kallithea Changeset - 716911af91e1

Changeset - 716911af91e1

Parent rev.

Child rev.

[Not reviewed]

beta

0 10 0

Marcin Kuzminski - 15 years ago 2011-03-06 00:06:28
marcin@python-works.com

Added api_key into user, api key get's generated again after password change
updated ini files

10 files changed with 66 insertions and 132 deletions:

development.ini

production.ini

rhodecode/lib/__init__.py

rhodecode/lib/auth.py

rhodecode/lib/celerylib/tasks.py

rhodecode/lib/db_manage.py

rhodecode/model/user.py

rhodecode/public/css/style.css

rhodecode/templates/admin/users/user_edit.html

111

rhodecode/templates/admin/users/user_edit_my_account.html

0 comments (0 inline, 0 general)

development.ini

➞

Show inline comments

@@ @@ -29,13 +29,13 @@ debug = true @@
 threadpool_workers = 5
 ##max request before thread respawn
 threadpool_max_requests = 6
 ##option to use threads of process
-use_threadpool = false
+use_threadpool = true
 use = egg:Paste#http
 host = 0.0.0.0
 port = 5000
 [app:main]

production.ini

➞

Show inline comments

@@ @@ -26,13 +26,13 @@ debug = true @@
 [server:main]
 ##nr of threads to spawn
 threadpool_workers = 5
 ##max request before thread respawn
-threadpool_max_requests = 2
+threadpool_max_requests = 6
 ##option to use threads of process
 use_threadpool = true
 use = egg:Paste#http
 host = 127.0.0.1
@@ @@ -44,13 +44,13 @@ full_stack = true @@
 static_files = false
 lang=en
 cache_dir = %(here)s/data
 index_dir = %(here)s/data/index
 cut_off_limit = 256000
 force_https = false
-commit_parse_limit = 250
+commit_parse_limit = 25
 use_gravatar = true
 ####################################
 ###        CELERY CONFIG        ####
 ####################################
 use_celery = false
@@ @@ -91,13 +91,12 @@ beaker.cache.super_short_term.expire=10 @@
 beaker.cache.short_term.type=memory
 beaker.cache.short_term.expire=60
 beaker.cache.long_term.type=memory
 beaker.cache.long_term.expire=36000
 beaker.cache.sql_cache_short.type=memory
 beaker.cache.sql_cache_short.expire=10
 beaker.cache.sql_cache_med.type=memory
 beaker.cache.sql_cache_med.expire=360
@@ @@ -138,13 +137,14 @@ logview.sqlalchemy = #faa @@
 logview.pylons.templating = #bfb
 logview.pylons.util = #eee
 #########################################################
 ### DB CONFIGS - EACH DB WILL HAVE IT'S OWN CONFIG    ###
 #########################################################
 sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db
 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db
 sqlalchemy.db1.url = postgresql://postgres:qwe@localhost/rhodecode
 #sqlalchemy.db1.echo = False
 #sqlalchemy.db1.pool_recycle = 3600
 sqlalchemy.convert_unicode = true
 ################################
 ### LOGGING CONFIGURATION   ####

rhodecode/lib/__init__.py

➞

Show inline comments

@@ @@ -24,6 +24,15 @@ @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 def str2bool(v):
     return v.lower() in ["yes", "true", "t", "1"] if v else None
 def generate_api_key(username, salt=None):
     from tempfile import _RandomNameSequence
     import hashlib
     if salt is None:
         salt = _RandomNameSequence().next()
     return hashlib.sha1(username + salt).hexdigest()

rhodecode/lib/auth.py

➞

Show inline comments

@@ @@ -25,13 +25,14 @@ @@
 # MA  02110-1301, USA.
 import bcrypt
 import random
 import logging
 import traceback
 import hashlib
 from tempfile import _RandomNameSequence
 from decorator import decorator
 from pylons import config, session, url, request
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
@@ @@ -84,12 +85,18 @@ def get_crypt_password(password): @@
     """Cryptographic function used for password hashing based on pybcrypt
     :param password: password to hash
     """
     return bcrypt.hashpw(password, bcrypt.gensalt(10))
 def generate_api_key(username, salt=None):
     if salt is None:
         salt = _RandomNameSequence().next()
     return hashlib.sha1(username + salt).hexdigest()
 def check_password(password, hashed):
     return bcrypt.hashpw(password, hashed) == hashed
 def authfunc(environ, username, password):
     """Dummy authentication function used in Mercurial/Git/ and access control,

