kallithea Changeset - 78c7e8efe658

Changeset - 78c7e8efe658

Parent rev.

Child rev.

[Not reviewed]

beta

0 4 0

Marcin Kuzminski - 13 years ago 2013-04-15 01:46:32
marcin@python-works.com

new feature: API access white list definition from .ini files

4 files changed with 26 insertions and 3 deletions:

development.ini

production.ini

rhodecode/config/deployment.ini_tmpl

rhodecode/lib/auth.py

0 comments (0 inline, 0 general)

development.ini

➞

Show inline comments

@@ @@ -111,6 +111,12 @@ rss_include_diff = false @@
 show_sha_length = 12
 show_revision_number = true
 ## white list of API enabled controllers. This allows to add list of
 ## controllers to which access will be enabled by api_key. eg: to enable
 ## api access to raw_files put `FilesController:raw`, to enable access to patches
 ## add `ChangesetController:changeset_patch`. This list should be "," separated
 ## Syntax is <ControllerClass>:<function>. Check debug logs for generated names
 api_access_controllers_whitelist =
 ## alternative_gravatar_url allows you to use your own avatar server application
 ## the following parts of the URL will be replaced

production.ini

➞

Show inline comments

@@ @@ -111,6 +111,12 @@ rss_include_diff = false @@
 show_sha_length = 12
 show_revision_number = true
 ## white list of API enabled controllers. This allows to add list of
 ## controllers to which access will be enabled by api_key. eg: to enable
 ## api access to raw_files put `FilesController:raw`, to enable access to patches
 ## add `ChangesetController:changeset_patch`. This list should be "," separated
 ## Syntax is <ControllerClass>:<function>. Check debug logs for generated names
 api_access_controllers_whitelist =
 ## alternative_gravatar_url allows you to use your own avatar server application
 ## the following parts of the URL will be replaced

rhodecode/config/deployment.ini_tmpl

➞

Show inline comments

@@ @@ -111,6 +111,12 @@ rss_include_diff = false @@
 show_sha_length = 12
 show_revision_number = true
 ## white list of API enabled controllers. This allows to add list of
 ## controllers to which access will be enabled by api_key. eg: to enable
 ## api access to raw_files put `FilesController:raw`, to enable access to patches
 ## add `ChangesetController:changeset_patch`. This list should be "," separated
 ## Syntax is <ControllerClass>:<function>. Check debug logs for generated names
 api_access_controllers_whitelist =
 ## alternative_gravatar_url allows you to use your own avatar server application
 ## the following parts of the URL will be replaced

rhodecode/lib/auth.py

➞

Show inline comments

@@ @@ -39,7 +39,7 @@ from sqlalchemy.orm.exc import ObjectDel @@
 from rhodecode import __platform__, is_windows, is_unix
 from rhodecode.model.meta import Session
 from rhodecode.lib.utils2 import str2bool, safe_unicode
+from rhodecode.lib.utils2 import str2bool, safe_unicode, aslist
 from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError,\
     LdapImportError
 from rhodecode.lib.utils import get_repo_slug, get_repos_group_slug,\
@@ @@ -531,7 +531,12 @@ class LoginRequired(object): @@
         cls = fargs[0]
         user = cls.rhodecode_user
         loc = "%s:%s" % (cls.__class__.__name__, func.__name__)
         # defined whitelist of controllers which API access will be enabled
         whitelist = aslist(config.get('api_access_controllers_whitelist'),
                            sep=',')
         api_access_whitelist = loc in whitelist
         log.debug('loc:%s is in API whitelist:%s:%s' % (loc, whitelist,
                                                         api_access_whitelist))
         #check IP
         ip_access_ok = True
         if not user.ip_allowed:
@@ @@ -541,7 +546,7 @@ class LoginRequired(object): @@
             ip_access_ok = False
         api_access_ok = False
         if self.api_access:
+        if self.api_access or api_access_whitelist:
             log.debug('Checking API KEY access for %s' % cls)
             if user.api_key == request.GET.get('api_key'):
                 api_access_ok = True

0 comments (0 inline, 0 general)