kallithea Changeset - 6da70f4569bf

Changeset - 6da70f4569bf

Parent rev.

Child rev.

[Not reviewed]

default

0 4 0

Thomas De Schampheleire - 6 years ago 2019-07-19 01:12:35
thomas.de_schampheleire@nokia.com

ssh: introduce ini setting 'ssh_enabled', disabled by default

Administrators should control the use of SSH and may want to disable SSH
access, temporarily or permanently.

An explicit setting ssh_enabled is better than e.g. checking for a valid
ssh_authorized_keys setting, to allow such trivial temporary disabling.

To keep the controllers simple, introduce a decorator IfSshEnabled instead
of repeating the same config checks in every method.

4 files changed with 28 insertions and 0 deletions:

development.ini

kallithea/lib/base.py

kallithea/lib/paster_commands/template.ini.mako

kallithea/tests/conftest.py

0 comments (0 inline, 0 general)

development.ini

➞

Show inline comments

@@ @@ -223,12 +223,19 @@ allow_custom_hooks_settings = True @@
 #    .dockerignore
 #    .editorconfig
 #    INSTALL
 #    CHANGELOG
 ####################################
 ###           SSH CONFIG        ####
 ####################################
 ## SSH is disabled by default, until an Administrator decides to enable it.
 ssh_enabled = false
 ####################################
 ###        CELERY CONFIG        ####
 ####################################
 use_celery = false
 ## Example: connect to the virtual host 'rabbitmqhost' on localhost as rabbitmq:

kallithea/lib/base.py

➞

Show inline comments

@@ @@ -405,12 +405,13 @@ class BaseController(TGController): @@
         c.site_name = rc_config.get('title')
         c.clone_uri_tmpl = rc_config.get('clone_uri_tmpl') or Repository.DEFAULT_CLONE_URI
         ## INI stored
         c.visual.allow_repo_location_change = str2bool(config.get('allow_repo_location_change', True))
         c.visual.allow_custom_hooks_settings = str2bool(config.get('allow_custom_hooks_settings', True))
         c.ssh_enabled = str2bool(config.get('ssh_enabled', False))
         c.instance_id = config.get('instance_id')
         c.issues_url = config.get('bugtracker', url('issues_url'))
         # END CONFIG VARS
         c.repo_name = get_repo_slug(request)  # can be empty
@@ @@ -633,6 +634,18 @@ def jsonify(func, *args, **kwargs): @@
               "cross-site data leak attacks, see " \
               "https://web.archive.org/web/20120519231904/http://wiki.pylonshq.com/display/pylonsfaq/Warnings"
         warnings.warn(msg, Warning, 2)
         log.warning(msg)
     log.debug("Returning JSON wrapped action output")
     return json.dumps(data, encoding='utf-8')
 @decorator.decorator
 def IfSshEnabled(func, *args, **kwargs):
     """Decorator for functions that can only be called if SSH access is enabled.
     If SSH access is disabled in the configuration file, HTTPNotFound is raised.
     """
     if not c.ssh_enabled:
         from kallithea.lib import helpers as h
         h.flash(_("SSH access is disabled."), category='warning')
         raise webob.exc.HTTPNotFound()
     return func(*args, **kwargs)

kallithea/lib/paster_commands/template.ini.mako

➞

Show inline comments

@@ @@ -320,12 +320,19 @@ allow_custom_hooks_settings = True @@
 #    .dockerignore
 #    .editorconfig
 #    INSTALL
 #    CHANGELOG
 <%text>####################################</%text>
 <%text>###           SSH CONFIG        ####</%text>
 <%text>####################################</%text>
 <%text>## SSH is disabled by default, until an Administrator decides to enable it.</%text>
 ssh_enabled = false
 <%text>####################################</%text>
 <%text>###        CELERY CONFIG        ####</%text>
 <%text>####################################</%text>
 use_celery = false
 <%text>## Example: connect to the virtual host 'rabbitmqhost' on localhost as rabbitmq:</%text>

kallithea/tests/conftest.py

➞

Show inline comments

@@ @@ -39,12 +39,13 @@ def pytest_configure(): @@
     ini_settings = {
         '[server:main]': {
             'port': '4999',
         },
         '[app:main]': {
             'ssh_enabled': 'true',
             'app_instance_uuid': 'test',
             'show_revision_number': 'true',
             'beaker.cache.sql_cache_short.expire': '1',
             'session.secret': '{74e0cd75-b339-478b-b129-07dd221def1f}',
             #'i18n.lang': '',
         },

0 comments (0 inline, 0 general)