def test_import_user_key(self, namespace=None):
"""Testing SSHClient.import_user_key"""
self._set_home(self.tempdir)
client = SSHClient(namespace=namespace)
client.import_user_key(self.key1)
self.assertEqual(client.get_user_key(), self.key1)
def ssh_settings(request, template_name='admin/ssh_settings.html'):
client = SSHClient()
key = client.get_user_key()
if request.method == 'POST':
form = SSHSettingsForm(request.POST, request.FILES)
if form.is_valid():
if form.did_request_delete() and client.get_user_key() is not None:
try:
form.delete()
return HttpResponseRedirect('.')
except Exception as e:
logging.error('Deleting SSH key failed: %s' % e)
else:
try:
form.create(request.FILES)
return HttpResponseRedirect('.')
except Exception as e:
# Fall through. It will be reported inline and in the log.
logging.error('Uploading SSH key failed: %s' % e)
else:
form = SSHSettingsForm()
if key:
fingerprint = humanize_key(key)
else:
fingerprint = None
return render_to_response(template_name, RequestContext(request, {
'key': key,
'fingerprint': fingerprint,
'public_key': client.get_public_key(key),
'form': form,
}))
def _check_repository(self, scmtool_class, path, username, password,
local_site, trust_host, ret_cert, request):
if local_site:
local_site_name = local_site.name
else:
local_site_name = None
while 1:
# Keep doing this until we have an error we don't want
# to ignore, or it's successful.
try:
scmtool_class.check_repository(path, username, password,
local_site_name)
return None
except RepositoryNotFoundError:
return MISSING_REPOSITORY
except BadHostKeyError, e:
if trust_host:
try:
client = SSHClient(namespace=local_site_name)
client.replace_host_key(e.hostname,
e.raw_expected_key,
e.raw_key)
except IOError, e:
return SERVER_CONFIG_ERROR, {
'reason': str(e),
}
else:
return BAD_HOST_KEY, {
'hostname': e.hostname,
'expected_key': e.raw_expected_key.get_base64(),
'key': e.raw_key.get_base64(),
}
def test_import_user_key(self, namespace=None):
"""Testing SSHClient.import_user_key"""
self._set_home(self.tempdir)
client = SSHClient(namespace=namespace)
client.import_user_key(test_keys.rsa_key)
self.assertEqual(client.get_user_key(), test_keys.rsa_key)
def ssh_settings(request, template_name='admin/ssh_settings.html'):
client = SSHClient()
key = client.get_user_key()
if request.method == 'POST':
form = SSHSettingsForm(request.POST, request.FILES)
if form.is_valid():
if form.did_request_delete() and client.get_user_key() is not None:
try:
form.delete()
return HttpResponseRedirect('.')
except Exception as e:
logging.error('Deleting SSH key failed: %s' % e)
else:
try:
form.create(request.FILES)
return HttpResponseRedirect('.')
except Exception as e:
# Fall through. It will be reported inline and in the log.
logging.error('Uploading SSH key failed: %s' % e)
else:
form = SSHSettingsForm()
if key:
fingerprint = humanize_key(key)
else:
fingerprint = None
return render_to_response(template_name, RequestContext(request, {
'key': key,
'fingerprint': fingerprint,
'public_key': client.get_public_key(key),
'form': form,
}))
def create(self, files):
if self.cleaned_data['generate_key']:
try:
SSHClient().generate_user_key()
except IOError as e:
self.errors['generate_key'] = forms.util.ErrorList([
_('Unable to write SSH key file: %s') % e
])
raise
except Exception as e:
self.errors['generate_key'] = forms.util.ErrorList([
_('Error generating SSH key: %s') % e
])
raise
elif self.cleaned_data['keyfile']:
try:
SSHClient().import_user_key(files['keyfile'])
except IOError as e:
self.errors['keyfile'] = forms.util.ErrorList([
_('Unable to write SSH key file: %s') % e
])
raise
except Exception as e:
self.errors['keyfile'] = forms.util.ErrorList([
_('Error uploading SSH key: %s') % e
])
raise
def check_host(netloc, username=None, password=None, namespace=None):
"""
Checks if we can connect to a host with a known key.
This will raise an exception if we cannot connect to the host. The
exception will be one of BadHostKeyError, UnknownHostKeyError, or
SCMError.
"""
from django.conf import settings
client = SSHClient(namespace=namespace)
client.set_missing_host_key_policy(RaiseUnknownHostKeyPolicy())
kwargs = {}
if ':' in netloc:
hostname, port = netloc.split(':')
try:
port = int(port)
except ValueError:
raise SSHInvalidPortError(port)
else:
hostname = netloc
port = SSH_PORT
# We normally want to notify on unknown host keys, but not when running
# unit tests.
if getattr(settings, 'RUNNING_TEST', False):
client.set_missing_host_key_policy(paramiko.WarningPolicy())
kwargs['allow_agent'] = False
try:
client.connect(hostname,
port,
username=username,
password=password,
pkey=client.get_user_key(),
**kwargs)
except paramiko.BadHostKeyException as e:
raise BadHostKeyError(e.hostname, e.key, e.expected_key)
except paramiko.AuthenticationException as e:
# Some AuthenticationException instances have allowed_types set,
# and some don't.
allowed_types = getattr(e, 'allowed_types', [])
if 'publickey' in allowed_types:
key = client.get_user_key()
else:
key = None
raise SSHAuthenticationError(allowed_types=allowed_types, user_key=key)
except paramiko.SSHException as e:
msg = six.text_type(e)
if msg == 'No authentication methods available':
raise SSHAuthenticationError
else:
raise SSHError(msg)
def test_generate_user_key(self, namespace=None):
"""Testing SSHClient.generate_user_key"""
self._set_home(self.tempdir)
client = SSHClient(namespace=namespace)
key = client.generate_user_key(bits=1024)
key_file = os.path.join(client.storage.get_ssh_dir(), 'id_rsa')
self.assertTrue(os.path.exists(key_file))
self.assertEqual(client.get_user_key(), key)
def test_generate_user_key(self, namespace=None):
"""Testing SSHClient.generate_user_key"""
self._set_home(self.tempdir)
client = SSHClient(namespace=namespace)
key = client.generate_user_key(bits=1024)
key_file = os.path.join(client.storage.get_ssh_dir(), 'id_rsa')
self.assertTrue(os.path.exists(key_file))
self.assertEqual(client.get_user_key(), key)
def check_host(hostname, username=None, password=None, namespace=None):
"""
Checks if we can connect to a host with a known key.
This will raise an exception if we cannot connect to the host. The
exception will be one of BadHostKeyError, UnknownHostKeyError, or
SCMError.
"""
from django.conf import settings
client = SSHClient(namespace=namespace)
client.set_missing_host_key_policy(RaiseUnknownHostKeyPolicy())
kwargs = {}
# We normally want to notify on unknown host keys, but not when running
# unit tests.
if getattr(settings, 'RUNNING_TEST', False):
client.set_missing_host_key_policy(paramiko.WarningPolicy())
kwargs['allow_agent'] = False
try:
client.connect(hostname,
username=username,
password=password,
pkey=client.get_user_key(),
**kwargs)
except paramiko.BadHostKeyException, e:
raise BadHostKeyError(e.hostname, e.key, e.expected_key)
def setUp(self):
super(SSHSettingsFormTestCase, self).setUp()
# Setup temp directory to prevent the original ssh related
# configurations been overwritten.
self.old_home = os.getenv('HOME')
self.tempdir = tempfile.mkdtemp(prefix='rb-tests-home-')
os.environ['RBSSH_ALLOW_AGENT'] = '0'
self._set_home(self.tempdir)
self.ssh_client = SSHClient()
def setUp(self):
# Setup temp directory to prevent the original ssh related
# configurations been overwritten.
self.old_home = os.getenv('HOME')
self.tempdir = tempfile.mkdtemp(prefix='rb-tests-home-')
os.environ['RBSSH_ALLOW_AGENT'] = '0'
self._set_home(self.tempdir)
# Init client for http request, ssh_client for ssh config manipulation.
self.client = Client()
self.ssh_client = SSHClient()
def ssh_settings(request, template_name='admin/ssh_settings.html'):
client = SSHClient()
key = client.get_user_key()
if request.method == 'POST':
form = SSHSettingsForm(request.POST, request.FILES)
if form.is_valid():
try:
form.create(request.FILES)
return HttpResponseRedirect('.')
except Exception, e:
# Fall through. It will be reported inline and in the log.
logging.error('Uploading SSH key failed: %s' % e)
def check_host(hostname, username=None, password=None, namespace=None):
"""
Checks if we can connect to a host with a known key.
This will raise an exception if we cannot connect to the host. The
exception will be one of BadHostKeyError, UnknownHostKeyError, or
SCMError.
"""
from django.conf import settings
client = SSHClient(namespace=namespace)
client.set_missing_host_key_policy(RaiseUnknownHostKeyPolicy())
kwargs = {}
# We normally want to notify on unknown host keys, but not when running
# unit tests.
if getattr(settings, 'RUNNING_TEST', False):
client.set_missing_host_key_policy(paramiko.WarningPolicy())
kwargs['allow_agent'] = False
try:
client.connect(hostname, username=username, password=password,
pkey=client.get_user_key(), **kwargs)
except paramiko.BadHostKeyException, e:
raise BadHostKeyError(e.hostname, e.key, e.expected_key)
def check_host(netloc, username=None, password=None, namespace=None):
"""
Checks if we can connect to a host with a known key.
This will raise an exception if we cannot connect to the host. The
exception will be one of BadHostKeyError, UnknownHostKeyError, or
SCMError.
"""
from django.conf import settings
client = SSHClient(namespace=namespace)
client.set_missing_host_key_policy(RaiseUnknownHostKeyPolicy())
kwargs = {}
if ':' in netloc:
hostname, port = netloc.split(':')
try:
port = int(port)
except ValueError:
raise SSHInvalidPortError(port)
else:
hostname = netloc
port = SSH_PORT
# We normally want to notify on unknown host keys, but not when running
# unit tests.
if getattr(settings, 'RUNNING_TEST', False):
client.set_missing_host_key_policy(paramiko.WarningPolicy())
kwargs['allow_agent'] = False
try:
client.connect(hostname, port, username=username, password=password,
pkey=client.get_user_key(), **kwargs)
except paramiko.BadHostKeyException as e:
raise BadHostKeyError(e.hostname, e.key, e.expected_key)
except paramiko.AuthenticationException as e:
# Some AuthenticationException instances have allowed_types set,
# and some don't.
allowed_types = getattr(e, 'allowed_types', [])
if 'publickey' in allowed_types:
key = client.get_user_key()
else:
key = None
raise SSHAuthenticationError(allowed_types=allowed_types, user_key=key)
except paramiko.SSHException as e:
msg = six.text_type(e)
if msg == 'No authentication methods available':
raise SSHAuthenticationError
else:
raise SSHError(msg)
def test_add_host_key(self, namespace=None):
"""Testing SSHClient.add_host_key"""
self._set_home(self.tempdir)
client = SSHClient(namespace=namespace)
client.add_host_key('example.com', self.key1)
known_hosts_file = client.storage.get_host_keys_filename()
self.assertTrue(os.path.exists(known_hosts_file))
with open(known_hosts_file, 'r') as f:
lines = f.readlines()
self.assertEqual(len(lines), 1)
self.assertEqual(lines[0].split(),
['example.com', self.key1.get_name(), self.key1_b64])
def test_add_host_key(self, namespace=None):
"""Testing SSHClient.add_host_key"""
self._set_home(self.tempdir)
client = SSHClient(namespace=namespace)
client.add_host_key('example.com', self.key1)
known_hosts_file = client.storage.get_host_keys_filename()
self.assertTrue(os.path.exists(known_hosts_file))
with open(known_hosts_file, 'r') as f:
lines = f.readlines()
self.assertEqual(len(lines), 1)
self.assertEqual(lines[0].split(),
['example.com', self.key1.get_name(), self.key1_b64])
def create(self, files):
"""Generate or import an SSH key.
This will generate a new SSH key if :py:attr:`generate_key` was set
to ``True``. Otherwise, a if :py:attr:`keyfile` was provided, its
corresponding file upload will be used as the new key.
In either case, the key will be validated, and if validation fails,
an error will be set for the appropriate field.
Args:
files (django.utils.datastructures.MultiValueDict):
The files uploaded in the request. This may contain a
``keyfile`` entry representing a key to upload.
Raises:
Exception:
There was an error generating or importing a key. The form
will have a suitable error for the field triggering the
error.
"""
if self.cleaned_data['generate_key']:
try:
SSHClient().generate_user_key()
except IOError as e:
self.add_error(
'generate_key',
ugettext('Unable to write SSH key file: %s') % e)
raise
except Exception as e:
self.add_error(
'generate_key',
ugettext('Error generating SSH key: %s') % e)
raise
elif self.cleaned_data['upload_key']:
try:
SSHClient().import_user_key(files['keyfile'])
except IOError as e:
self.add_error(
'keyfile',
ugettext('Unable to write SSH key file: %s') % e)
raise
except Exception as e:
self.add_error(
'keyfile',
ugettext('Error uploading SSH key: %s') % e)
raise
def delete(self):
"""Try to delete the user SSH key upon request."""
if self.cleaned_data['delete_key']:
try:
SSHClient().delete_user_key()
except Exception as e:
self.errors['delete_key'] = forms.util.ErrorList(
[_('Unable to delete SSH key file: %s') % e])
raise
def setUp(self):
# Setup temp directory to prevent the original ssh related
# configurations been overwritten.
self.old_home = os.getenv('HOME')
self.tempdir = tempfile.mkdtemp(prefix='rb-tests-home-')
os.environ['RBSSH_ALLOW_AGENT'] = '0'
self._set_home(self.tempdir)
# Init client for http request, ssh_client for ssh config manipulation.
self.client = Client()
self.ssh_client = SSHClient()
def setUp(self):
super(SSHSettingsFormTestCase, self).setUp()
# Setup temp directory to prevent the original ssh related
# configurations been overwritten.
self.old_home = os.getenv('HOME')
self.tempdir = tempfile.mkdtemp(prefix='rb-tests-home-')
os.environ['RBSSH_ALLOW_AGENT'] = '0'
self._set_home(self.tempdir)
self.ssh_client = SSHClient()
def ssh_settings(request, template_name='admin/ssh_settings.html'):
"""Render the SSH settings page."""
client = SSHClient()
key = client.get_user_key()
if request.method == 'POST':
form = SSHSettingsForm(request.POST, request.FILES)
if form.is_valid():
if form.did_request_delete() and client.get_user_key() is not None:
try:
form.delete()
return HttpResponseRedirect('.')
except Exception as e:
logger.error('Deleting SSH key failed: %s' % e)
else:
try:
form.create(request.FILES)
return HttpResponseRedirect('.')
except Exception as e:
# Fall through. It will be reported inline and in the log.
logger.error('Uploading SSH key failed: %s' % e)
else:
form = SSHSettingsForm()
if key:
fingerprint = humanize_key(key)
else:
fingerprint = None
return render(request=request,
template_name=template_name,
context={
'has_file_field': True,
'key': key,
'fingerprint': fingerprint,
'public_key':
client.get_public_key(key).replace('\n', ''),
'form': form,
})
def test_delete_user_key(self, namespace=None):
"""Testing SSHClient.delete_user_key"""
self._set_home(self.tempdir)
client = SSHClient(namespace=namespace)
client.import_user_key(test_keys.rsa_key)
key_file = os.path.join(client.storage.get_ssh_dir(), 'id_rsa')
self.assertTrue(os.path.exists(key_file))
self.assertEqual(client.get_user_key(), test_keys.rsa_key)
client.delete_user_key()
self.assertFalse(os.path.exists(key_file))
def delete(self):
"""Delete the configured SSH user key.
This will only delete the key if :py:attr:`delete_key` was set.
Raises:
Exception:
There was an unexpected error deleting the key. A validation
error will be set for the ``delete_key`` field.
"""
if self.did_request_delete():
try:
SSHClient().delete_user_key()
except Exception as e:
self.errors['delete_key'] = forms.util.ErrorList(
[ugettext('Unable to delete SSH key file: %s') % e])
raise
def test_delete_user_key(self, namespace=None):
"""Testing SSHClient.delete_user_key"""
self._set_home(self.tempdir)
client = SSHClient(namespace=namespace)
client.import_user_key(self.key1)
key_file = os.path.join(client.storage.get_ssh_dir(), 'id_rsa')
self.assertTrue(os.path.exists(key_file))
self.assertEqual(client.get_user_key(), self.key1)
client.delete_user_key()
self.assertFalse(os.path.exists(key_file))
def _check_can_test_ssh(self):
"""Check whether SSH-based tests can be run.
