kallithea Changeset - f78bee8eec78

Changeset - f78bee8eec78

Parent rev.

Child rev.

[Not reviewed]

beta

0 6 0

Marcin Kuzminski - 14 years ago 2011-11-25 18:25:10
marcin@python-works.com

reduce cookie size for better support of client side sessions

6 files changed with 39 insertions and 24 deletions:

rhodecode/controllers/admin/settings.py

rhodecode/controllers/login.py

rhodecode/lib/auth.py

rhodecode/lib/base.py

rhodecode/tests/__init__.py

rhodecode/tests/functional/test_login.py

0 comments (0 inline, 0 general)

rhodecode/controllers/admin/settings.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.controllers.admin.settings
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     settings controller for rhodecode admin
     :created_on: Jul 14, 2010
     :author: marcink
     :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import traceback
 import formencode
 from sqlalchemy import func
 from formencode import htmlfill
 from pylons import request, session, tmpl_context as c, url, config
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \
     HasPermissionAnyDecorator, NotAnonymous
 from rhodecode.lib.base import BaseController, render
 from rhodecode.lib.celerylib import tasks, run_task
 from rhodecode.lib.utils import repo2db_mapper, invalidate_cache, \
     set_rhodecode_config, repo_name_slug
 from rhodecode.model.db import RhodeCodeUi, Repository, RepoGroup, \
     RhodeCodeSetting
 from rhodecode.model.forms import UserForm, ApplicationSettingsForm, \
     ApplicationUiSettingsForm
 from rhodecode.model.scm import ScmModel
 from rhodecode.model.user import UserModel
 from rhodecode.model.db import User
 from rhodecode.model.notification import NotificationModel, \
     EmailNotificationModel
 from rhodecode.model.notification import EmailNotificationModel
 log = logging.getLogger(__name__)
 class SettingsController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('setting', 'settings', controller='admin/settings',
     #         path_prefix='/admin', name_prefix='admin_')
     @LoginRequired()
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
         super(SettingsController, self).__before__()
     @HasPermissionAllDecorator('hg.admin')
     def index(self, format='html'):
         """GET /admin/settings: All items in the collection"""
         # url('admin_settings')
         defaults = RhodeCodeSetting.get_app_settings()
         defaults.update(self.get_hg_ui_settings())
         return htmlfill.render(
             render('admin/settings/settings.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False
+        )
     @HasPermissionAllDecorator('hg.admin')
     def create(self):
         """POST /admin/settings: Create a new item"""
         # url('admin_settings')
     @HasPermissionAllDecorator('hg.admin')
     def new(self, format='html'):
         """GET /admin/settings/new: Form to create a new item"""
         # url('admin_new_setting')
     @HasPermissionAllDecorator('hg.admin')
     def update(self, setting_id):
         """PUT /admin/settings/setting_id: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('admin_setting', setting_id=ID),
         #           method='put')
         # url('admin_setting', setting_id=ID)
         if setting_id == 'mapping':
             rm_obsolete = request.POST.get('destroy', False)
             log.debug('Rescanning directories with destroy=%s', rm_obsolete)
             initial = ScmModel().repo_scan()
             log.debug('invalidating all repositories')
             for repo_name in initial.keys():
                 invalidate_cache('get_repo_cached_%s' % repo_name)
             added, removed = repo2db_mapper(initial, rm_obsolete)
             h.flash(_('Repositories successfully'
                       ' rescanned added: %s,removed: %s') % (added, removed),
                     category='success')
         if setting_id == 'whoosh':
             repo_location = self.get_hg_ui_settings()['paths_root_path']
             full_index = request.POST.get('full_index', False)
             run_task(tasks.whoosh_index, repo_location, full_index)
             h.flash(_('Whoosh reindex task scheduled'), category='success')
         if setting_id == 'global':
             application_form = ApplicationSettingsForm()()
             try:
                 form_result = application_form.to_python(dict(request.POST))
                 try:
                     hgsettings1 = RhodeCodeSetting.get_by_name('title')
                     hgsettings1.app_settings_value = \
                         form_result['rhodecode_title']
                     hgsettings2 = RhodeCodeSetting.get_by_name('realm')
                     hgsettings2.app_settings_value = \
                         form_result['rhodecode_realm']
                     hgsettings3 = RhodeCodeSetting.get_by_name('ga_code')
                     hgsettings3.app_settings_value = \
                         form_result['rhodecode_ga_code']
                     self.sa.add(hgsettings1)
                     self.sa.add(hgsettings2)
                     self.sa.add(hgsettings3)
                     self.sa.commit()
                     set_rhodecode_config(config)
                     h.flash(_('Updated application settings'),
                             category='success')

