def set_anonymous_access(enable=True):
user = User.get_by_username(User.DEFAULT_USER)
user.active = enable
Session().add(user)
Session().commit()
print '\tanonymous access is now:', enable
if enable != User.get_by_username(User.DEFAULT_USER).active:
raise Exception('Cannot set anonymous access')
def test_user_delete_cascades_ip_whitelist(test_user):
sample_ip = '1.1.1.1'
uid_map = UserIpMap(user_id=test_user.user_id, ip_addr=sample_ip)
Session().add(uid_map)
Session().delete(test_user)
try:
Session().flush()
finally:
Session().rollback()
def test_user_delete_cascades_permissions_on_repo(backend, test_user):
test_repo = backend.create_repo()
RepoModel().grant_user_permission(test_repo, test_user, 'repository.write')
Session().commit()
assert test_user.repo_to_perm
UserModel().delete(test_user)
Session().commit()
def test_clone_url_encrypted_value(self, backend):
repo = backend.create_repo()
Session().commit()
repo.clone_url = 'https://*****:*****@code.rhodecode.com'
Session().add(repo)
Session().commit()
assert repo.clone_url == 'https://*****:*****@code.rhodecode.com'
def test_add_and_remove_user_from_group(user_regular, user_util):
user_group = user_util.create_user_group()
assert user_group.members == []
UserGroupModel().add_user_to_group(user_group, user_regular)
Session().commit()
assert user_group.members[0].user == user_regular
UserGroupModel().remove_user_from_group(user_group, user_regular)
Session().commit()
assert user_group.members == []
def test_remove_repo(self):
repo = fixture.create_repo(name='test-repo-1')
Session().commit()
RepoModel().delete(repo=repo)
Session().commit()
self.assertEqual(None,
Repository.get_by_repo_name(repo_name='test-repo-1'))
def set_anonymous_access(enabled):
"""(Dis)allows anonymous access depending on parameter `enabled`"""
user = User.get_default_user()
user.active = enabled
Session().add(user)
Session().commit()
log.info('anonymous access is now: %s', enabled)
assert enabled == User.get_default_user().active, (
'Cannot set anonymous access')
def test_access_expired_gist(self):
self.log_user()
gist = _create_gist('never-see-me')
gist.gist_expires = 0 # 1970
Session().add(gist)
Session().commit()
response = self.app.get(url('gist', gist_id=gist.gist_access_id),
status=404)
def delete_repo_field(self, repo_name, field_id):
field = RepositoryField.get_or_404(field_id)
try:
Session().delete(field)
Session().commit()
except Exception, e:
log.error(traceback.format_exc())
msg = _('An error occurred during removal of field')
h.flash(msg, category='error')
def test_remove_repo_repo_raises_exc_when_attached_forks(self):
repo = fixture.create_repo(name='test-repo-1')
Session().commit()
fixture.create_fork(repo.repo_name, 'test-repo-fork-1')
Session().commit()
self.assertRaises(AttachedForksError,
lambda: RepoModel().delete(repo=repo))
def test_revoke_perm(self):
perm = Permission.query().all()[0]
UserModel().grant_perm(self.u1, perm)
Session().commit()
self.assertEqual(UserModel().has_perm(self.u1, perm), True)
#revoke
UserModel().revoke_perm(self.u1, perm)
Session().commit()
self.assertEqual(UserModel().has_perm(self.u1, perm), False)
def test_user_delete_cascades_permissions_on_user_group(
test_user_group, test_user):
UserGroupModel().grant_user_permission(test_user_group, test_user,
'usergroup.write')
Session().commit()
assert test_user.user_group_to_perm
Session().delete(test_user)
Session().commit()
def test_remove_repo(self, backend):
repo = backend.create_repo()
Session().commit()
RepoModel().delete(repo=repo)
Session().commit()
repos = ScmModel().repo_scan()
assert Repository.get_by_repo_name(repo_name=backend.repo_name) is None
assert repo.repo_name not in repos
def _migrate_hash_to_bcrypt(self, username, password, new_hash):
new_hash_cypher = _RhodeCodeCryptoBCrypt()
