kallithea Changeset - 39bac9410169

Changeset - 39bac9410169

Parent rev.

Child rev.

[Not reviewed]

default

0 10 0

Mads Kiilerich - 10 years ago 2015-07-31 15:44:07
madski@unity3d.com

auth: make the auth module decide which fields are editable by admin and user

10 files changed with 51 insertions and 30 deletions:

kallithea/controllers/admin/my_account.py

kallithea/controllers/admin/users.py

kallithea/lib/auth_modules/__init__.py

kallithea/lib/auth_modules/auth_container.py

kallithea/lib/auth_modules/auth_crowd.py

kallithea/lib/auth_modules/auth_internal.py

kallithea/lib/auth_modules/auth_ldap.py

kallithea/lib/auth_modules/auth_pam.py

kallithea/templates/admin/my_account/my_account_profile.html

kallithea/templates/admin/users/user_edit_profile.html

0 comments (0 inline, 0 general)

kallithea/controllers/admin/my_account.py

➞

Show inline comments

@@ @@ -28,24 +28,25 @@ Original author and date, and relevant c @@
 import logging
 import traceback
 import formencode
 from sqlalchemy import func
 from formencode import htmlfill
 from pylons import request, tmpl_context as c, url
 from pylons.controllers.util import redirect
 from pylons.i18n.translation import _
 from kallithea import EXTERN_TYPE_INTERNAL
 from kallithea.lib import helpers as h
 from kallithea.lib import auth_modules
 from kallithea.lib.auth import LoginRequired, NotAnonymous, AuthUser
 from kallithea.lib.base import BaseController, render
 from kallithea.lib.utils2 import generate_api_key, safe_int
 from kallithea.lib.compat import json
 from kallithea.model.db import Repository, \
     UserEmailMap, UserApiKeys, User, UserFollowing
 from kallithea.model.forms import UserForm, PasswordChangeForm
 from kallithea.model.user import UserModel
 from kallithea.model.repo import RepoModel
 from kallithea.model.api_key import ApiKeyModel
 from kallithea.model.meta import Session
@@ @@ -91,45 +92,43 @@ class MyAccountController(BaseController @@
         #json used to render the grid
         return json.dumps(repos_data)
     def my_account(self):
         """
         GET /_admin/my_account Displays info about my account
         """
         # url('my_account')
         c.active = 'profile'
         self.__load_data()
         c.perm_user = AuthUser(user_id=self.authuser.user_id)
         c.ip_addr = self.ip_addr
         managed_fields = auth_modules.get_managed_fields(c.user)
         c.readonly = lambda n: 'readonly' if n in managed_fields else None
         defaults = c.user.get_dict()
         update = False
         if request.POST:
             _form = UserForm(edit=True,
                              old_data={'user_id': self.authuser.user_id,
                                        'email': self.authuser.email})()
             form_result = {}
             try:
                 post_data = dict(request.POST)
                 post_data['new_password'] = ''
                 post_data['password_confirmation'] = ''
                 form_result = _form.to_python(post_data)
                 # skip updating those attrs for my account
                 skip_attrs = ['admin', 'active', 'extern_type', 'extern_name',
                               'new_password', 'password_confirmation']
                 #TODO: plugin should define if username can be updated
                 if c.user.extern_type != EXTERN_TYPE_INTERNAL:
                     # forbid updating username for external accounts
                     # TODO: also skip username (and email etc) if self registration not enabled
                     skip_attrs.append('username')
                               'new_password', 'password_confirmation',
                              ] + managed_fields
                 UserModel().update(self.authuser.user_id, form_result,
                                    skip_attrs=skip_attrs)
                 h.flash(_('Your account was updated successfully'),
                         category='success')
                 Session().commit()
                 update = True
             except formencode.Invalid, errors:
                 return htmlfill.render(
                     render('admin/my_account/my_account.html'),
                     defaults=errors.value,

