Mercurial > kallithea

annotate pylons_app/lib/auth.py @ 171:52bbeb1e813f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added universal cache invalidator for two cached functions. added invalidation when repository was added or deleted, and another invalidation when there was a mercurial command involved.
author Marcin Kuzminski <marcin@python-works.com>
date Fri, 21 May 2010 02:44:40 +0200
parents f24b9a2934cf
children d8eb7ee27b4c
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
41
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
1 import logging
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
2 from datetime import datetime
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
3 import crypt
52
25e516447a33 implemented autentication
marcink
parents: 48
diff changeset
4 from pylons import session, url
25e516447a33 implemented autentication
marcink
parents: 48
diff changeset
5 from pylons.controllers.util import abort, redirect
25e516447a33 implemented autentication
marcink
parents: 48
diff changeset
6 from decorator import decorator
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
7 from sqlalchemy.exc import OperationalError
41
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
8 log = logging.getLogger(__name__)
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
9 from pylons_app.model import meta
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
10 from pylons_app.model.db import Users, UserLogs
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
11 from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound
41
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
12
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
13 def get_crypt_password(password):
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
14 return crypt.crypt(password, '6a')
46
9db7782727b3 Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents: 45
diff changeset
15
9db7782727b3 Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents: 45
diff changeset
16 def admin_auth(username, password):
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
17 sa = meta.Session
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
18 password_crypt = get_crypt_password(password)
46
9db7782727b3 Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents: 45
diff changeset
19
9db7782727b3 Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents: 45
diff changeset
20 try:
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
21 user = sa.query(Users).filter(Users.username == username).one()
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
22 except (NoResultFound, MultipleResultsFound, OperationalError) as e:
46
9db7782727b3 Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents: 45
diff changeset
23 log.error(e)
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
24 user = None
46
9db7782727b3 Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents: 45
diff changeset
25
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
26 if user:
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
27 if user.active:
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
28 if user.username == username and user.password == password_crypt and user.admin:
46
9db7782727b3 Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents: 45
diff changeset
29 log.info('user %s authenticated correctly', username)
9db7782727b3 Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents: 45
diff changeset
30 return True
9db7782727b3 Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents: 45
diff changeset
31 else:
9db7782727b3 Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents: 45
diff changeset
32 log.error('user %s is disabled', username)
9db7782727b3 Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents: 45
diff changeset
33
9db7782727b3 Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents: 45
diff changeset
34 return False
9db7782727b3 Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents: 45
diff changeset
35
41
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
36 def authfunc(environ, username, password):
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
37 sa = meta.Session
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
38 password_crypt = get_crypt_password(password)
42
b2bc08f2974b try except error on non existing user table
marcink
parents: 41
diff changeset
39 try:
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
40 user = sa.query(Users).filter(Users.username == username).one()
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
41 except (NoResultFound, MultipleResultsFound, OperationalError) as e:
42
b2bc08f2974b try except error on non existing user table
marcink
parents: 41
diff changeset
42 log.error(e)
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
43 user = None
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
44
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
45 if user:
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
46 if user.active:
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
47 if user.username == username and user.password == password_crypt:
41
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
48 log.info('user %s authenticated correctly', username)
45
a886f5eba757 implemented admin page login
marcink
parents: 44
diff changeset
49 if environ:
a886f5eba757 implemented admin page login
marcink
parents: 44
diff changeset
50 http_accept = environ.get('HTTP_ACCEPT')
a886f5eba757 implemented admin page login
marcink
parents: 44
diff changeset
51
a886f5eba757 implemented admin page login
marcink
parents: 44
diff changeset
52 if http_accept.startswith('application/mercurial') or \
a886f5eba757 implemented admin page login
marcink
parents: 44
diff changeset
53 environ['PATH_INFO'].find('raw-file') != -1:
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
54 repo = environ['PATH_INFO']
45
a886f5eba757 implemented admin page login
marcink
parents: 44
diff changeset
55 for qry in environ['QUERY_STRING'].split('&'):
a886f5eba757 implemented admin page login
marcink
parents: 44
diff changeset
56 if qry.startswith('cmd'):
41
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
57
45
a886f5eba757 implemented admin page login
marcink
parents: 44
diff changeset
58 try:
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
59 user_log = UserLogs()
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
60 user_log.user_id = user.user_id
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
61 user_log.action = qry
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
62 user_log.repository = repo
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
63 user_log.action_date = datetime.now()
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
64 sa.add(user_log)
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
65 sa.commit()
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
66 log.info('Adding user %s, action %s', username, qry)
45
a886f5eba757 implemented admin page login
marcink
parents: 44
diff changeset
67 except Exception as e:
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
68 sa.rollback()
45
a886f5eba757 implemented admin page login
marcink
parents: 44
diff changeset
69 log.error(e)
a886f5eba757 implemented admin page login
marcink
parents: 44
diff changeset
70
41
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
71 return True
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
72 else:
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
73 log.error('user %s is disabled', username)
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
74
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
75 return False
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
76
52
25e516447a33 implemented autentication
marcink
parents: 48
diff changeset
77
25e516447a33 implemented autentication
marcink
parents: 48
diff changeset
78 @decorator
25e516447a33 implemented autentication
marcink
parents: 48
diff changeset
79 def authenticate(fn, *args, **kwargs):
25e516447a33 implemented autentication
marcink
parents: 48
diff changeset
80 if not session.get('admin_user', False):
25e516447a33 implemented autentication
marcink
parents: 48
diff changeset
81 redirect(url('admin_home'), 301)
25e516447a33 implemented autentication
marcink
parents: 48
diff changeset
82 return fn(*args, **kwargs)
25e516447a33 implemented autentication
marcink
parents: 48
diff changeset
83