kallithea Changeset - 9365a893ad4e

Changeset - 9365a893ad4e

Parent rev.

Child rev.

[Not reviewed]

beta

0 1 0

Marcin Kuzminski - 15 years ago 2011-04-11 23:04:52
marcin@python-works.com

PEP8ify

1 file changed with 72 insertions and 49 deletions:

rhodecode/lib/auth.py

0 comments (0 inline, 0 general)

rhodecode/lib/auth.py

➞

Show inline comments

@@ @@ -47,40 +47,43 @@ from rhodecode.lib.utils import get_repo @@
 from rhodecode.lib.auth_ldap import AuthLdap
 from rhodecode.model import meta
 from rhodecode.model.user import UserModel
 from rhodecode.model.db import Permission
 log = logging.getLogger(__name__)
 log = logging.getLogger(__name__)
 class PasswordGenerator(object):
     """This is a simple class for generating password from
         different sets of characters
         usage:
         passwd_gen = PasswordGenerator()
         #print 8-letter password containing only big and small letters of alphabet
         #print 8-letter password containing only big and small letters
             of alphabet
         print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
     """
     ALPHABETS_NUM = r'''1234567890'''#[0]
     ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''#[1]
     ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''#[2]
     ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''    #[3]
     ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM + ALPHABETS_SPECIAL#[4]
     ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM#[5]
     ALPHABETS_NUM = r'''1234567890'''
     ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''
     ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''
     ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''
     ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \
         + ALPHABETS_NUM + ALPHABETS_SPECIAL
     ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM
     ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
     ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM#[6]
     ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM#[7]
     ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM
     ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM
     def __init__(self, passwd=''):
         self.passwd = passwd
     def gen_password(self, len, type):
         self.passwd = ''.join([random.choice(type) for _ in xrange(len)])
         return self.passwd
 class RhodeCodeCrypto(object):
     @classmethod
     def hash_string(cls, str_):
         """
         Cryptographic function used for password hashing based on pybcrypt
@@ @@ -90,13 +93,14 @@ class RhodeCodeCrypto(object): @@
         """
         if __platform__ in PLATFORM_WIN:
             return sha256(str_).hexdigest()
         elif __platform__ in PLATFORM_OTHERS:
             return bcrypt.hashpw(str_, bcrypt.gensalt(10))
         else:
             raise Exception('Unknown or unsupported platform %s' % __platform__)
             raise Exception('Unknown or unsupported platform %s' \
                             % __platform__)
     @classmethod
     def hash_check(cls, password, hashed):
         """
         Checks matching password with it's hashed value, runs different
         implementation based on platform it runs on
@@ @@ -107,27 +111,31 @@ class RhodeCodeCrypto(object): @@
         if __platform__ in PLATFORM_WIN:
             return sha256(password).hexdigest() == hashed
         elif __platform__ in PLATFORM_OTHERS:
             return bcrypt.hashpw(password, hashed) == hashed
         else:
             raise Exception('Unknown or unsupported platform %s' % __platform__)
             raise Exception('Unknown or unsupported platform %s' \
                             % __platform__)
 def get_crypt_password(password):
     return RhodeCodeCrypto.hash_string(password)
 def check_password(password, hashed):
     return RhodeCodeCrypto.hash_check(password, hashed)
 def generate_api_key(username, salt=None):
     if salt is None:
         salt = _RandomNameSequence().next()
     return hashlib.sha1(username + salt).hexdigest()
 def authfunc(environ, username, password):
     """Dummy authentication function used in Mercurial/Git/ and access control,
     :param environ: needed only for using in Basic auth
     """
     return authenticate(username, password)
@@ @@ -144,19 +152,19 @@ def authenticate(username, password): @@
     user_model = UserModel()
     user = user_model.get_by_username(username, cache=False)
     log.debug('Authenticating user using RhodeCode account')
     if user is not None and not user.ldap_dn:
         if user.active:
             if user.username == 'default' and user.active:
                 log.info('user %s authenticated correctly as anonymous user',
                          username)
                 return True
             elif user.username == username and check_password(password, user.password):
             elif user.username == username and check_password(password,
                                                               user.password):
                 log.info('user %s authenticated correctly', username)
                 return True
         else:
             log.warning('user %s is disabled', username)
     else:
@@ @@ -174,47 +182,53 @@ def authenticate(username, password): @@
         #======================================================================
         # FALLBACK TO LDAP AUTH IF ENABLE
         #======================================================================
         if str2bool(ldap_settings.get('ldap_active')):
             log.debug("Authenticating user using ldap")
             kwargs = {
                   'server':ldap_settings.get('ldap_host', ''),
                   'base_dn':ldap_settings.get('ldap_base_dn', ''),
                   'port':ldap_settings.get('ldap_port'),
                   'bind_dn':ldap_settings.get('ldap_dn_user'),
                   'bind_pass':ldap_settings.get('ldap_dn_pass'),
