kallithea Changeset - 3b136af34329

Changeset - 3b136af34329

Parent rev.

Child rev.

[Not reviewed]

default

0 8 0

Marcin Kuzminski - 12 years ago 2013-07-01 16:10:22
marcin@python-works.com

Added pre-create user hook.
It allows to control user creation using rcext hooks.

8 files changed with 136 insertions and 23 deletions:

rhodecode/config/rcextensions/__init__.py

rhodecode/controllers/admin/users.py

rhodecode/controllers/login.py

rhodecode/lib/base.py

rhodecode/lib/exceptions.py

rhodecode/lib/hooks.py

rhodecode/model/user.py

rhodecode/templates/register.html

0 comments (0 inline, 0 general)

rhodecode/config/rcextensions/__init__.py

➞

Show inline comments

@@ @@ -44,24 +44,47 @@ def _crrepohook(*args, **kwargs): @@
      :param user_id:
      :param enable_statistics:
      :param clone_uri:
      :param fork_id:
      :param group_id:
      :param created_by:
     """
     return 0
 CREATE_REPO_HOOK = _crrepohook
 #==============================================================================
 # PRE CREATE USER HOOK
 #==============================================================================
 # this function will be executed before each user is created
 def _pre_cruserhook(*args, **kwargs):
     """
     Pre create user HOOK, it returns a tuple of bool, reason.
     If bool is False the user creation will be stopped and reason
     will be displayed to the user.
     kwargs available:
     :param username:
     :param password:
     :param email:
     :param firstname:
     :param lastname:
     :param active:
     :param admin:
     :param created_by:
     """
     reason = 'allowed'
     return True, reason
 PRE_CREATE_USER_HOOK = _pre_cruserhook
 #==============================================================================
 # POST CREATE USER HOOK
 #==============================================================================
 # this function will be executed after each user is created
 def _cruserhook(*args, **kwargs):
     """
     Post create user HOOK
     kwargs available:
       :param username:
       :param full_name_or_username:
       :param full_contact:
       :param user_id:
       :param name:

rhodecode/controllers/admin/users.py

➞

Show inline comments

@@ @@ -26,25 +26,25 @@ @@
 import logging
 import traceback
 import formencode
 from pylons import response
 from formencode import htmlfill
 from pylons import request, session, tmpl_context as c, url, config
 from pylons.controllers.util import redirect
 from pylons.i18n.translation import _
 import rhodecode
 from rhodecode.lib.exceptions import DefaultUserException, \
     UserOwnsReposException
+    UserOwnsReposException, UserCreationError
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \
     AuthUser
 from rhodecode.lib.base import BaseController, render
 from rhodecode.model.db import User, UserEmailMap, UserIpMap, UserToPerm
 from rhodecode.model.forms import UserForm, CustomDefaultPermissionsForm
 from rhodecode.model.user import UserModel
 from rhodecode.model.meta import Session
 from rhodecode.lib.utils import action_logger
 from rhodecode.lib.compat import json
 from rhodecode.lib.utils2 import datetime_to_time, str2bool
@@ @@ -128,24 +128,26 @@ class UsersController(BaseController): @@
             action_logger(self.rhodecode_user, 'admin_created_user:%s' % usr,
                           None, self.ip_addr, self.sa)
             h.flash(_('Created user %s') % usr,
                     category='success')
             Session().commit()
         except formencode.Invalid, errors:
             return htmlfill.render(
                 render('admin/users/user_add.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except UserCreationError, e:
             h.flash(e, 'error')
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('Error occurred during creation of user %s') \
                     % request.POST.get('username'), category='error')
         return redirect(url('users'))
     def new(self, format='html'):
         """GET /users/new: Form to create a new item"""
         # url('new_user')
         return render('admin/users/user_add.html')
     def update(self, id):