kallithea/controllers/admin/users.py

➞

Show inline comments

@@ @@ -33,25 +33,24 @@ from formencode import htmlfill @@
 from pylons import request, tmpl_context as c, url, config
 from pylons.controllers.util import redirect
 from pylons.i18n.translation import _
 from sqlalchemy.sql.expression import func
 from webob.exc import HTTPNotFound
 import kallithea
 from kallithea.lib.exceptions import DefaultUserException, \
     UserOwnsReposException, UserCreationError
 from kallithea.lib import helpers as h
 from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator, \
     AuthUser
 import kallithea.lib.auth_modules.auth_internal
 from kallithea.lib import auth_modules
 from kallithea.lib.base import BaseController, render
 from kallithea.model.api_key import ApiKeyModel
 from kallithea.model.db import User, UserEmailMap, UserIpMap, UserToPerm
 from kallithea.model.forms import UserForm, CustomDefaultPermissionsForm
 from kallithea.model.user import UserModel
 from kallithea.model.meta import Session
 from kallithea.lib.utils import action_logger
 from kallithea.lib.compat import json
 from kallithea.lib.utils2 import datetime_to_time, safe_int, generate_api_key
@@ @@ -166,29 +165,26 @@ class UsersController(BaseController): @@
         #           method='put')
         # url('user', id=ID)
         c.active = 'profile'
         user_model = UserModel()
         c.user = user_model.get(id)
         c.perm_user = AuthUser(user_id=id)
         c.ip_addr = self.ip_addr
         _form = UserForm(edit=True, old_data={'user_id': id,
                                               'email': c.user.email})()
         form_result = {}
         try:
             form_result = _form.to_python(dict(request.POST))
             skip_attrs = ['extern_type', 'extern_name']
             #TODO: plugin should define if username can be updated
             if c.user.extern_type != kallithea.EXTERN_TYPE_INTERNAL:
                 # forbid updating username for external accounts
                 skip_attrs.append('username')
             skip_attrs = ['extern_type', 'extern_name',
                          ] + auth_modules.get_managed_fields(c.user)
             user_model.update(id, form_result, skip_attrs=skip_attrs)
             usr = form_result['username']
             action_logger(self.authuser, 'admin_updated_user:%s' % usr,
                           None, self.ip_addr, self.sa)
             h.flash(_('User updated successfully'), category='success')
             Session().commit()
         except formencode.Invalid, errors:
             defaults = errors.value
             e = errors.error_dict or {}
             defaults.update({
                 'create_repo_perm': user_model.has_perm(id,
@@ @@ -240,24 +236,26 @@ class UsersController(BaseController): @@
             return User.get_or_404(id, allow_default=False)
         except DefaultUserException:
             h.flash(_("The default user cannot be edited"), category='warning')
             raise HTTPNotFound
     def edit(self, id, format='html'):
         """GET /users/id/edit: Form to edit an existing item"""
         # url('edit_user', id=ID)
         c.user = self._get_user_or_raise_if_default(id)
         c.active = 'profile'
         c.perm_user = AuthUser(user_id=id)
         c.ip_addr = self.ip_addr
         managed_fields = auth_modules.get_managed_fields(c.user)
         c.readonly = lambda n: 'readonly' if n in managed_fields else None
         defaults = c.user.get_dict()
         return htmlfill.render(
             render('admin/users/user_edit.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False)
     def edit_advanced(self, id):
         c.user = self._get_user_or_raise_if_default(id)
         c.active = 'advanced'
         c.perm_user = AuthUser(user_id=id)

kallithea/lib/auth_modules/__init__.py

➞

Show inline comments

@@ @@ -407,12 +407,25 @@ def authenticate(username, password, env @@
                                            environ=environ or {})
         log.debug('PLUGIN USER DATA: %s' % user_data)
         if user_data is not None:
             log.debug('Plugin returned proper authentication data')
             return user_data
         # we failed to Auth because .auth() method didn't return the user
         if username:
             log.warning("User `%s` failed to authenticate against %s"
                         % (username, plugin.__module__))
     return None
 def get_managed_fields(user):
     """return list of fields that are managed by the user's auth source, usually some of
     'username', 'firstname', 'lastname', 'email', 'active', 'password'
     """
     auth_plugins = Setting.get_auth_plugins()
     for module in auth_plugins:
         log.debug('testing %s (%s) with auth plugin %s', user, user.extern_type, module)
         plugin = loadplugin(module)
         if plugin.name == user.extern_type:
             return plugin.get_managed_fields()
     log.error('no auth plugin %s found for %s', user.extern_type, user)
     return [] # TODO: Fail badly instead of allowing everything to be edited?