rhodecode/controllers/login.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.controllers.login
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Login controller for rhodeocode
     :created_on: Apr 22, 2010
     :author: marcink
     :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import formencode
 from formencode import htmlfill
 from pylons.i18n.translation import _
 from pylons.controllers.util import abort, redirect
 from pylons import request, response, session, tmpl_context as c, url
 import rhodecode.lib.helpers as h
 from rhodecode.lib.auth import AuthUser, HasPermissionAnyDecorator
 from rhodecode.lib.base import BaseController, render
 from rhodecode.model.db import User
 from rhodecode.model.forms import LoginForm, RegisterForm, PasswordResetForm
 from rhodecode.model.user import UserModel
 log = logging.getLogger(__name__)
 class LoginController(BaseController):
     def __before__(self):
         super(LoginController, self).__before__()
     def index(self):
         # redirect if already logged in
         c.came_from = request.GET.get('came_from', None)
         if self.rhodecode_user.is_authenticated \
                             and self.rhodecode_user.username != 'default':
             return redirect(url('home'))
         if request.POST:
             #import Login Form validator class
+            # import Login Form validator class
             login_form = LoginForm()
             try:
                 c.form_result = login_form.to_python(dict(request.POST))
                 # form checks for username/password, now we're authenticated
                 username = c.form_result['username']
                 user = User.get_by_username(username, case_insensitive=True)
                 auth_user = AuthUser(user.user_id)
                 auth_user.set_authenticated()
                 session['rhodecode_user'] = auth_user
                 cs = auth_user.get_cookie_store()
                 session['rhodecode_user'] = cs
                 session.save()
                 log.info('user %s is now authenticated and stored in session',
                          username)
                 log.info('user %s is now authenticated and stored in '
                          'session, session attrs %s' % (username, cs))
                 user.update_lastlogin()
                 if c.came_from:
                     return redirect(c.came_from)
                 else:
                     return redirect(url('home'))
             except formencode.Invalid, errors:
                 return htmlfill.render(
                     render('/login.html'),
                     defaults=errors.value,
                     errors=errors.error_dict or {},
                     prefix_error=False,
                     encoding="UTF-8")
         return render('/login.html')
     @HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate',
                                'hg.register.manual_activate')
     def register(self):
         user_model = UserModel()
         c.auto_active = False
         for perm in User.get_by_username('default').user_perms:
             if perm.permission.permission_name == 'hg.register.auto_activate':
                 c.auto_active = True
                 break
         if request.POST:
             register_form = RegisterForm()()
             try:
                 form_result = register_form.to_python(dict(request.POST))
                 form_result['active'] = c.auto_active
                 user_model.create_registration(form_result)
                 h.flash(_('You have successfully registered into rhodecode'),
                             category='success')
                 return redirect(url('login_home'))
             except formencode.Invalid, errors:
                 return htmlfill.render(
                     render('/register.html'),
                     defaults=errors.value,
                     errors=errors.error_dict or {},
                     prefix_error=False,
                     encoding="UTF-8")
         return render('/register.html')
     def password_reset(self):
         user_model = UserModel()
         if request.POST:
             password_reset_form = PasswordResetForm()()
             try:
                 form_result = password_reset_form.to_python(dict(request.POST))
                 user_model.reset_password_link(form_result)
                 h.flash(_('Your password reset link was sent'),
                             category='success')
                 return redirect(url('login_home'))
             except formencode.Invalid, errors:
                 return htmlfill.render(
                     render('/password_reset.html'),
                     defaults=errors.value,
                     errors=errors.error_dict or {},
                     prefix_error=False,
                     encoding="UTF-8")
         return render('/password_reset.html')
     def password_reset_confirmation(self):
         if request.GET and request.GET.get('key'):
             try:
                 user_model = UserModel()
                 user = User.get_by_api_key(request.GET.get('key'))
                 data = dict(email=user.email)
                 user_model.reset_password(data)
                 h.flash(_('Your password reset was successful, '
                           'new password has been sent to your email'),
                             category='success')
             except Exception, e:
                 log.error(e)
                 return redirect(url('reset_password'))
         return redirect(url('login_home'))
     def logout(self):
         del session['rhodecode_user']
         session.save()
         log.info('Logging out and setting user as Empty')
         redirect(url('home'))

