kallithea Changeset - 7cd8fd4d1e38

Changeset - 7cd8fd4d1e38

Parent rev.

Child rev.

[Not reviewed]

beta

0 2 0

Marcin Kuzminski - 14 years ago 2011-10-24 23:07:06
marcin@python-works.com

#286 raise HttpForbidden if username lookup failed instead of internal server error

2 files changed with 4 insertions and 0 deletions:

rhodecode/lib/middleware/simplegit.py

rhodecode/lib/middleware/simplehg.py

0 comments (0 inline, 0 general)

rhodecode/lib/middleware/simplegit.py

➞

Show inline comments

@@ @@ -122,96 +122,98 @@ class SimpleGit(object): @@
             return HTTPInternalServerError()(environ, start_response)
         #======================================================================
         # GET ACTION PULL or PUSH
         #======================================================================
         action = self.__get_action(environ)
         #======================================================================
         # CHECK ANONYMOUS PERMISSION
         #======================================================================
         if action in ['pull', 'push']:
             anonymous_user = self.__get_user('default')
             username = anonymous_user.username
             anonymous_perm = self.__check_permission(action,
                                                      anonymous_user,
                                                      repo_name)
             if anonymous_perm is not True or anonymous_user.active is False:
                 if anonymous_perm is not True:
                     log.debug('Not enough credentials to access this '
                               'repository as anonymous user')
                 if anonymous_user.active is False:
                     log.debug('Anonymous access is disabled, running '
                               'authentication')
                 #==============================================================
                 # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
                 # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
                 #==============================================================
                 if not REMOTE_USER(environ):
                     self.authenticate.realm = \
                         safe_str(self.config['rhodecode_realm'])
                     result = self.authenticate(environ)
                     if isinstance(result, str):
                         AUTH_TYPE.update(environ, 'basic')
                         REMOTE_USER.update(environ, result)
                     else:
                         return result.wsgi_application(environ, start_response)
                 #==============================================================
                 # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM
                 # BASIC AUTH
                 #==============================================================
                 if action in ['pull', 'push']:
                     username = REMOTE_USER(environ)
                     try:
                         user = self.__get_user(username)
                         if user is None:
                             return HTTPForbidden()(environ, start_response)
                         username = user.username
                     except:
                         log.error(traceback.format_exc())
                         return HTTPInternalServerError()(environ,
                                                          start_response)
                     #check permissions for this repository
                     perm = self.__check_permission(action, user,
                                                    repo_name)
                     if perm is not True:
                         return HTTPForbidden()(environ, start_response)
         extras = {'ip': ipaddr,
                   'username': username,
                   'action': action,
                   'repository': repo_name}
         #===================================================================
         # GIT REQUEST HANDLING
         #===================================================================
         repo_path = safe_str(os.path.join(self.basepath, repo_name))
         log.debug('Repository path is %s' % repo_path)
         # quick check if that dir exists...
         if is_valid_repo(repo_name, self.basepath) is False:
             return HTTPNotFound()(environ, start_response)
         try:
             #invalidate cache on push
             if action == 'push':
                 self.__invalidate_cache(repo_name)
             app = self.__make_app(repo_name, repo_path)
             return app(environ, start_response)
         except Exception:
             log.error(traceback.format_exc())
             return HTTPInternalServerError()(environ, start_response)
     def __make_app(self, repo_name, repo_path):
         """
         Make an wsgi application using dulserver
         :param repo_name: name of the repository
         :param repo_path: full path to the repository
         """
         _d = {'/' + repo_name: Repo(repo_path)}

rhodecode/lib/middleware/simplehg.py

➞

Show inline comments

@@ @@ -88,96 +88,98 @@ class SimpleHg(object): @@
         #======================================================================
         # GET ACTION PULL or PUSH
         #======================================================================
         action = self.__get_action(environ)
         #======================================================================
         # CHECK ANONYMOUS PERMISSION
         #======================================================================
         if action in ['pull', 'push']:
             anonymous_user = self.__get_user('default')
             username = anonymous_user.username
             anonymous_perm = self.__check_permission(action,
                                                      anonymous_user,
                                                      repo_name)
             if anonymous_perm is not True or anonymous_user.active is False:
                 if anonymous_perm is not True:
                     log.debug('Not enough credentials to access this '
                               'repository as anonymous user')
                 if anonymous_user.active is False:
                     log.debug('Anonymous access is disabled, running '
                               'authentication')
                 #==============================================================
                 # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
                 # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
                 #==============================================================
                 if not REMOTE_USER(environ):
                     self.authenticate.realm = \
                         safe_str(self.config['rhodecode_realm'])
                     result = self.authenticate(environ)
                     if isinstance(result, str):
                         AUTH_TYPE.update(environ, 'basic')
                         REMOTE_USER.update(environ, result)
                     else:
                         return result.wsgi_application(environ, start_response)
                 #==============================================================
                 # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME FROM
                 # BASIC AUTH
                 #==============================================================
                 if action in ['pull', 'push']:
                     username = REMOTE_USER(environ)
                     try:
                         user = self.__get_user(username)
                         if user is None:
                             return HTTPForbidden()(environ, start_response)
                         username = user.username
                     except:
                         log.error(traceback.format_exc())
                         return HTTPInternalServerError()(environ,
                                                          start_response)
                     #check permissions for this repository
                     perm = self.__check_permission(action, user,
                                                    repo_name)
                     if perm is not True:
                         return HTTPForbidden()(environ, start_response)
         extras = {'ip': ipaddr,
                   'username': username,
                   'action': action,
                   'repository': repo_name}
         #======================================================================
         # MERCURIAL REQUEST HANDLING
         #======================================================================
         repo_path = safe_str(os.path.join(self.basepath, repo_name))
         log.debug('Repository path is %s' % repo_path)
         baseui = make_ui('db')
         self.__inject_extras(repo_path, baseui, extras)
         # quick check if that dir exists...
         if is_valid_repo(repo_name, self.basepath) is False:
             return HTTPNotFound()(environ, start_response)
         try:
             #invalidate cache on push
             if action == 'push':
                 self.__invalidate_cache(repo_name)
             app = self.__make_app(repo_path, baseui, extras)
             return app(environ, start_response)
         except RepoError, e:
             if str(e).find('not found') != -1:
                 return HTTPNotFound()(environ, start_response)
         except Exception:
             log.error(traceback.format_exc())
             return HTTPInternalServerError()(environ, start_response)
     def __make_app(self, repo_name, baseui, extras):
         """

0 comments (0 inline, 0 general)