rhodecode/controllers/login.py

➞

Show inline comments

@@ @@ -28,24 +28,25 @@ import formencode @@
 import datetime
 import urlparse
 from formencode import htmlfill
 from webob.exc import HTTPFound
 from pylons.i18n.translation import _
 from pylons.controllers.util import abort, redirect
 from pylons import request, response, session, tmpl_context as c, url
 import rhodecode.lib.helpers as h
 from rhodecode.lib.auth import AuthUser, HasPermissionAnyDecorator
 from rhodecode.lib.base import BaseController, render
 from rhodecode.lib.exceptions import UserCreationError
 from rhodecode.model.db import User
 from rhodecode.model.forms import LoginForm, RegisterForm, PasswordResetForm
 from rhodecode.model.user import UserModel
 from rhodecode.model.meta import Session
 log = logging.getLogger(__name__)
 class LoginController(BaseController):
     def __before__(self):
@@ @@ -111,24 +112,30 @@ class LoginController(BaseController): @@
                         c.came_from = url('home')
                     raise HTTPFound(location=c.came_from, headers=headers)
                 else:
                     raise HTTPFound(location=url('home'), headers=headers)
             except formencode.Invalid, errors:
                 return htmlfill.render(
                     render('/login.html'),
                     defaults=errors.value,
                     errors=errors.error_dict or {},
                     prefix_error=False,
                     encoding="UTF-8")
             except UserCreationError, e:
                 # container auth or other auth functions that create users on
                 # the fly can throw this exception signaling that there's issue
                 # with user creation, explanation should be provided in
                 # Exception itself
                 h.flash(e, 'error')
         return render('/login.html')
     @HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate',
                                'hg.register.manual_activate')
     def register(self):
         c.auto_active = 'hg.register.auto_activate' in User.get_default_user()\
             .AuthUser.permissions['global']
         if request.POST:
             register_form = RegisterForm()()
             try:
@@ @@ -138,24 +145,30 @@ class LoginController(BaseController): @@
                 h.flash(_('You have successfully registered into RhodeCode'),
                             category='success')
                 Session().commit()
                 return redirect(url('login_home'))
             except formencode.Invalid, errors:
                 return htmlfill.render(
                     render('/register.html'),
                     defaults=errors.value,
                     errors=errors.error_dict or {},
                     prefix_error=False,
                     encoding="UTF-8")
             except UserCreationError, e:
                 # container auth or other auth functions that create users on
                 # the fly can throw this exception signaling that there's issue
                 # with user creation, explanation should be provided in
                 # Exception itself
                 h.flash(e, 'error')
         return render('/register.html')
     def password_reset(self):
         if request.POST:
             password_reset_form = PasswordResetForm()()
             try:
                 form_result = password_reset_form.to_python(dict(request.POST))
                 UserModel().reset_password_link(form_result)
                 h.flash(_('Your password reset link was sent'),
                             category='success')
                 return redirect(url('login_home'))

rhodecode/lib/base.py

➞

Show inline comments

@@ @@ -13,24 +13,25 @@ from paste.httpheaders import WWW_AUTHEN @@
 from pylons import config, tmpl_context as c, request, session, url
 from pylons.controllers import WSGIController
 from pylons.controllers.util import redirect
 from pylons.templating import render_mako as render
 from rhodecode import __version__, BACKENDS
 from rhodecode.lib.utils2 import str2bool, safe_unicode, AttributeDict,\
     safe_str, safe_int
 from rhodecode.lib.auth import AuthUser, get_container_username, authfunc,\
     HasPermissionAnyMiddleware, CookieStoreWrapper
 from rhodecode.lib.utils import get_repo_slug
 from rhodecode.lib.exceptions import UserCreationError
 from rhodecode.model import meta
 from rhodecode.model.db import Repository, RhodeCodeUi, User, RhodeCodeSetting
 from rhodecode.model.notification import NotificationModel
 from rhodecode.model.scm import ScmModel
 from rhodecode.model.meta import Session
 log = logging.getLogger(__name__)
 def _filter_proxy(ip):
     """
@@ @@ -291,25 +292,35 @@ class BaseController(WSGIController): @@
     def __call__(self, environ, start_response):
         """Invoke the Controller"""
         # WSGIController.__call__ dispatches to the Controller method
         # the request is routed to. This routing information is
         # available in environ['pylons.routes_dict']
         try:
             self.ip_addr = _get_ip_addr(environ)
             # make sure that we update permissions each time we call controller
             api_key = request.GET.get('api_key')
             cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))
             user_id = cookie_store.get('user_id', None)
             username = get_container_username(environ, config)
             try:
             auth_user = AuthUser(user_id, api_key, username, self.ip_addr)
             except UserCreationError, e:
                 from rhodecode.lib import helpers as h
                 h.flash(e, 'error')
                 # container auth or other auth functions that create users on
                 # the fly can throw this exception signaling that there's issue
                 # with user creation, explanation should be provided in
                 # Exception itself
                 auth_user = AuthUser(ip_addr=self.ip_addr)
             request.user = auth_user
             self.rhodecode_user = c.rhodecode_user = auth_user
             if not self.rhodecode_user.is_authenticated and \
                        self.rhodecode_user.user_id is not None:
                 self.rhodecode_user.set_authenticated(
                     cookie_store.get('is_authenticated')
+                )
             log.info('IP: %s User: %s accessed %s' % (
                self.ip_addr, auth_user, safe_unicode(_get_access_path(environ)))
+            )
             return WSGIController.__call__(self, environ, start_response)
         finally:

