <liadff@gmail.com>
parents:
1425
diff
changeset
|
335 is_user_loaded = True |
|
6cab36e31f09
Added container-based authentication support
Liad Shani <liadff@gmail.com>
parents:
1425
diff
changeset
|
336 |
|
6cab36e31f09
Added container-based authentication support
Liad Shani <liadff@gmail.com>
parents:
1425
diff
changeset
|
337 if not is_user_loaded: |
|
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
338 # if we cannot authenticate user try anonymous |
|
1613
6cab36e31f09
Added container-based authentication support
Liad Shani <liadff@gmail.com>
parents:
1425
diff
changeset
|
339 if self.anonymous_user.active is True: |
|
1718
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
340 user_model.fill_data(self, user_id=self.anonymous_user.user_id) |
|
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
341 # then we set this user is logged in |
|
1613
6cab36e31f09
Added container-based authentication support
Liad Shani <liadff@gmail.com>
parents:
1425
diff
changeset
|
342 self.is_authenticated = True |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
343 else: |
|
1618
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1617
diff
changeset
|
344 self.user_id = None |
|
9353189b7675
Added automatic logout of deactivated/deleted users
Liad Shani <liadff@gmail.com>
parents:
1617
diff
changeset
|
345 self.username = None |
|
1613
6cab36e31f09
Added container-based authentication support
Liad Shani <liadff@gmail.com>
parents:
1425
diff
changeset
|
346 self.is_authenticated = False |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
347 |
|
1617
cf128ced8c85
Improved container-based auth implementation and added support for a reverse-proxy setup (using the X-Forwarded-User header)
Liad Shani <liadff@gmail.com>
parents:
1614
diff
changeset
|
348 if not self.username: |
|
cf128ced8c85
Improved container-based auth implementation and added support for a reverse-proxy setup (using the X-Forwarded-User header)
Liad Shani <liadff@gmail.com>
parents:
1614
diff
changeset
|
349 self.username = 'None' |
|
cf128ced8c85
Improved container-based auth implementation and added support for a reverse-proxy setup (using the X-Forwarded-User header)
Liad Shani <liadff@gmail.com>
parents:
1614
diff
changeset
|
350 |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
351 log.debug('Auth User is now %s', self) |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
352 user_model.fill_perms(self) |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
353 |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
354 @property |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
355 def is_admin(self): |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
356 return self.admin |
|
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
357 |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
358 def __repr__(self): |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
359 return "<AuthUser('id:%s:%s|%s')>" % (self.user_id, self.username, |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
360 self.is_authenticated) |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
361 |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
362 def set_authenticated(self, authenticated=True): |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
363 if self.user_id != self.anonymous_user.user_id: |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
364 self.is_authenticated = authenticated |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
365 |
|
1718
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
366 def get_cookie_store(self): |
|
1950
4ae17f819ee8
#344 optional firstname lastname on user creation
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
367 return {'username': self.username, |
|
1718
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
368 'user_id': self.user_id, |
|
1950
4ae17f819ee8
#344 optional firstname lastname on user creation
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
369 'is_authenticated': self.is_authenticated} |
|
1718
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
370 |
|
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
371 @classmethod |
|
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
372 def from_cookie_store(cls, cookie_store): |
|
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
373 user_id = cookie_store.get('user_id') |
|
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
374 username = cookie_store.get('username') |
|
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
375 api_key = cookie_store.get('api_key') |
|
f78bee8eec78
reduce cookie size for better support of client side sessions
Marcin Kuzminski <marcin@python-works.com>
parents:
1716
diff
changeset
|
376 return AuthUser(user_id, api_key, username) |
|
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
377 |
|
1950
4ae17f819ee8
#344 optional firstname lastname on user creation
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
378 |
|
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
379 def set_available_permissions(config): |
|
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
380 """ |
|
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
381 This function will propagate pylons globals with all available defined |
|
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
382 permission given in db. We don't want to check each time from db for new |
|
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
383 permissions since adding a new permission also requires application restart |
|
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
384 ie. to decorate new views with the newly created permission |
|
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
385 |
|
895
62c04c5cc971
Added some more details into user edit permissions view
Marcin Kuzminski <marcin@python-works.com>
parents:
779
diff
changeset
|
386 :param config: current pylons config instance |
|
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
387 |
|
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
388 """ |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
389 log.info('getting information about all available permissions') |
|
350
664a5b8c551a
Added application settings, are now customizable from database
Marcin Kuzminski <marcin@python-works.com>
parents:
343
diff
changeset
|
390 try: |
|
1749
8ecc6b8229a5
commit less models
Marcin Kuzminski <marcin@python-works.com>
parents:
1728
diff
changeset
|
391 sa = meta.Session |
|
350
664a5b8c551a
Added application settings, are now customizable from database
Marcin Kuzminski <marcin@python-works.com>
parents:
343
diff
changeset
|
