h.flash(_("You can't edit this user since it's"

                      " crucial for entire application"), category='warning')

            raise HTTPFound(location=url('users'))

    def _load_my_repos_data(self, watched=False):

        if watched:

            admin = False

            repos_list = Session().query(Repository) \

                         .join(UserFollowing) \

                         .filter(UserFollowing.user_id ==

                                 request.authuser.user_id).all()

        else:

            admin = True

            repos_list = Session().query(Repository) \

                         .filter(Repository.owner_id ==

                                 request.authuser.user_id).all()

        return RepoModel().get_repos_as_dict(repos_list, admin=admin)

    def my_account(self):

        c.active = 'profile'

        self.__load_data()

        c.perm_user = AuthUser(user_id=request.authuser.user_id)

        managed_fields = auth_modules.get_managed_fields(c.user)

        if 'hg.register.none' in def_user_perms:

            managed_fields.extend(['username', 'firstname', 'lastname', 'email'])

        c.readonly = lambda n: 'readonly' if n in managed_fields else None

        defaults = c.user.get_dict()

        update = False

        if request.POST:

            _form = UserForm(edit=True,

                             old_data={'user_id': request.authuser.user_id,

                                       'email': request.authuser.email})()

            form_result = {}

            try:

                post_data = dict(request.POST)

                post_data['new_password'] = ''

                post_data['password_confirmation'] = ''

                form_result = _form.to_python(post_data)

                # skip updating those attrs for my account

                skip_attrs = ['admin', 'active', 'extern_type', 'extern_name',

                              'new_password', 'password_confirmation',

                             ] + managed_fields

                UserModel().update(request.authuser.user_id, form_result,

                                   skip_attrs=skip_attrs)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

permissions controller for Kallithea

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Apr 27, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

import traceback

import formencode

from formencode import htmlfill

from tg import request, tmpl_context as c

from tg.i18n import ugettext as _

from webob.exc import HTTPFound

from kallithea.config.routing import url

from kallithea.lib import helpers as h

from kallithea.lib.base import BaseController, render

from kallithea.model.forms import DefaultPermissionsForm

from kallithea.model.permission import PermissionModel

from kallithea.model.db import User, UserIpMap

from kallithea.model.meta import Session

log = logging.getLogger(__name__)

class PermissionsController(BaseController):

    """REST Controller styled on the Atom Publishing Protocol"""

    # To properly map this controller, ensure your config/routing.py

    # file has a resource setup:

    #     map.resource('permission', 'permissions')

    @LoginRequired()

    @HasPermissionAnyDecorator('hg.admin')

    def _before(self, *args, **kwargs):

        super(PermissionsController, self)._before(*args, **kwargs)

    def __load_data(self):

        c.repo_perms_choices = [('repository.none', _('None'),),

                                   ('repository.read', _('Read'),),

                                   ('repository.write', _('Write'),),

            if p.permission.permission_name.startswith('hg.extern_activate.'):

                defaults['default_extern_activate'] = p.permission.permission_name

            if p.permission.permission_name.startswith('hg.fork.'):

                defaults['default_fork'] = p.permission.permission_name

        return htmlfill.render(

            render('admin/permissions/permissions.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def permission_ips(self):

        c.active = 'ips'

        c.user = User.get_default_user()

        c.user_ip_map = UserIpMap.query() \

                        .filter(UserIpMap.user == c.user).all()

        return render('admin/permissions/permissions.html')

    def permission_perms(self):

        c.active = 'perms'

        c.user = User.get_default_user()

        return render('admin/permissions/permissions.html')

                defaults.pop('password', None)

                return htmlfill.render(

                    render('/login.html'),

                    defaults=errors.value,

                    errors=errors.error_dict or {},

                    prefix_error=False,

                    encoding="UTF-8",

                    force_defaults=False)

            except UserCreationError as e:

                # container auth or other auth functions that create users on

                # the fly can throw this exception signaling that there's issue

                # with user creation, explanation should be provided in

                # Exception itself

                h.flash(e, 'error')

            else:

                log_in_user(user, c.form_result['remember'],

                    is_external_auth=False)

                raise HTTPFound(location=c.came_from)

        return render('/login.html')

