kallithea Changeset - a8d759613d8f

Changeset - a8d759613d8f

Parent rev.

Child rev.

[Not reviewed]

beta

0 4 0

Marcin Kuzminski - 15 years ago 2011-03-09 19:47:52
marcin@python-works.com

fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal
and repositories feeds

4 files changed with 18 insertions and 14 deletions:

rhodecode/controllers/feed.py

rhodecode/controllers/journal.py

rhodecode/lib/auth.py

rhodecode/model/user.py

0 comments (0 inline, 0 general)

rhodecode/controllers/feed.py

➞

Show inline comments

@@ @@ -30,25 +30,25 @@ import logging @@
 from pylons import url, response, tmpl_context as c
 from pylons.i18n.translation import _
 from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator
 from rhodecode.lib.base import BaseRepoController
 from webhelpers.feedgenerator import Atom1Feed, Rss201rev2Feed
 log = logging.getLogger(__name__)
 class FeedController(BaseRepoController):
     @LoginRequired()
+    @LoginRequired(api_access=True)
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     def __before__(self):
         super(FeedController, self).__before__()
         #common values for feeds
         self.description = _('Changes on %s repository')
         self.title = self.title = _('%s %s feed') % (c.rhodecode_name, '%s')
         self.language = 'en-us'
         self.ttl = "5"
         self.feed_nr = 10
     def atom(self, repo_name):

rhodecode/controllers/journal.py

➞

Show inline comments

@@ @@ -37,33 +37,34 @@ from pylons.i18n.translation import _ @@
 from webhelpers.feedgenerator import Atom1Feed, Rss201rev2Feed
 import rhodecode.lib.helpers as h
 from rhodecode.lib.auth import LoginRequired, NotAnonymous
 from rhodecode.lib.base import BaseController, render
 from rhodecode.model.db import UserLog, UserFollowing
 log = logging.getLogger(__name__)
 class JournalController(BaseController):
-    @LoginRequired()
     def __before__(self):
         super(JournalController, self).__before__()
         c.rhodecode_user = self.rhodecode_user
         self.title = _('%s public journal %s feed') % (c.rhodecode_name, '%s')
         self.language = 'en-us'
         self.ttl = "5"
         self.feed_nr = 20
     @LoginRequired()
     @NotAnonymous()
     def index(self):
         # Return a rendered template
         p = int(request.params.get('page', 1))
         c.following = self.sa.query(UserFollowing)\
             .filter(UserFollowing.user_id == self.rhodecode_user.user_id)\
             .options(joinedload(UserFollowing.follows_repository))\
             .all()
         journal = self._get_journal_data(c.following)
@@ @@ -108,24 +109,25 @@ class JournalController(BaseController): @@
         if filtering_criterion is not None:
             journal = self.sa.query(UserLog)\
                 .options(joinedload(UserLog.user))\
                 .options(joinedload(UserLog.repository))\
                 .filter(filtering_criterion)\
                 .order_by(UserLog.action_date.desc())
         else:
             journal = []
         return journal
     @LoginRequired()
     @NotAnonymous()
     def toggle_following(self):
         cur_token = request.POST.get('auth_token')
         token = h.get_token()
         if cur_token == token:
             user_id = request.POST.get('follows_user_id')
             if user_id:
                 try:
                     self.scm_model.toggle_following_user(user_id,
                                                     self.rhodecode_user.user_id)
                     return 'ok'
@@ @@ -138,47 +140,47 @@ class JournalController(BaseController): @@
                     self.scm_model.toggle_following_repo(repo_id,
                                                     self.rhodecode_user.user_id)
                     return 'ok'
                 except:
                     raise HTTPInternalServerError()
         log.debug('token mismatch %s vs %s', cur_token, token)
         raise HTTPInternalServerError()
+    @LoginRequired()
     def public_journal(self):
         # Return a rendered template
         p = int(request.params.get('page', 1))
         c.following = self.sa.query(UserFollowing)\
             .filter(UserFollowing.user_id == self.rhodecode_user.user_id)\
             .options(joinedload(UserFollowing.follows_repository))\
             .all()
         journal = self._get_journal_data(c.following)
         c.journal_pager = Page(journal, page=p, items_per_page=20)
         c.journal_day_aggreagate = self._get_daily_aggregate(c.journal_pager)
         c.journal_data = render('journal/journal_data.html')
         if request.params.get('partial'):
             return c.journal_data
         return render('journal/public_journal.html')
+    @LoginRequired(api_access=True)
     def public_journal_atom(self):
         """
         Produce an atom-1.0 feed via feedgenerator module
         """
         c.following = self.sa.query(UserFollowing)\
             .filter(UserFollowing.user_id == self.rhodecode_user.user_id)\
             .options(joinedload(UserFollowing.follows_repository))\
             .all()
         journal = self._get_journal_data(c.following)
         feed = Atom1Feed(title=self.title % 'atom',
@@ @@ -194,24 +196,25 @@ class JournalController(BaseController): @@
                                  entry.repository.repo_name)
             desc = action_extra()
             feed.add_item(title=title,
                           pubdate=entry.action_date,
                           link=url('', qualified=True),
                           author_email=entry.user.email,
                           author_name=entry.user.full_contact,
                           description=desc)
         response.content_type = feed.mime_type
         return feed.writeString('utf-8')
     @LoginRequired(api_access=True)
     def public_journal_rss(self):
         """
         Produce an rss2 feed via feedgenerator module
         """
         c.following = self.sa.query(UserFollowing)\
             .filter(UserFollowing.user_id == self.rhodecode_user.user_id)\
             .options(joinedload(UserFollowing.follows_repository))\
             .all()
         journal = self._get_journal_data(c.following)
         feed = Rss201rev2Feed(title=self.title % 'rss',