rhodecode/lib/exceptions.py

➞

Show inline comments

@@ @@ -81,12 +81,20 @@ class HTTPLockedRC(HTTPClientError): @@
     def __init__(self, reponame, username, *args, **kwargs):
         from rhodecode import CONFIG
         from rhodecode.lib.utils2 import safe_int
         _code = CONFIG.get('lock_ret_code')
         self.code = safe_int(_code, self.code)
         self.title = self.explanation = ('Repository `%s` locked by '
                                          'user `%s`' % (reponame, username))
         super(HTTPLockedRC, self).__init__(*args, **kwargs)
 class IMCCommitError(Exception):
     pass
 class UserCreationError(Exception):
     pass
 class RepositoryCreationError(Exception):
     pass

rhodecode/lib/hooks.py

➞

Show inline comments

@@ @@ -25,25 +25,25 @@ @@
 import os
 import sys
 import time
 import binascii
 import traceback
 from inspect import isfunction
 from rhodecode.lib.vcs.utils.hgcompat import nullrev, revrange
 from rhodecode.lib import helpers as h
 from rhodecode.lib.utils import action_logger
 from rhodecode.lib.vcs.backends.base import EmptyChangeset
 from rhodecode.lib.compat import json
 from rhodecode.lib.exceptions import HTTPLockedRC
+from rhodecode.lib.exceptions import HTTPLockedRC, UserCreationError
 from rhodecode.lib.utils2 import safe_str, _extract_extras
 from rhodecode.model.db import Repository, User
 def _get_scm_size(alias, root_path):
     if not alias.startswith('.'):
         alias += '.'
     size_scm, size_root = 0, 0
     for path, dirs, files in os.walk(safe_str(root_path)):
         if path.find(alias) != -1:
@@ @@ -243,24 +243,33 @@ def log_create_repository(repository_dic @@
     from rhodecode import EXTENSIONS
     callback = getattr(EXTENSIONS, 'CREATE_REPO_HOOK', None)
     if isfunction(callback):
         kw = {}
         kw.update(repository_dict)
         kw.update({'created_by': created_by})
         kw.update(kwargs)
         return callback(**kw)
     return 0
 def check_allowed_create_user(user_dict, created_by, **kwargs):
     from rhodecode import EXTENSIONS
     callback = getattr(EXTENSIONS, 'PRE_CREATE_USER_HOOK', None)
     if isfunction(callback):
         allowed, reason = callback(created_by=created_by, **user_dict)
         if not allowed:
             raise UserCreationError(reason)
 def log_create_user(user_dict, created_by, **kwargs):
     """
     Post create user Hook. This is a dummy function for admins to re-use
     if needed. It's taken from rhodecode-extensions module and executed
     if present
     :param user_dict: dict dump of user object
     available keys for user_dict:
      'username',
      'full_name_or_username',

