Changeset - 55ada111bca6
Parent rev.
Child rev.
[Not reviewed]
default
0 2 0
Marcin Kuzminski - 15 years ago 2010-08-25 18:18:12
marcin@python-works.com
removed prints !
2 files changed with 0 insertions and 3 deletions:
pylons_app/controllers/login.py
1
pylons_app/lib/auth.py
2
0 comments (0 inline, 0 general)
pylons_app/controllers/login.py
Show inline comments
 
#!/usr/bin/env python
 
# encoding: utf-8
 
# login controller for pylons
 
# Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
 
#
 
# This program is free software; you can redistribute it and/or
 
# modify it under the terms of the GNU General Public License
 
# as published by the Free Software Foundation; version 2
 
# of the License or (at your opinion) any later version of the license.
 
#
 
# This program is distributed in the hope that it will be useful,
 
# but WITHOUT ANY WARRANTY; without even the implied warranty of
 
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 
# GNU General Public License for more details.
 
#
 
# You should have received a copy of the GNU General Public License
 
# along with this program; if not, write to the Free Software
 
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 
# MA  02110-1301, USA.
 

			




	
	
	
		
 
"""

			




	
	
	
		
 
Created on April 22, 2010

			




	
	
	
		
 
login controller for pylons

			




	
	
	
		
 
@author: marcink

			




	
	
	
		
 
"""

			




	
	
	
		
 
from formencode import htmlfill

			




	
	
	
		
 
from pylons import request, response, session, tmpl_context as c, url

			




	
	
	
		
 
from pylons.controllers.util import abort, redirect

			




	
	
	
		
 
from pylons_app.lib.auth import AuthUser, HasPermissionAnyDecorator

			




	
	
	
		
 
from pylons_app.lib.base import BaseController, render

			




	
	
	
		
 
from pylons_app.model.forms import LoginForm, RegisterForm

			




	
	
	
		
 
from pylons_app.model.user_model import UserModel

			




	
	
	
		
 
import formencode

			




	
	
	
		
 
import logging

			




	
	
	
		
 

			




	
	
	
		
 
log = logging.getLogger(__name__)

			




	
	
	
		
 

			




	
	
	
		
 
class LoginController(BaseController):

			




	
	
	
		
 

			




	
	
	
		
 
    def __before__(self):

			




	
	
	
		
 
        super(LoginController, self).__before__()

			




	
	
	
		
 

			




	
	
	
		
 
    def index(self):

			




	
	
	
		
 
        #redirect if already logged in

			




	
	
	
		
 
        if c.hg_app_user.is_authenticated:

			




	
	
	
		
 
            return redirect(url('hg_home'))

			




	
	
	
		
 
        

			




	
	
	
		
 
        if request.POST:

			




	
	
	
		
 
            #import Login Form validator class

			




	
	
	
		
 
            login_form = LoginForm()

			




	
	
	
		
 
            try:

			




	
	
	
		
 
                c.form_result = login_form.to_python(dict(request.POST))

			




	
	
	
		
 
                return redirect(url('hg_home'))

			




	
	
	
		
 
                               

			




	
	
	
		
 
            except formencode.Invalid as errors:

			




	
	
	
		
 
                return htmlfill.render(

			




	
	
	
		
 
                    render('/login.html'),

			




	
	
	
		
 
                    defaults=errors.value,

			




	
	
	
		
 
                    errors=errors.error_dict or {},

			




	
	
	
		
 
                    prefix_error=False,

			




	
	
	
		
 
                    encoding="UTF-8")

			




	
	
	
		
 
                        

			




	
	
	
		
 
        return render('/login.html')

			




	
	
	
		
 
    

			




	
	
	
		
 
    @HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate', 'hg.register.manual_activate')

			




	
	
	
		
 
    def register(self):

			




	
	
	
		
 
        user_model = UserModel()

			




	
	
	
		
 
        c.auto_active = False

			




	
	
	
		
 
        for perm in user_model.get_default().user_perms:

			




	
	
	
		
 
            print perm.permission.permission_name

			