rhodecode/lib/auth.py

➞

Show inline comments

@@ @@ -41,414 +41,425 @@ if __platform__ in PLATFORM_WIN: @@
 if __platform__ in PLATFORM_OTHERS:
     import bcrypt
 from rhodecode.lib import str2bool, safe_unicode
 from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError
 from rhodecode.lib.utils import get_repo_slug
 from rhodecode.lib.auth_ldap import AuthLdap
 from rhodecode.model import meta
 from rhodecode.model.user import UserModel
 from rhodecode.model.db import Permission, RhodeCodeSetting, User
 log = logging.getLogger(__name__)
 class PasswordGenerator(object):
     """
     This is a simple class for generating password from different sets of
     characters
     usage::
         passwd_gen = PasswordGenerator()
         #print 8-letter password containing only big and small letters
             of alphabet
         print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
     """
     ALPHABETS_NUM = r'''1234567890'''
     ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''
     ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''
     ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''
     ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \
         + ALPHABETS_NUM + ALPHABETS_SPECIAL
     ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM
     ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
     ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM
     ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM
     def __init__(self, passwd=''):
         self.passwd = passwd
     def gen_password(self, len, type):
         self.passwd = ''.join([random.choice(type) for _ in xrange(len)])
         return self.passwd
 class RhodeCodeCrypto(object):
     @classmethod
     def hash_string(cls, str_):
         """
         Cryptographic function used for password hashing based on pybcrypt
         or pycrypto in windows
         :param password: password to hash
         """
         if __platform__ in PLATFORM_WIN:
             return sha256(str_).hexdigest()
         elif __platform__ in PLATFORM_OTHERS:
             return bcrypt.hashpw(str_, bcrypt.gensalt(10))
         else:
             raise Exception('Unknown or unsupported platform %s' \
                             % __platform__)
     @classmethod
     def hash_check(cls, password, hashed):
         """
         Checks matching password with it's hashed value, runs different
         implementation based on platform it runs on
         :param password: password
         :param hashed: password in hashed form
         """
         if __platform__ in PLATFORM_WIN:
             return sha256(password).hexdigest() == hashed
         elif __platform__ in PLATFORM_OTHERS:
             return bcrypt.hashpw(password, hashed) == hashed
         else:
             raise Exception('Unknown or unsupported platform %s' \
                             % __platform__)
 def get_crypt_password(password):
     return RhodeCodeCrypto.hash_string(password)
 def check_password(password, hashed):
     return RhodeCodeCrypto.hash_check(password, hashed)
 def generate_api_key(str_, salt=None):
     """
     Generates API KEY from given string
     :param str_:
     :param salt:
     """
     if salt is None:
         salt = _RandomNameSequence().next()
     return hashlib.sha1(str_ + salt).hexdigest()
 def authfunc(environ, username, password):
     """
     Dummy authentication wrapper function used in Mercurial and Git for
     access control.
     :param environ: needed only for using in Basic auth
     """
     return authenticate(username, password)
 def authenticate(username, password):
     """
     Authentication function used for access control,
     firstly checks for db authentication then if ldap is enabled for ldap
     authentication, also creates ldap user if not in database
     :param username: username
     :param password: password
     """
     user_model = UserModel()
     user = User.get_by_username(username)
     log.debug('Authenticating user using RhodeCode account')
     if user is not None and not user.ldap_dn:
         if user.active:
             if user.username == 'default' and user.active:
                 log.info('user %s authenticated correctly as anonymous user',
                          username)
                 return True
             elif user.username == username and check_password(password,
                                                               user.password):
                 log.info('user %s authenticated correctly', username)
                 return True
         else:
             log.warning('user %s is disabled', username)
     else:
         log.debug('Regular authentication failed')
         user_obj = User.get_by_username(username, case_insensitive=True)
         if user_obj is not None and not user_obj.ldap_dn:
             log.debug('this user already exists as non ldap')
             return False
         ldap_settings = RhodeCodeSetting.get_ldap_settings()
         #======================================================================
         # FALLBACK TO LDAP AUTH IF ENABLE
         #======================================================================
         if str2bool(ldap_settings.get('ldap_active')):
             log.debug("Authenticating user using ldap")
             kwargs = {
                   'server': ldap_settings.get('ldap_host', ''),
                   'base_dn': ldap_settings.get('ldap_base_dn', ''),
                   'port': ldap_settings.get('ldap_port'),
                   'bind_dn': ldap_settings.get('ldap_dn_user'),
                   'bind_pass': ldap_settings.get('ldap_dn_pass'),
                   'tls_kind': ldap_settings.get('ldap_tls_kind'),
                   'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),
                   'ldap_filter': ldap_settings.get('ldap_filter'),
                   'search_scope': ldap_settings.get('ldap_search_scope'),
                   'attr_login': ldap_settings.get('ldap_attr_login'),
                   'ldap_version': 3,
+                  }
             log.debug('Checking for ldap authentication')
             try:
                 aldap = AuthLdap(**kwargs)
                 (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,
                                                                 password)
                 log.debug('Got ldap DN response %s', user_dn)
                 get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\
                                                            .get(k), [''])[0]
                 user_attrs = {
                  'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),
                  'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),
                  'email': get_ldap_attr('ldap_attr_email'),
+                }
                 if user_model.create_ldap(username, password, user_dn,
                                           user_attrs):
                     log.info('created new ldap user %s', username)
                 return True
             except (LdapUsernameError, LdapPasswordError,):
                 pass
             except (Exception,):
                 log.error(traceback.format_exc())
                 pass
     return False
