kallithea Changeset - de71a4bde097

Changeset - de71a4bde097

Parent rev.

Child rev.

[Not reviewed]

beta

1 9 1

Marcin Kuzminski - 14 years ago 2011-10-31 20:42:41
marcin@python-works.com

Some code cleanups and fixes

8 files changed with 54 insertions and 36 deletions:

development.ini

production.ini

rhodecode/lib/auth.py

rhodecode/lib/base.py

rhodecode/model/user.py

rhodecode/tests/__init__.py

rhodecode/tests/_test_concurency.py

rename

test.ini

0 comments (0 inline, 0 general)

development.ini

➞

Show inline comments

@@ @@ -44,24 +44,26 @@ port = 5000 @@
 [app:main]
 use = egg:rhodecode
 full_stack = true
 static_files = true
 lang=en
 cache_dir = %(here)s/data
 index_dir = %(here)s/data/index
 app_instance_uuid = develop
 cut_off_limit = 256000
 force_https = false
 commit_parse_limit = 25
 use_gravatar = true
 container_auth_enabled = false
 proxypass_auth_enabled = false
 ####################################
 ###        CELERY CONFIG        ####
 ####################################
 use_celery = false
 broker.host = localhost
 broker.vhost = rabbitmqhost
 broker.port = 5672
 broker.user = rabbitmq
 broker.password = qweqwe
 celery.imports = rhodecode.lib.celerylib.tasks

production.ini

➞

Show inline comments

@@ @@ -44,24 +44,26 @@ port = 8001 @@
 [app:main]
 use = egg:rhodecode
 full_stack = true
 static_files = true
 lang=en
 cache_dir = %(here)s/data
 index_dir = %(here)s/data/index
 app_instance_uuid = prod1234
 cut_off_limit = 256000
 force_https = false
 commit_parse_limit = 50
 use_gravatar = true
 container_auth_enabled = false
 proxypass_auth_enabled = false
 ####################################
 ###        CELERY CONFIG        ####
 ####################################
 use_celery = false
 broker.host = localhost
 broker.vhost = rabbitmqhost
 broker.port = 5672
 broker.user = rabbitmq
 broker.password = qweqwe
 celery.imports = rhodecode.lib.celerylib.tasks