392 all_perms = sa.query(Permission).all() |
|
1950
4ae17f819ee8
#344 optional firstname lastname on user creation
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
393 except Exception: |
|
629
7e536d1af60d
Code refactoring,models renames
Marcin Kuzminski <marcin@python-works.com>
parents:
612
diff
changeset
|
394 pass |
|
350
664a5b8c551a
Added application settings, are now customizable from database
Marcin Kuzminski <marcin@python-works.com>
parents:
343
diff
changeset
|
395 finally: |
|
664a5b8c551a
Added application settings, are now customizable from database
Marcin Kuzminski <marcin@python-works.com>
parents:
343
diff
changeset
|
396 meta.Session.remove() |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
397 |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
398 config['available_permissions'] = [x.permission_name for x in all_perms] |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
399 |
| 1246 | 400 |
| 401 #============================================================================== | |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
402 # CHECK DECORATORS |
| 1246 | 403 #============================================================================== |
|
190
d8eb7ee27b4c
Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents:
96
diff
changeset
|
404 class LoginRequired(object): |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
405 """ |
|
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
406 Must be logged in to execute this function else |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
407 redirect to login page |
|
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
1195
diff
changeset
|
408 |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
409 :param api_access: if enabled this checks only for valid auth token |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
410 and grants access based on valid token |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
411 """ |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
412 |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
413 def __init__(self, api_access=False): |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
414 self.api_access = api_access |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
415 |
|
190
d8eb7ee27b4c
Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents:
96
diff
changeset
|
416 def __call__(self, func): |
|
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
417 return decorator(self.__wrapper, func) |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
418 |
|
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
419 def __wrapper(self, func, *fargs, **fkwargs): |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
420 cls = fargs[0] |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
421 user = cls.rhodecode_user |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
422 |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
423 api_access_ok = False |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
424 if self.api_access: |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
425 log.debug('Checking API KEY access for %s', cls) |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
426 if user.api_key == request.GET.get('api_key'): |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
427 api_access_ok = True |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
428 else: |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
429 log.debug("API KEY token not valid") |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
430 |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
431 log.debug('Checking if %s is authenticated @ %s', user.username, cls) |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
432 if user.is_authenticated or api_access_ok: |
|
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
433 log.debug('user %s is authenticated', user.username) |
|
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
434 return func(*fargs, **fkwargs) |
|
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
435 else: |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
436 log.warn('user %s NOT authenticated', user.username) |
|
1207
e61b7ba293db
changed the way of generating url for came_from
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
437 p = url.current() |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
438 |
|
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
439 log.debug('redirecting to login page with %s', p) |
|
474
a3d9d24acbec
Implemented password reset(forms/models/ tasks) and mailing tasks.
Marcin Kuzminski <marcin@python-works.com>
parents:
442
diff
changeset
|
440 return redirect(url('login_home', came_from=p)) |
|
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
441 |
| 1246 | 442 |
|
779
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
443 class NotAnonymous(object): |
|
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
444 """ |
|
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
445 Must be logged in to execute this function else |
|
779
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
446 redirect to login page""" |
|
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
447 |
|
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
448 def __call__(self, func): |
|
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
449 return decorator(self.__wrapper, func) |
|
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
450 |
|
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
451 def __wrapper(self, func, *fargs, **fkwargs): |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
452 cls = fargs[0] |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
453 self.user = cls.rhodecode_user |
|
779
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
454 |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
455 log.debug('Checking if user is not anonymous @%s', cls) |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
456 |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
457 anonymous = self.user.username == 'default' |
|
779
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
458 |
|
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
459 if anonymous: |
|
1335
40c8d18102a9
fixed redirection link in notAnonymous decorator
Marcin Kuzminski <marcin@python-works.com>
parents:
1307
diff
changeset
|
460 p = url.current() |
|
1056
520d27f40b51
#113 removed anonymous access from forking, added system messages in login box.
Marcin Kuzminski <marcin@python-works.com>
parents:
1040
diff
changeset
|
461 |
|
520d27f40b51
#113 removed anonymous access from forking, added system messages in login box.