                   'use_ldaps':str2bool(ldap_settings.get('ldap_ldaps')),
                   'tls_reqcert':ldap_settings.get('ldap_tls_reqcert'),
                   'ldap_filter':ldap_settings.get('ldap_filter'),
                   'search_scope':ldap_settings.get('ldap_search_scope'),
                   'attr_login':ldap_settings.get('ldap_attr_login'),
                   'ldap_version':3,
                   'server': ldap_settings.get('ldap_host', ''),
                   'base_dn': ldap_settings.get('ldap_base_dn', ''),
                   'port': ldap_settings.get('ldap_port'),
                   'bind_dn': ldap_settings.get('ldap_dn_user'),
                   'bind_pass': ldap_settings.get('ldap_dn_pass'),
                   'use_ldaps': str2bool(ldap_settings.get('ldap_ldaps')),
                   'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),
                   'ldap_filter': ldap_settings.get('ldap_filter'),
                   'search_scope': ldap_settings.get('ldap_search_scope'),
                   'attr_login': ldap_settings.get('ldap_attr_login'),
                   'ldap_version': 3,
+                  }
             log.debug('Checking for ldap authentication')
             try:
                 aldap = AuthLdap(**kwargs)
                 (user_dn, ldap_attrs) = aldap.authenticate_ldap(username, password)
                 (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,
                                                                 password)
                 log.debug('Got ldap DN response %s', user_dn)
                 user_attrs = {
                     'name'     : ldap_attrs[ldap_settings.get('ldap_attr_firstname')][0],
                     'lastname' : ldap_attrs[ldap_settings.get('ldap_attr_lastname')][0],
                     'email'    : ldap_attrs[ldap_settings.get('ldap_attr_email')][0],
                     'name': ldap_attrs[ldap_settings\
                                        .get('ldap_attr_firstname')][0],
                     'lastname': ldap_attrs[ldap_settings\
                                            .get('ldap_attr_lastname')][0],
                     'email': ldap_attrs[ldap_settings\
                                         .get('ldap_attr_email')][0],
+                    }
                 if user_model.create_ldap(username, password, user_dn, user_attrs):
                 if user_model.create_ldap(username, password, user_dn,
                                           user_attrs):
                     log.info('created new ldap user %s', username)
                 return True
             except (LdapUsernameError, LdapPasswordError,):
                 pass
             except (Exception,):
                 log.error(traceback.format_exc())
                 pass
     return False
 class  AuthUser(object):
     """
     A simple object that handles all attributes of user in RhodeCode
     It does lookup based on API key,given user, or user present in session
     Then it fills all required information for such user. It also checks if
@@ @@ -234,27 +248,28 @@ class AuthUser(object): @@
         self.is_authenticated = False
         self.admin = False
         self.permissions = {}
         self._api_key = api_key
         self.propagate_data()
     def propagate_data(self):
         user_model = UserModel()
         self.anonymous_user = user_model.get_by_username('default', cache=True)
         if self._api_key and self._api_key != self.anonymous_user.api_key:
             #try go get user by api key
             log.debug('Auth User lookup by API KEY %s', self._api_key)
             user_model.fill_data(self, api_key=self._api_key)
         else:
             log.debug('Auth User lookup by USER ID %s', self.user_id)
             if self.user_id is not None and self.user_id != self.anonymous_user.user_id:
             if self.user_id is not None \
                 and self.user_id != self.anonymous_user.user_id:
                 user_model.fill_data(self, user_id=self.user_id)
             else:
                 if self.anonymous_user.active is True:
                     user_model.fill_data(self, user_id=self.anonymous_user.user_id)
                     user_model.fill_data(self,
                                          user_id=self.anonymous_user.user_id)
                     #then we set this user is logged in
                     self.is_authenticated = True
                 else:
                     self.is_authenticated = False
         log.debug('Auth User is now %s', self)
@@ @@ -291,15 +306,16 @@ def set_available_permissions(config): @@
         pass
     finally:
         meta.Session.remove()
     config['available_permissions'] = [x.permission_name for x in all_perms]
 #===============================================================================
 #==============================================================================
 # CHECK DECORATORS
-#===============================================================================
 #==============================================================================
 class LoginRequired(object):
     """
     Must be logged in to execute this function else
     redirect to login page
     :param api_access: if enabled this checks only for valid auth token
@@ @@ -332,12 +348,13 @@ class LoginRequired(object): @@
             log.warn('user %s NOT authenticated', user.username)
             p = url.current()
             log.debug('redirecting to login page with %s', p)
             return redirect(url('login_home', came_from=p))
 class NotAnonymous(object):
     """Must be logged in to execute this function else
     redirect to login page"""
     def __call__(self, func):
         return decorator(self.__wrapper, func)
@@ @@ -357,18 +374,20 @@ class NotAnonymous(object): @@
             p += request.environ.get('PATH_INFO')
             if request.environ.get('QUERY_STRING'):
