Changeset - 102bbfe8af43
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Søren Løvborg - 10 years ago 2015-07-26 13:58:50
kwi@kwi.dk
auth: remove redundant hashlib imports

hashlib is already imported at the top of the module (regardless of OS).
1 file changed with 2 insertions and 4 deletions:
kallithea/lib/auth.py
2
4
0 comments (0 inline, 0 general)
kallithea/lib/auth.py
Show inline comments
 
@@ -12,214 +12,212 @@
 
# You should have received a copy of the GNU General Public License
 
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
"""
 
kallithea.lib.auth
 
~~~~~~~~~~~~~~~~~~
 

			




	
	
	
		
 
authentication and permission libraries

			




	
	
	
		
 

			




	
	
	
		
 
This file was forked by the Kallithea project in July 2014.

			




	
	
	
		
 
Original author and date, and relevant copyright and licensing information is below:

			




	
	
	
		
 
:created_on: Apr 4, 2010

			




	
	
	
		
 
:author: marcink

			




	
	
	
		
 
:copyright: (c) 2013 RhodeCode GmbH, and others.

			




	
	
	
		
 
:license: GPLv3, see LICENSE.md for more details.

			




	
	
	
		
 
"""

			




	
	
	
		
 
from __future__ import with_statement

			




	
	
	
		
 
import time

			




	
	
	
		
 
import os

			




	
	
	
		
 
import logging

			




	
	
	
		
 
import traceback

			




	
	
	
		
 
import hashlib

			




	
	
	
		
 
import itertools

			




	
	
	
		
 
import collections

			




	
	
	
		
 

			




	
	
	
		
 
from decorator import decorator

			




	
	
	
		
 

			




	
	
	
		
 
from pylons import url, request

			




	
	
	
		
 
from pylons.controllers.util import abort, redirect

			




	
	
	
		
 
from pylons.i18n.translation import _

			




	
	
	
		
 
from webhelpers.pylonslib import secure_form

			




	
	
	
		
 
from sqlalchemy import or_

			




	
	
	
		
 
from sqlalchemy.orm.exc import ObjectDeletedError

			




	
	
	
		
 
from sqlalchemy.orm import joinedload

			




	
	
	
		
 

			




	
	
	
		
 
from kallithea import __platform__, is_windows, is_unix

			




	
	
	
		
 
from kallithea.lib.vcs.utils.lazy import LazyProperty

			




	
	
	
		
 
from kallithea.model import meta

			




	
	
	
		
 
from kallithea.model.meta import Session

			




	
	
	
		
 
from kallithea.model.user import UserModel

			




	
	
	
		
 
from kallithea.model.db import User, Repository, Permission, \

			




	
	
	
		
 
    UserToPerm, UserGroupRepoToPerm, UserGroupToPerm, UserGroupMember, \

			




	
	
	
		
 
    RepoGroup, UserGroupRepoGroupToPerm, UserIpMap, UserGroupUserGroupToPerm, \

			




	
	
	
		
 
    UserGroup, UserApiKeys

			




	
	
	
		
 

			




	
	
	
		
 
from kallithea.lib.utils2 import safe_unicode, aslist

			




	
	
	
		
 
from kallithea.lib.utils import get_repo_slug, get_repo_group_slug, \

			




	
	
	
		
 
    get_user_group_slug, conditional_cache

			




	
	
	
		
 
from kallithea.lib.caching_query import FromCache

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
log = logging.getLogger(__name__)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class PasswordGenerator(object):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    This is a simple class for generating password from different sets of

			




	
	
	
		
 
    characters

			




	
	
	
		
 
    usage::

			




	
	
	
		
 

			




	
	
	
		
 
        passwd_gen = PasswordGenerator()

			




	
	
	
		
 
        #print 8-letter password containing only big and small letters

			




	
	
	
		
 
            of alphabet

			




	
	
	
		
 
        passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)

			




	
	
	
		
 
    """

			




	
	
	
		
 
    ALPHABETS_NUM = r'''1234567890'''

			




	
	
	
		
 
    ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''

			




	
	
	
		
 
    ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''

			




	
	
	
		
 
    ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''

			




	
	
	
		
 
    ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \

			




	
	
	
		
 
        + ALPHABETS_NUM + ALPHABETS_SPECIAL

			




	
	
	
		
 
    ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM

			




	
	
	
		
 
    ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL

			




	
	
	
		
 
    ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM

			




	
	
	
		
 
    ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM

			




	
	
	
		
 

			




	
	
	
		
 
    def gen_password(self, length, alphabet=ALPHABETS_FULL):

			




	
	
	
		
 
        assert len(alphabet) <= 256, alphabet

			




	
	
	
		
 
        l = []

			




	
	
	
		
 
        while len(l) < length:

			




	
	
	
		
 
            i = ord(os.urandom(1))

			




	
	
	
		
 
            if i < len(alphabet):

			




	
	
	
		
 
                l.append(alphabet[i])

			




	
	
	
		
 
        return ''.join(l)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class KallitheaCrypto(object):

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def hash_string(cls, str_):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Cryptographic function used for password hashing based on pybcrypt

			




	
	
	
		
 
        or pycrypto in windows

			




	
	
	
		
 

			




	
	
	
		
 
        :param password: password to hash

			




	
	
	
		
 
        """

			




	
	
	
		
 
        if is_windows:

			




	
	
	
		
 
            from hashlib import sha256

			




	
	
	
		
 
            return sha256(str_).hexdigest()

			




	
	
	
		
 
            return hashlib.sha256(str_).hexdigest()

			




	
	
	
		
 
        elif is_unix:

			




	
	
	
		
 
            import bcrypt

			




	
	
	
		
 
            return bcrypt.hashpw(str_, bcrypt.gensalt(10))

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            raise Exception('Unknown or unsupported platform %s' \

			




	
	
	
		
 
                            % __platform__)

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def hash_check(cls, password, hashed):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Checks matching password with it's hashed value, runs different

			




	
	
	
		
 
        implementation based on platform it runs on

			




	
	
	
		
 

			




	
	
	
		
 
        :param password: password

			




	
	
	
		
 
        :param hashed: password in hashed form

			




	
	
	
		
 
        """

			




	
	
	
		
 

			




	
	
	
		
 
        if is_windows:

			




	
	
	
		
 
            from hashlib import sha256

			




	
	
	
		
 
            return sha256(password).hexdigest() == hashed

			




	
	
	
		
 
            return hashlib.sha256(password).hexdigest() == hashed

			




	
	
	
		
 
        elif is_unix:

			




	
	
	
		
 
            import bcrypt

			




	
	
	
		
 
            return bcrypt.hashpw(password, hashed) == hashed

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            raise Exception('Unknown or unsupported platform %s' \

			




	
	
	
		
 
                            % __platform__)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def get_crypt_password(password):

			




	
	
	
		
 
    return KallitheaCrypto.hash_string(password)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def check_password(password, hashed):

			




	
	
	
		
 
    return KallitheaCrypto.hash_check(password, hashed)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def _cached_perms_data(user_id, user_is_admin, user_inherit_default_permissions,

			




	
	
	
		
 
                       explicit, algo):

			




	
	
	
		
 
    RK = 'repositories'

			




	
	
	
		
 
    GK = 'repositories_groups'

			




	
	
	
		
 
    UK = 'user_groups'

			




	
	
	
		
 
    GLOBAL = 'global'

			




	
	
	
		
 
    PERM_WEIGHTS = Permission.PERM_WEIGHTS

			




	
	
	
		
 
    permissions = {RK: {}, GK: {}, UK: {}, GLOBAL: set()}

			




	
	
	
		
 

			




	
	
	
		
 
    def _choose_perm(new_perm, cur_perm):

			




	
	
	
		
 
        new_perm_val = PERM_WEIGHTS[new_perm]

			




	
	
	
		
 
        cur_perm_val = PERM_WEIGHTS[cur_perm]

			




	
	
	
		
 
        if algo == 'higherwin':

			




	
	
	
		
 
            if new_perm_val > cur_perm_val:

			




	
	
	
		
 