Marcin Kuzminski <marcin@python-works.com>
parents:
1040
diff
changeset
|
462 import rhodecode.lib.helpers as h |
| 1246 | 463 h.flash(_('You need to be a registered user to ' |
| 464 'perform this action'), | |
|
1056
520d27f40b51
#113 removed anonymous access from forking, added system messages in login box.
Marcin Kuzminski <marcin@python-works.com>
parents:
1040
diff
changeset
|
465 category='warning') |
|
779
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
466 return redirect(url('login_home', came_from=p)) |
|
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
467 else: |
|
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
468 return func(*fargs, **fkwargs) |
|
389d02a5df52
Added isanonymous decorator for checking permissions for anonymous access
Marcin Kuzminski <marcin@python-works.com>
parents:
761
diff
changeset
|
469 |
| 1246 | 470 |
|
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
471 class PermsDecorator(object): |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
472 """Base class for controller decorators""" |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
473 |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
474 def __init__(self, *required_perms): |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
475 available_perms = config['available_permissions'] |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
476 for perm in required_perms: |
|
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
477 if perm not in available_perms: |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
478 raise Exception("'%s' permission is not defined" % perm) |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
479 self.required_perms = set(required_perms) |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
480 self.user_perms = None |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
481 |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
482 def __call__(self, func): |
|
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
483 return decorator(self.__wrapper, func) |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
484 |
|
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
485 def __wrapper(self, func, *fargs, **fkwargs): |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
486 cls = fargs[0] |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
487 self.user = cls.rhodecode_user |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
488 self.user_perms = self.user.permissions |
|
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
489 log.debug('checking %s permissions %s for %s %s', |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
490 self.__class__.__name__, self.required_perms, cls, |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
491 self.user) |
|
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
492 |
|
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
493 if self.check_permissions(): |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
494 log.debug('Permission granted for %s %s', cls, self.user) |
|
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
495 return func(*fargs, **fkwargs) |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
496 |
|
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
497 else: |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
498 log.warning('Permission denied for %s %s', cls, self.user) |
|
1336
e9fe4ff57cbb
Do a redirect to login for anonymous users
Marcin Kuzminski <marcin@python-works.com>
parents:
1335
diff
changeset
|
499 anonymous = self.user.username == 'default' |
|
e9fe4ff57cbb
Do a redirect to login for anonymous users
Marcin Kuzminski <marcin@python-works.com>
parents:
1335
diff
changeset
|
500 |
|
e9fe4ff57cbb
Do a redirect to login for anonymous users
Marcin Kuzminski <marcin@python-works.com>
parents:
1335
diff
changeset
|
501 if anonymous: |
|
e9fe4ff57cbb
Do a redirect to login for anonymous users
Marcin Kuzminski <marcin@python-works.com>
parents:
1335
diff
changeset
|
502 p = url.current() |
|
e9fe4ff57cbb
Do a redirect to login for anonymous users
Marcin Kuzminski <marcin@python-works.com>
parents:
1335
diff
changeset
|
503 |
|
e9fe4ff57cbb
Do a redirect to login for anonymous users
Marcin Kuzminski <marcin@python-works.com>
parents:
1335
diff
changeset
|
504 import rhodecode.lib.helpers as h |
|
e9fe4ff57cbb
Do a redirect to login for anonymous users
Marcin Kuzminski <marcin@python-works.com>
parents:
1335
diff
changeset
|
505 h.flash(_('You need to be a signed in to ' |
|
e9fe4ff57cbb
Do a redirect to login for anonymous users
Marcin Kuzminski <marcin@python-works.com>
parents:
1335
diff
changeset
|
506 'view this page'), |
|
e9fe4ff57cbb
Do a redirect to login for anonymous users
Marcin Kuzminski <marcin@python-works.com>
parents:
1335
diff
changeset
|
507 category='warning') |
|
e9fe4ff57cbb
Do a redirect to login for anonymous users
Marcin Kuzminski <marcin@python-works.com>
parents:
1335
diff
changeset
|
508 return redirect(url('login_home', came_from=p)) |
|
e9fe4ff57cbb
Do a redirect to login for anonymous users
Marcin Kuzminski <marcin@python-works.com>
parents:
1335
diff
changeset
|
509 |
|
e9fe4ff57cbb
Do a redirect to login for anonymous users
Marcin Kuzminski <marcin@python-works.com>
parents:
1335
diff
changeset
|
510 else: |
|
1628
de71a4bde097
Some code cleanups and fixes
Marcin Kuzminski <marcin@python-works.com>
parents:
1621
diff
changeset
|
511 # redirect with forbidden ret code |
|
1336
e9fe4ff57cbb
Do a redirect to login for anonymous users
Marcin Kuzminski <marcin@python-works.com>
parents:
1335
diff
changeset
|
512 return abort(403) |
|
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
513 |
|
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
514 def check_permissions(self): |
|
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
515 """Dummy function for overriding""" |
|
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
516 raise Exception('You have to write this function in child class') |
|
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
517 |
| 1246 | 518 |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
519 class HasPermissionAllDecorator(PermsDecorator): |
|
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
520 """ |
|
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
521 Checks for access permission for all given predicates. All of them |
|
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
522 have to be meet in order to fulfill the request |
|
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
523 """ |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
524 |
|
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
525 def check_permissions(self): |
|
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
526 if self.required_perms.issubset(self.user_perms.get('global')): |
|
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
527 return True |
|
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
528 return False |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
529 |
|
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
530 |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
531 class HasPermissionAnyDecorator(PermsDecorator): |
|
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
532 """ |
|