rhodecode/lib/celerylib/tasks.py

➞

Show inline comments

@@ @@ -242,12 +242,13 @@ def reset_user_password(user_email): @@
             sa = get_session()
             user = sa.query(User).filter(User.email == user_email).scalar()
             new_passwd = auth.PasswordGenerator().gen_password(8,
                              auth.PasswordGenerator.ALPHABETS_BIG_SMALL)
             if user:
                 user.password = auth.get_crypt_password(new_passwd)
                 user.api_key = auth.generate_api_key(user.username)
                 sa.add(user)
                 sa.commit()
                 log.info('change password for %s', user_email)
             if new_passwd is None:
                 raise Exception('unable to generate new password')

rhodecode/lib/db_manage.py

➞

Show inline comments

@@ @@ -32,13 +32,13 @@ import uuid @@
 import logging
 from os.path import dirname as dn, join as jn
 from rhodecode import __dbversion__
 from rhodecode.model import meta
 from rhodecode.lib.auth import get_crypt_password
+from rhodecode.lib.auth import get_crypt_password, generate_api_key
 from rhodecode.lib.utils import ask_ok
 from rhodecode.model import init_model
 from rhodecode.model.db import User, Permission, RhodeCodeUi, RhodeCodeSettings, \
     UserToPerm, DbMigrateVersion
 from sqlalchemy.engine import create_engine
@@ @@ -439,12 +439,13 @@ class DbManage(object): @@
     def create_user(self, username, password, email='', admin=False):
         log.info('creating administrator user %s', username)
         new_user = User()
         new_user.username = username
         new_user.password = get_crypt_password(password)
         new_user.api_key = generate_api_key(username)
         new_user.name = 'RhodeCode'
         new_user.lastname = 'Admin'
         new_user.email = email
         new_user.admin = admin
         new_user.active = True
@@ @@ -458,12 +459,13 @@ class DbManage(object): @@
     def create_default_user(self):
         log.info('creating default user')
         #create default user for handling default permissions.
         def_user = User()
         def_user.username = 'default'
         def_user.password = get_crypt_password(str(uuid.uuid1())[:8])
         def_user.api_key = generate_api_key('default')
         def_user.name = 'Anonymous'
         def_user.lastname = 'User'
         def_user.email = 'anonymous@rhodecode.org'
         def_user.admin = False
         def_user.active = False
         try:
@@ @@ -481,14 +483,14 @@ class DbManage(object): @@
                  ('repository.write', 'Repository write access'),
                  ('repository.admin', 'Repository admin access'),
                  ('hg.admin', 'Hg Administrator'),
                  ('hg.create.repository', 'Repository create'),
                  ('hg.create.none', 'Repository creation disabled'),
                  ('hg.register.none', 'Register disabled'),
                  ('hg.register.manual_activate', 'Register new user with rhodecode without manual activation'),
                  ('hg.register.auto_activate', 'Register new user with rhodecode without auto activation'),
                  ('hg.register.manual_activate', 'Register new user with RhodeCode without manual activation'),
                  ('hg.register.auto_activate', 'Register new user with RhodeCode without auto activation'),
+                ]
         for p in perms:
             new_perm = Permission()
             new_perm.permission_name = p[0]
             new_perm.permission_longname = p[1]