rhodecode/lib/auth.py

➞

Show inline comments

@@ @@ -221,46 +221,46 @@ class AuthUser(object): @@
     """
     A simple object that handles all attributes of user in RhodeCode
     It does lookup based on API key,given user, or user present in session
     Then it fills all required information for such user. It also checks if
     anonymous access is enabled and if so, it returns default user as logged
     in
     """
     def __init__(self, user_id=None, api_key=None):
         self.user_id = user_id
-        self.api_key = api_key
+        self.api_key = None
         self.username = 'None'
         self.name = ''
         self.lastname = ''
         self.email = ''
         self.is_authenticated = False
         self.admin = False
         self.permissions = {}
         self._api_key = api_key
         self.propagate_data()
     def propagate_data(self):
         user_model = UserModel()
         if self.api_key:
         self.anonymous_user = user_model.get_by_username('default', cache=True)
         if self._api_key:
             #try go get user by api key
             log.debug('Auth User lookup by API KEY %s', self.api_key)
             user_model.fill_data(self, api_key=self.api_key)
             log.debug('Auth User lookup by API KEY %s', self._api_key)
             user_model.fill_data(self, api_key=self._api_key)
         else:
             log.debug('Auth User lookup by USER ID %s', self.user_id)
             self.anonymous_user = user_model.get_by_username('default', cache=True)
             if self.user_id is not None and self.user_id != self.anonymous_user.user_id:
                 user_model.fill_data(self, user_id=self.user_id)
             else:
                 if self.anonymous_user.active is True:
                     user_model.fill_data(self, user_id=self.anonymous_user.user_id)
                     #then we set this user is logged in
                     self.is_authenticated = True
                 else:
                     self.is_authenticated = False
         log.debug('Auth User is now %s', self)
         user_model.fill_perms(self)

rhodecode/model/user.py

➞

Show inline comments

@@ @@ -221,36 +221,37 @@ class UserModel(BaseModel): @@
     def fill_data(self, auth_user, user_id=None, api_key=None):
         """
         Fetches auth_user by user_id,or api_key if present.
         Fills auth_user attributes with those taken from database.
         Additionally set's is_authenitated if lookup fails
         present in database
         :param auth_user: instance of user to set attributes
         :param user_id: user id to fetch by
         :param api_key: api key to fetch by
         """
-        if not user_id and not not api_key:
+        if user_id is None and api_key is None:
             raise Exception('You need to pass user_id or api_key')
         try:
             if api_key:
                 dbuser = self.get_by_api_key(api_key)
             else:
                 dbuser = self.get(user_id)
             log.debug('filling %s data', dbuser)
             for k, v in dbuser.get_dict().items():
                 setattr(auth_user, k, v)
             if dbuser is not None:
                 log.debug('filling %s data', dbuser)
                 for k, v in dbuser.get_dict().items():
                     setattr(auth_user, k, v)
         except:
             log.error(traceback.format_exc())
             auth_user.is_authenticated = False
         return auth_user
     def fill_perms(self, user):
         """Fills user permission attribute with permissions taken from database
         works for permissions given for repositories, and for permissions that
         as part of beeing group member

0 comments (0 inline, 0 general)