kallithea/lib/auth_modules/auth_container.py

➞

Show inline comments

@@ @@ -181,12 +181,15 @@ class KallitheaAuthPlugin(auth_modules.K @@
             'firstname': safe_unicode(firstname or username),
             'lastname': safe_unicode(lastname or ''),
             'groups': [],
             'email': email or '',
             'admin': admin or False,
             'active': active,
             'active_from_extern': True,
             'extern_name': username,
+        }
         log.info('user `%s` authenticated correctly' % user_data['username'])
         return user_data
     def get_managed_fields(self):
         return ['username', 'password']

kallithea/lib/auth_modules/auth_crowd.py

➞

Show inline comments

@@ @@ -220,23 +220,26 @@ class KallitheaAuthPlugin(auth_modules.K @@
         email = getattr(userobj, 'email', '')
         firstname = getattr(userobj, 'firstname', '')
         lastname = getattr(userobj, 'lastname', '')
         user_data = {
             'username': username,
             'firstname': crowd_user["first-name"] or firstname,
             'lastname': crowd_user["last-name"] or lastname,
             'groups': crowd_user["groups"],
             'email': crowd_user["email"] or email,
             'admin': admin,
             'active': active,
             'active_from_extern': crowd_user.get('active'),
+            'active_from_extern': crowd_user.get('active'), # ???
             'extern_name': crowd_user["name"],
+        }
         # set an admin if we're in admin_groups of crowd
         for group in settings["admin_groups"].split(","):
             if group in user_data["groups"]:
                 user_data["admin"] = True
         log.debug("Final crowd user object: \n%s" % (formatted_json(user_data)))
         log.info('user %s authenticated correctly' % user_data['username'])
         return user_data
     def get_managed_fields(self):
         return ['username', 'firstname', 'lastname', 'email', 'password']

kallithea/lib/auth_modules/auth_internal.py

➞

Show inline comments

@@ @@ -88,12 +88,16 @@ class KallitheaAuthPlugin(auth_modules.K @@
                 log.info('user %s authenticated correctly as anonymous user' %
                          username)
                 return user_data
             elif userobj.username == username and password_match:
                 log.info('user %s authenticated correctly' % user_data['username'])
                 return user_data
             log.error("user %s had a bad password" % username)
             return None
         else:
             log.warning('user %s tried auth but is disabled' % username)
             return None
     def get_managed_fields(self):
         # Note: 'username' should only be editable (at least for user) if self registration is enabled
         return []

kallithea/lib/auth_modules/auth_ldap.py

➞

Show inline comments

@@ @@ -350,12 +350,15 @@ class KallitheaAuthPlugin(auth_modules.K @@
                 "active_from_extern": None,
                 'extern_name': user_dn,
+            }
             log.info('user %s authenticated correctly' % user_data['username'])
             return user_data
         except (LdapUsernameError, LdapPasswordError, LdapImportError):
             log.error(traceback.format_exc())
             return None
         except (Exception,):
             log.error(traceback.format_exc())
             return None
     def get_managed_fields(self):
         return ['username', 'firstname', 'lastname', 'email', 'password']

kallithea/lib/auth_modules/auth_pam.py

➞

Show inline comments

@@ @@ -127,12 +127,15 @@ class KallitheaAuthPlugin(auth_modules.K @@
             regex = settings["gecos"]
             match = re.search(regex, user_data.pw_gecos)
             if match:
                 user_data["firstname"] = match.group('first_name')
                 user_data["lastname"] = match.group('last_name')
         except Exception:
             log.warning("Cannot extract additional info for PAM user %s", username)
             pass
         log.debug("pamuser: \n%s" % formatted_json(user_data))
         log.info('user %s authenticated correctly' % user_data['username'])
         return user_data
     def get_managed_fields(self):
         return ['username', 'password']