rhodecode/model/user.py

➞

Show inline comments

@@ @@ -34,12 +34,13 @@ from rhodecode.model import BaseModel @@
 from rhodecode.model.caching_query import FromCache
 from rhodecode.model.db import User
 from rhodecode.lib.exceptions import DefaultUserException, UserOwnsReposException
 from sqlalchemy.exc import DatabaseError
 from rhodecode.lib import generate_api_key
 log = logging.getLogger(__name__)
 class UserModel(BaseModel):
     def get(self, user_id, cache=False):
@@ @@ -65,12 +66,13 @@ class UserModel(BaseModel): @@
     def create(self, form_data):
         try:
             new_user = User()
             for k, v in form_data.items():
                 setattr(new_user, k, v)
             new_user.api_key = generate_api_key(form_data['username'])
             self.sa.add(new_user)
             self.sa.commit()
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise
@@ @@ -88,12 +90,13 @@ class UserModel(BaseModel): @@
         log.debug('Checking for such ldap account in RhodeCode database')
         if self.get_by_username(username, case_insensitive=True) is None:
             try:
                 new_user = User()
                 new_user.username = username.lower() # add ldap account always lowercase
                 new_user.password = get_crypt_password(password)
                 new_user.api_key = generate_api_key(username)
                 new_user.email = attrs['email']
                 new_user.active = True
                 new_user.ldap_dn = user_dn
                 new_user.name = attrs['name']
                 new_user.lastname = attrs['lastname']
@@ @@ -131,46 +134,48 @@ class UserModel(BaseModel): @@
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise
     def update(self, user_id, form_data):
         try:
             new_user = self.get(user_id, cache=False)
             if new_user.username == 'default':
             user = self.get(user_id, cache=False)
             if user.username == 'default':
                 raise DefaultUserException(
                                 _("You can't Edit this user since it's"
                                   " crucial for entire application"))
             for k, v in form_data.items():
                 if k == 'new_password' and v != '':
                     new_user.password = v
                     user.password = v
                     user.api_key = generate_api_key(user.username)
                 else:
-                    setattr(new_user, k, v)
+                    setattr(user, k, v)
-            self.sa.add(new_user)
+            self.sa.add(user)
             self.sa.commit()
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise
     def update_my_account(self, user_id, form_data):
         try:
             new_user = self.get(user_id, cache=False)
             if new_user.username == 'default':
             user = self.get(user_id, cache=False)
             if user.username == 'default':
                 raise DefaultUserException(
                                 _("You can't Edit this user since it's"
                                   " crucial for entire application"))
             for k, v in form_data.items():
                 if k == 'new_password' and v != '':
                     new_user.password = v
                     user.password = v
                     user.api_key = generate_api_key(user.username)
                 else:
                     if k not in ['admin', 'active']:
-                        setattr(new_user, k, v)
+                        setattr(user, k, v)
-            self.sa.add(new_user)
+            self.sa.add(user)
             self.sa.commit()
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise

rhodecode/public/css/style.css

➞

Show inline comments

@@ @@ -855,13 +855,13 @@ padding:0 0 8px; @@
+}
 #content div.box-left div.form div.fields div.field div.label-textarea,#content div.box-right div.form div.fields div.field div.label-textarea {
 padding:0 0 8px !important;
+}
 #content div.box div.form div.fields div.field div.label label {
+#content div.box div.form div.fields div.field div.label label, div.label label{
 color:#393939;
 font-weight:700;
+}
 #content div.box div.form div.fields div.field div.input {
 margin:0 0 0 200px;