 def login_container_auth(username):
     user = User.get_by_username(username)
     if user is None:
         user_model = UserModel()
         user_attrs = {
             'name': username,
             'lastname': None,
             'email': None,
+        }
         user = user_model.create_for_container_auth(username, user_attrs)
         if not user:
             return None
         log.info('User %s was created by container authentication', username)
     if not user.active:
         return None
     user.update_lastlogin()
-    log.debug('User %s is now logged in by container authentication',
     log.debug('User %s is now logged in by container authentication',
               user.username)
     return user
 def get_container_username(environ, config):
     username = None
     if str2bool(config.get('container_auth_enabled', False)):
         from paste.httpheaders import REMOTE_USER
         username = REMOTE_USER(environ)
     if not username and str2bool(config.get('proxypass_auth_enabled', False)):
         username = environ.get('HTTP_X_FORWARDED_USER')
     if username:
         # Removing realm and domain from username
         username = username.partition('@')[0]
         username = username.rpartition('\\')[2]
         log.debug('Received username %s from container', username)
     return username
 class  AuthUser(object):
     """
     A simple object that handles all attributes of user in RhodeCode
     It does lookup based on API key,given user, or user present in session
     Then it fills all required information for such user. It also checks if
     anonymous access is enabled and if so, it returns default user as logged
     in
     """
     def __init__(self, user_id=None, api_key=None, username=None):
         self.user_id = user_id
         self.api_key = None
         self.username = username
         self.name = ''
         self.lastname = ''
         self.email = ''
         self.is_authenticated = False
         self.admin = False
         self.permissions = {}
         self._api_key = api_key
         self.propagate_data()
     def propagate_data(self):
         user_model = UserModel()
         self.anonymous_user = User.get_by_username('default')
         is_user_loaded = False
         # try go get user by api key
         if self._api_key and self._api_key != self.anonymous_user.api_key:
             log.debug('Auth User lookup by API KEY %s', self._api_key)
             is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
         # lookup by userid
-        elif (self.user_id is not None and
         elif (self.user_id is not None and
               self.user_id != self.anonymous_user.user_id):
             log.debug('Auth User lookup by USER ID %s', self.user_id)
             is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
         # lookup by username
         elif self.username:
             log.debug('Auth User lookup by USER NAME %s', self.username)
             dbuser = login_container_auth(self.username)
             if dbuser is not None:
                 for k, v in dbuser.get_dict().items():
                     setattr(self, k, v)
                 self.set_authenticated()
                 is_user_loaded = True
         if not is_user_loaded:
             # if we cannot authenticate user try anonymous
             if self.anonymous_user.active is True:
                 user_model.fill_data(self,user_id=self.anonymous_user.user_id)
+                user_model.fill_data(self, user_id=self.anonymous_user.user_id)
                 # then we set this user is logged in
                 self.is_authenticated = True
             else:
                 self.user_id = None
                 self.username = None
                 self.is_authenticated = False
         if not self.username:
             self.username = 'None'
         log.debug('Auth User is now %s', self)
         user_model.fill_perms(self)
     @property
     def is_admin(self):
         return self.admin
     @property
     def full_contact(self):
         return '%s %s <%s>' % (self.name, self.lastname, self.email)
     def __repr__(self):
         return "<AuthUser('id:%s:%s|%s')>" % (self.user_id, self.username,
                                               self.is_authenticated)
     def set_authenticated(self, authenticated=True):
         if self.user_id != self.anonymous_user.user_id:
             self.is_authenticated = authenticated
     def get_cookie_store(self):
         return {'username':self.username,
                 'user_id': self.user_id,
                 'is_authenticated':self.is_authenticated}
     @classmethod
     def from_cookie_store(cls, cookie_store):
         user_id = cookie_store.get('user_id')
         username = cookie_store.get('username')
         api_key = cookie_store.get('api_key')
         return AuthUser(user_id, api_key, username)
 def set_available_permissions(config):
     """
     This function will propagate pylons globals with all available defined
     permission given in db. We don't want to check each time from db for new
     permissions since adding a new permission also requires application restart
     ie. to decorate new views with the newly created permission
     :param config: current pylons config instance
     """
     log.info('getting information about all available permissions')
     try:
         sa = meta.Session()
         all_perms = sa.query(Permission).all()
     except:
         pass
     finally:
         meta.Session.remove()
     config['available_permissions'] = [x.permission_name for x in all_perms]
 #==============================================================================
 # CHECK DECORATORS
 #==============================================================================
 class LoginRequired(object):
     """
     Must be logged in to execute this function else
     redirect to login page
     :param api_access: if enabled this checks only for valid auth token
         and grants access based on valid token
     """
     def __init__(self, api_access=False):
         self.api_access = api_access
     def __call__(self, func):
         return decorator(self.__wrapper, func)
     def __wrapper(self, func, *fargs, **fkwargs):
         cls = fargs[0]
         user = cls.rhodecode_user
         api_access_ok = False
         if self.api_access:
             log.debug('Checking API KEY access for %s', cls)
             if user.api_key == request.GET.get('api_key'):
                 api_access_ok = True
             else:
                 log.debug("API KEY token not valid")
         log.debug('Checking if %s is authenticated @ %s', user.username, cls)
         if user.is_authenticated or api_access_ok:
             log.debug('user %s is authenticated', user.username)
             return func(*fargs, **fkwargs)
         else:
             log.warn('user %s NOT authenticated', user.username)
             p = url.current()
             log.debug('redirecting to login page with %s', p)
             return redirect(url('login_home', came_from=p))
 class NotAnonymous(object):
     """
     Must be logged in to execute this function else
     redirect to login page"""
     def __call__(self, func):
         return decorator(self.__wrapper, func)