rhodecode/model/user.py

➞

Show inline comments

@@ @@ -27,27 +27,27 @@ import logging @@
 import traceback
 import itertools
 import collections
 from pylons import url
 from pylons.i18n.translation import _
 from sqlalchemy.exc import DatabaseError
 from sqlalchemy.orm import joinedload
 from rhodecode.lib.utils2 import safe_unicode, generate_api_key, get_current_rhodecode_user
 from rhodecode.lib.caching_query import FromCache
 from rhodecode.model import BaseModel
-from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \
 from rhodecode.model.db import User, Repository, Permission, \
     UserToPerm, UserGroupRepoToPerm, UserGroupToPerm, UserGroupMember, \
-    Notification, RepoGroup, UserRepoGroupToPerm, UserGroupRepoGroupToPerm, \
     Notification, RepoGroup, UserGroupRepoGroupToPerm, \
     UserEmailMap, UserIpMap, UserGroupUserGroupToPerm, UserGroup
 from rhodecode.lib.exceptions import DefaultUserException, \
     UserOwnsReposException
 from rhodecode.model.meta import Session
 log = logging.getLogger(__name__)
 PERM_WEIGHTS = Permission.PERM_WEIGHTS
 class UserModel(BaseModel):
@@ @@ -74,38 +74,48 @@ class UserModel(BaseModel): @@
                                           "get_user_%s" % username))
         return user.scalar()
     def get_by_email(self, email, cache=False, case_insensitive=False):
         return User.get_by_email(email, case_insensitive, cache)
     def get_by_api_key(self, api_key, cache=False):
         return User.get_by_api_key(api_key, cache)
     def create(self, form_data, cur_user=None):
         if not cur_user:
             cur_user = getattr(get_current_rhodecode_user(), 'username', None)
         from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
         _fd = form_data
         form_data = {
             'username': _fd['username'], 'password': _fd['password'],
             'email': _fd['email'], 'firstname': _fd['firstname'], 'lastname': _fd['lastname'],
             'active': _fd['active'], 'admin': False
+        }
         # raises UserCreationError if it's not allowed
         check_allowed_create_user(form_data, cur_user)
         from rhodecode.lib.auth import get_crypt_password
         try:
             new_user = User()
             for k, v in form_data.items():
                 if k == 'password':
                     v = get_crypt_password(v)
                 if k == 'firstname':
                     k = 'name'
                 setattr(new_user, k, v)
             new_user.api_key = generate_api_key(form_data['username'])
             self.sa.add(new_user)
             from rhodecode.lib.hooks import log_create_user
             log_create_user(new_user.get_dict(), cur_user)
             return new_user
         except Exception:
             log.error(traceback.format_exc())
             raise
     def create_or_update(self, username, password, email, firstname='',
                          lastname='', active=True, admin=False, ldap_dn=None,
                          cur_user=None):
         """
         Creates a new instance if not found, or updates current one
@@ @@ -115,24 +125,32 @@ class UserModel(BaseModel): @@
         :param active:
         :param firstname:
         :param lastname:
         :param active:
         :param admin:
         :param ldap_dn:
         :param cur_user:
         """
         if not cur_user:
             cur_user = getattr(get_current_rhodecode_user(), 'username', None)
         from rhodecode.lib.auth import get_crypt_password
         from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
         form_data = {
             'username': username, 'password': password,
             'email': email, 'firstname': firstname, 'lastname': lastname,
             'active': active, 'admin': admin
+        }
         # raises UserCreationError if it's not allowed
         check_allowed_create_user(form_data, cur_user)
         log.debug('Checking for %s account in RhodeCode database' % username)
         user = User.get_by_username(username, case_insensitive=True)
         if user is None:
             log.debug('creating new user %s' % username)
             new_user = User()
             edit = False
         else:
             log.debug('updating user %s' % username)
             new_user = user
             edit = True
@@ @@ -142,59 +160,68 @@ class UserModel(BaseModel): @@
             # set password only if creating an user or password is changed
             if not edit or user.password != password:
                 new_user.password = get_crypt_password(password) if password else None
                 new_user.api_key = generate_api_key(username)
             new_user.email = email
             new_user.active = active
             new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
             new_user.name = firstname
             new_user.lastname = lastname
             self.sa.add(new_user)
             if not edit:
                 from rhodecode.lib.hooks import log_create_user
                 log_create_user(new_user.get_dict(), cur_user)
             return new_user
         except (DatabaseError,):
             log.error(traceback.format_exc())
             raise
     def create_for_container_auth(self, username, attrs, cur_user=None):
         """
         Creates the given user if it's not already in the database
         :param username:
         :param attrs:
         :param cur_user:
         """
         if not cur_user:
             cur_user = getattr(get_current_rhodecode_user(), 'username', None)
         if self.get_by_username(username, case_insensitive=True) is None:
             # autogenerate email for container account without one
             generate_email = lambda usr: '%s@container_auth.account' % usr