kallithea/templates/admin/my_account/my_account_profile.html

➞

Show inline comments

@@ @@ -10,62 +10,59 @@ ${h.form(url('my_account'), method='post @@
                 %if c.visual.use_gravatar:
                 <strong>${_('Change your avatar at')} <a href="http://gravatar.com">gravatar.com</a></strong>
                 <br/>${_('Using')} ${c.user.email}
                 %else:
                 <strong>${_('Avatars are disabled')}</strong>
                 <br/>${c.user.email or _('Missing email, please update your user email address.')}
                     [${_('Current IP')}: ${c.ip_addr}]
                 %endif
                </p>
            </div>
          </div>
         <% readonly = None %>
         <div class="fields">
             %if c.user.extern_type != c.EXTERN_TYPE_INTERNAL:
                 <% readonly = "readonly" %>
                 <strong>${_('Your user is in an external Source of Record; some details cannot be managed here')}.</strong>
             %endif
              <div class="field">
                 <div class="label">
                     <label for="username">${_('Username')}:</label>
                 </div>
                 <div class="input">
                   ${h.text('username',class_='medium', readonly=readonly)}
+                  ${h.text('username',class_='medium', readonly=c.readonly('username'))}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="name">${_('First Name')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('firstname',class_="medium")}
+                    ${h.text('firstname',class_="medium", readonly=c.readonly('firstname'))}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="lastname">${_('Last Name')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('lastname',class_="medium")}
+                    ${h.text('lastname',class_="medium", readonly=c.readonly('lastname'))}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="email">${_('Email')}:</label>
                 </div>
                 <div class="input">
                     ## we should be able to edit email !
                     ${h.text('email',class_="medium")}
                     ${h.text('email',class_="medium", readonly=c.readonly('email'))}
                 </div>
              </div>
             <div class="buttons">
               ${h.submit('save',_('Save'),class_="btn")}
               ${h.reset('reset',_('Reset'),class_="btn")}
             </div>
         </div>
     </div>
 ${h.end_form()}

kallithea/templates/admin/users/user_edit_profile.html

➞

Show inline comments

@@ @@ -8,48 +8,46 @@ ${h.form(url('update_user', id=c.user.us @@
                 <strong>${_('Change avatar at')} <a href="http://gravatar.com">gravatar.com</a></strong>
                 <br/>${_('Using')} ${c.user.email}
                 %else:
                 <strong>${_('Avatars are disabled')}</strong>
                 <br/>${c.user.email or _('Missing email, please update this user email address.')}
                         ##show current ip just if we show ourself
                         %if c.authuser.username == c.user.username:
                             [${_('Current IP')}: ${c.ip_addr}]
                         %endif
                 %endif
            </div>
         </div>
         <% readonly = None %>
         <div class="fields">
             %if c.user.extern_type != c.EXTERN_TYPE_INTERNAL:
              <div class="field">
                <% readonly = "readonly" %>
                <strong>${_('This user is in an external Source of Record (%s); some details cannot be managed here.' % c.user.extern_type)}.</strong>
              </div>
             %endif
              <div class="field">
                 <div class="label">
                     <label for="username">${_('Username')}:</label>
                 </div>
                 <div class="input">
                   ${h.text('username',class_='medium', readonly=readonly)}
+                  ${h.text('username',class_='medium', readonly=c.readonly('username'))}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="email">${_('Email')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('email',class_='medium')}
+                    ${h.text('email',class_='medium', readonly=c.readonly('email'))}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="extern_type">${_('Source of Record')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('extern_type',class_='medium',readonly="readonly")}
                 </div>
              </div>
@@ @@ -58,68 +56,68 @@ ${h.form(url('update_user', id=c.user.us @@
                     <label for="extern_name">${_('Name in Source of Record')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('extern_name',class_='medium',readonly="readonly")}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="new_password">${_('New password')}:</label>
                 </div>
                 <div class="input">
                     ${h.password('new_password',class_='medium',readonly=readonly)}
+                    ${h.password('new_password',class_='medium',readonly=c.readonly('password'))}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="password_confirmation">${_('New password confirmation')}:</label>
                 </div>
                 <div class="input">
                     ${h.password('password_confirmation',class_="medium",readonly=readonly)}
+                    ${h.password('password_confirmation',class_="medium",readonly=c.readonly('password'))}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="firstname">${_('First Name')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('firstname',class_='medium')}
+                    ${h.text('firstname',class_='medium', readonly=c.readonly('firstname'))}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="lastname">${_('Last Name')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('lastname',class_='medium')}
+                    ${h.text('lastname',class_='medium', readonly=c.readonly('lastname'))}
                 </div>
              </div>
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="active">${_('Active')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('active',value=True)}
+                    ${h.checkbox('active',value=True, readonly=c.readonly('active'))}
                 </div>
              </div>
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="admin">${_('Admin')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('admin',value=True)}
+                    ${h.checkbox('admin',value=True, readonly=c.readonly('admin'))}
                 </div>
              </div>
             <div class="buttons">
               ${h.submit('save',_('Save'),class_="btn")}
               ${h.reset('reset',_('Reset'),class_="btn")}
             </div>
         </div>
 </div>
 ${h.end_form()}

0 comments (0 inline, 0 general)