rhodecode/lib/auth.py

➞

Show inline comments

@@ @@ -116,42 +116,50 @@ class RhodeCodeCrypto(object): @@
         else:
             raise Exception('Unknown or unsupported platform %s' \
                             % __platform__)
 def get_crypt_password(password):
     return RhodeCodeCrypto.hash_string(password)
 def check_password(password, hashed):
     return RhodeCodeCrypto.hash_check(password, hashed)
 def generate_api_key(str_, salt=None):
     """
     Generates API KEY from given string
 def generate_api_key(username, salt=None):
     :param str_:
     :param salt:
     """
     if salt is None:
         salt = _RandomNameSequence().next()
-    return hashlib.sha1(username + salt).hexdigest()
+    return hashlib.sha1(str_ + salt).hexdigest()
 def authfunc(environ, username, password):
     """Dummy authentication function used in Mercurial/Git/ and access control,
     """
     Dummy authentication function used in Mercurial/Git/ and access control,
     :param environ: needed only for using in Basic auth
     """
     return authenticate(username, password)
 def authenticate(username, password):
     """Authentication function used for access control,
     """
     Authentication function used for access control,
     firstly checks for db authentication then if ldap is enabled for ldap
     authentication, also creates ldap user if not in database
     :param username: username
     :param password: password
     """
     user_model = UserModel()
     user = User.get_by_username(username)
     log.debug('Authenticating user using RhodeCode account')
     if user is not None and not user.ldap_dn:
@@ @@ -223,46 +231,48 @@ def authenticate(username, password): @@
                 pass
     return False
 def login_container_auth(username):
     user = User.get_by_username(username)
     if user is None:
         user_model = UserModel()
         user_attrs = {
                  'name': username,
                  'lastname': None,
                  'email': None,
+                }
         if not user_model.create_for_container_auth(username, user_attrs):
         user = user_model.create_for_container_auth(username, user_attrs)
         if not user:
             return None
         user = User.get_by_username(username)
         log.info('User %s was created by container authentication', username)
     if not user.active:
         return None
     user.update_lastlogin()
     log.debug('User %s is now logged in by container authentication', user.username)
     log.debug('User %s is now logged in by container authentication',
               user.username)
     return user
-def get_container_username(environ, cfg=config):
 def get_container_username(environ, cfg):
     from paste.httpheaders import REMOTE_USER
     from paste.deploy.converters import asbool
     proxy_pass_enabled = asbool(cfg.get('proxypass_auth_enabled', False))
     username = REMOTE_USER(environ)
-    if not username and asbool(cfg.get('proxypass_auth_enabled', False)):
+    if not username and proxy_pass_enabled:
         username = environ.get('HTTP_X_FORWARDED_USER')
     if username:
+    if username and proxy_pass_enabled:
         #Removing realm and domain from username
         username = username.partition('@')[0]
         username = username.rpartition('\\')[2]
         log.debug('Received username %s from container', username)
     return username
 class  AuthUser(object):
     """
     A simple object that handles all attributes of user in RhodeCode
     It does lookup based on API key,given user, or user present in session
@@ @@ -281,45 +291,48 @@ class AuthUser(object): @@
         self.lastname = ''
         self.email = ''
         self.is_authenticated = False
         self.admin = False
         self.permissions = {}
         self._api_key = api_key
         self.propagate_data()
     def propagate_data(self):
         user_model = UserModel()
         self.anonymous_user = User.get_by_username('default')
         is_user_loaded = False
         # try go get user by api key
         if self._api_key and self._api_key != self.anonymous_user.api_key:
             #try go get user by api key
             log.debug('Auth User lookup by API KEY %s', self._api_key)
             is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
         elif self.user_id is not None \
             and self.user_id != self.anonymous_user.user_id:
         # lookup by userid
         elif (self.user_id is not None and
               self.user_id != self.anonymous_user.user_id):
             log.debug('Auth User lookup by USER ID %s', self.user_id)
             is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
         # lookup by username
         elif self.username:
             log.debug('Auth User lookup by USER NAME %s', self.username)
             dbuser = login_container_auth(self.username)
             if dbuser is not None:
                 for k, v in dbuser.get_dict().items():
                     setattr(self, k, v)
                 self.set_authenticated()
                 is_user_loaded = True
         if not is_user_loaded:
             # if we cannot authenticate user try anonymous
             if self.anonymous_user.active is True:
                 user_model.fill_data(self,
                                      user_id=self.anonymous_user.user_id)
                 user_model.fill_data(self,user_id=self.anonymous_user.user_id)
                 #then we set this user is logged in
                 self.is_authenticated = True
             else:
                 self.user_id = None
                 self.username = None
                 self.is_authenticated = False
         if not self.username:
             self.username = 'None'
         log.debug('Auth User is now %s', self)
         user_model.fill_perms(self)
@@ @@ -328,31 +341,31 @@ class AuthUser(object): @@
     def is_admin(self):
         return self.admin
     @property
     def full_contact(self):
         return '%s %s <%s>' % (self.name, self.lastname, self.email)
     def __repr__(self):
         return "<AuthUser('id:%s:%s|%s')>" % (self.user_id, self.username,
                                               self.is_authenticated)
     def set_authenticated(self, authenticated=True):
         if self.user_id != self.anonymous_user.user_id:
             self.is_authenticated = authenticated
 def set_available_permissions(config):
     """This function will propagate pylons globals with all available defined
     """
     This function will propagate pylons globals with all available defined
     permission given in db. We don't want to check each time from db for new
     permissions since adding a new permission also requires application restart
     ie. to decorate new views with the newly created permission
     :param config: current pylons config instance
     """
     log.info('getting information about all available permissions')
     try:
         sa = meta.Session()
         all_perms = sa.query(Permission).all()
     except:
@@ @@ -652,12 +665,13 @@ class HasPermissionAnyMiddleware(object) @@
         self.repo_name = repo_name
         return self.check_permissions()
     def check_permissions(self):
         log.debug('checking mercurial protocol '
                   'permissions %s for user:%s repository:%s', self.user_perms,
                                                 self.username, self.repo_name)
         if self.required_perms.intersection(self.user_perms):
             log.debug('permission granted')
             return True
         log.debug('permission denied')
         return False