This will check if the user's SSH keys is authorized by the local
machine, for authentication. If so, SSH-based tests can be attempted.
If SSH-based tests cannot be run, the current test will be flagged
as skipped.
"""
if SCMTestCase._can_test_ssh is None:
SCMTestCase.ssh_client = SSHClient()
key = self.ssh_client.get_user_key()
SCMTestCase._can_test_ssh = \
key is not None and self.ssh_client.is_key_authorized(key)
if not SCMTestCase._can_test_ssh:
raise nose.SkipTest(
"Cannot perform SSH access tests. The local user's SSH "
"public key must be in the %s file and SSH must be enabled."
% os.path.join(self.ssh_client.storage.get_ssh_dir(),
'authorized_keys'))
class SSHSettingsFormTestCase(TestCase):
"""Unit tests for SSHSettingsForm in /admin/forms.py"""
fixtures = ['test_users']
def setUp(self):
super(SSHSettingsFormTestCase, self).setUp()
# Setup temp directory to prevent the original ssh related
# configurations been overwritten.
self.old_home = os.getenv('HOME')
self.tempdir = tempfile.mkdtemp(prefix='rb-tests-home-')
os.environ['RBSSH_ALLOW_AGENT'] = '0'
self._set_home(self.tempdir)
self.ssh_client = SSHClient()
def tearDown(self):
super(SSHSettingsFormTestCase, self).tearDown()
self._set_home(self.old_home)
if self.tempdir:
shutil.rmtree(self.tempdir)
def _set_home(self, homedir):
os.environ['HOME'] = homedir
def test_generate_key(self):
"""Testing SSHSettingsForm POST with generate_key=1"""
# Should have no ssh key at this point.
self.assertEqual(self.ssh_client.get_user_key(), None)
# Send post request with 'generate_key' = 1.
self.client.login(username='******', password='******')
response = self.client.post(local_site_reverse('settings-ssh'), {
'generate_key': 1,
})
# On success, the form returns HTTP 302 (redirect).
self.assertEqual(response.status_code, 302)
# Check whether the key has been created.
self.assertNotEqual(self.ssh_client.get_user_key(), None)
def test_delete_key(self):
"""Testing SSHSettingsForm POST with delete_key=1"""
# Should have no ssh key at this point, generate one.
self.assertEqual(self.ssh_client.get_user_key(), None)
self.ssh_client.generate_user_key()
self.assertNotEqual(self.ssh_client.get_user_key(), None)
# Send post request with 'delete_key' = 1.
self.client.login(username='******', password='******')
response = self.client.post(local_site_reverse('settings-ssh'), {
'delete_key': 1,
})
# On success, the form returns HTTP 302 (redirect).
self.assertEqual(response.status_code, 302)
# Check whether the key has been deleted.
self.assertEqual(self.ssh_client.get_user_key(), None)
def _test_ssh_with_site(self, repo_path, filename=None):
"""Helper for testing an SSH connection and using a Local Site.
This will attempt to SSH into the local machine and connect to the
given repository, using an SSH key and repository based on a Local
Site. It will check the repository for validity and optionally fetch
a file.
If this is unable to connect to the local machine, the test will be
flagged as skipped.
Args:
repo_path (unicode):
The repository path to check.
filename (unicode, optional):
The optional file in the repository to fetch.
"""
self._check_can_test_ssh()
# Get the user's .ssh key, for use in the tests
user_key = self.ssh_client.get_user_key()
self.assertNotEqual(user_key, None)
# Switch to a new SSH directory.
self.tempdir = mkdtemp(prefix='rb-tests-home-')
sshdir = os.path.join(self.tempdir, '.ssh')
self._set_home(self.tempdir)
self.assertEqual(sshdir, self.ssh_client.storage.get_ssh_dir())
self.assertFalse(os.path.exists(os.path.join(sshdir, 'id_rsa')))
self.assertFalse(os.path.exists(os.path.join(sshdir, 'id_dsa')))
self.assertEqual(self.ssh_client.get_user_key(), None)
tool_class = self.repository.tool
# Make sure we aren't using the old SSH key. We want auth errors.
repo = Repository(name='SSH Test', path=repo_path, tool=tool_class)
tool = repo.get_scmtool()
self.assertRaises(AuthenticationError,
lambda: tool.check_repository(repo_path))
if filename:
self.assertRaises(SCMError,
lambda: tool.get_file(filename, HEAD))
for local_site_name in ('site-1',):
local_site = LocalSite(name=local_site_name)
local_site.save()
repo = Repository(name='SSH Test', path=repo_path, tool=tool_class,
local_site=local_site)
tool = repo.get_scmtool()
ssh_client = SSHClient(namespace=local_site_name)
self.assertEqual(ssh_client.storage.get_ssh_dir(),
os.path.join(sshdir, local_site_name))
ssh_client.import_user_key(user_key)
self.assertEqual(ssh_client.get_user_key(), user_key)
# Make sure we can verify the repository and access files.
tool.check_repository(repo_path, local_site_name=local_site_name)
if filename:
self.assertNotEqual(tool.get_file(filename, HEAD), None)
def __init__(self, *args, **kwargs):
self.local_site_name = kwargs.pop('local_site_name', None)
super(RepositoryForm, self).__init__(*args, **kwargs)
self.hostkeyerror = None
self.certerror = None
self.userkeyerror = None
self.hosting_account_linked = False
self.local_site = None
self.repository_forms = {}
self.bug_tracker_forms = {}
self.hosting_service_info = {}
self.validate_repository = True
self.cert = None
# Determine the local_site that will be associated with any
# repository coming from this form.
#
# We're careful to disregard any local_sites that are specified
# from the form data. The caller needs to pass in a local_site_name
# to ensure that it will be used.
if self.local_site_name:
self.local_site = LocalSite.objects.get(name=self.local_site_name)
elif self.instance and self.instance.local_site:
self.local_site = self.instance.local_site
self.local_site_name = self.local_site.name
elif self.fields['local_site'].initial:
self.local_site = self.fields['local_site'].initial
self.local_site_name = self.local_site.name
# Grab the entire list of HostingServiceAccounts that can be
# used by this form. When the form is actually being used by the
# user, the listed accounts will consist only of the ones available
# for the selected hosting service.
hosting_accounts = HostingServiceAccount.objects.accessible(
local_site=self.local_site)
self.fields['hosting_account'].queryset = hosting_accounts
# Standard forms don't support 'instance', so don't pass it through
# to any created hosting service forms.
if 'instance' in kwargs:
kwargs.pop('instance')
# Load the list of repository forms and hosting services.
hosting_service_choices = []
bug_tracker_choices = []
for hosting_service_id, hosting_service in get_hosting_services():
if hosting_service.supports_repositories:
hosting_service_choices.append((hosting_service_id,
hosting_service.name))
if hosting_service.supports_bug_trackers:
bug_tracker_choices.append((hosting_service_id,
hosting_service.name))
self.bug_tracker_forms[hosting_service_id] = {}
self.repository_forms[hosting_service_id] = {}
self.hosting_service_info[hosting_service_id] = {
'scmtools': hosting_service.supported_scmtools,
'plans': [],
'planInfo': {},
'self_hosted': hosting_service.self_hosted,
'needs_authorization': hosting_service.needs_authorization,
'supports_bug_trackers': hosting_service.supports_bug_trackers,
'supports_ssh_key_association':
hosting_service.supports_ssh_key_association,
'supports_two_factor_auth':
hosting_service.supports_two_factor_auth,
'needs_two_factor_auth_code': False,
'accounts': [
{
'pk': account.pk,
'hosting_url': account.hosting_url,
'username': account.username,
'is_authorized': account.is_authorized,
}
for account in hosting_accounts
if account.service_name == hosting_service_id
],
}
try:
if hosting_service.plans:
for type_id, info in hosting_service.plans:
form = info.get('form', None)
if form:
self._load_hosting_service(hosting_service_id,
hosting_service,
type_id,
info['name'],
form,
*args, **kwargs)
elif hosting_service.form:
self._load_hosting_service(hosting_service_id,
hosting_service,
self.DEFAULT_PLAN_ID,
self.DEFAULT_PLAN_NAME,
hosting_service.form,
*args, **kwargs)
except Exception as e:
logging.error('Error loading hosting service %s: %s'
% (hosting_service_id, e),
exc_info=1)
# Build the list of hosting service choices, sorted, with
# "None" being first.
hosting_service_choices.sort(key=lambda x: x[1])
hosting_service_choices.insert(0, (self.NO_HOSTING_SERVICE_ID,
self.NO_HOSTING_SERVICE_NAME))
self.fields['hosting_type'].choices = hosting_service_choices
# Now do the same for bug trackers, but have separate None and Custom
# entries.
bug_tracker_choices.sort(key=lambda x: x[1])
bug_tracker_choices.insert(0, (self.NO_BUG_TRACKER_ID,
self.NO_BUG_TRACKER_NAME))
bug_tracker_choices.insert(1, (self.CUSTOM_BUG_TRACKER_ID,
self.CUSTOM_BUG_TRACKER_NAME))
self.fields['bug_tracker_type'].choices = bug_tracker_choices
# Get the current SSH public key that would be used for repositories,
# if one has been created.
self.ssh_client = SSHClient(namespace=self.local_site_name)
ssh_key = self.ssh_client.get_user_key()
if ssh_key:
self.public_key = self.ssh_client.get_public_key(ssh_key)
self.public_key_str = '%s %s' % (
ssh_key.get_name(),
''.join(six.text_type(self.public_key).splitlines())
)
else:
self.public_key = None
self.public_key_str = ''
# If no SSH key has been created, disable the key association field.
if not self.public_key:
self.fields['associate_ssh_key'].help_text = \
self.NO_KEY_HELP_FMT % local_site_reverse(
'settings-ssh',
local_site_name=self.local_site_name)
self.fields['associate_ssh_key'].widget.attrs['disabled'] = \
'disabled'
if self.instance:
self._populate_repository_info_fields()
self._populate_hosting_service_fields()
self._populate_bug_tracker_fields()
def create(self, files):
if self.cleaned_data['generate_key']:
try:
SSHClient().generate_user_key()
except IOError, e:
self.errors['generate_key'] = forms.util.ErrorList(
[_('Unable to write SSH key file: %s') % e])
raise
except Exception, e:
self.errors['generate_key'] = forms.util.ErrorList(
[_('Error generating SSH key: %s') % e])
raise
elif self.cleaned_data['keyfile']:
try:
SSHClient().import_user_key(files['keyfile'])
except IOError, e:
self.errors['keyfile'] = forms.util.ErrorList(
[_('Unable to write SSH key file: %s') % e])
raise
except Exception, e:
self.errors['keyfile'] = forms.util.ErrorList(
[_('Error uploading SSH key: %s') % e])
raise
class Meta:
title = _('SSH Settings')
class StorageSettingsForm(SiteSettingsForm):
"""File storage backend settings for Review Board."""
class RepositoryForm(forms.ModelForm):
"""A form for creating and updating repositories.
This form provides an interface for creating and updating repositories,
handling the association with hosting services, linking accounts,
dealing with SSH keys and SSL certificates, and more.
"""
REPOSITORY_INFO_FIELDSET = _('Repository Information')
BUG_TRACKER_FIELDSET = _('Bug Tracker')
SSH_KEY_FIELDSET = _('Review Board Server SSH Key')
NO_HOSTING_SERVICE_ID = 'custom'
NO_HOSTING_SERVICE_NAME = _('(None - Custom Repository)')
NO_BUG_TRACKER_ID = 'none'
NO_BUG_TRACKER_NAME = _('(None)')
CUSTOM_BUG_TRACKER_ID = 'custom'
CUSTOM_BUG_TRACKER_NAME = _('(Custom Bug Tracker)')
IGNORED_SERVICE_IDS = ('none', 'custom')
DEFAULT_PLAN_ID = 'default'
DEFAULT_PLAN_NAME = _('Default')
# Host trust state
reedit_repository = forms.BooleanField(
label=_("Re-edit repository"),
required=False)
trust_host = forms.BooleanField(
label=_("I trust this host"),
required=False)
# Repository Hosting fields
hosting_type = forms.ChoiceField(
label=_("Hosting service"),
required=True,
initial=NO_HOSTING_SERVICE_ID)
hosting_url = forms.CharField(
label=_('Service URL'),
required=True,
widget=forms.TextInput(attrs={'size': 30}))
hosting_account = forms.ModelChoiceField(
label=_('Account'),
required=True,
empty_label=_('<Link a new account>'),
help_text=_("Link this repository to an account on the hosting "
"service. This username may be used as part of the "
"repository URL, depending on the hosting service and "
"plan."),
queryset=HostingServiceAccount.objects.none())
hosting_account_username = forms.CharField(
label=_('Account username'),
required=True,
widget=forms.TextInput(attrs={'size': 30, 'autocomplete': 'off'}))
hosting_account_password = forms.CharField(
label=_('Account password'),
required=True,
widget=forms.PasswordInput(attrs={'size': 30, 'autocomplete': 'off'}))
# Repository Information fields
tool = forms.ModelChoiceField(
label=_("Repository type"),
required=True,
empty_label=None,
queryset=Tool.objects.all())
repository_plan = forms.ChoiceField(
label=_('Repository plan'),
required=True,
help_text=_('The plan for your repository on this hosting service. '
'This must match what is set for your repository.'))
# Auto SSH key association field
associate_ssh_key = forms.BooleanField(
label=_('Associate my SSH key with the hosting service'),
required=False,
help_text=_('Add the Review Board public SSH key to the list of '
'authorized SSH keys on the hosting service.'))
NO_KEY_HELP_FMT = (_('This repository type supports SSH key association, '
'but the Review Board server does not have an SSH '
'key. <a href="%s">Add an SSH key.</a>'))
# Bug Tracker fields
bug_tracker_use_hosting = forms.BooleanField(
label=_("Use hosting service's bug tracker"),
initial=False,
required=False)
bug_tracker_type = forms.ChoiceField(
label=_("Type"),
required=True,
initial=NO_BUG_TRACKER_ID)
bug_tracker_hosting_url = forms.CharField(
label=_('URL'),
required=True,
widget=forms.TextInput(attrs={'size': 30}))
bug_tracker_plan = forms.ChoiceField(
label=_('Bug tracker plan'),
required=True)
bug_tracker_hosting_account_username = forms.CharField(
label=_('Account username'),
required=True,
widget=forms.TextInput(attrs={'size': 30, 'autocomplete': 'off'}))
bug_tracker = forms.CharField(
label=_("Bug tracker URL"),
max_length=256,
required=False,
widget=forms.TextInput(attrs={'size': '60'}),
help_text=(
_("The optional path to the bug tracker for this repository. The "
"path should resemble: http://www.example.com/issues?id=%%s, "
"where %%s will be the bug number.")