# extra checks, so make sure new hash is correct.
password_encoded = safe_str(password)
if new_hash and new_hash_cypher.hash_check(password_encoded, new_hash):
cur_user = User.get_by_username(username)
cur_user.password = new_hash
Session().add(cur_user)
Session().flush()
log.info('Migrated user %s hash to bcrypt', cur_user)
def test_show_invalid_source_reference(self, pr_util):
pull_request = pr_util.create_pull_request()
pull_request.source_ref = 'branch:b:invalid'
Session().add(pull_request)
Session().commit()
self.app.get(url(
controller='pullrequests', action='show',
repo_name=pull_request.target_repo.scm_instance().name,
pull_request_id=str(pull_request.pull_request_id)))
def test_revoke_perm(test_user):
perm = Permission.query().all()[0]
UserModel().grant_perm(test_user, perm)
Session().commit()
assert UserModel().has_perm(test_user, perm)
# revoke
UserModel().revoke_perm(test_user, perm)
Session().commit()
assert not UserModel().has_perm(test_user, perm)
def prepare(self, request, pylonsapp):
for x in ChangesetComment.query().all():
Session().delete(x)
Session().commit()
for x in Notification.query().all():
Session().delete(x)
Session().commit()
request.addfinalizer(self.cleanup)
def test_user_delete_cascades_permissions_on_repo_group(
test_repo_group, test_user):
RepoGroupModel().grant_user_permission(test_repo_group, test_user,
'group.write')
Session().commit()
assert test_user.repo_group_to_perm
Session().delete(test_user)
Session().commit()
def test_forgot_password(self):
response = self.app.get(
url(controller='login', action='password_reset'))
self.assertEqual(response.status, '200 OK')
username = '******'
password = '******'
email = '*****@*****.**'
name = 'passwd'
lastname = 'reset'
new = User()
new.username = username
new.password = password
new.email = email
new.name = name
new.lastname = lastname
new.api_key = generate_api_key(username)
Session().add(new)
Session().commit()
response = self.app.post(
url(controller='login', action='password_reset'), {
'email': email,
})
self.checkSessionFlash(response, 'Your password reset link was sent')
response = response.follow()
# BAD KEY
key = "bad"
response = self.app.get(
url(controller='login',
action='password_reset_confirmation',
key=key))
self.assertEqual(response.status, '302 Found')
self.assertTrue(response.location.endswith(url('reset_password')))
# GOOD KEY
key = User.get_by_username(username).api_key
response = self.app.get(
url(controller='login',
action='password_reset_confirmation',
key=key))
self.assertEqual(response.status, '302 Found')
self.assertTrue(response.location.endswith(url('login_home')))
self.checkSessionFlash(response,
('Your password reset was successful, '
'new password has been sent to your email'))
response = response.follow()
def test_update_of_ancestor_reference(self, backend, csrf_token):
commits = [
{'message': 'ancestor'},
{'message': 'change'},
{'message': 'change-2'},
{'message': 'ancestor-new', 'parents': ['ancestor']},
{'message': 'change-rebased'},
]
commit_ids = backend.create_master_repo(commits)
target = backend.create_repo(heads=['ancestor'])
source = backend.create_repo(heads=['change'])
# create pr from a in source to A in target
pull_request = PullRequest()
pull_request.source_repo = source
# TODO: johbo: Make sure that we write the source ref this way!
pull_request.source_ref = 'branch:{branch}:{commit_id}'.format(
branch=backend.default_branch_name,
commit_id=commit_ids['change'])
pull_request.target_repo = target
# TODO: johbo: Target ref should be branch based, since tip can jump
# from branch to branch
pull_request.target_ref = 'branch:{branch}:{commit_id}'.format(
branch=backend.default_branch_name,
commit_id=commit_ids['ancestor'])
pull_request.revisions = [commit_ids['change']]
pull_request.title = u"Test"
pull_request.description = u"Description"
pull_request.author = UserModel().get_by_username(
TEST_USER_ADMIN_LOGIN)
Session().add(pull_request)
Session().commit()
pull_request_id = pull_request.pull_request_id
# target has ancestor - ancestor-new
# source has ancestor - ancestor-new - change-rebased
backend.pull_heads(target, heads=['ancestor-new'])
backend.pull_heads(source, heads=['change-rebased'])
# update PR
self.app.post(
url(controller='pullrequests', action='update',
repo_name=target.repo_name,
pull_request_id=str(pull_request_id)),
params={'update_commits': 'true', '_method': 'put',
'csrf_token': csrf_token},
status=200)
# Expect the target reference to be updated correctly
pull_request = PullRequest.get(pull_request_id)
assert pull_request.revisions == [commit_ids['change-rebased']]
expected_target_ref = 'branch:{branch}:{commit_id}'.format(
branch=backend.default_branch_name,
commit_id=commit_ids['ancestor-new'])