     def __wrapper(self, func, *fargs, **fkwargs):
         cls = fargs[0]
         self.user = cls.rhodecode_user
         log.debug('Checking if user is not anonymous @%s', cls)
         anonymous = self.user.username == 'default'
         if anonymous:
             p = url.current()
             import rhodecode.lib.helpers as h
             h.flash(_('You need to be a registered user to '
                       'perform this action'),
                     category='warning')
             return redirect(url('login_home', came_from=p))
         else:
             return func(*fargs, **fkwargs)
 class PermsDecorator(object):
     """Base class for controller decorators"""
@@ @@ -483,193 +494,194 @@ class PermsDecorator(object): @@
             if anonymous:
                 p = url.current()
                 import rhodecode.lib.helpers as h
                 h.flash(_('You need to be a signed in to '
                           'view this page'),
                         category='warning')
                 return redirect(url('login_home', came_from=p))
             else:
                 # redirect with forbidden ret code
                 return abort(403)
     def check_permissions(self):
         """Dummy function for overriding"""
         raise Exception('You have to write this function in child class')
 class HasPermissionAllDecorator(PermsDecorator):
     """
     Checks for access permission for all given predicates. All of them
     have to be meet in order to fulfill the request
     """
     def check_permissions(self):
         if self.required_perms.issubset(self.user_perms.get('global')):
             return True
         return False
 class HasPermissionAnyDecorator(PermsDecorator):
     """
     Checks for access permission for any of given predicates. In order to
     fulfill the request any of predicates must be meet
     """
     def check_permissions(self):
         if self.required_perms.intersection(self.user_perms.get('global')):
             return True
         return False
 class HasRepoPermissionAllDecorator(PermsDecorator):
     """
     Checks for access permission for all given predicates for specific
     repository. All of them have to be meet in order to fulfill the request
     """
     def check_permissions(self):
         repo_name = get_repo_slug(request)
         try:
             user_perms = set([self.user_perms['repositories'][repo_name]])
         except KeyError:
             return False
         if self.required_perms.issubset(user_perms):
             return True
         return False
 class HasRepoPermissionAnyDecorator(PermsDecorator):
     """
     Checks for access permission for any of given predicates for specific
     repository. In order to fulfill the request any of predicates must be meet
     """
     def check_permissions(self):
         repo_name = get_repo_slug(request)
         try:
             user_perms = set([self.user_perms['repositories'][repo_name]])
         except KeyError:
             return False
         if self.required_perms.intersection(user_perms):
             return True
         return False
 #==============================================================================
 # CHECK FUNCTIONS
 #==============================================================================
 class PermsFunction(object):
     """Base function for other check functions"""
     def __init__(self, *perms):
         available_perms = config['available_permissions']
         for perm in perms:
             if perm not in available_perms:
                 raise Exception("'%s' permission in not defined" % perm)
         self.required_perms = set(perms)
         self.user_perms = None
         self.granted_for = ''
         self.repo_name = None
     def __call__(self, check_Location=''):
         user = session.get('rhodecode_user', False)
         cookie_store = session.get('rhodecode_user')
         user = AuthUser.from_cookie_store(cookie_store)
         if not user:
             return False
         self.user_perms = user.permissions
         self.granted_for = user
         log.debug('checking %s %s %s', self.__class__.__name__,
                   self.required_perms, user)
         if self.check_permissions():
             log.debug('Permission granted %s @ %s', self.granted_for,
                       check_Location or 'unspecified location')
             return True
         else:
             log.warning('Permission denied for %s @ %s', self.granted_for,
                         check_Location or 'unspecified location')
             return False
     def check_permissions(self):
         """Dummy function for overriding"""
         raise Exception('You have to write this function in child class')
 class HasPermissionAll(PermsFunction):
     def check_permissions(self):
         if self.required_perms.issubset(self.user_perms.get('global')):
             return True
         return False
 class HasPermissionAny(PermsFunction):
     def check_permissions(self):
         if self.required_perms.intersection(self.user_perms.get('global')):
             return True
         return False
 class HasRepoPermissionAll(PermsFunction):
     def __call__(self, repo_name=None, check_Location=''):
         self.repo_name = repo_name
         return super(HasRepoPermissionAll, self).__call__(check_Location)
     def check_permissions(self):
         if not self.repo_name:
             self.repo_name = get_repo_slug(request)
         try:
             self.user_perms = set([self.user_perms['reposit'
                                                    'ories'][self.repo_name]])
         except KeyError:
             return False
         self.granted_for = self.repo_name
         if self.required_perms.issubset(self.user_perms):
             return True
         return False
 class HasRepoPermissionAny(PermsFunction):
     def __call__(self, repo_name=None, check_Location=''):
         self.repo_name = repo_name
         return super(HasRepoPermissionAny, self).__call__(check_Location)
     def check_permissions(self):
         if not self.repo_name:
             self.repo_name = get_repo_slug(request)
         try:
             self.user_perms = set([self.user_perms['reposi'
                                                    'tories'][self.repo_name]])
         except KeyError:
             return False
         self.granted_for = self.repo_name
         if self.required_perms.intersection(self.user_perms):
             return True
         return False
 #==============================================================================
 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
 #==============================================================================
 class HasPermissionAnyMiddleware(object):
     def __init__(self, *perms):
         self.required_perms = set(perms)
     def __call__(self, user, repo_name):
         usr = AuthUser(user.user_id)
         try:
             self.user_perms = set([usr.permissions['repositories'][repo_name]])
         except:
             self.user_perms = set()
         self.granted_for = ''
         self.username = user.username
         self.repo_name = repo_name
         return self.check_permissions()

