Mercurial > kallithea

view pylons_app/lib/auth.py @ 172:83c7ee1b5f5c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
improved timerproxy with sqllogging, and new way of sqlformat queries
author Marcin Kuzminski <marcin@python-works.com>
date Fri, 21 May 2010 03:01:31 +0200
parents f24b9a2934cf
children d8eb7ee27b4c
line wrap: on
line source

import logging
from datetime import datetime
import crypt
from pylons import session, url
from pylons.controllers.util import abort, redirect
from decorator import decorator
from sqlalchemy.exc import OperationalError
log = logging.getLogger(__name__)
from pylons_app.model import meta
from pylons_app.model.db import Users, UserLogs
from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound

def get_crypt_password(password):
    return crypt.crypt(password, '6a')

def admin_auth(username, password):
    sa = meta.Session
    password_crypt = get_crypt_password(password)

    try:
        user = sa.query(Users).filter(Users.username == username).one()
    except (NoResultFound, MultipleResultsFound, OperationalError) as e:
        log.error(e)
        user = None
        
    if user:
        if user.active:
            if user.username == username and user.password == password_crypt and user.admin:
                log.info('user %s authenticated correctly', username)
                return True
        else:
            log.error('user %s is disabled', username)
            
    return False

def authfunc(environ, username, password):
    sa = meta.Session
    password_crypt = get_crypt_password(password)
    try:
        user = sa.query(Users).filter(Users.username == username).one()
    except (NoResultFound, MultipleResultsFound, OperationalError) as e:
        log.error(e)
        user = None
        
    if user:
        if user.active:
            if user.username == username and user.password == password_crypt:
                log.info('user %s authenticated correctly', username)
                if environ:
                    http_accept = environ.get('HTTP_ACCEPT')
            
                    if http_accept.startswith('application/mercurial') or \
                        environ['PATH_INFO'].find('raw-file') != -1:
                        repo = environ['PATH_INFO']
                        for qry in environ['QUERY_STRING'].split('&'):
                            if qry.startswith('cmd'):
                                
                                try:
                                    user_log = UserLogs()
                                    user_log.user_id = user.user_id
                                    user_log.action = qry
                                    user_log.repository = repo
                                    user_log.action_date = datetime.now()
                                    sa.add(user_log)
                                    sa.commit()
                                    log.info('Adding user %s, action %s', username, qry)
                                except Exception as e:
                                    sa.rollback()
                                    log.error(e)
                                  
                return True
        else:
            log.error('user %s is disabled', username)
            
    return False


@decorator
def authenticate(fn, *args, **kwargs):
    if not session.get('admin_user', False):
        redirect(url('admin_home'), 301)
    return fn(*args, **kwargs)