assert pull_request.target_ref == expected_target_ref
def test_repo_group_user_as_user_group_member(self):
# create Group1
self.g1 = fixture.create_group('group1', skip_if_exists=True)
a1_auth = AuthUser(user_id=self.anon.user_id)
self.assertEqual(a1_auth.permissions['repositories_groups'],
{u'group1': u'group.read'})
# set default permission to none
ReposGroupModel().grant_user_permission(repos_group=self.g1,
user=self.anon,
perm='group.none')
# make group
self.ug1 = UserGroupModel().create('G1')
# add user to group
UserGroupModel().add_user_to_group(self.ug1, self.u1)
Session().commit()
# check if user is in the group
membrs = [
x.user_id
for x in UserGroupModel().get(self.ug1.users_group_id).members
]
self.assertEqual(membrs, [self.u1.user_id])
# add some user to that group
# check his permissions
a1_auth = AuthUser(user_id=self.anon.user_id)
self.assertEqual(a1_auth.permissions['repositories_groups'],
{u'group1': u'group.none'})
u1_auth = AuthUser(user_id=self.u1.user_id)
self.assertEqual(u1_auth.permissions['repositories_groups'],
{u'group1': u'group.none'})
# grant ug1 read permissions for
ReposGroupModel().grant_users_group_permission(repos_group=self.g1,
group_name=self.ug1,
perm='group.read')
Session().commit()
# check if the
obj = Session().query(UserGroupRepoGroupToPerm)\
.filter(UserGroupRepoGroupToPerm.group == self.g1)\
.filter(UserGroupRepoGroupToPerm.users_group == self.ug1)\
.scalar()
self.assertEqual(obj.permission.permission_name, 'group.read')
a1_auth = AuthUser(user_id=self.anon.user_id)
self.assertEqual(a1_auth.permissions['repositories_groups'],
{u'group1': u'group.none'})
u1_auth = AuthUser(user_id=self.u1.user_id)
self.assertEqual(u1_auth.permissions['repositories_groups'],
{u'group1': u'group.read'})
def _update_patterns(self, form, repo_settings):
for uid in form['delete_patterns']:
repo_settings.delete_entries(uid)
for pattern in form['patterns']:
for setting, value, type_ in pattern:
sett = repo_settings.create_or_update_setting(
setting, value, type_)
Session().add(sett)
Session().commit()
def test_value_is_set(self, repo_stub):
model = VcsSettingsModel(repo=repo_stub.repo_name)
model.inherit_global_settings = False
setting = model.repo_settings.get_setting_by_name(
VcsSettingsModel.INHERIT_SETTINGS)
try:
assert setting.app_settings_type == 'bool'
assert setting.app_settings_value is False
finally:
Session().delete(setting)
Session().commit()
def disable_locking(pylonsapp):
r = Repository.get_by_repo_name(GIT_REPO)
Repository.unlock(r)
r.enable_locking = False
Session().add(r)
Session().commit()
r = Repository.get_by_repo_name(HG_REPO)
Repository.unlock(r)
r.enable_locking = False
Session().add(r)
Session().commit()
def update_global_perms(self, user_group_id):
"""PUT /users_perm/user_group_id: Update an existing item"""
# url('users_group_perm', user_group_id=ID, method='put')
user_group_id = safe_int(user_group_id)
user_group = UserGroup.get_or_404(user_group_id)
c.active = 'global_perms'
try:
# first stage that verifies the checkbox
_form = UserIndividualPermissionsForm()
form_result = _form.to_python(dict(request.POST))
inherit_perms = form_result['inherit_default_permissions']
user_group.inherit_default_permissions = inherit_perms
Session().add(user_group)
if not inherit_perms:
# only update the individual ones if we un check the flag
_form = UserPermissionsForm(
[x[0] for x in c.repo_create_choices],
[x[0] for x in c.repo_create_on_write_choices],
[x[0] for x in c.repo_group_create_choices],
[x[0] for x in c.user_group_create_choices],
[x[0] for x in c.fork_choices],
[x[0] for x in c.inherit_default_permission_choices])()
form_result = _form.to_python(dict(request.POST))
form_result.update(
{'perm_user_group_id': user_group.users_group_id})
PermissionModel().update_user_group_permissions(form_result)
Session().commit()
h.flash(_('User Group global permissions updated successfully'),
category='success')
except formencode.Invalid as errors:
defaults = errors.value
c.user_group = user_group
return htmlfill.render(
render('admin/user_groups/user_group_edit.html'),
defaults=defaults,
errors=errors.error_dict or {},
prefix_error=False,
encoding="UTF-8",
force_defaults=False)
except Exception:
log.exception("Exception during permissions saving")
h.flash(_('An error occurred during permissions saving'),
category='error')
return redirect(
url('edit_user_group_global_perms', user_group_id=user_group_id))
def test_update_source_revision(self, backend, csrf_token):
commits = [
{'message': 'ancestor'},
{'message': 'change'},
{'message': 'change-2'},
]
commit_ids = backend.create_master_repo(commits)
target = backend.create_repo(heads=['ancestor'])
source = backend.create_repo(heads=['change'])
# create pr from a in source to A in target
pull_request = PullRequest()