rhodecode/lib/base.py

➞

Show inline comments

@@ @@ -24,69 +24,68 @@ class BaseController(WSGIController): @@
     def __before__(self):
         c.rhodecode_version = __version__
         c.rhodecode_name = config.get('rhodecode_title')
         c.ga_code = config.get('rhodecode_ga_code')
         c.repo_name = get_repo_slug(request)
         c.backends = BACKENDS.keys()
         self.cut_off_limit = int(config.get('cut_off_limit'))
         self.sa = meta.Session()
         self.scm_model = ScmModel(self.sa)
         #c.unread_journal = scm_model.get_unread_journal()
     def __call__(self, environ, start_response):
         """Invoke the Controller"""
         # WSGIController.__call__ dispatches to the Controller method
         # the request is routed to. This routing information is
         # available in environ['pylons.routes_dict']
         start = time.time()
         try:
-            # putting this here makes sure that we update permissions each time
+            # make sure that we update permissions each time we call controller
             api_key = request.GET.get('api_key')
             user_id = getattr(session.get('rhodecode_user'), 'user_id', None)
             if asbool(config.get('container_auth_enabled', False)):
                 username = get_container_username(environ)
             else:
                 username = None
             self.rhodecode_user = c.rhodecode_user = AuthUser(user_id, api_key, username)
             auth_user = AuthUser(user_id, api_key, username)
             self.rhodecode_user = c.rhodecode_user = auth_user
             if not self.rhodecode_user.is_authenticated and \
                        self.rhodecode_user.user_id is not None:
                 self.rhodecode_user.set_authenticated(
                                         getattr(session.get('rhodecode_user'),
                                        'is_authenticated', False))
             session['rhodecode_user'] = self.rhodecode_user
             session.save()
             return WSGIController.__call__(self, environ, start_response)
         finally:
             log.debug('Request time: %.3fs' % (time.time()-start))
             meta.Session.remove()
 class BaseRepoController(BaseController):
     """
     Base class for controllers responsible for loading all needed data
     for those controllers, loaded items are
     Base class for controllers responsible for loading all needed data for
     repository loaded items are
     c.rhodecode_repo: instance of scm repository (taken from cache)
     c.rhodecode_repo: instance of scm repository
     c.rhodecode_db_repo: instance of db
     c.repository_followers: number of followers
     c.repository_forks: number of forks
     """
     def __before__(self):
         super(BaseRepoController, self).__before__()
         if c.repo_name:
             c.rhodecode_db_repo = Repository.get_by_repo_name(c.repo_name)
             c.rhodecode_repo = c.rhodecode_db_repo.scm_instance
             if c.rhodecode_repo is None:
                 log.error('%s this repository is present in database but it '
                           'cannot be created as an scm instance', c.repo_name)
                 redirect(url('home'))
             c.repository_followers = \
                 self.scm_model.get_followers(c.repo_name)
             c.repository_followers = self.scm_model.get_followers(c.repo_name)
             c.repository_forks = self.scm_model.get_forks(c.repo_name)