rhodecode/lib/base.py

➞

Show inline comments

 """The base Controller API
 Provides the BaseController class for subclassing.
 """
 import logging
 import time
 from pylons import config, tmpl_context as c, request, session, url
 from pylons.controllers import WSGIController
 from pylons.controllers.util import redirect
 from pylons.templating import render_mako as render
 from rhodecode import __version__
 from rhodecode import __version__, BACKENDS
 from rhodecode.lib import str2bool
 from rhodecode.lib.auth import AuthUser, get_container_username
 from rhodecode.lib.utils import get_repo_slug
 from rhodecode.model import meta
 from rhodecode.model.scm import ScmModel
 from rhodecode import BACKENDS
 from rhodecode.model.db import Repository
 from rhodecode.model.notification import NotificationModel
 from rhodecode.model.scm import ScmModel
 log = logging.getLogger(__name__)
 class BaseController(WSGIController):
     def __before__(self):
         c.rhodecode_version = __version__
         c.rhodecode_name = config.get('rhodecode_title')
         c.use_gravatar = str2bool(config.get('use_gravatar'))
         c.ga_code = config.get('rhodecode_ga_code')
         c.repo_name = get_repo_slug(request)
         c.backends = BACKENDS.keys()
         c.unread_notifications = NotificationModel()\
                         .get_unread_cnt_for_user(c.rhodecode_user.user_id)
         self.cut_off_limit = int(config.get('cut_off_limit'))
         self.sa = meta.Session()
         self.scm_model = ScmModel(self.sa)
     def __call__(self, environ, start_response):
         """Invoke the Controller"""
         # WSGIController.__call__ dispatches to the Controller method
         # the request is routed to. This routing information is
         # available in environ['pylons.routes_dict']
         start = time.time()
         try:
             # make sure that we update permissions each time we call controller
             api_key = request.GET.get('api_key')
             user_id = getattr(session.get('rhodecode_user'), 'user_id', None)
             cookie_store = session.get('rhodecode_user') or {}
             user_id = cookie_store.get('user_id', None)
             username = get_container_username(environ, config)
             auth_user = AuthUser(user_id, api_key, username)
             self.rhodecode_user = c.rhodecode_user = auth_user
             if not self.rhodecode_user.is_authenticated and \
                        self.rhodecode_user.user_id is not None:
                 self.rhodecode_user.set_authenticated(
                                         getattr(session.get('rhodecode_user'),
                                        'is_authenticated', False))
             session['rhodecode_user'] = self.rhodecode_user
                 self.rhodecode_user\
                     .set_authenticated(cookie_store.get('is_authenticated'))
             session['rhodecode_user'] = self.rhodecode_user.get_cookie_store()
             session.save()
             return WSGIController.__call__(self, environ, start_response)
         finally:
             log.debug('Request time: %.3fs' % (time.time()-start))
+            log.debug('Request time: %.3fs' % (time.time() - start))
             meta.Session.remove()
 class BaseRepoController(BaseController):
     """
     Base class for controllers responsible for loading all needed data for
     repository loaded items are
     c.rhodecode_repo: instance of scm repository
     c.rhodecode_db_repo: instance of db
     c.repository_followers: number of followers
     c.repository_forks: number of forks
     """
     def __before__(self):
         super(BaseRepoController, self).__before__()
         if c.repo_name:
             c.rhodecode_db_repo = Repository.get_by_repo_name(c.repo_name)
             c.rhodecode_repo = c.rhodecode_db_repo.scm_instance
             if c.rhodecode_repo is None:
                 log.error('%s this repository is present in database but it '
                           'cannot be created as an scm instance', c.repo_name)
                 redirect(url('home'))
             c.repository_followers = self.scm_model.get_followers(c.repo_name)
             c.repository_forks = self.scm_model.get_forks(c.repo_name)