rhodecode/templates/admin/users/user_edit.html

➞

Show inline comments

@@ @@ -23,24 +23,28 @@ @@
     <div class="title">
         ${self.breadcrumbs()}
     </div>
     <!-- end box / title -->
     ${h.form(url('user', id=c.user.user_id),method='put')}
     <div class="form">
         <!-- fields -->
         <div class="fields">
              <div class="field">
                 <div class="gravatar_box">
               		<div class="gravatar"><img alt="gravatar" src="${h.gravatar_url(c.user.email)}"/></div>
               		<p>
               		<strong>Change your avatar at <a href="http://gravatar.com">gravatar.com</a></strong><br/>
               		${_('Using')} ${c.user.email}
               		</p>
             	</div>
              </div>
         <div class="field">
             <div class="label">
                 <label>${_('API key')}</label> ${c.user.api_key}
             </div>
         </div>
         <div class="fields">
              <div class="field">
                 <div class="label">
                     <label for="username">${_('Username')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('username',class_='medium')}
@@ @@ -49,13 +53,13 @@ @@
              <div class="field">
                 <div class="label">
                     <label for="ldap_dn">${_('LDAP DN')}:</label>
                 </div>
                 <div class="input">
-                    ${h.text('ldap_dn',class_='small')}
+                    ${h.text('ldap_dn',class_='medium')}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="new_password">${_('New password')}:</label>
@@ @@ -119,125 +123,27 @@ @@
 </div>
 <div class="box box-right">
     <!-- box / title -->
     <div class="title">
         <h5>${_('Permissions')}</h5>
     </div>
-	<form id="map_form" method="post" action="{%url update_permissions %}">
+    ${h.form(url('user', id=c.user.user_id),method='put')}
 	<div class="form">
         <!-- fields -->
 	  <div class="fields">
 		<table>
 		        <tr>
 		            <td class="label">${_('Permissions')}:</td>
 		            <td>
 		                <div>
 		                    <div style="float:left">
 		                    <div class="text">${_('Granted permissions')}</div>
 		                        ${h.select('granted_permissions',[],c.granted_permissions,multiple=True,size=8,style="min-width:210px")}
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="">${_('Create repositories')}:</label>
 		                    </div>
 		                    <div style="float:left;width:20px;padding-top:50px">
 		                        <img alt="add" id="add_element"
 		                            style="padding:2px;cursor:pointer"
 		                            src="${h.url("/images/icons/arrow_left.png")}">
 		                        <br />
 		                        <img alt="remove" id="remove_element"
 		                            style="padding:2px;cursor:pointer"
 		                            src="${h.url("/images/icons/arrow_right.png")}">
 		                    </div>
 		                    <div style="float:left">
 		                        <div class="text">${_('Available permissions')}</div>
 		                         ${h.select('available_permissions',[],c.available_permissions,multiple=True,size=8,style="min-width:210px")}
                 <div class="checkboxes">
                     ${h.checkbox('create',value=True)}
 		                    </div>
 		                </div>
 		            </td>
 		        </tr>
 		</table>
         <div class="buttons">
          ${h.submit('Save','Save',class_="ui-button")}
               ${h.submit('save','Save',class_="ui-button")}
               ${h.reset('reset','Reset',class_="ui-button")}
         </div>
 	  </div>
 	</div>
 	</form>
 <script type="text/javascript">
     YAHOO.util.Event.onDOMReady(function(){
             var D = YAHOO.util.Dom;
             var E = YAHOO.util.Event;
             //temp container for storage.
             var cache = new Array();
             var c =  D.get('id_granted_permissions');
             //get only selected options for further fullfilment
             for(var i = 0;node =c.options[i];i++){
                 if(node.selected){
                     //push selected to my temp storage left overs :)
                     cache.push(node);
+                }
+            }
             //clear select
             c.options.length = 0;
             //fill it with remembered options
             for(var i = 0;node = cache[i];i++){
                 c.options[i]=new Option(node.text, node.value, false, false);
+            }
             function target_callback(e){
                 window.location='/admin/t4?g='+e.target.value;
+            }
             function prompts_action_callback(e){
                 var choosen = D.get('id_granted_permissions');
                 var availible = D.get('id_available_permissions');
                 if (this.id=='add_element'){
                     for(var i=0; node = availible.options[i];i++){
                         if(node.selected){
                             choosen.appendChild(new Option(node.text, node.value, false, false));
+                        }
+                    }
+                }
                 else if (this.id=='remove_element'){
                     //temp container for storage.
                     cache = new Array();
                     for(var i = 0;node = choosen.options[i];i++){
                         if(!node.selected){
                             //push left overs :)
                             cache.push(node);
+                        }
+                    }
                     //clear select
                     choosen.options.length = 0;
                     for(var i = 0;node = cache[i];i++){
                         choosen.options[i]=new Option(node.text, node.value, false, false);
+                    }
+                }
                 else{
+                }
+            }
             E.addListener('id_groups','change',target_callback);
             E.addListener(['add_element','remove_element'],'click',prompts_action_callback)
             E.addListener('map_form','submit',function(){
                 var choosen = D.get('id_granted_permissions');
                 for (var i = 0; i < choosen.options.length; i++) {
                     choosen.options[i].selected = 'selected';
+                }
             })
         });
 </script>
     ${h.end_form()}
 </div>
 </%def>

rhodecode/templates/admin/users/user_edit_my_account.html

➞

Show inline comments

@@ @@ -31,13 +31,17 @@ @@
                     <p>
                     <strong>Change your avatar at <a href="http://gravatar.com">gravatar.com</a></strong><br/>
                     ${_('Using')} ${c.user.email}
                     </p>
                 </div>
              </div>
 	        <div class="field">
 	            <div class="label">
 	                <label>${_('API key')}</label> ${c.user.api_key}
 	            </div>
 	        </div>
 	        <div class="fields">
 	             <div class="field">
 	                <div class="label">
 	                    <label for="username">${_('Username')}:</label>
 	                </div>
 	                <div class="input">

0 comments (0 inline, 0 general)