Mercurial > kallithea

changeset 7770:6da70f4569bf

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
ssh: introduce ini setting 'ssh_enabled', disabled by default Administrators should control the use of SSH and may want to disable SSH access, temporarily or permanently. An explicit setting ssh_enabled is better than e.g. checking for a valid ssh_authorized_keys setting, to allow such trivial temporary disabling. To keep the controllers simple, introduce a decorator IfSshEnabled instead of repeating the same config checks in every method.
author Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
date Fri, 19 Jul 2019 01:12:35 +0200
parents 95c01895c006
children 3e84ac8ed579
files development.ini kallithea/lib/base.py kallithea/lib/paster_commands/template.ini.mako kallithea/tests/conftest.py
diffstat 4 files changed, 28 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/development.ini	Mon Nov 17 14:40:35 2014 -0500
+++ b/development.ini	Fri Jul 19 01:12:35 2019 +0200
@@ -226,6 +226,13 @@
 #    CHANGELOG
 
 ####################################
+###           SSH CONFIG        ####
+####################################
+
+## SSH is disabled by default, until an Administrator decides to enable it.
+ssh_enabled = false
+
+####################################
 ###        CELERY CONFIG        ####
 ####################################
 
--- a/kallithea/lib/base.py	Mon Nov 17 14:40:35 2014 -0500
+++ b/kallithea/lib/base.py	Fri Jul 19 01:12:35 2019 +0200
@@ -408,6 +408,7 @@
         ## INI stored
         c.visual.allow_repo_location_change = str2bool(config.get('allow_repo_location_change', True))
         c.visual.allow_custom_hooks_settings = str2bool(config.get('allow_custom_hooks_settings', True))
+        c.ssh_enabled = str2bool(config.get('ssh_enabled', False))
 
         c.instance_id = config.get('instance_id')
         c.issues_url = config.get('bugtracker', url('issues_url'))
@@ -636,3 +637,15 @@
         log.warning(msg)
     log.debug("Returning JSON wrapped action output")
     return json.dumps(data, encoding='utf-8')
+
+@decorator.decorator
+def IfSshEnabled(func, *args, **kwargs):
+    """Decorator for functions that can only be called if SSH access is enabled.
+
+    If SSH access is disabled in the configuration file, HTTPNotFound is raised.
+    """
+    if not c.ssh_enabled:
+        from kallithea.lib import helpers as h
+        h.flash(_("SSH access is disabled."), category='warning')
+        raise webob.exc.HTTPNotFound()
+    return func(*args, **kwargs)
--- a/kallithea/lib/paster_commands/template.ini.mako	Mon Nov 17 14:40:35 2014 -0500
+++ b/kallithea/lib/paster_commands/template.ini.mako	Fri Jul 19 01:12:35 2019 +0200
@@ -323,6 +323,13 @@
 #    CHANGELOG
 
 <%text>####################################</%text>
+<%text>###           SSH CONFIG        ####</%text>
+<%text>####################################</%text>
+
+<%text>## SSH is disabled by default, until an Administrator decides to enable it.</%text>
+ssh_enabled = false
+
+<%text>####################################</%text>
 <%text>###        CELERY CONFIG        ####</%text>
 <%text>####################################</%text>
 
--- a/kallithea/tests/conftest.py	Mon Nov 17 14:40:35 2014 -0500
+++ b/kallithea/tests/conftest.py	Fri Jul 19 01:12:35 2019 +0200
@@ -42,6 +42,7 @@
             'port': '4999',
         },
         '[app:main]': {
+            'ssh_enabled': 'true',
             'app_instance_uuid': 'test',
             'show_revision_number': 'true',
             'beaker.cache.sql_cache_short.expire': '1',