rhodecode/tests/__init__.py

➞

Show inline comments

 """Pylons application test package
 This package assumes the Pylons environment is already loaded, such as
 when this script is imported from the `nosetests --with-pylons=test.ini`
 command.
 This module initializes the application via ``websetup`` (`paster
 setup-app`) and provides the base testing objects.
 """
 import os
 import time
 import logging
 from os.path import join as jn
 from unittest import TestCase
 from paste.deploy import loadapp
 from paste.script.appinstall import SetupCommand
 from pylons import config, url
 from routes.util import URLGenerator
 from webtest import TestApp
 from rhodecode.model import meta
 from rhodecode.model.db import User
 import pylons.test
 os.environ['TZ'] = 'UTC'
 time.tzset()
 log = logging.getLogger(__name__)
 __all__ = ['environ', 'url', 'TestController', 'TESTS_TMP_PATH', 'HG_REPO',
            'GIT_REPO', 'NEW_HG_REPO', 'NEW_GIT_REPO', 'HG_FORK', 'GIT_FORK',
            'TEST_USER_ADMIN_LOGIN', 'TEST_USER_ADMIN_PASS' ]
 # Invoke websetup with the current config file
 # SetupCommand('setup-app').run([config_file])
 ##RUNNING DESIRED TESTS
 # nosetests -x rhodecode.tests.functional.test_admin_settings:TestSettingsController.test_my_account
 # nosetests --pdb --pdb-failures
 environ = {}
 #SOME GLOBALS FOR TESTS
 from tempfile import _RandomNameSequence
 TESTS_TMP_PATH = jn('/', 'tmp', 'rc_test_%s' % _RandomNameSequence().next())
 TEST_USER_ADMIN_LOGIN = 'test_admin'
 TEST_USER_ADMIN_PASS = 'test12'
 HG_REPO = 'vcs_test_hg'
 GIT_REPO = 'vcs_test_git'
 NEW_HG_REPO = 'vcs_test_hg_new'
 NEW_GIT_REPO = 'vcs_test_git_new'
 HG_FORK = 'vcs_test_hg_fork'
 GIT_FORK = 'vcs_test_git_fork'
 class TestController(TestCase):
     def __init__(self, *args, **kwargs):
         wsgiapp = pylons.test.pylonsapp
         config = wsgiapp.config
         self.app = TestApp(wsgiapp)
         url._push_object(URLGenerator(config['routes.map'], environ))
         self.Session = meta.Session
         self.index_location = config['app_conf']['index_dir']
         TestCase.__init__(self, *args, **kwargs)
     def log_user(self, username=TEST_USER_ADMIN_LOGIN,
                  password=TEST_USER_ADMIN_PASS):
         self._logged_username = username
         response = self.app.post(url(controller='login', action='index'),
                                  {'username':username,
                                   'password':password})
         if 'invalid user name' in response.body:
             self.fail('could not login using %s %s' % (username, password))
         self.assertEqual(response.status, '302 Found')
         self.assertEqual(response.session['rhodecode_user'].username, username)
         self.assertEqual(response.session['rhodecode_user'].get('username'),
                          username)
         return response.follow()
     def _get_logged_user(self):
         return User.get_by_username(self._logged_username)
     def checkSessionFlash(self, response, msg):
         self.assertTrue('flash' in response.session)
         self.assertTrue(msg in response.session['flash'][0][1])