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
533 Checks for access permission for any of given predicates. In order to |
|
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
534 fulfill the request any of predicates must be meet |
|
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
535 """ |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
536 |
|
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
537 def check_permissions(self): |
|
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
538 if self.required_perms.intersection(self.user_perms.get('global')): |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
539 return True |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
540 return False |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
541 |
| 1246 | 542 |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
543 class HasRepoPermissionAllDecorator(PermsDecorator): |
|
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
544 """ |
|
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
545 Checks for access permission for all given predicates for specific |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
546 repository. All of them have to be meet in order to fulfill the request |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
547 """ |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
548 |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
549 def check_permissions(self): |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
550 repo_name = get_repo_slug(request) |
|
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
551 try: |
|
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
552 user_perms = set([self.user_perms['repositories'][repo_name]]) |
|
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
553 except KeyError: |
|
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
554 return False |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
555 if self.required_perms.issubset(user_perms): |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
556 return True |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
557 return False |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
558 |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
559 |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
560 class HasRepoPermissionAnyDecorator(PermsDecorator): |
|
1716
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
561 """ |
|
7d1fc253549e
notification to commit author + gardening
Marcin Kuzminski <marcin@python-works.com>
parents:
1644
diff
changeset
|
562 Checks for access permission for any of given predicates for specific |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
563 repository. In order to fulfill the request any of predicates must be meet |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
564 """ |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
565 |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
566 def check_permissions(self): |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
567 repo_name = get_repo_slug(request) |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
568 |
|
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
569 try: |
|
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
570 user_perms = set([self.user_perms['repositories'][repo_name]]) |
|
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
571 except KeyError: |
|
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
572 return False |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
573 if self.required_perms.intersection(user_perms): |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
574 return True |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
575 return False |
| 1246 | 576 |
| 577 | |
| 578 #============================================================================== | |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
579 # CHECK FUNCTIONS |
| 1246 | 580 #============================================================================== |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
581 class PermsFunction(object): |
|
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
582 """Base function for other check functions""" |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
583 |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
584 def __init__(self, *perms): |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
585 available_perms = config['available_permissions'] |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
586 |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
587 for perm in perms: |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
588 if perm not in available_perms: |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
589 raise Exception("'%s' permission in not defined" % perm) |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
590 self.required_perms = set(perms) |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
591 self.user_perms = None |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
592 self.granted_for = '' |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
593 self.repo_name = None |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
594 |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
595 def __call__(self, check_Location=''): |
|
1728
07e56179633e
- fixes celery sqlalchemy session issues for async forking
Marcin Kuzminski <marcin@python-works.com>
parents:
1718
diff
changeset
|
596 user = request.user |
| 333 | 597 if not user: |
| 598 return False | |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
599 self.user_perms = user.permissions |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
600 self.granted_for = user |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
601 log.debug('checking %s %s %s', self.__class__.__name__, |
|
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
602 self.required_perms, user) |
|
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
603 |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
604 if self.check_permissions(): |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
605 log.debug('Permission granted %s @ %s', self.granted_for, |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
606 check_Location or 'unspecified location') |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
607 return True |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
608 |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
609 else: |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
610 log.warning('Permission denied for %s @ %s', self.granted_for, |
|
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
611 check_Location or 'unspecified location') |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
612 return False |
|
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
613 |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
614 def check_permissions(self): |
|
377
bd8b25ad058d
Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible
Marcin Kuzminski <marcin@python-works.com>
parents:
371
diff
changeset
|
615 """Dummy function for overriding""" |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
616 raise Exception('You have to write this function in child class') |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