% ()), # We do this wacky formatting trick because otherwise
# xgettext gets upset that it sees a format string with
# positional arguments and will abort when trying to
# extract the message catalog.
validators=[validate_bug_tracker])
# Perforce-specific fields
use_ticket_auth = forms.BooleanField(
label=_("Use ticket-based authentication"),
initial=False,
required=False)
def __init__(self, *args, **kwargs):
self.local_site_name = kwargs.pop('local_site_name', None)
super(RepositoryForm, self).__init__(*args, **kwargs)
self.hostkeyerror = None
self.certerror = None
self.userkeyerror = None
self.hosting_account_linked = False
self.local_site = None
self.repository_forms = {}
self.bug_tracker_forms = {}
self.hosting_service_info = {}
self.validate_repository = True
self.cert = None
# Determine the local_site that will be associated with any
# repository coming from this form.
#
# We're careful to disregard any local_sites that are specified
# from the form data. The caller needs to pass in a local_site_name
# to ensure that it will be used.
if self.local_site_name:
self.local_site = LocalSite.objects.get(name=self.local_site_name)
elif self.instance and self.instance.local_site:
self.local_site = self.instance.local_site
self.local_site_name = self.local_site.name
elif self.fields['local_site'].initial:
self.local_site = self.fields['local_site'].initial
self.local_site_name = self.local_site.name
# Grab the entire list of HostingServiceAccounts that can be
# used by this form. When the form is actually being used by the
# user, the listed accounts will consist only of the ones available
# for the selected hosting service.
hosting_accounts = HostingServiceAccount.objects.accessible(
local_site=self.local_site)
self.fields['hosting_account'].queryset = hosting_accounts
# Standard forms don't support 'instance', so don't pass it through
# to any created hosting service forms.
if 'instance' in kwargs:
kwargs.pop('instance')
# Load the list of repository forms and hosting services.
hosting_service_choices = []
bug_tracker_choices = []
for hosting_service_id, hosting_service in get_hosting_services():
if hosting_service.supports_repositories:
hosting_service_choices.append((hosting_service_id,
hosting_service.name))
if hosting_service.supports_bug_trackers:
bug_tracker_choices.append((hosting_service_id,
hosting_service.name))
self.bug_tracker_forms[hosting_service_id] = {}
self.repository_forms[hosting_service_id] = {}
self.hosting_service_info[hosting_service_id] = {
'scmtools': hosting_service.supported_scmtools,
'plans': [],
'planInfo': {},
'self_hosted': hosting_service.self_hosted,
'needs_authorization': hosting_service.needs_authorization,
'supports_bug_trackers': hosting_service.supports_bug_trackers,
'supports_ssh_key_association':
hosting_service.supports_ssh_key_association,
'accounts': [
{
'pk': account.pk,
'hosting_url': account.hosting_url,
'username': account.username,
'is_authorized': account.is_authorized,
}
for account in hosting_accounts
if account.service_name == hosting_service_id
],
}
try:
if hosting_service.plans:
for type_id, info in hosting_service.plans:
form = info.get('form', None)
if form:
self._load_hosting_service(hosting_service_id,
hosting_service,
type_id,
info['name'],
form,
*args, **kwargs)
elif hosting_service.form:
self._load_hosting_service(hosting_service_id,
hosting_service,
self.DEFAULT_PLAN_ID,
self.DEFAULT_PLAN_NAME,
hosting_service.form,
*args, **kwargs)
except Exception as e:
logging.error('Error loading hosting service %s: %s'
% (hosting_service_id, e),
exc_info=1)
# Build the list of hosting service choices, sorted, with
# "None" being first.
hosting_service_choices.sort(key=lambda x: x[1])
hosting_service_choices.insert(0, (self.NO_HOSTING_SERVICE_ID,
self.NO_HOSTING_SERVICE_NAME))
self.fields['hosting_type'].choices = hosting_service_choices
# Now do the same for bug trackers, but have separate None and Custom
# entries.
bug_tracker_choices.sort(key=lambda x: x[1])
bug_tracker_choices.insert(0, (self.NO_BUG_TRACKER_ID,
self.NO_BUG_TRACKER_NAME))
bug_tracker_choices.insert(1, (self.CUSTOM_BUG_TRACKER_ID,
self.CUSTOM_BUG_TRACKER_NAME))
self.fields['bug_tracker_type'].choices = bug_tracker_choices
# Get the current SSH public key that would be used for repositories,
# if one has been created.
self.ssh_client = SSHClient(namespace=self.local_site_name)
ssh_key = self.ssh_client.get_user_key()
if ssh_key:
self.public_key = self.ssh_client.get_public_key(ssh_key)
self.public_key_str = '%s %s' % (
ssh_key.get_name(),
''.join(str(self.public_key).splitlines())
)
else:
self.public_key = None
self.public_key_str = ''
# If no SSH key has been created, disable the key association field.
if not self.public_key:
self.fields['associate_ssh_key'].help_text = \
self.NO_KEY_HELP_FMT % local_site_reverse(
'settings-ssh',
local_site_name=self.local_site_name)
self.fields['associate_ssh_key'].widget.attrs['disabled'] = \
'disabled'
if self.instance:
self._populate_repository_info_fields()
self._populate_hosting_service_fields()
self._populate_bug_tracker_fields()
def _load_hosting_service(self, hosting_service_id, hosting_service,
repo_type_id, repo_type_label, form_class,
*args, **kwargs):
"""Loads a hosting service form.
The form will be instantiated and added to the list of forms to be
rendered, cleaned, loaded, and saved.
"""
plan_info = {}
if hosting_service.supports_repositories:
form = form_class(self.data or None)
self.repository_forms[hosting_service_id][repo_type_id] = form
if self.instance:
form.load(self.instance)
if hosting_service.supports_bug_trackers:
form = form_class(self.data or None, prefix='bug_tracker')
self.bug_tracker_forms[hosting_service_id][repo_type_id] = form
plan_info['bug_tracker_requires_username'] = \
hosting_service.get_bug_tracker_requires_username(repo_type_id)
if self.instance:
form.load(self.instance)
hosting_info = self.hosting_service_info[hosting_service_id]
hosting_info['planInfo'][repo_type_id] = plan_info
hosting_info['plans'].append({
'type': repo_type_id,
'label': unicode(repo_type_label),
})
def _populate_repository_info_fields(self):
"""Populates auxiliary repository info fields in the form.
Most of the fields under "Repository Info" are core model fields. This
method populates things which are stored into extra_data.
"""
self.fields['use_ticket_auth'].initial = \
self.instance.extra_data.get('use_ticket_auth', False)
def _populate_hosting_service_fields(self):
"""Populates all the main hosting service fields in the form.
This populates the hosting service type and the repository plan
on the form. These are only set if operating on an existing
repository.
"""
hosting_account = self.instance.hosting_account
if hosting_account:
service = hosting_account.service
self.fields['hosting_type'].initial = \
hosting_account.service_name
self.fields['hosting_url'].initial = hosting_account.hosting_url
if service.plans:
self.fields['repository_plan'].choices = [
(plan_id, info['name'])
for plan_id, info in service.plans
]
repository_plan = \
self.instance.extra_data.get('repository_plan', None)
if repository_plan:
self.fields['repository_plan'].initial = repository_plan
def _populate_bug_tracker_fields(self):
"""Populates all the main bug tracker fields in the form.
This populates the bug tracker type, plan, and other fields
related to the bug tracker on the form.
"""
data = self.instance.extra_data
bug_tracker_type = data.get('bug_tracker_type', None)
if (data.get('bug_tracker_use_hosting', False) and
self.instance.hosting_account):
# The user has chosen to use the hosting service's bug tracker.
# We only care about the checkbox. Don't bother populating the form.
self.fields['bug_tracker_use_hosting'].initial = True
elif bug_tracker_type == self.NO_BUG_TRACKER_ID:
# Do nothing.
return
elif (bug_tracker_type is not None and
bug_tracker_type != self.CUSTOM_BUG_TRACKER_ID):
# A bug tracker service or custom bug tracker was chosen.
service = get_hosting_service(bug_tracker_type)
if not service:
return
self.fields['bug_tracker_type'].initial = bug_tracker_type
self.fields['bug_tracker_hosting_url'].initial = \
data.get('bug_tracker_hosting_url', None)
self.fields['bug_tracker_hosting_account_username'].initial = \
data.get('bug_tracker-hosting_account_username', None)
if service.plans:
self.fields['bug_tracker_plan'].choices = [
(plan_id, info['name'])
for plan_id, info in service.plans
]
self.fields['bug_tracker_plan'].initial = \
data.get('bug_tracker_plan', None)
elif self.instance.bug_tracker:
# We have a custom bug tracker. There's no point in trying to
# reverse-match it, because we can potentially be wrong when a
# hosting service has multiple plans with similar bug tracker
# URLs, so just show it raw. Admins can migrate it if they want.
self.fields['bug_tracker_type'].initial = \
self.CUSTOM_BUG_TRACKER_ID
def _clean_hosting_info(self):
"""Clean the hosting service information.
If using a hosting service, this will validate that the data
provided is valid on that hosting service. Then it will create an
account and link it, if necessary, with the hosting service.
"""
hosting_type = self.cleaned_data['hosting_type']
if hosting_type == self.NO_HOSTING_SERVICE_ID:
self.data['hosting_account'] = None
self.cleaned_data['hosting_account'] = None
return
# This should have been caught during validation, so we can assume
# it's fine.
hosting_service_cls = get_hosting_service(hosting_type)
assert hosting_service_cls
# Validate that the provided tool is valid for the hosting service.
tool_name = self.cleaned_data['tool'].name
if tool_name not in hosting_service_cls.supported_scmtools:
self.errors['tool'] = self.error_class([
_('This tool is not supported on the given hosting service')
])
return
# Now make sure all the account info is correct.
hosting_account = self.cleaned_data['hosting_account']
username = self.cleaned_data['hosting_account_username']
password = self.cleaned_data['hosting_account_password']
if hosting_service_cls.self_hosted:
hosting_url = self.cleaned_data['hosting_url'] or None
else:
hosting_url = None
if hosting_account and hosting_account.hosting_url != hosting_url:
self.errors['hosting_account'] = self.error_class([
_('This account is not compatible with this hosting service '
'configuration'),
])
return
elif hosting_account and not username:
username = hosting_account.username
elif not hosting_account and not username:
self.errors['hosting_account'] = self.error_class([
_('An account must be linked in order to use this hosting '
'service'),
])
return
if not hosting_account:
# See if this account with the supplied credentials already
# exists. If it does, we don't want to create a new entry.
try:
hosting_account = HostingServiceAccount.objects.get(
service_name=hosting_type,
username=username,
hosting_url=hosting_url,
local_site=self.local_site)
except HostingServiceAccount.DoesNotExist:
# That's fine. We're just going to create it later.
pass
plan = self.cleaned_data['repository_plan'] or self.DEFAULT_PLAN_ID
# Set the main repository fields (Path, Mirror Path, etc.) based on
# the field definitions in the hosting service.
#
# This will take into account the hosting service's form data for
# the given repository plan, the main form data, and the hosting
# account information.
#
# It's expected that the required fields will have validated by now.
repository_form = self.repository_forms[hosting_type][plan]
field_vars = repository_form.cleaned_data.copy()
field_vars.update(self.cleaned_data)
# If the hosting account needs to authorize and link with an external
# service, attempt to do so and watch for any errors.
#
# If it doesn't need to link with it, we'll just create an entry
# with the username and save it.
if not hosting_account:
hosting_account = HostingServiceAccount(
service_name=hosting_type,
username=username,
hosting_url=hosting_url,
local_site=self.local_site)
if (hosting_service_cls.needs_authorization and
not hosting_account.is_authorized):
try:
hosting_account.service.authorize(
username, password,
hosting_url,
local_site_name=self.local_site_name)
except AuthorizationError as e:
self.errors['hosting_account'] = self.error_class([
_('Unable to link the account: %s') % e,
])
return
except Exception as e:
self.errors['hosting_account'] = self.error_class([
_('Unknown error when linking the account: %s') % e,
])
return
# Flag that we've linked the account. If there are any
# validation errors, and this flag is set, we tell the user
# that we successfully linked and they don't have to do it
# again.
self.hosting_account_linked = True
hosting_account.save()
self.data['hosting_account'] = hosting_account
self.cleaned_data['hosting_account'] = hosting_account
try:
self.cleaned_data.update(hosting_service_cls.get_repository_fields(
hosting_account.username, hosting_account.hosting_url, plan,
tool_name, field_vars))
except KeyError as e:
raise ValidationError([unicode(e)])
def _clean_bug_tracker_info(self):
"""Clean the bug tracker information.
This will figure out the defaults for all the bug tracker fields,
based on the stored bug tracker settings.
"""
use_hosting = self.cleaned_data['bug_tracker_use_hosting']
plan = self.cleaned_data['bug_tracker_plan'] or self.DEFAULT_PLAN_ID
bug_tracker_type = self.cleaned_data['bug_tracker_type']
bug_tracker_url = ''
if use_hosting:
# We're using the main repository form fields instead of the
# custom bug tracker fields.
hosting_type = self.cleaned_data['hosting_type']
if hosting_type == self.NO_HOSTING_SERVICE_ID:
self.errors['bug_tracker_use_hosting'] = self.error_class([
_('A hosting service must be chosen in order to use this')
])
return
plan = self.cleaned_data['repository_plan'] or self.DEFAULT_PLAN_ID
hosting_service_cls = get_hosting_service(hosting_type)
# We already validated server-side that the hosting service
# exists.
assert hosting_service_cls
if hosting_service_cls.supports_bug_trackers:
form = self.repository_forms[hosting_type][plan]
new_data = self.cleaned_data.copy()
new_data.update(form.cleaned_data)
new_data['hosting_account_username'] = \
self.cleaned_data['hosting_account'].username
new_data['hosting_url'] = \
self.cleaned_data['hosting_account'].hosting_url
bug_tracker_url = hosting_service_cls.get_bug_tracker_field(
plan, new_data)
elif bug_tracker_type == self.CUSTOM_BUG_TRACKER_ID:
# bug_tracker_url should already be in cleaned_data.
return
elif bug_tracker_type != self.NO_BUG_TRACKER_ID:
# We're using a bug tracker of a certain type. We need to
# get the right data, strip the prefix on the forms, and
# build the bug tracker URL from that.
hosting_service_cls = get_hosting_service(bug_tracker_type)
if not hosting_service_cls:
self.errors['bug_tracker_type'] = self.error_class([
_('This bug tracker type is not supported')
])
return
form = self.bug_tracker_forms[bug_tracker_type][plan]
new_data = {
'hosting_account_username':
self.cleaned_data['bug_tracker_hosting_account_username'],
'hosting_url':
self.cleaned_data['bug_tracker_hosting_url'],
}
if form.is_valid():
# Strip the prefix from each bit of cleaned data in the form.
for key, value in six.iteritems(form.cleaned_data):
key = key.replace(form.prefix, '')
new_data[key] = value
bug_tracker_url = hosting_service_cls.get_bug_tracker_field(
plan, new_data)
self.cleaned_data['bug_tracker'] = bug_tracker_url
self.data['bug_tracker'] = bug_tracker_url
def full_clean(self):
extra_cleaned_data = {}
extra_errors = {}
required_values = {}
for field in six.itervalues(self.fields):
required_values[field] = field.required
if self.data:
hosting_type = self._get_field_data('hosting_type')
hosting_service = get_hosting_service(hosting_type)
repository_plan = (self._get_field_data('repository_plan') or
self.DEFAULT_PLAN_ID)
bug_tracker_use_hosting = \
self._get_field_data('bug_tracker_use_hosting')
# If using the hosting service's bug tracker, we want to ignore
# the bug tracker form (which will be hidden) and just use the
# hosting service's form.
if bug_tracker_use_hosting:
bug_tracker_type = hosting_type
bug_tracker_service = hosting_service
bug_tracker_plan = repository_plan
else:
bug_tracker_type = self._get_field_data('bug_tracker_type')
bug_tracker_service = get_hosting_service(bug_tracker_type)
bug_tracker_plan = (self._get_field_data('bug_tracker_plan') or
self.DEFAULT_PLAN_ID)
self.fields['bug_tracker_type'].required = \
not bug_tracker_use_hosting
account_pk = self._get_field_data('hosting_account')
new_hosting_account = (
hosting_type != self.NO_HOSTING_SERVICE_ID and not account_pk)
if account_pk:
account = HostingServiceAccount.objects.get(
pk=account_pk,
local_site=self.local_site)
else:
account = None
self.fields['path'].required = \
(hosting_type == self.NO_HOSTING_SERVICE_ID)
# The repository plan will only be listed if the hosting service
# lists some plans. Otherwise, there's nothing to require.
for service, field in ((hosting_service, 'repository_plan'),
(bug_tracker_service, 'bug_tracker_plan')):
self.fields[field].required = service and service.plans
if service:
self.fields[field].choices = [
(id, info['name'])
for id, info in service.plans or []
]
self.fields['bug_tracker_plan'].required = (
self.fields['bug_tracker_plan'].required and
not bug_tracker_use_hosting)
# We want to show this as required (in the label), but not
# actually require, since we use a blank entry as
# "Link new account."
self.fields['hosting_account'].required = False
# Only require a username and password if not using an existing
# hosting account.
self.fields['hosting_account_username'].required = \
new_hosting_account
self.fields['hosting_account_password'].required = (
hosting_service and
hosting_service.needs_authorization and
(new_hosting_account or
(account and not account.is_authorized)))
# Only require a URL if the hosting service is self-hosted.
self.fields['hosting_url'].required = (
hosting_service and
hosting_service.self_hosted)
# Only require the bug tracker username if the bug tracker field
# requires the username.
self.fields['bug_tracker_hosting_account_username'].required = \
(not bug_tracker_use_hosting and
bug_tracker_service and
bug_tracker_service.get_bug_tracker_requires_username(
bug_tracker_plan))
# Only require a URL if the bug tracker is self-hosted and
# we're not using the hosting service's bug tracker.
self.fields['bug_tracker_hosting_url'].required = (
not bug_tracker_use_hosting and
bug_tracker_service and
bug_tracker_service.self_hosted)
# Validate the custom forms and store any data or errors for later.
custom_form_info = [
(hosting_type, repository_plan, self.repository_forms),
]
if not bug_tracker_use_hosting:
custom_form_info.append((bug_tracker_type, bug_tracker_plan,
self.bug_tracker_forms))
for service_type, plan, form_list in custom_form_info:
if service_type not in self.IGNORED_SERVICE_IDS:
form = form_list[service_type][plan]
form.is_bound = True
if form.is_valid():
extra_cleaned_data.update(form.cleaned_data)
else:
extra_errors.update(form.errors)
else:
# Validate every hosting service form and bug tracker form and
# store any data or errors for later.
for form_list in (self.repository_forms, self.bug_tracker_forms):
for plans in six.itervalues(form_list):
for form in six.itervalues(plans):
if form.is_valid():
extra_cleaned_data.update(form.cleaned_data)
else:
extra_errors.update(form.errors)
self.subforms_valid = not extra_errors
super(RepositoryForm, self).full_clean()
if self.is_valid():
self.cleaned_data.update(extra_cleaned_data)
else:
self.errors.update(extra_errors)
# Undo the required settings above. Now that we're done with them
# for validation, we want to fix the display so that users don't
# see the required states change.
for field, required in six.iteritems(required_values):
field.required = required
def clean(self):
"""Performs validation on the form.