	
	
	
		
 
            if perm.permission.permission_name == 'hg.register.auto_activate':

			




	
	
	
		
 
                c.auto_active = True

			




	
	
	
		
 
                break

			




	
	
	
		
 
                        

			




	
	
	
		
 
        if request.POST:

			




	
	
	
		
 
                

			




	
	
	
		
 
            register_form = RegisterForm()()

			




	
	
	
		
 
            try:

			




	
	
	
		
 
                form_result = register_form.to_python(dict(request.POST))

			




	
	
	
		
 
                form_result['active'] = c.auto_active

			




	
	
	
		
 
                user_model.create_registration(form_result)

			




	
	
	
		
 
                return redirect(url('login_home'))

			




	
	
	
		
 
                               

			




	
	
	
		
 
            except formencode.Invalid as errors:

			




	
	
	
		
 
                return htmlfill.render(

			




	
	
	
		
 
                    render('/register.html'),

			




	
	
	
		
 
                    defaults=errors.value,

			




	
	
	
		
 
                    errors=errors.error_dict or {},

			




	
	
	
		
 
                    prefix_error=False,

			




	
	
	
		
 
                    encoding="UTF-8")

			




	
	
	
		
 
        

			




	
	
	
		
 
        return render('/register.html')

			




	
	
	
		
 
    

			




	
	
	
		
 
    def logout(self):

			




	
	
	
		
 
        session['hg_app_user'] = AuthUser()

			




	
	
	
		
 
        session.save()

			




	
	
	
		
 
        log.info('Logging out and setting user as Empty')

			




	
	
	
		
 
        redirect(url('hg_home'))

			




        

    


    
    

    

        

                

                    pylons_app/lib/auth.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -31,194 +31,192 @@ from pylons_app.model.db import User, Re

			




	
	
	
		
 
    UserToPerm

			




	
	
	
		
 
from sqlalchemy.exc import OperationalError

			




	
	
	
		
 
from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound

			




	
	
	
		
 
import bcrypt

			




	
	
	
		
 
from decorator import decorator

			




	
	
	
		
 
import logging

			




	
	
	
		
 

			




	
	
	
		
 
log = logging.getLogger(__name__) 

			




	
	
	
		
 

			




	
	
	
		
 
def get_crypt_password(password):

			




	
	
	
		
 
    """Cryptographic function used for password hashing based on sha1

			




	
	
	
		
 
    @param password: password to hash

			




	
	
	
		
 
    """    

			




	
	
	
		
 
    return bcrypt.hashpw(password, bcrypt.gensalt(10))

			




	
	
	
		
 

			




	
	
	
		
 
def check_password(password, hashed):

			




	
	
	
		
 
    return bcrypt.hashpw(password, hashed) == hashed

			




	
	
	
		
 

			




	
	
	
		
 
@cache_region('super_short_term', 'cached_user')

			




	
	
	
		
 
def get_user_cached(username):

			




	
	
	
		
 
    sa = meta.Session

			




	
	
	
		
 
    try:

			




	
	
	
		
 
        user = sa.query(User).filter(User.username == username).one()

			




	
	
	
		
 
    finally:

			




	
	
	
		
 
        meta.Session.remove()

			




	
	
	
		
 
    return user

			




	
	
	
		
 

			




	
	
	
		
 
def authfunc(environ, username, password):

			




	
	
	
		
 
    try:

			




	
	
	
		
 
        user = get_user_cached(username)

			




	
	
	
		
 
    except (NoResultFound, MultipleResultsFound, OperationalError) as e:

			




	
	
	
		
 
        log.error(e)

			




	
	
	
		
 
        user = None

			




	
	
	
		
 
        

			




	
	
	
		
 
    if user:

			




	
	
	
		
 
        if user.active:

			




	
	
	
		
 
            if user.username == username and check_password(password, user.password):

			




	
	
	
		
 
                log.info('user %s authenticated correctly', username)

			




	
	
	
		
 
                return True

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            log.error('user %s is disabled', username)

			




	
	
	
		
 
            