pull_request.source_repo = source
# TODO: johbo: Make sure that we write the source ref this way!
pull_request.source_ref = 'branch:{branch}:{commit_id}'.format(
branch=backend.default_branch_name, commit_id=commit_ids['change'])
pull_request.target_repo = target
pull_request.target_ref = 'branch:{branch}:{commit_id}'.format(
branch=backend.default_branch_name,
commit_id=commit_ids['ancestor'])
pull_request.revisions = [commit_ids['change']]
pull_request.title = u"Test"
pull_request.description = u"Description"
pull_request.author = UserModel().get_by_username(
TEST_USER_ADMIN_LOGIN)
Session().add(pull_request)
Session().commit()
pull_request_id = pull_request.pull_request_id
# source has ancestor - change - change-2
backend.pull_heads(source, heads=['change-2'])
# update PR
self.app.post(
url(controller='pullrequests', action='update',
repo_name=target.repo_name,
pull_request_id=str(pull_request_id)),
params={'update_commits': 'true', '_method': 'put',
'csrf_token': csrf_token})
# check that we have now both revisions
pull_request = PullRequest.get(pull_request_id)
assert pull_request.revisions == [
commit_ids['change-2'], commit_ids['change']]
# TODO: johbo: this should be a test on its own
response = self.app.get(url(
controller='pullrequests', action='index',
repo_name=target.repo_name))
assert response.status_int == 200
assert 'Pull request updated to' in response.body
assert 'with 1 added, 0 removed commits.' in response.body
def cleanup():
defaults = SettingsModel().get_all_settings()
entries = [name for name in defaults if (
(self.uid in name) or (self.another_uid) in name)]
start = len(self.RC_PREFIX)
for del_key in entries:
# TODO: anderson: get_by_name needs name without prefix
entry = SettingsModel().get_setting_by_name(del_key[start:])
Session().delete(entry)
Session().commit()
def _destroy_project_tree(test_u1_id):
Session.remove()
repos_group = RepoGroup.get_by_group_name(group_name='g0')
for el in reversed(repos_group.recursive_groups_and_repos()):
if isinstance(el, Repository):
RepoModel().delete(el)
elif isinstance(el, RepoGroup):
ReposGroupModel().delete(el, force_delete=True)
u = User.get(test_u1_id)
Session().delete(u)
Session().commit()
def setUp(self):
r = Repository.get_by_repo_name(GIT_REPO)
Repository.unlock(r)
r.enable_locking = False
Session().add(r)
Session().commit()
r = Repository.get_by_repo_name(HG_REPO)
Repository.unlock(r)
r.enable_locking = False
Session().add(r)
Session().commit()
def reset_password(self, data):
from rhodecode.lib.celerylib import tasks, run_task
from rhodecode.model.notification import EmailNotificationModel
from rhodecode.lib import auth
user_email = data['email']
pre_db = True
try:
user = User.get_by_email(user_email)
new_passwd = auth.PasswordGenerator().gen_password(
12, auth.PasswordGenerator.ALPHABETS_BIG_SMALL)
if user:
user.password = auth.get_crypt_password(new_passwd)
# also force this user to reset his password !
user.update_userdata(force_password_change=True)
Session().add(user)
Session().commit()
log.info('change password for %s', user_email)
if new_passwd is None:
raise Exception('unable to generate new password')
pre_db = False
email_kwargs = {
'new_password': new_passwd,
'user': user,
'email': user_email,
'date': datetime.datetime.now()
}
(subject, headers, email_body,
email_body_plaintext) = EmailNotificationModel().render_email(
EmailNotificationModel.TYPE_PASSWORD_RESET_CONFIRMATION, **email_kwargs)
recipients = [user_email]
action_logger_generic(
'sent new password to user: {} with email: {}'.format(
user, user_email), namespace='security.password_reset')
run_task(tasks.send_email, recipients, subject,
email_body_plaintext, email_body)
except Exception:
log.error('Failed to update user password')
log.error(traceback.format_exc())
if pre_db:
# we rollback only if local db stuff fails. If it goes into
# run_task, we're pass rollback state this wouldn't work then
Session().rollback()
return True