This will check the form fields for errors, calling out to the
various clean_* methods.
It will check the repository path to see if it represents
a valid repository and if an SSH key or HTTPS certificate needs
to be verified.
This will also build repository and bug tracker URLs based on other
fields set in the form.
"""
if not self.errors and self.subforms_valid:
try:
self.local_site = self.cleaned_data['local_site']
if self.local_site:
self.local_site_name = self.local_site.name
except LocalSite.DoesNotExist as e:
raise ValidationError([e])
self._clean_hosting_info()
self._clean_bug_tracker_info()
validate_review_groups(self)
validate_users(self)
# The clean/validation functions could create new errors, so
# skip validating the repository path if everything else isn't
# clean.
if (not self.errors and
not self.cleaned_data['reedit_repository'] and
self.validate_repository):
self._verify_repository_path()
self._clean_ssh_key_association()
return super(RepositoryForm, self).clean()
def _clean_ssh_key_association(self):
hosting_type = self.cleaned_data['hosting_type']
hosting_account = self.cleaned_data['hosting_account']
# Don't proceed if there are already errors, or if not using hosting
# (hosting type and account should be clean by this point)
if (self.errors or hosting_type == self.NO_HOSTING_SERVICE_ID or
not hosting_account):
return
hosting_service_cls = get_hosting_service(hosting_type)
hosting_service = hosting_service_cls(hosting_account)
# Check the requirements for SSH key association. If the requirements
# are not met, do not proceed.
if (not hosting_service_cls.supports_ssh_key_association or
not self.cleaned_data['associate_ssh_key'] or
not self.public_key):
return
if not self.instance.extra_data:
# The instance is either a new repository or a repository that
# was previously configured without a hosting service. In either
# case, ensure the repository is fully initialized.
repository = self.save(commit=False)
else:
repository = self.instance
key = self.ssh_client.get_user_key()
try:
# Try to upload the key if it hasn't already been associated.
if not hosting_service.is_ssh_key_associated(repository, key):
hosting_service.associate_ssh_key(repository, key)
except SSHKeyAssociationError as e:
logging.warning('SSHKeyAssociationError for repository "%s" (%s)'
% (repository, e.message))
raise ValidationError([
_('Unable to associate SSH key with your hosting service. '
'This is most often the result of a problem communicating '
'with the hosting service. Please try again later or '
'manually upload the SSH key to your hosting service.')
])
def clean_path(self):
return self.cleaned_data['path'].strip()
def clean_mirror_path(self):
return self.cleaned_data['mirror_path'].strip()
def clean_bug_tracker_base_url(self):
return self.cleaned_data['bug_tracker_base_url'].rstrip('/')
def clean_hosting_type(self):
"""Validates that the hosting type represents a valid hosting service.
This won't do anything if no hosting service is used.
"""
hosting_type = self.cleaned_data['hosting_type']
if hosting_type != self.NO_HOSTING_SERVICE_ID:
hosting_service = get_hosting_service(hosting_type)
if not hosting_service:
raise ValidationError([_('Not a valid hosting service')])
return hosting_type
def clean_bug_tracker_type(self):
"""Validates that the bug tracker type represents a valid hosting
service.
This won't do anything if no hosting service is used.
"""
bug_tracker_type = (self.cleaned_data['bug_tracker_type'] or
self.NO_BUG_TRACKER_ID)
if bug_tracker_type not in self.IGNORED_SERVICE_IDS:
hosting_service = get_hosting_service(bug_tracker_type)
if (not hosting_service or
not hosting_service.supports_bug_trackers):
raise ValidationError([_('Not a valid hosting service')])
return bug_tracker_type
def clean_tool(self):
"""Checks the SCMTool used for this repository for dependencies.
If one or more dependencies aren't found, they will be presented
as validation errors.
"""
tool = self.cleaned_data['tool']
scmtool_class = tool.get_scmtool_class()
errors = []
for dep in scmtool_class.dependencies.get('modules', []):
try:
imp.find_module(dep)
except ImportError:
errors.append(_('The Python module "%s" is not installed.'
'You may need to restart the server '
'after installing it.') % dep)
for dep in scmtool_class.dependencies.get('executables', []):
if not is_exe_in_path(dep):
if sys.platform == 'win32':
exe_name = '%s.exe' % dep
else:
exe_name = dep
errors.append(_('The executable "%s" is not in the path.')
% exe_name)
if errors:
raise ValidationError(errors)
return tool
def is_valid(self):
"""Returns whether or not the form is valid.
This will return True if the form fields are all valid, if there's
no certificate error, host key error, and if the form isn't
being re-displayed after canceling an SSH key or HTTPS certificate
verification.
This also takes into account the validity of the hosting service form
for the selected hosting service and repository plan.
"""
if not super(RepositoryForm, self).is_valid():
return False
hosting_type = self.cleaned_data['hosting_type']
plan = self.cleaned_data['repository_plan'] or self.DEFAULT_PLAN_ID
return (not self.hostkeyerror and
not self.certerror and
not self.userkeyerror and
not self.cleaned_data['reedit_repository'] and
(hosting_type not in self.repository_forms or
self.repository_forms[hosting_type][plan].is_valid()))
def save(self, commit=True, *args, **kwargs):
"""Saves the repository.
This will thunk out to the hosting service form to save any extra
repository data used for the hosting service, and saves the
repository plan, if any.
"""
repository = super(RepositoryForm, self).save(commit=False,
*args, **kwargs)
bug_tracker_use_hosting = self.cleaned_data['bug_tracker_use_hosting']
repository.extra_data = {
'repository_plan': self.cleaned_data['repository_plan'],
'bug_tracker_use_hosting': bug_tracker_use_hosting,
}
hosting_type = self.cleaned_data['hosting_type']
service = get_hosting_service(hosting_type)
if service and service.self_hosted:
repository.extra_data['hosting_url'] = \
self.cleaned_data['hosting_url']
if self.cert:
repository.extra_data['cert'] = self.cert
try:
repository.extra_data['use_ticket_auth'] = \
self.cleaned_data['use_ticket_auth']
except KeyError:
pass
if hosting_type in self.repository_forms:
plan = (self.cleaned_data['repository_plan'] or
self.DEFAULT_PLAN_ID)
self.repository_forms[hosting_type][plan].save(repository)
if not bug_tracker_use_hosting:
bug_tracker_type = self.cleaned_data['bug_tracker_type']
if bug_tracker_type in self.bug_tracker_forms:
plan = (self.cleaned_data['bug_tracker_plan'] or
self.DEFAULT_PLAN_ID)
self.bug_tracker_forms[bug_tracker_type][plan].save(repository)
repository.extra_data.update({
'bug_tracker_type': bug_tracker_type,
'bug_tracker_plan': plan,
})
bug_tracker_service = get_hosting_service(bug_tracker_type)
assert bug_tracker_service
if bug_tracker_service.self_hosted:
repository.extra_data['bug_tracker_hosting_url'] = \
self.cleaned_data['bug_tracker_hosting_url']
if bug_tracker_service.get_bug_tracker_requires_username(plan):
repository.extra_data.update({
'bug_tracker-hosting_account_username':
self.cleaned_data[
'bug_tracker_hosting_account_username'],
})
if commit:
repository.save()
return repository
def _verify_repository_path(self):
"""
Verifies the repository path to check if it's valid.
This will check if the repository exists and if an SSH key or
HTTPS certificate needs to be verified.
"""
tool = self.cleaned_data.get('tool', None)
if not tool:
# This failed validation earlier, so bail.
return
scmtool_class = tool.get_scmtool_class()
path = self.cleaned_data.get('path', '')
username = self.cleaned_data['username']
password = self.cleaned_data['password']
if not path:
self._errors['path'] = self.error_class(
['Repository path cannot be empty'])
return
hosting_type = self.cleaned_data['hosting_type']
hosting_service_cls = get_hosting_service(hosting_type)
hosting_service = None
plan = None
repository_extra_data = {}
if hosting_service_cls:
hosting_service = hosting_service_cls(
self.cleaned_data['hosting_account'])
plan = self.cleaned_data['repository_plan'] or self.DEFAULT_PLAN_ID
if hosting_type in self.repository_forms:
repository_extra_data = \
self.repository_forms[hosting_type][plan].cleaned_data
while 1:
# Keep doing this until we have an error we don't want
# to ignore, or it's successful.
try:
if hosting_service:
hosting_service.check_repository(
path=path,
username=username,
password=password,
scmtool_class=scmtool_class,
local_site_name=self.local_site_name,
plan=plan,
**repository_extra_data)
else:
scmtool_class.check_repository(path, username, password,
self.local_site_name)
# Success.
break
except BadHostKeyError as e:
if self.cleaned_data['trust_host']:
try:
self.ssh_client.replace_host_key(e.hostname,
e.raw_expected_key,
e.raw_key)
except IOError as e:
raise ValidationError(e)
else:
self.hostkeyerror = e
break
except UnknownHostKeyError as e:
if self.cleaned_data['trust_host']:
try:
self.ssh_client.add_host_key(e.hostname, e.raw_key)
except IOError as e:
raise ValidationError(e)
else:
self.hostkeyerror = e
break
except UnverifiedCertificateError as e:
if self.cleaned_data['trust_host']:
try:
self.cert = scmtool_class.accept_certificate(
path, self.local_site_name, e.certificate)
except IOError as e:
raise ValidationError(e)
else:
self.certerror = e
break
except AuthenticationError as e:
if 'publickey' in e.allowed_types and e.user_key is None:
self.userkeyerror = e
break
raise ValidationError(e)
except Exception as e:
try:
text = unicode(e)
except UnicodeDecodeError:
text = str(e).decode('ascii', 'replace')
raise ValidationError(text)
def _get_field_data(self, field):
return self[field].data or self.fields[field].initial
class Meta:
model = Repository
widgets = {
'path': forms.TextInput(attrs={'size': '60'}),
'mirror_path': forms.TextInput(attrs={'size': '60'}),
'raw_file_url': forms.TextInput(attrs={'size': '60'}),
'bug_tracker': forms.TextInput(attrs={'size': '60'}),
'username': forms.TextInput(attrs={'size': '30',
'autocomplete': 'off'}),
'password': forms.PasswordInput(attrs={'size': '30',
'autocomplete': 'off'}),
'users': FilteredSelectMultiple(_('users with access'), False),
'review_groups': FilteredSelectMultiple(
_('review groups with access'), False),
}
def __init__(self, *args, **kwargs):
self.local_site_name = kwargs.pop('local_site_name', None)
super(RepositoryForm, self).__init__(*args, **kwargs)
self.hostkeyerror = None
self.certerror = None
self.userkeyerror = None
self.hosting_account_linked = False
self.local_site = None
self.repository_forms = {}
self.bug_tracker_forms = {}
self.hosting_service_info = {}
self.validate_repository = True
self.cert = None
# Determine the local_site that will be associated with any
# repository coming from this form.
#
# We're careful to disregard any local_sites that are specified
# from the form data. The caller needs to pass in a local_site_name
# to ensure that it will be used.
if self.local_site_name:
self.local_site = LocalSite.objects.get(name=self.local_site_name)
elif self.instance and self.instance.local_site:
self.local_site = self.instance.local_site
self.local_site_name = self.local_site.name
elif self.fields['local_site'].initial:
self.local_site = self.fields['local_site'].initial
self.local_site_name = self.local_site.name
# Grab the entire list of HostingServiceAccounts that can be
# used by this form. When the form is actually being used by the
# user, the listed accounts will consist only of the ones available
# for the selected hosting service.
hosting_accounts = HostingServiceAccount.objects.accessible(
local_site=self.local_site)
self.fields['hosting_account'].queryset = hosting_accounts
# Standard forms don't support 'instance', so don't pass it through
# to any created hosting service forms.
if 'instance' in kwargs:
kwargs.pop('instance')
# Load the list of repository forms and hosting services.
hosting_service_choices = []
bug_tracker_choices = []
for hosting_service_id, hosting_service in get_hosting_services():
if hosting_service.supports_repositories:
hosting_service_choices.append((hosting_service_id,
hosting_service.name))
if hosting_service.supports_bug_trackers:
bug_tracker_choices.append((hosting_service_id,
hosting_service.name))
self.bug_tracker_forms[hosting_service_id] = {}
self.repository_forms[hosting_service_id] = {}
self.hosting_service_info[hosting_service_id] = {
'scmtools': hosting_service.supported_scmtools,
'plans': [],
'planInfo': {},
'self_hosted': hosting_service.self_hosted,
'needs_authorization': hosting_service.needs_authorization,
'supports_bug_trackers': hosting_service.supports_bug_trackers,
'supports_ssh_key_association':
hosting_service.supports_ssh_key_association,
'accounts': [
{
'pk': account.pk,
'hosting_url': account.hosting_url,
'username': account.username,
'is_authorized': account.is_authorized,
}
for account in hosting_accounts
if account.service_name == hosting_service_id
],
}
try:
if hosting_service.plans:
for type_id, info in hosting_service.plans:
form = info.get('form', None)
if form:
self._load_hosting_service(hosting_service_id,
hosting_service,
type_id,
info['name'],
form,
*args, **kwargs)
elif hosting_service.form:
self._load_hosting_service(hosting_service_id,
hosting_service,
self.DEFAULT_PLAN_ID,
self.DEFAULT_PLAN_NAME,
hosting_service.form,
*args, **kwargs)
except Exception as e:
logging.error('Error loading hosting service %s: %s'
% (hosting_service_id, e),
exc_info=1)
# Build the list of hosting service choices, sorted, with
# "None" being first.
hosting_service_choices.sort(key=lambda x: x[1])
hosting_service_choices.insert(0, (self.NO_HOSTING_SERVICE_ID,
self.NO_HOSTING_SERVICE_NAME))
self.fields['hosting_type'].choices = hosting_service_choices
# Now do the same for bug trackers, but have separate None and Custom
# entries.
bug_tracker_choices.sort(key=lambda x: x[1])
bug_tracker_choices.insert(0, (self.NO_BUG_TRACKER_ID,
self.NO_BUG_TRACKER_NAME))
bug_tracker_choices.insert(1, (self.CUSTOM_BUG_TRACKER_ID,
self.CUSTOM_BUG_TRACKER_NAME))
self.fields['bug_tracker_type'].choices = bug_tracker_choices
# Get the current SSH public key that would be used for repositories,
# if one has been created.
self.ssh_client = SSHClient(namespace=self.local_site_name)
ssh_key = self.ssh_client.get_user_key()
if ssh_key:
self.public_key = self.ssh_client.get_public_key(ssh_key)
self.public_key_str = '%s %s' % (
ssh_key.get_name(),
''.join(str(self.public_key).splitlines())
)
else:
self.public_key = None
self.public_key_str = ''
# If no SSH key has been created, disable the key association field.
if not self.public_key:
self.fields['associate_ssh_key'].help_text = \
self.NO_KEY_HELP_FMT % local_site_reverse(
'settings-ssh',
local_site_name=self.local_site_name)
self.fields['associate_ssh_key'].widget.attrs['disabled'] = \
'disabled'
if self.instance:
self._populate_repository_info_fields()
self._populate_hosting_service_fields()
self._populate_bug_tracker_fields()
def main():
"""Run the application."""