			




	
	
	
		
 
    return False

			




	
	
	
		
 

			




	
	
	
		
 
class  AuthUser(object):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    A simple object that handles a mercurial username for authentication

			




	
	
	
		
 
    """

			




	
	
	
		
 
    def __init__(self):

			




	
	
	
		
 
        self.username = 'None'

			




	
	
	
		
 
        self.name = ''

			




	
	
	
		
 
        self.lastname = ''

			




	
	
	
		
 
        self.email = ''

			




	
	
	
		
 
        self.user_id = None

			




	
	
	
		
 
        self.is_authenticated = False

			




	
	
	
		
 
        self.is_admin = False

			




	
	
	
		
 
        self.permissions = {}

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def set_available_permissions(config):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    This function will propagate pylons globals with all available defined

			




	
	
	
		
 
    permission given in db. We don't wannt to check each time from db for new 

			




	
	
	
		
 
    permissions since adding a new permission also requires application restart

			




	
	
	
		
 
    ie. to decorate new views with the newly created permission

			




	
	
	
		
 
    @param config:

			




	
	
	
		
 
    """

			




	
	
	
		
 
    log.info('getting information about all available permissions')

			




	
	
	
		
 
    try:

			




	
	
	
		
 
        sa = meta.Session

			




	
	
	
		
 
        all_perms = sa.query(Permission).all()

			




	
	
	
		
 
    finally:

			




	
	
	
		
 
        meta.Session.remove()

			




	
	
	
		
 
    

			




	
	
	
		
 
    config['available_permissions'] = [x.permission_name for x in all_perms]

			




	
	
	
		
 

			




	
	
	
		
 
def set_base_path(config):

			




	
	
	
		
 
    config['base_path'] = config['pylons.app_globals'].base_path

			




	
	
	
		
 

			




	
	
	
		
 
def fill_data(user):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Fills user data with those from database and log out user if not present

			




	
	
	
		
 
    in database

			




	
	
	
		
 
    @param user:

			




	
	
	
		
 
    """

			




	
	
	
		
 
    sa = meta.Session

			




	
	
	
		
 
    dbuser = sa.query(User).get(user.user_id)

			




	
	
	
		
 
    if dbuser:

			




	
	
	
		
 
        user.username = dbuser.username

			




	
	
	
		
 
        user.is_admin = dbuser.admin

			




	
	
	
		
 
        user.name = dbuser.name

			




	
	
	
		
 
        user.lastname = dbuser.lastname

			




	
	
	
		
 
        user.email = dbuser.email

			




	
	
	
		
 
    else:

			




	
	
	
		
 
        user.is_authenticated = False

			




	
	
	
		
 
    meta.Session.remove()

			




	
	
	
		
 
    from pprint import pprint

			




	
	
	
		
 
    pprint(user.permissions)

			




	
	
	
		
 
    return user

			




	
	
	
		
 
            

			




	
	
	
		
 
def fill_perms(user):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Fills user permission attribute with permissions taken from database

			




	
	
	
		
 
    @param user:

			




	
	
	
		
 
    """

			




	
	
	
		
 
    

			




	
	
	
		
 
    sa = meta.Session

			




	
	
	
		
 
    user.permissions['repositories'] = {}

			




	
	
	
		
 
    user.permissions['global'] = set()

			




	
	
	
		
 
    

			




	
	
	
		
 
    #===========================================================================

			




	
	
	
		
 
    # fetch default permissions

			




	
	
	
		
 
    #===========================================================================

			




	
	
	
		
 
    default_perms = sa.query(RepoToPerm, Repository, Permission)\

			




	
	
	
		
 
        .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\

			




	
	
	
		
 
        .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\

			




	
	
	
		
 
        .filter(RepoToPerm.user == sa.query(User).filter(User.username == 

			




	
	
	
		
 
                                            'default').scalar()).all()

			




	
	
	
		
 
                                            

			




	
	
	
		
 
    if user.is_admin:

			




	
	
	
		
 
        #=======================================================================

			




	
	
	
		