617 |
| 1246 | 618 |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
619 class HasPermissionAll(PermsFunction): |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
620 def check_permissions(self): |
|
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
621 if self.required_perms.issubset(self.user_perms.get('global')): |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
622 return True |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
623 return False |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
624 |
| 1246 | 625 |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
626 class HasPermissionAny(PermsFunction): |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
627 def check_permissions(self): |
|
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
628 if self.required_perms.intersection(self.user_perms.get('global')): |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
629 return True |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
630 return False |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
631 |
| 1246 | 632 |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
633 class HasRepoPermissionAll(PermsFunction): |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
634 |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
635 def __call__(self, repo_name=None, check_Location=''): |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
636 self.repo_name = repo_name |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
637 return super(HasRepoPermissionAll, self).__call__(check_Location) |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
638 |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
639 def check_permissions(self): |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
640 if not self.repo_name: |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
641 self.repo_name = get_repo_slug(request) |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
642 |
|
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
643 try: |
| 1246 | 644 self.user_perms = set([self.user_perms['reposit' |
| 645 'ories'][self.repo_name]]) | |
|
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
646 except KeyError: |
|
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
647 return False |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
648 self.granted_for = self.repo_name |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
649 if self.required_perms.issubset(self.user_perms): |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
650 return True |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
651 return False |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
652 |
| 1246 | 653 |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
654 class HasRepoPermissionAny(PermsFunction): |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
655 |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
656 def __call__(self, repo_name=None, check_Location=''): |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
657 self.repo_name = repo_name |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
658 return super(HasRepoPermissionAny, self).__call__(check_Location) |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
659 |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
660 def check_permissions(self): |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
661 if not self.repo_name: |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
662 self.repo_name = get_repo_slug(request) |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
663 |
|
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
664 try: |
| 1246 | 665 self.user_perms = set([self.user_perms['reposi' |
| 666 'tories'][self.repo_name]]) | |
|
339
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
667 except KeyError: |
|
5d517bbf0a0d
some extra checks for auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
333
diff
changeset
|
668 return False |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
669 self.granted_for = self.repo_name |
|
239
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
670 if self.required_perms.intersection(self.user_perms): |
|
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
671 return True |
|
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
672 return False |
|
b18f89d6d17f
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents:
234
diff
changeset
|
673 |
| 1246 | 674 |
| 675 #============================================================================== | |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
676 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH |
| 1246 | 677 #============================================================================== |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
678 class HasPermissionAnyMiddleware(object): |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
679 def __init__(self, *perms): |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
680 self.required_perms = set(perms) |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
681 |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
682 def __call__(self, user, repo_name): |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
683 usr = AuthUser(user.user_id) |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
684 try: |
|
1117
6eb5bb24a948
Major rewrite of auth objects. Moved parts of filling user data into user model.
Marcin Kuzminski <marcin@python-works.com>
parents:
1116
diff
changeset
|
685 self.user_perms = set([usr.permissions['repositories'][repo_name]]) |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
686 except: |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
687 self.user_perms = set() |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
688 self.granted_for = '' |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
689 self.username = user.username |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
690 self.repo_name = repo_name |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
691 return self.check_permissions() |
|
673
dd532af216d9
#49 Enabled anonymous access for web interface controllable from permissions pannel
Marcin Kuzminski <marcin@python-works.com>
parents:
629
diff
changeset
|
692 |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
693 def check_permissions(self): |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
694 log.debug('checking mercurial protocol ' |
|
1040
8e49b6ceffe1
fixes fixes fixes ! optimized queries on journal
Marcin Kuzminski <marcin@python-works.com>
parents:
1036
diff
changeset
|
695 'permissions %s for user:%s repository:%s', self.user_perms, |
|
316
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
696 self.username, self.repo_name) |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
697 if self.required_perms.intersection(self.user_perms): |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
698 log.debug('permission granted') |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
699 return True |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
700 log.debug('permission denied') |
|
d6e2817734d2
Full rewrite of auth module, new functions/decorators. FIxed auth user
Marcin Kuzminski <marcin@python-works.com>
parents:
299
diff
changeset
|
701 return False |