if DEBUG:
pid = os.getpid()
log_filename = 'rbssh-%s.log' % pid
if DEBUG_LOGDIR:
log_path = os.path.join(DEBUG_LOGDIR, log_filename)
else:
log_path = log_filename
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s %(name)-18s %(levelname)-8s '
'%(message)s',
datefmt='%m-%d %H:%M',
filename=log_path,
filemode='w')
logging.debug('%s' % sys.argv)
logging.debug('PID %s' % pid)
ch = logging.StreamHandler()
ch.setLevel(logging.INFO)
ch.setFormatter(logging.Formatter('%(message)s'))
ch.addFilter(logging.Filter('root'))
logging.getLogger('').addHandler(ch)
path, port, command = parse_options(sys.argv[1:])
if '://' not in path:
path = 'ssh://' + path
username, hostname = SCMTool.get_auth_from_uri(path, options.username)
if username is None:
username = getpass.getuser()
logging.debug('!!! %s, %s, %s' % (hostname, username, command))
client = SSHClient(namespace=options.local_site_name)
client.set_missing_host_key_policy(paramiko.WarningPolicy())
attempts = 0
password = None
key = client.get_user_key()
while True:
try:
client.connect(hostname, port, username=username,
password=password, pkey=key,
allow_agent=options.allow_agent)
break
except paramiko.AuthenticationException as e:
if attempts == 3 or not sys.stdin.isatty():
logging.error('Too many authentication failures for %s' %
username)
sys.exit(1)
attempts += 1
password = getpass.getpass("%s@%s's password: " %
(username, hostname))
except paramiko.SSHException as e:
logging.error('Error connecting to server: %s' % e)
sys.exit(1)
except Exception as e:
logging.error('Unknown exception during connect: %s (%s)' %
(e, type(e)))
sys.exit(1)
transport = client.get_transport()
channel = transport.open_session()
if sys.platform in ('cygwin', 'win32'):
logging.debug('!!! Using WindowsHandler')
handler = WindowsHandler(channel)
else:
logging.debug('!!! Using PosixHandler')
handler = PosixHandler(channel)
if options.subsystem == 'sftp':
logging.debug('!!! Invoking sftp subsystem')
channel.invoke_subsystem('sftp')
handler.transfer()
elif command:
logging.debug('!!! Sending command %s' % command)
channel.exec_command(' '.join(command))
handler.transfer()
else:
logging.debug('!!! Opening shell')
channel.get_pty()
channel.invoke_shell()
handler.shell()
logging.debug('!!! Done')
status = channel.recv_exit_status()
client.close()
return status
class SSHSettingsFormTestCase(TestCase):
"""Unit tests for SSHSettingsForm in /admin/forms.py"""
fixtures = ['test_users']
def setUp(self):
# Setup temp directory to prevent the original ssh related
# configurations been overwritten.
self.old_home = os.getenv('HOME')
self.tempdir = tempfile.mkdtemp(prefix='rb-tests-home-')
os.environ['RBSSH_ALLOW_AGENT'] = '0'
self._set_home(self.tempdir)
# Init client for http request, ssh_client for ssh config manipulation.
self.client = Client()
self.ssh_client = SSHClient()
def tearDown(self):
self._set_home(self.old_home)
if self.tempdir:
shutil.rmtree(self.tempdir)
def _set_home(self, homedir):
os.environ['HOME'] = homedir
def test_generate_key(self):
"""Testing SSHSettingsForm POST with generate_key=1"""
# Should have no ssh key at this point.
self.assertEqual(self.ssh_client.get_user_key(), None)
# Send post request with 'generate_key' = 1.
self.client.login(username='******', password='******')
response = self.client.post(local_site_reverse('settings-ssh'), {
'generate_key': 1,
})
# Check the response's status_code,
# 302 means the request has been proceeded as POST.
self.assertEqual(response.status_code, 302)
# Check whether the key has been created.
self.assertNotEqual(self.ssh_client.get_user_key(), None)
def test_delete_key(self):
"""Testing SSHSettingsForm POST with delete_key=1"""
# Should have no ssh key at this point, generate one.
self.assertEqual(self.ssh_client.get_user_key(), None)
self.ssh_client.generate_user_key()
self.assertNotEqual(self.ssh_client.get_user_key(), None)
# Send post request with 'delete_key' = 1.
self.client.login(username='******', password='******')
response = self.client.post(local_site_reverse('settings-ssh'), {
'delete_key': 1,
})
# Check the response's status_code,
# 302 means the request has been proceeded as POST.
self.assertEqual(response.status_code, 302)
# Check whether the key has been deleted.
self.assertEqual(self.ssh_client.get_user_key(), None)
class RepositoryForm(forms.ModelForm):
"""A form for creating and updating repositories.
This form provides an interface for creating and updating repositories,
handling the association with hosting services, linking accounts,
dealing with SSH keys and SSL certificates, and more.
"""
REPOSITORY_INFO_FIELDSET = _('Repository Information')
BUG_TRACKER_FIELDSET = _('Bug Tracker')
SSH_KEY_FIELDSET = _('Review Board Server SSH Key')
NO_HOSTING_SERVICE_ID = 'custom'
NO_HOSTING_SERVICE_NAME = _('(None - Custom Repository)')
NO_BUG_TRACKER_ID = 'none'
NO_BUG_TRACKER_NAME = _('(None)')
CUSTOM_BUG_TRACKER_ID = 'custom'
CUSTOM_BUG_TRACKER_NAME = _('(Custom Bug Tracker)')
IGNORED_SERVICE_IDS = ('none', 'custom')
DEFAULT_PLAN_ID = 'default'
DEFAULT_PLAN_NAME = _('Default')
# Host trust state
reedit_repository = forms.BooleanField(
label=_("Re-edit repository"),
required=False)
trust_host = forms.BooleanField(
label=_("I trust this host"),
required=False)
# Repository Hosting fields
hosting_type = forms.ChoiceField(
label=_("Hosting service"),
required=True,
initial=NO_HOSTING_SERVICE_ID)
hosting_url = forms.CharField(
label=_('Service URL'),
required=True,
widget=forms.TextInput(attrs={'size': 30}))
hosting_account = forms.ModelChoiceField(
label=_('Account'),
required=True,
empty_label=_('<Link a new account>'),
help_text=_("Link this repository to an account on the hosting "
"service. This username may be used as part of the "
"repository URL, depending on the hosting service and "
"plan."),
queryset=HostingServiceAccount.objects.none())
hosting_account_username = forms.CharField(
label=_('Account username'),
required=True,
widget=forms.TextInput(attrs={'size': 30, 'autocomplete': 'off'}))
hosting_account_password = forms.CharField(
label=_('Account password'),
required=True,
widget=forms.PasswordInput(attrs={'size': 30, 'autocomplete': 'off'},
render_value=True))
hosting_account_two_factor_auth_code = forms.CharField(
label=_('Two-factor auth code'),
required=True,
widget=forms.TextInput(attrs={'size': 30, 'autocomplete': 'off'}))
# Repository Information fields
tool = forms.ModelChoiceField(
label=_("Repository type"),
required=True,
empty_label=None,
queryset=Tool.objects.all())
repository_plan = forms.ChoiceField(
label=_('Repository plan'),
required=True,
help_text=_('The plan for your repository on this hosting service. '
'This must match what is set for your repository.'))
# Auto SSH key association field
associate_ssh_key = forms.BooleanField(
label=_('Associate my SSH key with the hosting service'),
required=False,
help_text=_('Add the Review Board public SSH key to the list of '
'authorized SSH keys on the hosting service.'))
NO_KEY_HELP_FMT = (_('This repository type supports SSH key association, '
'but the Review Board server does not have an SSH '
'key. <a href="%s">Add an SSH key.</a>'))
# Bug Tracker fields
bug_tracker_use_hosting = forms.BooleanField(
label=_("Use hosting service's bug tracker"),
initial=False,
required=False)
bug_tracker_type = forms.ChoiceField(
label=_("Type"),
required=True,
initial=NO_BUG_TRACKER_ID)
bug_tracker_hosting_url = forms.CharField(
label=_('URL'),
required=True,
widget=forms.TextInput(attrs={'size': 30}))
bug_tracker_plan = forms.ChoiceField(
label=_('Bug tracker plan'),
required=True)
bug_tracker_hosting_account_username = forms.CharField(
label=_('Account username'),
required=True,
widget=forms.TextInput(attrs={'size': 30, 'autocomplete': 'off'}))
bug_tracker = forms.CharField(
label=_("Bug tracker URL"),
max_length=256,
required=False,
widget=forms.TextInput(attrs={'size': '60'}),
help_text=(
_("The optional path to the bug tracker for this repository. The "
"path should resemble: http://www.example.com/issues?id=%%s, "
"where %%s will be the bug number.")
% ()), # We do this wacky formatting trick because otherwise
# xgettext gets upset that it sees a format string with
# positional arguments and will abort when trying to
# extract the message catalog.
validators=[validate_bug_tracker])
# Perforce-specific fields
use_ticket_auth = forms.BooleanField(
label=_("Use ticket-based authentication"),
initial=False,
required=False)
def __init__(self, *args, **kwargs):
self.local_site_name = kwargs.pop('local_site_name', None)
super(RepositoryForm, self).__init__(*args, **kwargs)
self.hostkeyerror = None
self.certerror = None
self.userkeyerror = None
self.hosting_account_linked = False
self.local_site = None
self.repository_forms = {}
self.bug_tracker_forms = {}
self.hosting_service_info = {}
self.validate_repository = True
self.cert = None
# Determine the local_site that will be associated with any
# repository coming from this form.
#
# We're careful to disregard any local_sites that are specified
# from the form data. The caller needs to pass in a local_site_name
# to ensure that it will be used.
if self.local_site_name:
self.local_site = LocalSite.objects.get(name=self.local_site_name)
elif self.instance and self.instance.local_site:
self.local_site = self.instance.local_site
self.local_site_name = self.local_site.name
elif self.fields['local_site'].initial:
self.local_site = self.fields['local_site'].initial
self.local_site_name = self.local_site.name
# Grab the entire list of HostingServiceAccounts that can be
# used by this form. When the form is actually being used by the
# user, the listed accounts will consist only of the ones available
# for the selected hosting service.
hosting_accounts = HostingServiceAccount.objects.accessible(
local_site=self.local_site)
self.fields['hosting_account'].queryset = hosting_accounts
# Standard forms don't support 'instance', so don't pass it through
# to any created hosting service forms.
if 'instance' in kwargs:
kwargs.pop('instance')
# Load the list of repository forms and hosting services.
hosting_service_choices = []
bug_tracker_choices = []
for hosting_service_id, hosting_service in get_hosting_services():
if hosting_service.supports_repositories:
hosting_service_choices.append((hosting_service_id,
hosting_service.name))
if hosting_service.supports_bug_trackers:
bug_tracker_choices.append((hosting_service_id,
hosting_service.name))
self.bug_tracker_forms[hosting_service_id] = {}
self.repository_forms[hosting_service_id] = {}
self.hosting_service_info[hosting_service_id] = {
'scmtools': hosting_service.supported_scmtools,
'plans': [],
'planInfo': {},
'self_hosted': hosting_service.self_hosted,
'needs_authorization': hosting_service.needs_authorization,
'supports_bug_trackers': hosting_service.supports_bug_trackers,
'supports_ssh_key_association':
hosting_service.supports_ssh_key_association,
'supports_two_factor_auth':
hosting_service.supports_two_factor_auth,
'needs_two_factor_auth_code': False,
'accounts': [
{
'pk': account.pk,
'hosting_url': account.hosting_url,
'username': account.username,
'is_authorized': account.is_authorized,
}
for account in hosting_accounts
if account.service_name == hosting_service_id
],
}
try:
if hosting_service.plans:
for type_id, info in hosting_service.plans:
form = info.get('form', None)
if form:
self._load_hosting_service(hosting_service_id,
hosting_service,
type_id,
info['name'],
form,
*args, **kwargs)
elif hosting_service.form:
self._load_hosting_service(hosting_service_id,
hosting_service,
self.DEFAULT_PLAN_ID,
self.DEFAULT_PLAN_NAME,
hosting_service.form,
*args, **kwargs)
except Exception as e:
logging.error('Error loading hosting service %s: %s'
% (hosting_service_id, e),
exc_info=1)
# Build the list of hosting service choices, sorted, with
# "None" being first.
hosting_service_choices.sort(key=lambda x: x[1])
hosting_service_choices.insert(0, (self.NO_HOSTING_SERVICE_ID,
self.NO_HOSTING_SERVICE_NAME))
self.fields['hosting_type'].choices = hosting_service_choices
# Now do the same for bug trackers, but have separate None and Custom
# entries.
bug_tracker_choices.sort(key=lambda x: x[1])
bug_tracker_choices.insert(0, (self.NO_BUG_TRACKER_ID,
self.NO_BUG_TRACKER_NAME))
bug_tracker_choices.insert(1, (self.CUSTOM_BUG_TRACKER_ID,
self.CUSTOM_BUG_TRACKER_NAME))
self.fields['bug_tracker_type'].choices = bug_tracker_choices
# Get the current SSH public key that would be used for repositories,
# if one has been created.
self.ssh_client = SSHClient(namespace=self.local_site_name)
ssh_key = self.ssh_client.get_user_key()
if ssh_key:
self.public_key = self.ssh_client.get_public_key(ssh_key)
self.public_key_str = '%s %s' % (
ssh_key.get_name(),
''.join(six.text_type(self.public_key).splitlines())
)
else:
self.public_key = None
self.public_key_str = ''
# If no SSH key has been created, disable the key association field.
if not self.public_key:
self.fields['associate_ssh_key'].help_text = \
self.NO_KEY_HELP_FMT % local_site_reverse(
'settings-ssh',
local_site_name=self.local_site_name)
self.fields['associate_ssh_key'].widget.attrs['disabled'] = \
'disabled'
if self.instance:
self._populate_repository_info_fields()
self._populate_hosting_service_fields()
self._populate_bug_tracker_fields()
def _load_hosting_service(self, hosting_service_id, hosting_service,
repo_type_id, repo_type_label, form_class,
*args, **kwargs):
"""Loads a hosting service form.
The form will be instantiated and added to the list of forms to be
rendered, cleaned, loaded, and saved.
"""
plan_info = {}
if hosting_service.supports_repositories:
form = form_class(self.data or None)
self.repository_forms[hosting_service_id][repo_type_id] = form
if self.instance:
form.load(self.instance)
if hosting_service.supports_bug_trackers:
form = form_class(self.data or None, prefix='bug_tracker')
self.bug_tracker_forms[hosting_service_id][repo_type_id] = form
plan_info['bug_tracker_requires_username'] = \
hosting_service.get_bug_tracker_requires_username(repo_type_id)
if self.instance:
form.load(self.instance)
hosting_info = self.hosting_service_info[hosting_service_id]
hosting_info['planInfo'][repo_type_id] = plan_info
hosting_info['plans'].append({
'type': repo_type_id,
'label': six.text_type(repo_type_label),
})
def _populate_repository_info_fields(self):
"""Populates auxiliary repository info fields in the form.
Most of the fields under "Repository Info" are core model fields. This
method populates things which are stored into extra_data.
"""
self.fields['use_ticket_auth'].initial = \
self.instance.extra_data.get('use_ticket_auth', False)
def _populate_hosting_service_fields(self):
"""Populates all the main hosting service fields in the form.
This populates the hosting service type and the repository plan
on the form. These are only set if operating on an existing
repository.
"""
hosting_account = self.instance.hosting_account
if hosting_account:
service = hosting_account.service
self.fields['hosting_type'].initial = \
hosting_account.service_name
self.fields['hosting_url'].initial = hosting_account.hosting_url
if service.plans:
self.fields['repository_plan'].choices = [
(plan_id, info['name'])
for plan_id, info in service.plans
]
repository_plan = \
self.instance.extra_data.get('repository_plan', None)
if repository_plan:
self.fields['repository_plan'].initial = repository_plan
def _populate_bug_tracker_fields(self):
"""Populates all the main bug tracker fields in the form.