                return new_perm

			




	
	
	
		
 
            return cur_perm

			




	
	
	
		
 
        elif algo == 'lowerwin':

			




	
	
	
		
 
            if new_perm_val < cur_perm_val:

			




	
	
	
		
 
                return new_perm

			




	
	
	
		
 
            return cur_perm

			




	
	
	
		
 

			




	
	
	
		
 
    #======================================================================

			




	
	
	
		
 
    # fetch default permissions

			




	
	
	
		
 
    #======================================================================

			




	
	
	
		
 
    default_user = User.get_by_username('default', cache=True)

			




	
	
	
		
 
    default_user_id = default_user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
    default_repo_perms = Permission.get_default_perms(default_user_id)

			




	
	
	
		
 
    default_repo_groups_perms = Permission.get_default_group_perms(default_user_id)

			




	
	
	
		
 
    default_user_group_perms = Permission.get_default_user_group_perms(default_user_id)

			




	
	
	
		
 

			




	
	
	
		
 
    if user_is_admin:

			




	
	
	
		
 
        #==================================================================

			




	
	
	
		
 
        # admin users have all rights;

			




	
	
	
		
 
        # based on default permissions, just set everything to admin

			




	
	
	
		
 
        #==================================================================

			




	
	
	
		
 
        permissions[GLOBAL].add('hg.admin')

			




	
	
	
		
 
        permissions[GLOBAL].add('hg.create.write_on_repogroup.true')

			




	
	
	
		
 

			




	
	
	
		
 
        # repositories

			




	
	
	
		
 
        for perm in default_repo_perms:

			




	
	
	
		
 
            r_k = perm.UserRepoToPerm.repository.repo_name

			




	
	
	
		
 
            p = 'repository.admin'

			




	
	
	
		
 
            permissions[RK][r_k] = p

			




	
	
	
		
 

			




	
	
	
		
 
        # repository groups

			




	
	
	
		
 
        for perm in default_repo_groups_perms:

			




	
	
	
		
 
            rg_k = perm.UserRepoGroupToPerm.group.group_name

			




	
	
	
		
 
            p = 'group.admin'

			




	
	
	
		
 
            permissions[GK][rg_k] = p

			




	
	
	
		
 

			




	
	
	
		
 
        # user groups

			




	
	
	
		
 
        for perm in default_user_group_perms:

			




	
	
	
		
 
            u_k = perm.UserUserGroupToPerm.user_group.users_group_name

			




	
	
	
		
 
            p = 'usergroup.admin'

			




	
	
	
		
 
            permissions[UK][u_k] = p

			




	
	
	
		
 
        return permissions

			




	
	
	
		
 

			




	
	
	
		
 
    #==================================================================

			




	
	
	
		
 
    # SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS

			




	
	
	
		
 
    #==================================================================

			




	
	
	
		
 

			




	
	
	
		
 
    # default global permissions taken from the default user

			




	
	
	
		
 
    default_global_perms = UserToPerm.query()\

			




	
	
	
		
 
        .filter(UserToPerm.user_id == default_user_id)\

			




	
	
	
		
 
        .options(joinedload(UserToPerm.permission))

			




	
	
	
		
 

			




	
	
	
		
 
    for perm in default_global_perms:

			




	
	
	
		
 
        permissions[GLOBAL].add(perm.permission.permission_name)

			




	
	
	
		
 

			




	
	
	
		
 
    # defaults for repositories, taken from default user

			




	
	
	
		
 
    for perm in default_repo_perms:

			




	
	
	
		
 
        r_k = perm.UserRepoToPerm.repository.repo_name

			




	
	
	
		
 
        if perm.Repository.private and not (perm.Repository.user_id == user_id):

			




	
	
	
		
 
            # disable defaults for private repos,

			




	
	
	
		
 
            p = 'repository.none'

			




	
	
	
		
 
        elif perm.Repository.user_id == user_id:

			




	
	
	
		
 
            # set admin if owner

			




	
	
	
		
 
            p = 'repository.admin'

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.