 
        # #admin have all default rights set to admin        

			




	
	
	
		
 
        #=======================================================================

			




	
	
	
		
 
        user.permissions['global'].add('hg.admin')

			




	
	
	
		
 
        

			




	
	
	
		
 
        for perm in default_perms:

			




	
	
	
		
 
            p = 'repository.admin'

			




	
	
	
		
 
            user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p

			




	
	
	
		
 
    

			




	
	
	
		
 
    else:

			




	
	
	
		
 
        #=======================================================================

			




	
	
	
		
 
        # set default permissions

			




	
	
	
		
 
        #=======================================================================

			




	
	
	
		
 
        

			




	
	
	
		
 
        #default global

			




	
	
	
		
 
        default_global_perms = sa.query(UserToPerm)\

			




	
	
	
		
 
            .filter(UserToPerm.user == sa.query(User).filter(User.username == 

			




	
	
	
		
 
            'default').one())

			




	
	
	
		
 
        

			




	
	
	
		
 
        for perm in default_global_perms:

			




	
	
	
		
 
            user.permissions['global'].add(perm.permission.permission_name)

			




	
	
	
		
 
                    

			




	
	
	
		
 
        #default repositories

			




	
	
	
		
 
        for perm in default_perms:

			




	
	
	
		
 
            if perm.Repository.private and not perm.Repository.user_id == user.user_id:

			




	
	
	
		
 
                #disable defaults for private repos,

			




	
	
	
		
 
                p = 'repository.none'

			




	
	
	
		
 
            elif perm.Repository.user_id == user.user_id:

			




	
	
	
		
 
                #set admin if owner

			




	
	
	
		
 
                p = 'repository.admin'

			




	
	
	
		
 
            else:

			




	
	
	
		
 
                p = perm.Permission.permission_name

			




	
	
	
		
 
                

			




	
	
	
		
 
            user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p

			




	
	
	
		
 
                                                

			




	
	
	
		
 
        #=======================================================================

			




	
	
	
		
 
        # #overwrite default with user permissions if any

			




	
	
	
		
 
        #=======================================================================

			




	
	
	
		
 
        user_perms = sa.query(RepoToPerm, Permission, Repository)\

			




	
	
	
		
 
            .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\

			




	
	
	
		
 
            .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\

			




	
	
	
		
 
            .filter(RepoToPerm.user_id == user.user_id).all()

			




	
	
	
		
 
            

			




	
	
	
		
 
        for perm in user_perms:

			




	
	
	
		
 
            if perm.Repository.user_id == user.user_id:#set admin if owner

			




	
	
	
		
 
                p = 'repository.admin'

			




	
	
	
		
 
            else:

			




	
	
	
		
 
                p = perm.Permission.permission_name

			




	
	
	
		
 
            user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p

			




	
	
	
		
 
    meta.Session.remove()         

			




	
	
	
		
 
    return user

			




	
	
	
		
 
    

			




	
	
	
		
 
def get_user(session):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Gets user from session, and wraps permissions into user

			




	
	
	
		
 
    @param session:

			




	
	
	
		
 
    """

			




	
	
	
		
 
    user = session.get('hg_app_user', AuthUser())

			




	
	
	
		
 
    if user.is_authenticated:

			




	
	
	
		
 
        user = fill_data(user)

			




	
	
	
		
 
    user = fill_perms(user)

			




	
	
	
		
 
    session['hg_app_user'] = user

			




	
	
	
		
 
    session.save()

			




	
	
	
		
 
    return user

			




	
	
	
		
 
        

			




	
	
	
		
 
#===============================================================================

			




	
	
	
		
 
# CHECK DECORATORS

			




	
	
	
		
 
#===============================================================================

			




	
	
	
		
 
class LoginRequired(object):

			




	
	
	
		
 
    """Must be logged in to execute this function else redirect to login page"""

			




	
	
	
		
 
   

			




	
	
	
		
 
    def __call__(self, func):

			




	
	
	
		
 
        return decorator(self.__wrapper, func)

			




	
	
	
		
 
    

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.