This populates the bug tracker type, plan, and other fields
related to the bug tracker on the form.
"""
data = self.instance.extra_data
bug_tracker_type = data.get('bug_tracker_type', None)
if (data.get('bug_tracker_use_hosting', False) and
self.instance.hosting_account):
# The user has chosen to use the hosting service's bug tracker. We
# only care about the checkbox. Don't bother populating the form.
self.fields['bug_tracker_use_hosting'].initial = True
elif bug_tracker_type == self.NO_BUG_TRACKER_ID:
# Do nothing.
return
elif (bug_tracker_type is not None and
bug_tracker_type != self.CUSTOM_BUG_TRACKER_ID):
# A bug tracker service or custom bug tracker was chosen.
service = get_hosting_service(bug_tracker_type)
if not service:
return
self.fields['bug_tracker_type'].initial = bug_tracker_type
self.fields['bug_tracker_hosting_url'].initial = \
data.get('bug_tracker_hosting_url', None)
self.fields['bug_tracker_hosting_account_username'].initial = \
data.get('bug_tracker-hosting_account_username', None)
if service.plans:
self.fields['bug_tracker_plan'].choices = [
(plan_id, info['name'])
for plan_id, info in service.plans
]
self.fields['bug_tracker_plan'].initial = \
data.get('bug_tracker_plan', None)
elif self.instance.bug_tracker:
# We have a custom bug tracker. There's no point in trying to
# reverse-match it, because we can potentially be wrong when a
# hosting service has multiple plans with similar bug tracker
# URLs, so just show it raw. Admins can migrate it if they want.
self.fields['bug_tracker_type'].initial = \
self.CUSTOM_BUG_TRACKER_ID
def _clean_hosting_info(self):
"""Clean the hosting service information.
If using a hosting service, this will validate that the data
provided is valid on that hosting service. Then it will create an
account and link it, if necessary, with the hosting service.
"""
hosting_type = self.cleaned_data['hosting_type']
if hosting_type == self.NO_HOSTING_SERVICE_ID:
self.data['hosting_account'] = None
self.cleaned_data['hosting_account'] = None
return
# This should have been caught during validation, so we can assume
# it's fine.
hosting_service_cls = get_hosting_service(hosting_type)
assert hosting_service_cls
# Validate that the provided tool is valid for the hosting service.
tool_name = self.cleaned_data['tool'].name
if tool_name not in hosting_service_cls.supported_scmtools:
self.errors['tool'] = self.error_class([
_('This tool is not supported on the given hosting service')
])
return
# Now make sure all the account info is correct.
hosting_account = self.cleaned_data['hosting_account']
username = self.cleaned_data['hosting_account_username']
password = self.cleaned_data['hosting_account_password']
if hosting_service_cls.self_hosted:
hosting_url = self.cleaned_data['hosting_url'] or None
else:
hosting_url = None
if hosting_service_cls.supports_two_factor_auth:
two_factor_auth_code = \
self.cleaned_data['hosting_account_two_factor_auth_code']
else:
two_factor_auth_code = None
if hosting_account and hosting_account.hosting_url != hosting_url:
self.errors['hosting_account'] = self.error_class([
_('This account is not compatible with this hosting service '
'configuration'),
])
return
elif hosting_account and not username:
username = hosting_account.username
elif not hosting_account and not username:
self.errors['hosting_account'] = self.error_class([
_('An account must be linked in order to use this hosting '
'service'),
])
return
if not hosting_account:
# See if this account with the supplied credentials already
# exists. If it does, we don't want to create a new entry.
try:
hosting_account = HostingServiceAccount.objects.get(
service_name=hosting_type,
username=username,
hosting_url=hosting_url,
local_site=self.local_site)
except HostingServiceAccount.DoesNotExist:
# That's fine. We're just going to create it later.
pass
plan = self.cleaned_data['repository_plan'] or self.DEFAULT_PLAN_ID
# Set the main repository fields (Path, Mirror Path, etc.) based on
# the field definitions in the hosting service.
#
# This will take into account the hosting service's form data for
# the given repository plan, the main form data, and the hosting
# account information.
#
# It's expected that the required fields will have validated by now.
repository_form = self.repository_forms[hosting_type][plan]
field_vars = repository_form.cleaned_data.copy()
field_vars.update(self.cleaned_data)
# If the hosting account needs to authorize and link with an external
# service, attempt to do so and watch for any errors.
#
# If it doesn't need to link with it, we'll just create an entry
# with the username and save it.
if not hosting_account:
hosting_account = HostingServiceAccount(
service_name=hosting_type,
username=username,
hosting_url=hosting_url,
local_site=self.local_site)
if (hosting_service_cls.needs_authorization and
not hosting_account.is_authorized):
# Attempt to authorize the account.
hosting_service = None
plan = None
if hosting_service_cls:
hosting_service = hosting_service_cls(hosting_account)
if hosting_service:
plan = (self.cleaned_data['repository_plan'] or
self.DEFAULT_PLAN_ID)
repository_extra_data = self._build_repository_extra_data(
hosting_service, hosting_type, plan)
try:
hosting_account.service.authorize(
username, password,
hosting_url=hosting_url,
two_factor_auth_code=two_factor_auth_code,
tool_name=tool_name,
local_site_name=self.local_site_name,
**repository_extra_data)
except TwoFactorAuthCodeRequiredError as e:
self.errors['hosting_account'] = \
self.error_class([six.text_type(e)])
hosting_info = self.hosting_service_info[hosting_type]
hosting_info['needs_two_factor_auth_code'] = True
return
except AuthorizationError as e:
self.errors['hosting_account'] = self.error_class([
_('Unable to link the account: %s') % e,
])
return
except Exception as e:
self.errors['hosting_account'] = self.error_class([
_('Unknown error when linking the account: %s') % e,
])
return
# Flag that we've linked the account. If there are any
# validation errors, and this flag is set, we tell the user
# that we successfully linked and they don't have to do it
# again.
self.hosting_account_linked = True
hosting_account.save()
self.data['hosting_account'] = hosting_account
self.cleaned_data['hosting_account'] = hosting_account
try:
self.cleaned_data.update(hosting_service_cls.get_repository_fields(
hosting_account.username, hosting_account.hosting_url, plan,
tool_name, field_vars))
except KeyError as e:
raise ValidationError([six.text_type(e)])
def _clean_bug_tracker_info(self):
"""Clean the bug tracker information.
This will figure out the defaults for all the bug tracker fields,
based on the stored bug tracker settings.
"""
use_hosting = self.cleaned_data['bug_tracker_use_hosting']
plan = self.cleaned_data['bug_tracker_plan'] or self.DEFAULT_PLAN_ID
bug_tracker_type = self.cleaned_data['bug_tracker_type']
bug_tracker_url = ''
if use_hosting:
# We're using the main repository form fields instead of the
# custom bug tracker fields.
hosting_type = self.cleaned_data['hosting_type']
if hosting_type == self.NO_HOSTING_SERVICE_ID:
self.errors['bug_tracker_use_hosting'] = self.error_class([
_('A hosting service must be chosen in order to use this')
])
return
plan = self.cleaned_data['repository_plan'] or self.DEFAULT_PLAN_ID
hosting_service_cls = get_hosting_service(hosting_type)
# We already validated server-side that the hosting service
# exists.
assert hosting_service_cls
if (hosting_service_cls.supports_bug_trackers and
self.cleaned_data.get('hosting_account')):
# We have a valid hosting account linked up, so we can
# process this and copy over the account information.
form = self.repository_forms[hosting_type][plan]
new_data = self.cleaned_data.copy()
new_data.update(form.cleaned_data)
new_data['hosting_account_username'] = \
self.cleaned_data['hosting_account'].username
new_data['hosting_url'] = \
self.cleaned_data['hosting_account'].hosting_url
bug_tracker_url = hosting_service_cls.get_bug_tracker_field(
plan, new_data)
elif bug_tracker_type == self.CUSTOM_BUG_TRACKER_ID:
# bug_tracker_url should already be in cleaned_data.
return
elif bug_tracker_type != self.NO_BUG_TRACKER_ID:
# We're using a bug tracker of a certain type. We need to
# get the right data, strip the prefix on the forms, and
# build the bug tracker URL from that.
hosting_service_cls = get_hosting_service(bug_tracker_type)
if not hosting_service_cls:
self.errors['bug_tracker_type'] = self.error_class([
_('This bug tracker type is not supported')
])
return
form = self.bug_tracker_forms[bug_tracker_type][plan]
new_data = {
'hosting_account_username':
self.cleaned_data['bug_tracker_hosting_account_username'],
'hosting_url':
self.cleaned_data['bug_tracker_hosting_url'],
}
if form.is_valid():
# Strip the prefix from each bit of cleaned data in the form.
for key, value in six.iteritems(form.cleaned_data):
key = key.replace(form.prefix, '')
new_data[key] = value
bug_tracker_url = hosting_service_cls.get_bug_tracker_field(
plan, new_data)
self.cleaned_data['bug_tracker'] = bug_tracker_url
self.data['bug_tracker'] = bug_tracker_url
def full_clean(self):
extra_cleaned_data = {}
extra_errors = {}
required_values = {}
for field in six.itervalues(self.fields):
required_values[field] = field.required
if self.data:
hosting_type = self._get_field_data('hosting_type')
hosting_service = get_hosting_service(hosting_type)
repository_plan = (self._get_field_data('repository_plan') or
self.DEFAULT_PLAN_ID)
bug_tracker_use_hosting = \
self._get_field_data('bug_tracker_use_hosting')
# If using the hosting service's bug tracker, we want to ignore
# the bug tracker form (which will be hidden) and just use the
# hosting service's form.
if bug_tracker_use_hosting:
bug_tracker_type = hosting_type
bug_tracker_service = hosting_service
bug_tracker_plan = repository_plan
else:
bug_tracker_type = self._get_field_data('bug_tracker_type')
bug_tracker_service = get_hosting_service(bug_tracker_type)
bug_tracker_plan = (self._get_field_data('bug_tracker_plan') or
self.DEFAULT_PLAN_ID)
self.fields['bug_tracker_type'].required = \
not bug_tracker_use_hosting
account_pk = self._get_field_data('hosting_account')
new_hosting_account = (
hosting_type != self.NO_HOSTING_SERVICE_ID and not account_pk)
if account_pk:
account = HostingServiceAccount.objects.get(
pk=account_pk,
local_site=self.local_site)
else:
account = None
self.fields['path'].required = \
(hosting_type == self.NO_HOSTING_SERVICE_ID)
# The repository plan will only be listed if the hosting service
# lists some plans. Otherwise, there's nothing to require.
for service, field in ((hosting_service, 'repository_plan'),
(bug_tracker_service, 'bug_tracker_plan')):
self.fields[field].required = service and service.plans
if service:
self.fields[field].choices = [
(id, info['name'])
for id, info in service.plans or []
]
self.fields['bug_tracker_plan'].required = (
self.fields['bug_tracker_plan'].required and
not bug_tracker_use_hosting)
# We want to show this as required (in the label), but not
# actually require, since we use a blank entry as
# "Link new account."
self.fields['hosting_account'].required = False
# Only require a username and password if not using an existing
# hosting account.
self.fields['hosting_account_username'].required = \
new_hosting_account
self.fields['hosting_account_password'].required = (
hosting_service and
hosting_service.needs_authorization and
(new_hosting_account or
(account and not account.is_authorized)))
self.fields['hosting_account_two_factor_auth_code'].required = (
hosting_service and
hosting_service.supports_two_factor_auth and
self.hosting_service_info[hosting_type][
'needs_two_factor_auth_code'])
# Only require a URL if the hosting service is self-hosted.
self.fields['hosting_url'].required = (
hosting_service and
hosting_service.self_hosted)
# Only require the bug tracker username if the bug tracker field
# requires the username.
self.fields['bug_tracker_hosting_account_username'].required = \
(not bug_tracker_use_hosting and
bug_tracker_service and
bug_tracker_service.get_bug_tracker_requires_username(
bug_tracker_plan))
# Only require a URL if the bug tracker is self-hosted and
# we're not using the hosting service's bug tracker.
self.fields['bug_tracker_hosting_url'].required = (
not bug_tracker_use_hosting and
bug_tracker_service and
bug_tracker_service.self_hosted)
# Validate the custom forms and store any data or errors for later.
custom_form_info = [
(hosting_type, repository_plan, self.repository_forms),
]
if not bug_tracker_use_hosting:
custom_form_info.append((bug_tracker_type, bug_tracker_plan,
self.bug_tracker_forms))
for service_type, plan, form_list in custom_form_info:
if service_type not in self.IGNORED_SERVICE_IDS:
form = form_list[service_type][plan]
form.is_bound = True
if form.is_valid():
extra_cleaned_data.update(form.cleaned_data)
else:
extra_errors.update(form.errors)
else:
# Validate every hosting service form and bug tracker form and
# store any data or errors for later.
for form_list in (self.repository_forms, self.bug_tracker_forms):
for plans in six.itervalues(form_list):
for form in six.itervalues(plans):
if form.is_valid():
extra_cleaned_data.update(form.cleaned_data)
else:
extra_errors.update(form.errors)
self.subforms_valid = not extra_errors
super(RepositoryForm, self).full_clean()
if self.is_valid():
self.cleaned_data.update(extra_cleaned_data)
else:
self.errors.update(extra_errors)
# Undo the required settings above. Now that we're done with them
# for validation, we want to fix the display so that users don't
# see the required states change.
for field, required in six.iteritems(required_values):
field.required = required
def clean(self):
"""Performs validation on the form.
This will check the form fields for errors, calling out to the
various clean_* methods.
It will check the repository path to see if it represents
a valid repository and if an SSH key or HTTPS certificate needs
to be verified.
This will also build repository and bug tracker URLs based on other
fields set in the form.
"""
if not self.errors and self.subforms_valid:
try:
self.local_site = self.cleaned_data['local_site']
if self.local_site:
self.local_site_name = self.local_site.name
except LocalSite.DoesNotExist as e:
raise ValidationError([e])
self._clean_hosting_info()
self._clean_bug_tracker_info()
validate_review_groups(self)
validate_users(self)
# The clean/validation functions could create new errors, so
# skip validating the repository path if everything else isn't
# clean. Also skip in the case where the user is hiding the
# repository.
if (not self.errors and
not self.cleaned_data['reedit_repository'] and
self.cleaned_data.get('visible', True) and
self.validate_repository):
self._verify_repository_path()
self._clean_ssh_key_association()
return super(RepositoryForm, self).clean()
def _clean_ssh_key_association(self):
hosting_type = self.cleaned_data['hosting_type']
hosting_account = self.cleaned_data['hosting_account']
# Don't proceed if there are already errors, or if not using hosting
# (hosting type and account should be clean by this point)
if (self.errors or hosting_type == self.NO_HOSTING_SERVICE_ID or
not hosting_account):
return
hosting_service_cls = get_hosting_service(hosting_type)
hosting_service = hosting_service_cls(hosting_account)
# Check the requirements for SSH key association. If the requirements
# are not met, do not proceed.
if (not hosting_service_cls.supports_ssh_key_association or
not self.cleaned_data['associate_ssh_key'] or
not self.public_key):
return
if not self.instance.extra_data:
# The instance is either a new repository or a repository that
# was previously configured without a hosting service. In either
# case, ensure the repository is fully initialized.
repository = self.save(commit=False)
else:
repository = self.instance
key = self.ssh_client.get_user_key()
try:
# Try to upload the key if it hasn't already been associated.
if not hosting_service.is_ssh_key_associated(repository, key):
hosting_service.associate_ssh_key(repository, key)
except SSHKeyAssociationError as e:
logging.warning('SSHKeyAssociationError for repository "%s" (%s)'
% (repository, e.message))
raise ValidationError([
_('Unable to associate SSH key with your hosting service. '
'This is most often the result of a problem communicating '
'with the hosting service. Please try again later or '
'manually upload the SSH key to your hosting service.')
])
def clean_path(self):
return self.cleaned_data['path'].strip()
def clean_mirror_path(self):
return self.cleaned_data['mirror_path'].strip()
def clean_bug_tracker_base_url(self):
return self.cleaned_data['bug_tracker_base_url'].rstrip('/')
def clean_hosting_type(self):
"""Validates that the hosting type represents a valid hosting service.
This won't do anything if no hosting service is used.