rhodecode/model/user.py

➞

Show inline comments

@@ @@ -97,38 +97,38 @@ class UserModel(BaseModel): @@
         Creates the given user if it's not already in the database
         :param username:
         :param attrs:
         """
         if self.get_by_username(username, case_insensitive=True) is None:
             try:
                 new_user = User()
                 new_user.username = username
                 new_user.password = None
                 new_user.api_key = generate_api_key(username)
                 new_user.email = attrs['email']
                 new_user.active = True
+                new_user.active = attrs.get('active', True)
                 new_user.name = attrs['name']
                 new_user.lastname = attrs['lastname']
                 self.sa.add(new_user)
                 self.sa.commit()
-                return True
+                return new_user
             except (DatabaseError,):
                 log.error(traceback.format_exc())
                 self.sa.rollback()
                 raise
         log.debug('User %s already exists. Skipping creation of account for container auth.',
                   username)
         return False
         log.debug('User %s already exists. Skipping creation of account'
                   ' for container auth.', username)
         return None
     def create_ldap(self, username, password, user_dn, attrs):
         """
         Checks if user is in database, if not creates this user marked
         as ldap user
         :param username:
         :param password:
         :param user_dn:
         :param attrs:
         """
         from rhodecode.lib.auth import get_crypt_password
@@ @@ -139,32 +139,32 @@ class UserModel(BaseModel): @@
                 # add ldap account always lowercase
                 new_user.username = username.lower()
                 new_user.password = get_crypt_password(password)
                 new_user.api_key = generate_api_key(username)
                 new_user.email = attrs['email']
                 new_user.active = attrs.get('active',True)
                 new_user.ldap_dn = safe_unicode(user_dn)
                 new_user.name = attrs['name']
                 new_user.lastname = attrs['lastname']
                 self.sa.add(new_user)
                 self.sa.commit()
-                return True
+                return new_user
             except (DatabaseError,):
                 log.error(traceback.format_exc())
                 self.sa.rollback()
                 raise
         log.debug('this %s user exists skipping creation of ldap account',
                   username)
-        return False
+        return None
     def create_registration(self, form_data):
         from rhodecode.lib.celerylib import tasks, run_task
         try:
             new_user = User()
             for k, v in form_data.items():
                 if k != 'admin':
                     setattr(new_user, k, v)
             self.sa.add(new_user)
             self.sa.commit()
             body = ('New user registration\n'

rhodecode/tests/__init__.py

➞

Show inline comments

@@ @@ -12,25 +12,24 @@ from os.path import join as jn @@
 from unittest import TestCase
 from paste.deploy import loadapp
 from paste.script.appinstall import SetupCommand
 from pylons import config, url
 from routes.util import URLGenerator
 from webtest import TestApp
 from rhodecode.model import meta
 import logging
 log = logging.getLogger(__name__)
 import pylons.test
 __all__ = ['environ', 'url', 'TestController', 'TESTS_TMP_PATH', 'HG_REPO',
            'GIT_REPO', 'NEW_HG_REPO', 'NEW_GIT_REPO', 'HG_FORK', 'GIT_FORK',
            'TEST_USER_ADMIN_LOGIN', 'TEST_USER_ADMIN_PASS' ]
 # Invoke websetup with the current config file
 #SetupCommand('setup-app').run([config_file])
 ##RUNNING DESIRED TESTS

rhodecode/tests/_test_concurency.py

➞

Show inline comments

file renamed from rhodecode/tests/test_concurency.py to rhodecode/tests/_test_concurency.py

test.ini

➞

Show inline comments

@@ @@ -42,24 +42,26 @@ port = 5000 @@
 [app:main]
 use = egg:rhodecode
 full_stack = true
 static_files = true
 lang=en
 cache_dir = /tmp/data
 index_dir = /tmp/index
 app_instance_uuid = develop-test
 cut_off_limit = 256000
 force_https = false
 commit_parse_limit = 25
 use_gravatar = true
 container_auth_enabled = false
 proxypass_auth_enabled = false
 ####################################
 ###        CELERY CONFIG        ####
 ####################################
 use_celery = false
 broker.host = localhost
 broker.vhost = rabbitmqhost
 broker.port = 5672
 broker.user = rabbitmq
 broker.password = qweqwe
 celery.imports = rhodecode.lib.celerylib.tasks

0 comments (0 inline, 0 general)