                 p += '?' + request.environ.get('QUERY_STRING')
             import rhodecode.lib.helpers as h
             h.flash(_('You need to be a registered user to perform this action'),
             h.flash(_('You need to be a registered user to '
                       'perform this action'),
                     category='warning')
             return redirect(url('login_home', came_from=p))
         else:
             return func(*fargs, **fkwargs)
 class PermsDecorator(object):
     """Base class for controller decorators"""
     def __init__(self, *required_perms):
         available_perms = config['available_permissions']
         for perm in required_perms:
@@ @@ -377,13 +396,12 @@ class PermsDecorator(object): @@
         self.required_perms = set(required_perms)
         self.user_perms = None
     def __call__(self, func):
         return decorator(self.__wrapper, func)
     def __wrapper(self, func, *fargs, **fkwargs):
         cls = fargs[0]
         self.user = cls.rhodecode_user
         self.user_perms = self.user.permissions
         log.debug('checking %s permissions %s for %s %s',
            self.__class__.__name__, self.required_perms, cls,
@@ @@ -395,18 +413,17 @@ class PermsDecorator(object): @@
         else:
             log.warning('Permission denied for %s %s', cls, self.user)
             #redirect with forbidden ret code
             return abort(403)
     def check_permissions(self):
         """Dummy function for overriding"""
         raise Exception('You have to write this function in child class')
 class HasPermissionAllDecorator(PermsDecorator):
     """Checks for access permission for all given predicates. All of them
     have to be meet in order to fulfill the request
     """
     def check_permissions(self):
@@ @@ -422,12 +439,13 @@ class HasPermissionAnyDecorator(PermsDec @@
     def check_permissions(self):
         if self.required_perms.intersection(self.user_perms.get('global')):
             return True
         return False
 class HasRepoPermissionAllDecorator(PermsDecorator):
     """Checks for access permission for all given predicates for specific
     repository. All of them have to be meet in order to fulfill the request
     """
     def check_permissions(self):
@@ @@ -453,16 +471,17 @@ class HasRepoPermissionAnyDecorator(Perm @@
             user_perms = set([self.user_perms['repositories'][repo_name]])
         except KeyError:
             return False
         if self.required_perms.intersection(user_perms):
             return True
         return False
 #===============================================================================
 #==============================================================================
 # CHECK FUNCTIONS
 #===============================================================================
 #==============================================================================
 class PermsFunction(object):
     """Base function for other check functions"""
     def __init__(self, *perms):
         available_perms = config['available_permissions']
@@ @@ -494,68 +513,72 @@ class PermsFunction(object): @@
             return False
     def check_permissions(self):
         """Dummy function for overriding"""
         raise Exception('You have to write this function in child class')
 class HasPermissionAll(PermsFunction):
     def check_permissions(self):
         if self.required_perms.issubset(self.user_perms.get('global')):
             return True
         return False
 class HasPermissionAny(PermsFunction):
     def check_permissions(self):
         if self.required_perms.intersection(self.user_perms.get('global')):
             return True
         return False
 class HasRepoPermissionAll(PermsFunction):
     def __call__(self, repo_name=None, check_Location=''):
         self.repo_name = repo_name
         return super(HasRepoPermissionAll, self).__call__(check_Location)
     def check_permissions(self):
         if not self.repo_name:
             self.repo_name = get_repo_slug(request)
         try:
             self.user_perms = set([self.user_perms['repositories']\
                                    [self.repo_name]])
             self.user_perms = set([self.user_perms['reposit'
                                                    'ories'][self.repo_name]])
         except KeyError:
             return False
         self.granted_for = self.repo_name
         if self.required_perms.issubset(self.user_perms):
             return True
         return False
 class HasRepoPermissionAny(PermsFunction):
     def __call__(self, repo_name=None, check_Location=''):
         self.repo_name = repo_name
         return super(HasRepoPermissionAny, self).__call__(check_Location)
     def check_permissions(self):
         if not self.repo_name:
             self.repo_name = get_repo_slug(request)
         try:
             self.user_perms = set([self.user_perms['repositories']\
                                    [self.repo_name]])
             self.user_perms = set([self.user_perms['reposi'
                                                    'tories'][self.repo_name]])
         except KeyError:
             return False
         self.granted_for = self.repo_name
         if self.required_perms.intersection(self.user_perms):
             return True
         return False
 #===============================================================================
 #==============================================================================
 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
 #===============================================================================
 #==============================================================================
 class HasPermissionAnyMiddleware(object):
     def __init__(self, *perms):
         self.required_perms = set(perms)
     def __call__(self, user, repo_name):
         usr = AuthUser(user.user_id)

0 comments (0 inline, 0 general)