"""
hosting_type = self.cleaned_data['hosting_type']
if hosting_type != self.NO_HOSTING_SERVICE_ID:
hosting_service = get_hosting_service(hosting_type)
if not hosting_service:
raise ValidationError([_('Not a valid hosting service')])
return hosting_type
def clean_bug_tracker_type(self):
"""Validates that the bug tracker type represents a valid hosting
service.
This won't do anything if no hosting service is used.
"""
bug_tracker_type = (self.cleaned_data['bug_tracker_type'] or
self.NO_BUG_TRACKER_ID)
if bug_tracker_type not in self.IGNORED_SERVICE_IDS:
hosting_service = get_hosting_service(bug_tracker_type)
if (not hosting_service or
not hosting_service.supports_bug_trackers):
raise ValidationError([_('Not a valid hosting service')])
return bug_tracker_type
def clean_tool(self):
"""Checks the SCMTool used for this repository for dependencies.
If one or more dependencies aren't found, they will be presented
as validation errors.
"""
tool = self.cleaned_data['tool']
scmtool_class = tool.get_scmtool_class()
errors = []
for dep in scmtool_class.dependencies.get('modules', []):
try:
imp.find_module(dep)
except ImportError:
errors.append(_('The Python module "%s" is not installed.'
'You may need to restart the server '
'after installing it.') % dep)
for dep in scmtool_class.dependencies.get('executables', []):
if not is_exe_in_path(dep):
if sys.platform == 'win32':
exe_name = '%s.exe' % dep
else:
exe_name = dep
errors.append(_('The executable "%s" is not in the path.')
% exe_name)
if errors:
raise ValidationError(errors)
return tool
def is_valid(self):
"""Returns whether or not the form is valid.
This will return True if the form fields are all valid, if there's
no certificate error, host key error, and if the form isn't
being re-displayed after canceling an SSH key or HTTPS certificate
verification.
This also takes into account the validity of the hosting service form
for the selected hosting service and repository plan.
"""
if not super(RepositoryForm, self).is_valid():
return False
hosting_type = self.cleaned_data['hosting_type']
plan = self.cleaned_data['repository_plan'] or self.DEFAULT_PLAN_ID
return (not self.hostkeyerror and
not self.certerror and
not self.userkeyerror and
not self.cleaned_data['reedit_repository'] and
(hosting_type not in self.repository_forms or
self.repository_forms[hosting_type][plan].is_valid()))
def save(self, commit=True, *args, **kwargs):
"""Saves the repository.
This will thunk out to the hosting service form to save any extra
repository data used for the hosting service, and saves the
repository plan, if any.
"""
repository = super(RepositoryForm, self).save(commit=False,
*args, **kwargs)
bug_tracker_use_hosting = self.cleaned_data['bug_tracker_use_hosting']
repository.extra_data = {
'repository_plan': self.cleaned_data['repository_plan'],
'bug_tracker_use_hosting': bug_tracker_use_hosting,
}
hosting_type = self.cleaned_data['hosting_type']
service = get_hosting_service(hosting_type)
if service and service.self_hosted:
repository.extra_data['hosting_url'] = \
self.cleaned_data['hosting_url']
if self.cert:
repository.extra_data['cert'] = self.cert
try:
repository.extra_data['use_ticket_auth'] = \
self.cleaned_data['use_ticket_auth']
except KeyError:
pass
if hosting_type in self.repository_forms:
plan = (self.cleaned_data['repository_plan'] or
self.DEFAULT_PLAN_ID)
self.repository_forms[hosting_type][plan].save(repository)
if not bug_tracker_use_hosting:
bug_tracker_type = self.cleaned_data['bug_tracker_type']
if bug_tracker_type in self.bug_tracker_forms:
plan = (self.cleaned_data['bug_tracker_plan'] or
self.DEFAULT_PLAN_ID)
self.bug_tracker_forms[bug_tracker_type][plan].save(repository)
repository.extra_data.update({
'bug_tracker_type': bug_tracker_type,
'bug_tracker_plan': plan,
})
bug_tracker_service = get_hosting_service(bug_tracker_type)
assert bug_tracker_service
if bug_tracker_service.self_hosted:
repository.extra_data['bug_tracker_hosting_url'] = \
self.cleaned_data['bug_tracker_hosting_url']
if bug_tracker_service.get_bug_tracker_requires_username(plan):
repository.extra_data.update({
'bug_tracker-hosting_account_username':
self.cleaned_data[
'bug_tracker_hosting_account_username'],
})
if commit:
repository.save()
return repository
def _verify_repository_path(self):
"""
Verifies the repository path to check if it's valid.
This will check if the repository exists and if an SSH key or
HTTPS certificate needs to be verified.
"""
tool = self.cleaned_data.get('tool', None)
if not tool:
# This failed validation earlier, so bail.
return
scmtool_class = tool.get_scmtool_class()
path = self.cleaned_data.get('path', '')
username = self.cleaned_data['username']
password = self.cleaned_data['password']
if not path:
self._errors['path'] = self.error_class(
['Repository path cannot be empty'])
return
hosting_type = self.cleaned_data['hosting_type']
hosting_service_cls = get_hosting_service(hosting_type)
hosting_service = None
plan = None
if hosting_service_cls:
hosting_service = hosting_service_cls(
self.cleaned_data['hosting_account'])
if hosting_service:
plan = (self.cleaned_data['repository_plan'] or
self.DEFAULT_PLAN_ID)
repository_extra_data = self._build_repository_extra_data(
hosting_service, hosting_type, plan)
while 1:
# Keep doing this until we have an error we don't want
# to ignore, or it's successful.
try:
if hosting_service:
hosting_service.check_repository(
path=path,
username=username,
password=password,
scmtool_class=scmtool_class,
tool_name=tool.name,
local_site_name=self.local_site_name,
plan=plan,
**repository_extra_data)
else:
scmtool_class.check_repository(path, username, password,
self.local_site_name)
# Success.
break
except BadHostKeyError as e:
if self.cleaned_data['trust_host']:
try:
self.ssh_client.replace_host_key(e.hostname,
e.raw_expected_key,
e.raw_key)
except IOError as e:
raise ValidationError(e)
else:
self.hostkeyerror = e
break
except UnknownHostKeyError as e:
if self.cleaned_data['trust_host']:
try:
self.ssh_client.add_host_key(e.hostname, e.raw_key)
except IOError as e:
raise ValidationError(e)
else:
self.hostkeyerror = e
break
except UnverifiedCertificateError as e:
if self.cleaned_data['trust_host']:
try:
self.cert = scmtool_class.accept_certificate(
path, self.local_site_name, e.certificate)
except IOError as e:
raise ValidationError(e)
else:
self.certerror = e
break
except AuthenticationError as e:
if 'publickey' in e.allowed_types and e.user_key is None:
self.userkeyerror = e
break
raise ValidationError(e)
except Exception as e:
try:
text = six.text_type(e)
except UnicodeDecodeError:
text = six.text_type(e, 'ascii', 'replace')
raise ValidationError(text)
def _build_repository_extra_data(self, hosting_service, hosting_type,
plan):
"""Builds extra repository data to pass to HostingService functions."""
repository_extra_data = {}
if hosting_service and hosting_type in self.repository_forms:
repository_extra_data = \
self.repository_forms[hosting_type][plan].cleaned_data
return repository_extra_data
def _get_field_data(self, field):
return self[field].data or self.fields[field].initial
class Meta:
model = Repository
widgets = {
'path': forms.TextInput(attrs={'size': '60'}),
'mirror_path': forms.TextInput(attrs={'size': '60'}),
'raw_file_url': forms.TextInput(attrs={'size': '60'}),
'bug_tracker': forms.TextInput(attrs={'size': '60'}),
'username': forms.TextInput(attrs={'size': '30',
'autocomplete': 'off'}),
'password': forms.PasswordInput(attrs={'size': '30',
'autocomplete': 'off'},
render_value=True),
'users': FilteredSelectMultiple(_('users with access'), False),
'review_groups': FilteredSelectMultiple(
_('review groups with access'), False),
}
def _check_repository(self, scmtool_class, path, username, password,
local_site, trust_host, ret_cert, request):
if local_site:
local_site_name = local_site.name
else:
local_site_name = None
while 1:
# Keep doing this until we have an error we don't want
# to ignore, or it's successful.
try:
scmtool_class.check_repository(path, username, password,
local_site_name)
return None
except RepositoryNotFoundError:
return MISSING_REPOSITORY
except BadHostKeyError as e:
if trust_host:
try:
client = SSHClient(namespace=local_site_name)
client.replace_host_key(e.hostname,
e.raw_expected_key,
e.raw_key)
except IOError as e:
return SERVER_CONFIG_ERROR, {
'reason': six.text_type(e),
}
else:
return BAD_HOST_KEY, {
'hostname': e.hostname,
'expected_key': e.raw_expected_key.get_base64(),
'key': e.raw_key.get_base64(),
}
except UnknownHostKeyError as e:
if trust_host:
try:
client = SSHClient(namespace=local_site_name)
client.add_host_key(e.hostname, e.raw_key)
except IOError as e:
return SERVER_CONFIG_ERROR, {
'reason': six.text_type(e),
}
else:
return UNVERIFIED_HOST_KEY, {
'hostname': e.hostname,
'key': e.raw_key.get_base64(),
}
except UnverifiedCertificateError as e:
if trust_host:
try:
cert = scmtool_class.accept_certificate(
path, local_site_name)
if cert:
ret_cert.update(cert)
except IOError as e:
return SERVER_CONFIG_ERROR, {
'reason': six.text_type(e),
}
else:
return UNVERIFIED_HOST_CERT, {
'certificate': {
'failures': e.certificate.failures,
'fingerprint': e.certificate.fingerprint,
'hostname': e.certificate.hostname,
'issuer': e.certificate.issuer,
'valid': {
'from': e.certificate.valid_from,
'until': e.certificate.valid_until,
},
},
}
except AuthenticationError as e:
if 'publickey' in e.allowed_types and e.user_key is None:
return MISSING_USER_KEY
else:
return REPO_AUTHENTICATION_ERROR, {
'reason': six.text_type(e),
}
except SSHError as e:
logging.error('Got unexpected SSHError when checking '
'repository: %s'
% e, exc_info=1, request=request)
return REPO_INFO_ERROR, {
'error': six.text_type(e),
}
except SCMError as e:
logging.error('Got unexpected SCMError when checking '
'repository: %s'
% e, exc_info=1, request=request)
return REPO_INFO_ERROR, {
'error': six.text_type(e),
}
except Exception as e:
logging.error('Unknown error in checking repository %s: %s',
path, e, exc_info=1, request=request)
# We should give something better, but I don't have anything.
# This will at least give a HTTP 500.
raise
def main():
"""Run the application."""
os.environ.setdefault(str('DJANGO_SETTINGS_MODULE'),
str('reviewboard.settings'))
if DEBUG:
pid = os.getpid()
log_filename = 'rbssh-%s.log' % pid
if DEBUG_LOGDIR:
log_path = os.path.join(DEBUG_LOGDIR, log_filename)
else:
log_path = log_filename
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s %(name)-18s %(levelname)-8s '
'%(message)s',
datefmt='%m-%d %H:%M',
filename=log_path,
filemode='w')
logging.debug('%s' % sys.argv)
logging.debug('PID %s' % pid)
initialize()
ch = logging.StreamHandler()
ch.setLevel(logging.INFO)
ch.setFormatter(logging.Formatter('%(message)s'))
ch.addFilter(logging.Filter('root'))
logging.getLogger('').addHandler(ch)
path, port, command = parse_options(sys.argv[1:])
if '://' not in path:
path = 'ssh://' + path
username, hostname = SCMTool.get_auth_from_uri(path, options.username)
if username is None:
username = getpass.getuser()
logging.debug('!!! %s, %s, %s' % (hostname, username, command))
client = SSHClient(namespace=options.local_site_name)
client.set_missing_host_key_policy(paramiko.WarningPolicy())
attempts = 0
password = None
key = client.get_user_key()
while True:
try:
client.connect(hostname,
port,
username=username,
password=password,
pkey=key,
allow_agent=options.allow_agent)
break
except paramiko.AuthenticationException as e:
if attempts == 3 or not sys.stdin.isatty():
logging.error('Too many authentication failures for %s' %
username)
sys.exit(1)
attempts += 1
password = getpass.getpass("%s@%s's password: " %
(username, hostname))
except paramiko.SSHException as e:
logging.error('Error connecting to server: %s' % e)
sys.exit(1)
except Exception as e:
logging.error('Unknown exception during connect: %s (%s)' %
(e, type(e)))
sys.exit(1)
transport = client.get_transport()
channel = transport.open_session()
if sys.platform in ('cygwin', 'win32'):
logging.debug('!!! Using WindowsHandler')
handler = WindowsHandler(channel)
else:
logging.debug('!!! Using PosixHandler')
handler = PosixHandler(channel)
if options.subsystem == 'sftp':
logging.debug('!!! Invoking sftp subsystem')
channel.invoke_subsystem('sftp')
handler.transfer()
elif command:
logging.debug('!!! Sending command %s' % command)
channel.exec_command(' '.join(command))
handler.transfer()
else:
logging.debug('!!! Opening shell')
channel.get_pty()
channel.invoke_shell()
handler.shell()
logging.debug('!!! Done')
status = channel.recv_exit_status()
client.close()
return status
class SSHSettingsFormTestCase(TestCase):
"""Unit tests for SSHSettingsForm in /admin/forms.py."""
fixtures = ['test_users']
def setUp(self):
"""Set up this test case."""
super(SSHSettingsFormTestCase, self).setUp()
# Setup temp directory to prevent the original ssh related
# configurations been overwritten.
self.old_home = os.getenv('HOME')
self.tempdir = tempfile.mkdtemp(prefix='rb-tests-home-')
os.environ[b'RBSSH_ALLOW_AGENT'] = b'0'
self._set_home(self.tempdir)
self.ssh_client = SSHClient()
def tearDown(self):
"""Tear down this test case."""
super(SSHSettingsFormTestCase, self).tearDown()
self._set_home(self.old_home)
if self.tempdir:
shutil.rmtree(self.tempdir)
def _set_home(self, homedir):
"""Set the $HOME environment variable."""
os.environ[b'HOME'] = homedir.encode('utf-8')
def test_generate_key(self):
"""Testing SSHSettingsForm POST with generate_key=1"""
# Should have no ssh key at this point.
self.assertEqual(self.ssh_client.get_user_key(), None)
# Send post request with 'generate_key' = 1.
self.client.login(username='******', password='******')
response = self.client.post(local_site_reverse('settings-ssh'), {
'generate_key': 1,
})
# On success, the form returns HTTP 302 (redirect).
self.assertEqual(response.status_code, 302)
# Check whether the key has been created.
self.assertNotEqual(self.ssh_client.get_user_key(), None)
def test_delete_key(self):
"""Testing SSHSettingsForm POST with delete_key=1"""
# Should have no ssh key at this point, generate one.
self.assertEqual(self.ssh_client.get_user_key(), None)
self.ssh_client.generate_user_key()
self.assertNotEqual(self.ssh_client.get_user_key(), None)
# Send post request with 'delete_key' = 1.
self.client.login(username='******', password='******')
response = self.client.post(local_site_reverse('settings-ssh'), {
'delete_key': 1,
})
# On success, the form returns HTTP 302 (redirect).
self.assertEqual(response.status_code, 302)
# Check whether the key has been deleted.
self.assertEqual(self.ssh_client.get_user_key(), None)
def main():
"""Run the application."""
