kallithea Changeset - 6da70f4569bf

Changeset - 6da70f4569bf

Parent rev.

Child rev.

[Not reviewed]

default

0 4 0

Thomas De Schampheleire - 6 years ago 2019-07-19 01:12:35
thomas.de_schampheleire@nokia.com

ssh: introduce ini setting 'ssh_enabled', disabled by default

Administrators should control the use of SSH and may want to disable SSH
access, temporarily or permanently.

An explicit setting ssh_enabled is better than e.g. checking for a valid
ssh_authorized_keys setting, to allow such trivial temporary disabling.

To keep the controllers simple, introduce a decorator IfSshEnabled instead
of repeating the same config checks in every method.

4 files changed with 28 insertions and 0 deletions:

development.ini

kallithea/lib/base.py

kallithea/lib/paster_commands/template.ini.mako

kallithea/tests/conftest.py

0 comments (0 inline, 0 general)

development.ini

➞

Show inline comments

@@ @@ -226,6 +226,13 @@ allow_custom_hooks_settings = True @@
 #    CHANGELOG
 ####################################
 ###           SSH CONFIG        ####
 ####################################
 ## SSH is disabled by default, until an Administrator decides to enable it.
 ssh_enabled = false
 ####################################
 ###        CELERY CONFIG        ####
 ####################################

kallithea/lib/base.py

➞

Show inline comments

@@ @@ -408,6 +408,7 @@ class BaseController(TGController): @@
         ## INI stored
         c.visual.allow_repo_location_change = str2bool(config.get('allow_repo_location_change', True))
         c.visual.allow_custom_hooks_settings = str2bool(config.get('allow_custom_hooks_settings', True))
         c.ssh_enabled = str2bool(config.get('ssh_enabled', False))
         c.instance_id = config.get('instance_id')
         c.issues_url = config.get('bugtracker', url('issues_url'))
@@ @@ -636,3 +637,15 @@ def jsonify(func, *args, **kwargs): @@
         log.warning(msg)
     log.debug("Returning JSON wrapped action output")
     return json.dumps(data, encoding='utf-8')
 @decorator.decorator
 def IfSshEnabled(func, *args, **kwargs):
     """Decorator for functions that can only be called if SSH access is enabled.
     If SSH access is disabled in the configuration file, HTTPNotFound is raised.
     """
     if not c.ssh_enabled:
         from kallithea.lib import helpers as h
         h.flash(_("SSH access is disabled."), category='warning')
         raise webob.exc.HTTPNotFound()
     return func(*args, **kwargs)

kallithea/lib/paster_commands/template.ini.mako

➞

Show inline comments

@@ @@ -323,6 +323,13 @@ allow_custom_hooks_settings = True @@
 #    CHANGELOG
 <%text>####################################</%text>
 <%text>###           SSH CONFIG        ####</%text>
 <%text>####################################</%text>
 <%text>## SSH is disabled by default, until an Administrator decides to enable it.</%text>
 ssh_enabled = false
 <%text>####################################</%text>
 <%text>###        CELERY CONFIG        ####</%text>
 <%text>####################################</%text>

kallithea/tests/conftest.py

➞

Show inline comments

@@ @@ -42,6 +42,7 @@ def pytest_configure(): @@
             'port': '4999',
         },
         '[app:main]': {
             'ssh_enabled': 'true',
             'app_instance_uuid': 'test',
             'show_revision_number': 'true',
             'beaker.cache.sql_cache_short.expire': '1',

0 comments (0 inline, 0 general)