    @HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate',

                               'hg.register.manual_activate')

    def register(self):

        settings = Setting.get_app_settings()

        captcha_private_key = settings.get('captcha_private_key')

        c.captcha_active = bool(captcha_private_key)

        c.captcha_public_key = settings.get('captcha_public_key')

        if request.POST:

            register_form = RegisterForm()()

            try:

                form_result = register_form.to_python(dict(request.POST))

                form_result['active'] = c.auto_active

                if c.captcha_active:

                    from kallithea.lib.recaptcha import submit

                    response = submit(request.POST.get('g-recaptcha-response'),

                                      private_key=captcha_private_key,

                                      remoteip=request.ip_addr)

                    if not response.is_valid:

                        _value = form_result

                        _msg = _('Bad captcha')

                        error_dict = {'recaptcha_field': _msg}

                        raise formencode.Invalid(_msg, _value, None,

                                                 error_dict=error_dict)

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

Authentication modules

"""

import logging

import traceback

import importlib

from kallithea.lib.utils2 import str2bool

from kallithea.lib.compat import formatted_json, hybrid_property

from kallithea.model.user import UserModel

from kallithea.model.db import Setting, User

from kallithea.model.meta import Session

from kallithea.model.user_group import UserGroupModel

log = logging.getLogger(__name__)

class LazyFormencode(object):

    def __init__(self, formencode_obj, *args, **kwargs):

        self.formencode_obj = formencode_obj

        self.args = args

        self.kwargs = kwargs

    def __call__(self, *args, **kwargs):

        from inspect import isfunction

        formencode_obj = self.formencode_obj

        if isfunction(formencode_obj):

            # case we wrap validators into functions

            formencode_obj = self.formencode_obj(*args, **kwargs)

        return formencode_obj(*self.args, **self.kwargs)

class KallitheaAuthPluginBase(object):

        if not isinstance(user_data, dict):

            raise Exception('returned value from auth must be a dict')

        for k in self.auth_func_attrs:

            if k not in user_data:

                raise Exception('Missing %s attribute from returned data' % k)

        return user_data

class KallitheaExternalAuthPlugin(KallitheaAuthPluginBase):

    def use_fake_password(self):

        """

        Return a boolean that indicates whether or not we should set the user's

        password to a random value when it is authenticated by this plugin.

        If your plugin provides authentication, then you will generally want this.

        :returns: boolean

        """

        raise NotImplementedError("Not implemented in base class")

    def _authenticate(self, userobj, username, passwd, settings, **kwargs):

        user_data = super(KallitheaExternalAuthPlugin, self)._authenticate(

            userobj, username, passwd, settings, **kwargs)

        if user_data is not None:

            if userobj is None: # external authentication of unknown user that will be created soon

                active = 'hg.extern_activate.auto' in def_user_perms

            else:

                active = userobj.active

            if self.use_fake_password():

                # Randomize the PW because we don't need it, but don't want

                # them blank either

                passwd = PasswordGenerator().gen_password(length=8)

            log.debug('Updating or creating user info from %s plugin',

                      self.name)

            user = UserModel().create_or_update(

                username=user_data['username'],

                password=passwd,

                email=user_data["email"],

                firstname=user_data["firstname"],

                lastname=user_data["lastname"],

                active=active,

                admin=user_data["admin"],

                extern_name=user_data["extern_name"],

                extern_type=self.name,

            )

            # enforce user is just in given groups, all of them has to be ones

            # created from plugins. We store this info in _group_data JSON field

    def full_name_and_username(self):

        """

        Show full name and username as 'Firstname Lastname (username)'.

        If full name is not set, fall back to username.

        """

        return ('%s %s (%s)' % (self.firstname, self.lastname, self.username)

                if (self.firstname and self.lastname) else self.username)

    @property

    def full_contact(self):

        return '%s %s <%s>' % (self.firstname, self.lastname, self.email)

    @property

    def short_contact(self):

        return '%s %s' % (self.firstname, self.lastname)

    @property

    def is_admin(self):

        return self.admin

    @hybrid_property

    def is_default_user(self):

        return self.username == User.DEFAULT_USER

    @hybrid_property

    def user_data(self):

        if not self._user_data:

            return {}

        try:

            return json.loads(self._user_data)

        except TypeError:

            return {}

    @user_data.setter

    def user_data(self, val):

        try:

            self._user_data = json.dumps(val)

        except Exception:

            log.error(traceback.format_exc())

    def __unicode__(self):

        return u"<%s('id:%s:%s')>" % (self.__class__.__name__,

                                      self.user_id, self.username)

    @classmethod

    def guess_instance(cls, value):

        return super(User, cls).guess_instance(value, User.get_by_username)