             firstname = attrs['name']
             lastname = attrs['lastname']
             active = attrs.get('active', True)
             email = attrs['email'] or generate_email(username)
             from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
             form_data = {
                 'username': username, 'password': None,
                 'email': email, 'firstname': firstname, 'lastname': lastname,
                 'active': attrs.get('active', True), 'admin': False
+            }
             # raises UserCreationError if it's not allowed
             check_allowed_create_user(form_data, cur_user)
             try:
                 new_user = User()
                 new_user.username = username
                 new_user.password = None
                 new_user.api_key = generate_api_key(username)
                 new_user.email = attrs['email']
                 new_user.active = attrs.get('active', True)
                 new_user.name = attrs['name'] or generate_email(username)
                 new_user.lastname = attrs['lastname']
                 new_user.email = email
                 new_user.active = active
                 new_user.name = firstname
                 new_user.lastname = lastname
                 self.sa.add(new_user)
                 from rhodecode.lib.hooks import log_create_user
                 log_create_user(new_user.get_dict(), cur_user)
                 return new_user
             except (DatabaseError,):
                 log.error(traceback.format_exc())
                 self.sa.rollback()
                 raise
         log.debug('User %s already exists. Skipping creation of account'
                   ' for container auth.', username)
         return None
     def create_ldap(self, username, password, user_dn, attrs, cur_user=None):
         """
@@ @@ -203,44 +230,55 @@ class UserModel(BaseModel): @@
         :param username:
         :param password:
         :param user_dn:
         :param attrs:
         :param cur_user:
         """
         if not cur_user:
             cur_user = getattr(get_current_rhodecode_user(), 'username', None)
         from rhodecode.lib.auth import get_crypt_password
         log.debug('Checking for such ldap account in RhodeCode database')
         if self.get_by_username(username, case_insensitive=True) is None:
             # autogenerate email for container account without one
             generate_email = lambda usr: '%s@ldap.account' % usr
             password = get_crypt_password(password)
             firstname = attrs['name']
             lastname = attrs['lastname']
             active = attrs.get('active', True)
             email = attrs['email'] or generate_email(username)
             # autogenerate email for ldap account without one
             generate_email = lambda usr: '%s@ldap.account' % usr
             from rhodecode.lib.hooks import log_create_user, check_allowed_create_user
             form_data = {
                 'username': username, 'password': password,
                 'email': email, 'firstname': firstname, 'lastname': lastname,
                 'active': attrs.get('active', True), 'admin': False
+            }
             # raises UserCreationError if it's not allowed
             check_allowed_create_user(form_data, cur_user)
             try:
                 new_user = User()
                 username = username.lower()
                 # add ldap account always lowercase
                 new_user.username = username
-                new_user.password = get_crypt_password(password)
                 new_user.password = password
                 new_user.api_key = generate_api_key(username)
                 new_user.email = attrs['email'] or generate_email(username)
                 new_user.active = attrs.get('active', True)
                 new_user.email = email
                 new_user.active = active
                 new_user.ldap_dn = safe_unicode(user_dn)
                 new_user.name = attrs['name']
                 new_user.lastname = attrs['lastname']
                 new_user.name = firstname
                 new_user.lastname = lastname
                 self.sa.add(new_user)
                 from rhodecode.lib.hooks import log_create_user
                 log_create_user(new_user.get_dict(), cur_user)
                 return new_user
             except (DatabaseError,):
                 log.error(traceback.format_exc())
                 self.sa.rollback()
                 raise
         log.debug('this %s user exists skipping creation of ldap account',
                   username)
         return None
     def create_registration(self, form_data):
         from rhodecode.model.notification import NotificationModel

rhodecode/templates/register.html

➞

Show inline comments

 ## -*- coding: utf-8 -*-
 <%inherit file="base/root.html"/>
 <%def name="title()">
     ${_('Sign Up')} &middot; ${c.rhodecode_name}
 </%def>
 <div id="register">
 <div class="flash_msg">
     <% messages = h.flash.pop_messages() %>
     % if messages:
     <ul id="flash-messages">
         % for message in messages:
         <li class="${message.category}_msg">${message}</li>
         % endfor
     </ul>
     % endif
 </div>
     <div class="title top-left-rounded-corner top-right-rounded-corner">
         <h5>${_('Sign Up to')} ${c.rhodecode_name}</h5>
     </div>
     <div class="inner">
         ${h.form(url('register'))}
         <div class="form">
             <!-- fields -->
             <div class="fields">
                 <div class="field">
                     <div class="label">
                         <label for="username">${_('Username')}:</label>
                     </div>

0 comments (0 inline, 0 general)