Mercurial > kallithea
annotate pylons_app/lib/auth.py @ 171:52bbeb1e813f
Added universal cache invalidator for two cached functions.
added invalidation when repository was added or deleted, and another invalidation when there was a mercurial command involved.
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Fri, 21 May 2010 02:44:40 +0200 |
parents | f24b9a2934cf |
children | d8eb7ee27b4c |
rev | line source |
---|---|
41
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
1 import logging |
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
2 from datetime import datetime |
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
3 import crypt |
52 | 4 from pylons import session, url |
5 from pylons.controllers.util import abort, redirect | |
6 from decorator import decorator | |
64
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
7 from sqlalchemy.exc import OperationalError |
41
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
8 log = logging.getLogger(__name__) |
64
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
9 from pylons_app.model import meta |
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
10 from pylons_app.model.db import Users, UserLogs |
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
11 from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound |
41
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
12 |
64
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
13 def get_crypt_password(password): |
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
14 return crypt.crypt(password, '6a') |
46
9db7782727b3
Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents:
45
diff
changeset
|
15 |
9db7782727b3
Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents:
45
diff
changeset
|
16 def admin_auth(username, password): |
64
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
17 sa = meta.Session |
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
18 password_crypt = get_crypt_password(password) |
46
9db7782727b3
Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents:
45
diff
changeset
|
19 |
9db7782727b3
Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents:
45
diff
changeset
|
20 try: |
64
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
21 user = sa.query(Users).filter(Users.username == username).one() |
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
22 except (NoResultFound, MultipleResultsFound, OperationalError) as e: |
46
9db7782727b3
Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents:
45
diff
changeset
|
23 log.error(e) |
64
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
24 user = None |
46
9db7782727b3
Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents:
45
diff
changeset
|
25 |
64
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
26 if user: |
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
27 if user.active: |
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
28 if user.username == username and user.password == password_crypt and user.admin: |
46
9db7782727b3
Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents:
45
diff
changeset
|
29 log.info('user %s authenticated correctly', username) |
9db7782727b3
Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents:
45
diff
changeset
|
30 return True |
9db7782727b3
Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents:
45
diff
changeset
|
31 else: |
9db7782727b3
Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents:
45
diff
changeset
|
32 log.error('user %s is disabled', username) |
9db7782727b3
Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents:
45
diff
changeset
|
33 |
9db7782727b3
Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents:
45
diff
changeset
|
34 return False |
9db7782727b3
Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents:
45
diff
changeset
|
35 |
41
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
36 def authfunc(environ, username, password): |
64
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
37 sa = meta.Session |
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
38 password_crypt = get_crypt_password(password) |
42 | 39 try: |
64
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
40 user = sa.query(Users).filter(Users.username == username).one() |
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
41 except (NoResultFound, MultipleResultsFound, OperationalError) as e: |
42 | 42 log.error(e) |
64
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
43 user = None |
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
44 |
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
45 if user: |
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
46 if user.active: |
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
47 if user.username == username and user.password == password_crypt: |
41
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
48 log.info('user %s authenticated correctly', username) |
45 | 49 if environ: |
50 http_accept = environ.get('HTTP_ACCEPT') | |
51 | |
52 if http_accept.startswith('application/mercurial') or \ | |
53 environ['PATH_INFO'].find('raw-file') != -1: | |
64
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
54 repo = environ['PATH_INFO'] |
45 | 55 for qry in environ['QUERY_STRING'].split('&'): |
56 if qry.startswith('cmd'): | |
41
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
57 |
45 | 58 try: |
64
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
59 user_log = UserLogs() |
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
60 user_log.user_id = user.user_id |
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
61 user_log.action = qry |
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
62 user_log.repository = repo |
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
63 user_log.action_date = datetime.now() |
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
64 sa.add(user_log) |
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
65 sa.commit() |
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
66 log.info('Adding user %s, action %s', username, qry) |
45 | 67 except Exception as e: |
64
08707974eae4
Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents:
52
diff
changeset
|
68 sa.rollback() |
45 | 69 log.error(e) |
70 | |
41
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
71 return True |
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
72 else: |
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
73 log.error('user %s is disabled', username) |
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
74 |
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
75 return False |
71ffa932799d
Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff
changeset
|
76 |
52 | 77 |
78 @decorator | |
79 def authenticate(fn, *args, **kwargs): | |
80 if not session.get('admin_user', False): | |
81 redirect(url('admin_home'), 301) | |
82 return fn(*args, **kwargs) | |
83 |