Mercurial > kallithea
changeset 7770:6da70f4569bf
ssh: introduce ini setting 'ssh_enabled', disabled by default
Administrators should control the use of SSH and may want to disable SSH
access, temporarily or permanently.
An explicit setting ssh_enabled is better than e.g. checking for a valid
ssh_authorized_keys setting, to allow such trivial temporary disabling.
To keep the controllers simple, introduce a decorator IfSshEnabled instead
of repeating the same config checks in every method.
author | Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> |
---|---|
date | Fri, 19 Jul 2019 01:12:35 +0200 |
parents | 95c01895c006 |
children | 3e84ac8ed579 |
files | development.ini kallithea/lib/base.py kallithea/lib/paster_commands/template.ini.mako kallithea/tests/conftest.py |
diffstat | 4 files changed, 28 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/development.ini Mon Nov 17 14:40:35 2014 -0500 +++ b/development.ini Fri Jul 19 01:12:35 2019 +0200 @@ -226,6 +226,13 @@ # CHANGELOG #################################### +### SSH CONFIG #### +#################################### + +## SSH is disabled by default, until an Administrator decides to enable it. +ssh_enabled = false + +#################################### ### CELERY CONFIG #### ####################################
--- a/kallithea/lib/base.py Mon Nov 17 14:40:35 2014 -0500 +++ b/kallithea/lib/base.py Fri Jul 19 01:12:35 2019 +0200 @@ -408,6 +408,7 @@ ## INI stored c.visual.allow_repo_location_change = str2bool(config.get('allow_repo_location_change', True)) c.visual.allow_custom_hooks_settings = str2bool(config.get('allow_custom_hooks_settings', True)) + c.ssh_enabled = str2bool(config.get('ssh_enabled', False)) c.instance_id = config.get('instance_id') c.issues_url = config.get('bugtracker', url('issues_url')) @@ -636,3 +637,15 @@ log.warning(msg) log.debug("Returning JSON wrapped action output") return json.dumps(data, encoding='utf-8') + +@decorator.decorator +def IfSshEnabled(func, *args, **kwargs): + """Decorator for functions that can only be called if SSH access is enabled. + + If SSH access is disabled in the configuration file, HTTPNotFound is raised. + """ + if not c.ssh_enabled: + from kallithea.lib import helpers as h + h.flash(_("SSH access is disabled."), category='warning') + raise webob.exc.HTTPNotFound() + return func(*args, **kwargs)
--- a/kallithea/lib/paster_commands/template.ini.mako Mon Nov 17 14:40:35 2014 -0500 +++ b/kallithea/lib/paster_commands/template.ini.mako Fri Jul 19 01:12:35 2019 +0200 @@ -323,6 +323,13 @@ # CHANGELOG <%text>####################################</%text> +<%text>### SSH CONFIG ####</%text> +<%text>####################################</%text> + +<%text>## SSH is disabled by default, until an Administrator decides to enable it.</%text> +ssh_enabled = false + +<%text>####################################</%text> <%text>### CELERY CONFIG ####</%text> <%text>####################################</%text>
--- a/kallithea/tests/conftest.py Mon Nov 17 14:40:35 2014 -0500 +++ b/kallithea/tests/conftest.py Fri Jul 19 01:12:35 2019 +0200 @@ -42,6 +42,7 @@ 'port': '4999', }, '[app:main]': { + 'ssh_enabled': 'true', 'app_instance_uuid': 'test', 'show_revision_number': 'true', 'beaker.cache.sql_cache_short.expire': '1',