kallithea.lib.auth

~~~~~~~~~~~~~~~~~~

authentication and permission libraries

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Apr 4, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import os

import logging

import traceback

import hashlib

import itertools

import collections

from decorator import decorator

from pylons import request, session

from pylons.i18n.translation import _

from webhelpers.pylonslib import secure_form

from sqlalchemy.orm.exc import ObjectDeletedError

from sqlalchemy.orm import joinedload

from webob.exc import HTTPFound, HTTPBadRequest, HTTPForbidden, HTTPMethodNotAllowed

from kallithea import __platform__, is_windows, is_unix

from kallithea.config.routing import url

from kallithea.lib.vcs.utils.lazy import LazyProperty

from kallithea.model import meta

from kallithea.model.meta import Session

from kallithea.model.user import UserModel

from kallithea.model.db import User, Repository, Permission, \

    UserToPerm, UserGroupRepoToPerm, UserGroupToPerm, UserGroupMember, \

        user_is_admin = user.is_admin

        user_inherit_default_permissions = user.inherit_default_permissions

        log.debug('Getting PERMISSION tree')

        compute = conditional_cache('short_term', 'cache_desc',

                                    condition=cache, func=_cached_perms_data)

        return compute(user_id, user_is_admin,

                       user_inherit_default_permissions, explicit, algo)

    def _get_api_keys(self):

        api_keys = [self.api_key]

        for api_key in UserApiKeys.query() \

            api_keys.append(api_key.api_key)

        return api_keys

    @property

    def is_admin(self):

        return self.admin

    @property

    def repositories_admin(self):

        """

        Returns list of repositories you're an admin of

API key model for Kallithea

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Sep 8, 2013

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import time

import logging

from kallithea.lib.utils2 import generate_api_key

from kallithea.model.base import BaseModel

from kallithea.model.db import User, UserApiKeys

from kallithea.model.meta import Session

log = logging.getLogger(__name__)

class ApiKeyModel(BaseModel):

    def create(self, user, description, lifetime=-1):

        if user is not None:

            user = User.guess_instance(user)

            api_key = api_key.filter(UserApiKeys.user_id == user.user_id)

        api_key = api_key.scalar()

        Session().delete(api_key)

    def get_api_keys(self, user, show_expired=True):

        user = User.guess_instance(user)

        user_api_keys = UserApiKeys.query() \

            .filter(UserApiKeys.user_id == user.user_id)

        if not show_expired:

        return user_api_keys

        if len(api_key) != 40 or not api_key.isalnum():

            return None

        q = cls.query().filter(cls.api_key == api_key)

        if cache:

            q = q.options(FromCache("sql_cache_short",

                                    "get_api_key_%s" % api_key))

        res = q.scalar()

        if fallback and not res:

            #fallback to additional keys

            if _res:

                res = _res.user

        return res

    @classmethod

    def get_by_email(cls, email, cache=False):

        q = cls.query().filter(func.lower(cls.email) == func.lower(email))

        if cache:

            q = q.options(FromCache("sql_cache_short",

                                    "get_email_key_%s" % email))

    )

    __mapper_args__ = {}

    user_api_key_id = Column(Integer(), primary_key=True)

    user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=False)

    api_key = Column(String(255), nullable=False, unique=True)

    description = Column(UnicodeText(), nullable=False)

    expires = Column(Float(53), nullable=False)

    created_on = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

    user = relationship('User')

class UserEmailMap(Base, BaseDbModel):

    __tablename__ = 'user_email_map'

    __table_args__ = (

        Index('uem_email_idx', 'email'),

        _table_args_default_dict,

    )

    __mapper_args__ = {}

    email_id = Column(Integer(), primary_key=True)

    user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=False)

            ${h.form(url('my_account_api_keys_delete'))}

                ${h.hidden('del_api_key',c.user.api_key)}

                ${h.hidden('del_api_key_builtin',1)}

                <button class="btn btn-danger btn-xs" type="submit"

                        onclick="return confirm('${_('Confirm to reset this API key: %s') % c.user.api_key}');">

                    ${_('Reset')}

                </button>

            ${h.end_form()}

        </td>

    </tr>

    %if c.user_api_keys:

        %for api_key in c.user_api_keys:

            <td style="width: 450px"><div class="truncate autoexpand" style="width:120px;font-size:16px;font-family: monospace">${api_key.api_key}</div></td>

            <td>${api_key.description}</td>

            <td style="min-width: 80px">

                 %if api_key.expires == -1:

                  ${_('Expires')}: ${_('Never')}

                 %else:

                        ${_('Expired')}: ${h.age(h.time_to_datetime(api_key.expires))}

                    %else:

                        ${_('Expires')}: ${h.age(h.time_to_datetime(api_key.expires))}

                    %endif

                 %endif

            </td>

            <td>

                ${h.form(url('my_account_api_keys_delete'))}

                    ${h.hidden('del_api_key',api_key.api_key)}

                    <button class="btn btn-danger btn-xs" type="submit"

                            onclick="return confirm('${_('Confirm to remove this API key: %s') % api_key.api_key}');">

                        <i class="icon-minus-circled"></i>

            ${h.form(url('edit_user_api_keys_delete', id=c.user.user_id))}

                ${h.hidden('del_api_key',c.user.api_key)}

                ${h.hidden('del_api_key_builtin',1)}

                <button class="btn btn-danger btn-xs" type="submit"

                        onclick="return confirm('${_('Confirm to reset this API key: %s') % c.user.api_key}');">

                    ${_('Reset')}

                </button>

            ${h.end_form()}

        </td>

    </tr>

    %if c.user_api_keys:

        %for api_key in c.user_api_keys:

            <td style="width: 450px"><div class="truncate autoexpand" style="width:120px;font-size:16px;font-family: monospace">${api_key.api_key}</div></td>

            <td>${api_key.description}</td>

            <td style="min-width: 80px">

                 %if api_key.expires == -1:

                  ${_('Expires')}: ${_('Never')}

                 %else:

                        ${_('Expired')}: ${h.age(h.time_to_datetime(api_key.expires))}

                    %else:

                        ${_('Expires')}: ${h.age(h.time_to_datetime(api_key.expires))}

                    %endif

                 %endif

            </td>

            <td>

                ${h.form(url('edit_user_api_keys_delete', id=c.user.user_id))}

                    ${h.hidden('del_api_key',api_key.api_key)}

                    <button class="btn btn-danger btn-xs" type="submit"

                            onclick="return confirm('${_('Confirm to remove this API key: %s') % api_key.api_key}');">

                        <i class="icon-minus-circled"></i>