Changeset - a2eaa0054430
Parent rev.
Child rev.
[Not reviewed]
beta
0 2 0
Marcin Kuzminski - 13 years ago 2012-08-14 01:02:53
marcin@python-works.com
fixed error when disabled anonymous access lead to error on server
2 files changed with 38 insertions and 0 deletions:
rhodecode/lib/auth.py
1
rhodecode/tests/functional/test_home.py
37
0 comments (0 inline, 0 general)
rhodecode/lib/auth.py
Show inline comments
 
@@ -303,48 +303,49 @@ class CookieStoreWrapper(object):
 
            return self.cookie_store.__dict__.get(key, other)
 

			




	
	
	
		
 

			




	
	
	
		
 
class  AuthUser(object):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    A simple object that handles all attributes of user in RhodeCode

			




	
	
	
		
 

			




	
	
	
		
 
    It does lookup based on API key,given user, or user present in session

			




	
	
	
		
 
    Then it fills all required information for such user. It also checks if

			




	
	
	
		
 
    anonymous access is enabled and if so, it returns default user as logged

			




	
	
	
		
 
    in

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    def __init__(self, user_id=None, api_key=None, username=None):

			




	
	
	
		
 

			




	
	
	
		
 
        self.user_id = user_id

			




	
	
	
		
 
        self.api_key = None

			




	
	
	
		
 
        self.username = username

			




	
	
	
		
 

			




	
	
	
		
 
        self.name = ''

			




	
	
	
		
 
        self.lastname = ''

			




	
	
	
		
 
        self.email = ''

			




	
	
	
		
 
        self.is_authenticated = False

			




	
	
	
		
 
        self.admin = False

			




	
	
	
		
 
        self.inherit_default_permissions = False

			




	
	
	
		
 
        self.permissions = {}

			




	
	
	
		
 
        self._api_key = api_key

			




	
	
	
		
 
        self.propagate_data()

			




	
	
	
		
 
        self._instance = None

			




	
	
	
		
 

			




	
	
	
		
 
    def propagate_data(self):

			




	
	
	
		
 
        user_model = UserModel()

			




	
	
	
		
 
        self.anonymous_user = User.get_by_username('default', cache=True)

			




	
	
	
		
 
        is_user_loaded = False

			




	
	
	
		
 

			




	
	
	
		
 
        # try go get user by api key

			




	
	
	
		
 
        if self._api_key and self._api_key != self.anonymous_user.api_key:

			




	
	
	
		
 
            log.debug('Auth User lookup by API KEY %s' % self._api_key)

			




	
	
	
		
 
            is_user_loaded = user_model.fill_data(self, api_key=self._api_key)

			




	
	
	
		
 
        # lookup by userid

			




	
	
	
		
 
        elif (self.user_id is not None and

			




	
	
	
		
 
              self.user_id != self.anonymous_user.user_id):

			




	
	
	
		
 
            log.debug('Auth User lookup by USER ID %s' % self.user_id)

			




	
	
	
		
 
            is_user_loaded = user_model.fill_data(self, user_id=self.user_id)

			




	
	
	
		
 
        # lookup by username

			




	
	
	
		
 
        elif self.username and \

			




	
	
	
		
 
            str2bool(config.get('container_auth_enabled', False)):

			




	
	
	
		
 

			




	
	
	
		
 
            log.debug('Auth User lookup by USER NAME %s' % self.username)

			




        

    


    
    

    

        

                

                    rhodecode/tests/functional/test_home.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
import time

			




	
	
	
		
 
from rhodecode.tests import *

			




	
	
	
		
 
from rhodecode.model.meta import Session

			




	
	
	
		
 
from rhodecode.model.db import User

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class TestHomeController(TestController):

			




	
	
	
		
 

			




	
	
	
		
 
    def test_index(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        response = self.app.get(url(controller='home', action='index'))

			




	
	
	
		
 
        #if global permission is set

			




	
	
	
		
 
        response.mustcontain('ADD REPOSITORY')

			




	
	
	
		
 
        response.mustcontain('href="/%s/summary"' % HG_REPO)

			




	
	
	
		
 

			




	
	
	
		
 
        response.mustcontain("""<img class="icon" title="Mercurial repository" """

			




	
	
	
		
 
                        """alt="Mercurial repository" src="/images/icons/hg"""

			




	
	
	
		
 
                        """icon.png"/>""")

			




	
	
	
		
 
        response.mustcontain("""<img class="icon" title="public repository" """

			




	
	
	
		
 
                        """alt="public repository" src="/images/icons/lock_"""

			




	
	
	
		
 
                        """open.png"/>""")

			




	
	
	
		
 

			




	
	
	
		
 
        response.mustcontain(

			




	
	
	
		
 
"""<a title="Marcin Kuzminski &amp;lt;marcin@python-works.com&amp;gt;:\n

			




	
	
	
		
 
merge" class="tooltip" href="/vcs_test_hg/changeset/27cd5cce30c96924232"""

			




	
	
	
		
 
"""dffcd24178a07ffeb5dfc">r173:27cd5cce30c9</a>"""

			




	
	
	
		
 
)

			




	
	
	
		
 

			




	
	
	
		
 
    def test_repo_summary_with_anonymous_access_disabled(self):

			




	
	
	
		
 
        anon = User.get_by_username('default')

			




	
	
	
		
 
        anon.active = False

			




	
	
	
		
 
        Session().add(anon)

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        time.sleep(1.5)  # must sleep for cache (1s to expire)

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            response = self.app.get(url(controller='summary',

			




	
	
	
		
 
                                        action='index', repo_name=HG_REPO),

			




	
	
	
		
 
                                        status=302)

			




	
	
	
		
 
            assert 'login' in response.location

			




	
	
	
		
 

			




	
	
	
		
 
        finally:

			




	
	
	
		
 
            anon = User.get_by_username('default')

			




	
	
	
		
 
            anon.active = True

			




	
	
	
		
 
            Session().add(anon)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
    def test_index_with_anonymous_access_disabled(self):

			




	
	
	
		
 
        anon = User.get_by_username('default')

			




	
	
	
		
 
        anon.active = False

			




	
	
	
		
 
        Session().add(anon)

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        time.sleep(1.5)  # must sleep for cache (1s to expire)

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            response = self.app.get(url(controller='home', action='index'),

			




	
	
	
		
 
                                    status=302)

			




	
	
	
		
 
            assert 'login' in response.location

			




	
	
	
		
 
        finally:

			




	
	
	
		
 
            anon = User.get_by_username('default')

			




	
	
	
		
 
            anon.active = True

			




	
	
	
		
 
            Session().add(anon)

			




	
	
	
		
 
            Session().commit()

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.