rhodecode/tests/functional/test_login.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 from rhodecode.tests import *
 from rhodecode.model.db import User
 from rhodecode.lib import generate_api_key
 from rhodecode.lib.auth import check_password
 class TestLoginController(TestController):
     def test_index(self):
         response = self.app.get(url(controller='login', action='index'))
         self.assertEqual(response.status, '200 OK')
         # Test response...
     def test_login_admin_ok(self):
         response = self.app.post(url(controller='login', action='index'),
                                  {'username':'test_admin',
                                   'password':'test12'})
         self.assertEqual(response.status, '302 Found')
         self.assertEqual(response.session['rhodecode_user'].username ,
+        self.assertEqual(response.session['rhodecode_user'].get('username') ,
                          'test_admin')
         response = response.follow()
         self.assertTrue('%s repository' % HG_REPO in response.body)
     def test_login_regular_ok(self):
         response = self.app.post(url(controller='login', action='index'),
                                  {'username':'test_regular',
                                   'password':'test12'})
         self.assertEqual(response.status, '302 Found')
         self.assertEqual(response.session['rhodecode_user'].username ,
+        self.assertEqual(response.session['rhodecode_user'].get('username') ,
                          'test_regular')
         response = response.follow()
         self.assertTrue('%s repository' % HG_REPO in response.body)
         self.assertTrue('<a title="Admin" href="/_admin">' not in response.body)
     def test_login_ok_came_from(self):
         test_came_from = '/_admin/users'
         response = self.app.post(url(controller='login', action='index',
                                      came_from=test_came_from),
                                  {'username':'test_admin',
                                   'password':'test12'})
         self.assertEqual(response.status, '302 Found')
         response = response.follow()
         self.assertEqual(response.status, '200 OK')
         self.assertTrue('Users administration' in response.body)
     def test_login_short_password(self):
         response = self.app.post(url(controller='login', action='index'),
                                  {'username':'test_admin',
                                   'password':'as'})
         self.assertEqual(response.status, '200 OK')
         self.assertTrue('Enter 3 characters or more' in response.body)
     def test_login_wrong_username_password(self):
         response = self.app.post(url(controller='login', action='index'),
                                  {'username':'error',
                                   'password':'test12'})
         self.assertEqual(response.status , '200 OK')
         self.assertTrue('invalid user name' in response.body)
         self.assertTrue('invalid password' in response.body)
     #==========================================================================
     # REGISTRATIONS
     #==========================================================================
     def test_register(self):
         response = self.app.get(url(controller='login', action='register'))
         self.assertTrue('Sign Up to RhodeCode' in response.body)
     def test_register_err_same_username(self):
         response = self.app.post(url(controller='login', action='register'),
                                             {'username':'test_admin',
                                              'password':'test12',
                                              'password_confirmation':'test12',
                                              'email':'goodmail@domain.com',
                                              'name':'test',
                                              'lastname':'test'})
         self.assertEqual(response.status , '200 OK')
         self.assertTrue('This username already exists' in response.body)
     def test_register_err_same_email(self):
         response = self.app.post(url(controller='login', action='register'),
                                             {'username':'test_admin_0',
                                              'password':'test12',
                                              'password_confirmation':'test12',
                                              'email':'test_admin@mail.com',
                                              'name':'test',
                                              'lastname':'test'})
         self.assertEqual(response.status , '200 OK')
         assert 'This e-mail address is already taken' in response.body
     def test_register_err_same_email_case_sensitive(self):
         response = self.app.post(url(controller='login', action='register'),
                                             {'username':'test_admin_1',
                                              'password':'test12',
                                              'password_confirmation':'test12',
                                              'email':'TesT_Admin@mail.COM',
                                              'name':'test',
                                              'lastname':'test'})
         self.assertEqual(response.status , '200 OK')
         assert 'This e-mail address is already taken' in response.body
     def test_register_err_wrong_data(self):
         response = self.app.post(url(controller='login', action='register'),
                                             {'username':'xs',
                                              'password':'test',
                                              'password_confirmation':'test',
                                              'email':'goodmailm',
                                              'name':'test',
                                              'lastname':'test'})
         self.assertEqual(response.status , '200 OK')
         assert 'An email address must contain a single @' in response.body
         assert 'Enter a value 6 characters long or more' in response.body
     def test_register_err_username(self):
         response = self.app.post(url(controller='login', action='register'),
                                             {'username':'error user',
                                              'password':'test12',
                                              'password_confirmation':'test12',
                                              'email':'goodmailm',

0 comments (0 inline, 0 general)