# We don't want any warnings to end up impacting output.
warnings.simplefilter('ignore')
if DEBUG:
pid = os.getpid()
log_filename = 'rbssh-%s.log' % pid
if DEBUG_LOGDIR:
log_path = os.path.join(DEBUG_LOGDIR, log_filename)
else:
log_path = log_filename
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s %(name)-18s %(levelname)-8s '
'%(message)s',
datefmt='%m-%d %H:%M',
filename=log_path,
filemode='w')
debug('%s', sys.argv)
debug('PID %s', pid)
# Perform the bare minimum to initialize the Django/Review Board
# environment. We're not calling Review Board's initialize() because
# we want to completely minimize what we import and set up.
if hasattr(django, 'setup'):
django.setup()
from reviewboard.scmtools.core import SCMTool
from reviewboard.ssh.client import SSHClient
ch = logging.StreamHandler()
ch.setLevel(logging.INFO)
ch.setFormatter(logging.Formatter('%(message)s'))
ch.addFilter(logging.Filter('root'))
logging.getLogger('').addHandler(ch)
path, port, command = parse_options(sys.argv[1:])
if '://' not in path:
path = 'ssh://' + path
username, hostname = SCMTool.get_auth_from_uri(path, options.username)
if username is None:
username = getpass.getuser()
client = SSHClient(namespace=options.local_site_name)
client.set_missing_host_key_policy(paramiko.WarningPolicy())
if command:
purpose = command
else:
purpose = 'interactive shell'
debug('!!! SSH backend = %s', type(client.storage))
debug('!!! Preparing to connect to %s@%s for %s', username, hostname,
purpose)
attempts = 0
password = None
key = client.get_user_key()
while True:
try:
client.connect(hostname,
port,
username=username,
password=password,
pkey=key,
allow_agent=options.allow_agent)
break
except paramiko.AuthenticationException as e:
if attempts == 3 or not sys.stdin.isatty():
logging.error('Too many authentication failures for %s' %
username)
sys.exit(1)
attempts += 1
password = getpass.getpass("%s@%s's password: " %
(username, hostname))
except paramiko.SSHException as e:
logging.error('Error connecting to server: %s' % e)
sys.exit(1)
except Exception as e:
logging.error('Unknown exception during connect: %s (%s)' %
(e, type(e)))
sys.exit(1)
transport = client.get_transport()
channel = transport.open_session()
if sys.platform in ('cygwin', 'win32'):
debug('!!! Using WindowsHandler')
handler = WindowsHandler(channel)
else:
debug('!!! Using PosixHandler')
handler = PosixHandler(channel)
if options.subsystem == 'sftp':
debug('!!! Invoking sftp subsystem')
channel.invoke_subsystem('sftp')
handler.transfer()
elif command:
debug('!!! Sending command %s', command)
channel.exec_command(' '.join(command))
handler.transfer()
else:
debug('!!! Opening shell')
channel.get_pty()
channel.invoke_shell()
handler.shell()
debug('!!! Done')
status = channel.recv_exit_status()
client.close()
return status
class RepositoryForm(forms.ModelForm):
"""A form for creating and updating repositories.
This form provides an interface for creating and updating repositories,
handling the association with hosting services, linking accounts,
dealing with SSH keys and SSL certificates, and more.
"""
REPOSITORY_INFO_FIELDSET = _('Repository Information')
BUG_TRACKER_FIELDSET = _('Bug Tracker')
NO_HOSTING_SERVICE_ID = 'custom'
NO_HOSTING_SERVICE_NAME = _('(None - Custom Repository)')
NO_BUG_TRACKER_ID = 'none'
NO_BUG_TRACKER_NAME = _('(None)')
CUSTOM_BUG_TRACKER_ID = 'custom'
CUSTOM_BUG_TRACKER_NAME = _('(Custom Bug Tracker)')
IGNORED_SERVICE_IDS = ('none', 'custom')
DEFAULT_PLAN_ID = 'default'
DEFAULT_PLAN_NAME = _('Default')
# Host trust state
reedit_repository = forms.BooleanField(label=_("Re-edit repository"),
required=False)
trust_host = forms.BooleanField(label=_("I trust this host"),
required=False)
# Repository Hosting fields
hosting_type = forms.ChoiceField(label=_("Hosting service"),
required=True,
initial=NO_HOSTING_SERVICE_ID)
hosting_account = forms.ModelChoiceField(
label=_('Account'),
required=True,
empty_label=_('<Link a new account>'),
help_text=_("Link this repository to an account on the hosting "
"service. This username may be used as part of the "
"repository URL, depending on the hosting service and "
"plan."),
queryset=HostingServiceAccount.objects.none())
hosting_account_username = forms.CharField(
label=_('Account username'),
required=True,
widget=forms.TextInput(attrs={
'size': 30,
'autocomplete': 'off'
}))
hosting_account_password = forms.CharField(
label=_('Account password'),
required=True,
widget=forms.PasswordInput(attrs={
'size': 30,
'autocomplete': 'off'
}))
# Repository Information fields
tool = forms.ModelChoiceField(label=_("Repository type"),
required=True,
empty_label=None,
queryset=Tool.objects.all())
repository_plan = forms.ChoiceField(
label=_('Repository plan'),
required=True,
help_text=_('The plan for your repository on this hosting service. '
'This must match what is set for your repository.'))
# Bug Tracker fields
bug_tracker_use_hosting = forms.BooleanField(
label=_("Use hosting service's bug tracker"),
initial=False,
required=False)
bug_tracker_type = forms.ChoiceField(label=_("Type"),
required=True,
initial=NO_BUG_TRACKER_ID)
bug_tracker_plan = forms.ChoiceField(label=_('Bug tracker plan'),
required=True)
bug_tracker_hosting_account_username = forms.CharField(
label=_('Account username'),
required=True,
widget=forms.TextInput(attrs={
'size': 30,
'autocomplete': 'off'
}))
bug_tracker = forms.CharField(
label=_("Bug tracker URL"),
max_length=256,
required=False,
widget=forms.TextInput(attrs={'size': '60'}),
help_text=_(
"The optional path to the bug tracker for this "
"repository. The path should resemble: "
"http://www.example.com/issues?id=%s, where %s will be the "
"bug number."),
validators=[validate_bug_tracker])
def __init__(self, *args, **kwargs):
self.local_site_name = kwargs.pop('local_site_name', None)
super(RepositoryForm, self).__init__(*args, **kwargs)
self.hostkeyerror = None
self.certerror = None
self.userkeyerror = None
self.hosting_account_linked = False
self.local_site = None
self.repository_forms = {}
self.bug_tracker_forms = {}
self.hosting_service_info = {}
self.validate_repository = True
self.cert = None
# Determine the local_site that will be associated with any
# repository coming from this form.
#
# We're careful to disregard any local_sites that are specified
# from the form data. The caller needs to pass in a local_site_name
# to ensure that it will be used.
if self.local_site_name:
self.local_site = LocalSite.objects.get(name=self.local_site_name)
elif self.instance and self.instance.local_site:
self.local_site = self.instance.local_site
self.local_site_name = self.local_site.name
elif self.fields['local_site'].initial:
self.local_site = self.fields['local_site'].initial
self.local_site_name = self.local_site.name
# Grab the entire list of HostingServiceAccounts that can be
# used by this form. When the form is actually being used by the
# user, the listed accounts will consist only of the ones available
# for the selected hosting service.
hosting_accounts = HostingServiceAccount.objects.accessible(
local_site=self.local_site)
self.fields['hosting_account'].queryset = hosting_accounts
# Standard forms don't support 'instance', so don't pass it through
# to any created hosting service forms.
if 'instance' in kwargs:
kwargs.pop('instance')
# Load the list of repository forms and hosting services.
hosting_service_choices = []
bug_tracker_choices = []
for hosting_service_id, hosting_service in get_hosting_services():
if hosting_service.supports_repositories:
hosting_service_choices.append(
(hosting_service_id, hosting_service.name))
if hosting_service.supports_bug_trackers:
bug_tracker_choices.append(
(hosting_service_id, hosting_service.name))
self.bug_tracker_forms[hosting_service_id] = {}
self.repository_forms[hosting_service_id] = {}
self.hosting_service_info[hosting_service_id] = {
'scmtools':
hosting_service.supported_scmtools,
'plans': [],
'planInfo': {},
'needs_authorization':
hosting_service.needs_authorization,
'supports_bug_trackers':
hosting_service.supports_bug_trackers,
'accounts': [{
'pk': account.pk,
'username': account.username,
'is_authorized': account.is_authorized,
} for account in hosting_accounts
if account.service_name == hosting_service_id],
}
try:
if hosting_service.plans:
for type_id, info in hosting_service.plans:
form = info.get('form', None)
if form:
self._load_hosting_service(hosting_service_id,
hosting_service,
type_id, info['name'],
form, *args, **kwargs)
elif hosting_service.form:
self._load_hosting_service(hosting_service_id,
hosting_service,
self.DEFAULT_PLAN_ID,
self.DEFAULT_PLAN_NAME,
hosting_service.form, *args,
**kwargs)
except Exception, e:
logging.error('Error loading hosting service %s: %s' %
(hosting_service_id, e),
exc_info=1)
# Build the list of hosting service choices, sorted, with
# "None" being first.
hosting_service_choices.sort(key=lambda x: x[1])
hosting_service_choices.insert(
0, (self.NO_HOSTING_SERVICE_ID, self.NO_HOSTING_SERVICE_NAME))
self.fields['hosting_type'].choices = hosting_service_choices
# Now do the same for bug trackers, but have separate None and Custom
# entries.
bug_tracker_choices.sort(key=lambda x: x[1])
bug_tracker_choices.insert(
0, (self.NO_BUG_TRACKER_ID, self.NO_BUG_TRACKER_NAME))
bug_tracker_choices.insert(
1, (self.CUSTOM_BUG_TRACKER_ID, self.CUSTOM_BUG_TRACKER_NAME))
self.fields['bug_tracker_type'].choices = bug_tracker_choices
# Get the current SSH public key that would be used for repositories,
# if one has been created.
self.ssh_client = SSHClient(namespace=self.local_site_name)
self.public_key = self.ssh_client.get_public_key(
self.ssh_client.get_user_key())
if self.instance:
self._populate_hosting_service_fields()
self._populate_bug_tracker_fields()
def _check_can_test_ssh(self):
"""Check whether SSH-based tests can be run.
This will check if the user's SSH keys are authorized by the local
machine for authentication, and whether any system-wide tools are
available.
If SSH-based tests cannot be run, the current test will be flagged
as skipped.
"""
# These tests are global across all unit tests using this class.
if SCMTestCase._can_test_ssh is None:
SCMTestCase.ssh_client = SSHClient()
key = self.ssh_client.get_user_key()
SCMTestCase._can_test_ssh = (
key is not None and self.ssh_client.is_key_authorized(key))
if not SCMTestCase._can_test_ssh:
raise SkipTest(
"Cannot perform SSH access tests. The local user's SSH "
"public key must be in the %s file and SSH must be enabled." %
os.path.join(self.ssh_client.storage.get_ssh_dir(),
'authorized_keys'))
# These tests are local to all unit tests using the same executable.
system_exes = self.ssh_required_system_exes
if system_exes:
user_key = SCMTestCase.ssh_client.get_user_key()
exes_to_check = (set(system_exes) -
set(SCMTestCase._ssh_system_exe_status.keys()))
for system_exe in exes_to_check:
# For safety, we'll do one connection per check, to avoid
# one check impacting another.
client = SSHClient()
client.connect('localhost', pkey=user_key)
try:
stdout, stderr = client.exec_command('which %s' %
system_exe)[1:]
# It's important to read all stdout/stderr data before
# waiting for status.
stdout.read()
stderr.read()
code = stdout.channel.recv_exit_status()
status = (code == 0)
except Exception as e:
logger.error(
'Unexpected error running `which %s` on '
'localhost for SSH test: %s', system_exe, e)
status = False
finally:
client.close()
SCMTestCase._ssh_system_exe_status[system_exe] = status
missing_exes = ', '.join(
'"%s"' % _system_exe for _system_exe in system_exes
if not SCMTestCase._ssh_system_exe_status[_system_exe])
if missing_exes:
raise SkipTest(
'Cannot perform SSH access tests. %s must be '
'available in the system path when executing '
'commands locally over SSH. You may need to install the '
'tool or make sure that the correct directory is in '
'~/.zshenv, ~/.profile, or another suitable file used '
'in non-interactive sessions.' % missing_exes)
def main():
if DEBUG:
pid = os.getpid()
log_filename = 'rbssh-%s.log' % pid
if DEBUG_LOGDIR:
log_path = os.path.join(DEBUG_LOGDIR, log_filename)
else:
log_path = log_filename
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s %(name)-18s %(levelname)-8s '
'%(message)s',
datefmt='%m-%d %H:%M',
filename=log_path,
filemode='w')
logging.debug('%s' % sys.argv)
logging.debug('PID %s' % pid)
ch = logging.StreamHandler()
ch.setLevel(logging.INFO)
ch.setFormatter(logging.Formatter('%(message)s'))
ch.addFilter(logging.Filter('root'))
logging.getLogger('').addHandler(ch)
path, port, command = parse_options(sys.argv[1:])
if '://' not in path:
path = 'ssh://' + path
username, hostname = SCMTool.get_auth_from_uri(path, options.username)
if username is None:
username = getpass.getuser()
logging.debug('!!! %s, %s, %s' % (hostname, username, command))
client = SSHClient(namespace=options.local_site_name)
client.set_missing_host_key_policy(paramiko.WarningPolicy())
attempts = 0
password = None
key = client.get_user_key()
while True:
try:
client.connect(hostname, port, username=username, password=password,
pkey=key, allow_agent=options.allow_agent)
break
except paramiko.AuthenticationException, e:
if attempts == 3 or not sys.stdin.isatty():
logging.error('Too many authentication failures for %s' %
username)
sys.exit(1)
attempts += 1
password = getpass.getpass("%s@%s's password: " %
(username, hostname))
except paramiko.SSHException, e:
logging.error('Error connecting to server: %s' % e)
sys.exit(1)
def _check_repository(self, scmtool_class, path, username, password,
local_site, trust_host, ret_cert, request):
if local_site:
local_site_name = local_site.name
else:
local_site_name = None
while 1:
# Keep doing this until we have an error we don't want
# to ignore, or it's successful.
try:
scmtool_class.check_repository(path, username, password,
local_site_name)
return None
except RepositoryNotFoundError:
return MISSING_REPOSITORY
except BadHostKeyError as e:
if trust_host:
try:
client = SSHClient(namespace=local_site_name)
client.replace_host_key(e.hostname,
e.raw_expected_key,
e.raw_key)
except IOError as e:
return SERVER_CONFIG_ERROR, {
'reason': six.text_type(e),
}
else:
return BAD_HOST_KEY, {
'hostname': e.hostname,
'expected_key': e.raw_expected_key.get_base64(),
'key': e.raw_key.get_base64(),
}
except UnknownHostKeyError as e:
if trust_host:
try:
client = SSHClient(namespace=local_site_name)
client.add_host_key(e.hostname, e.raw_key)
except IOError as e:
return SERVER_CONFIG_ERROR, {
'reason': six.text_type(e),
}
else:
return UNVERIFIED_HOST_KEY, {
'hostname': e.hostname,
'key': e.raw_key.get_base64(),
}
except UnverifiedCertificateError as e:
if trust_host:
try:
cert = scmtool_class.accept_certificate(
path, local_site_name)
if cert:
ret_cert.update(cert)
except IOError as e:
return SERVER_CONFIG_ERROR, {
'reason': six.text_type(e),
}
else:
return UNVERIFIED_HOST_CERT, {
'certificate': {
'failures': e.certificate.failures,
'fingerprint': e.certificate.fingerprint,
'hostname': e.certificate.hostname,
'issuer': e.certificate.issuer,
'valid': {
'from': e.certificate.valid_from,
'until': e.certificate.valid_until,
},
},
}
except AuthenticationError as e:
if 'publickey' in e.allowed_types and e.user_key is None:
return MISSING_USER_KEY
else:
return REPO_AUTHENTICATION_ERROR, {
'reason': six.text_type(e),
}
except SSHError as e:
logging.error('Got unexpected SSHError when checking '
'repository: %s'
% e, exc_info=1, request=request)
return REPO_INFO_ERROR, {
'error': six.text_type(e),
}
except SCMError as e:
logging.error('Got unexpected SCMError when checking '
'repository: %s'
% e, exc_info=1, request=request)
return REPO_INFO_ERROR, {
'error': six.text_type(e),
}
except Exception as e:
logging.error('Unknown error in checking repository %s: %s',
path, e, exc_info=1, request=request)
# We should give something better, but I don't have anything.
# This will at least give a HTTP 500.
raise
def main():
if DEBUG:
pid = os.getpid()
log_filename = 'rbssh-%s.log' % pid
if DEBUG_LOGDIR:
log_path = os.path.join(DEBUG_LOGDIR, log_filename)
else:
log_path = log_filename
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s %(name)-18s %(levelname)-8s '
'%(message)s',
datefmt='%m-%d %H:%M',
filename=log_path,
filemode='w')
logging.debug('%s' % sys.argv)
logging.debug('PID %s' % pid)
ch = logging.StreamHandler()
ch.setLevel(logging.INFO)
ch.setFormatter(logging.Formatter('%(message)s'))
ch.addFilter(logging.Filter('root'))
logging.getLogger('').addHandler(ch)
path, command = parse_options(sys.argv[1:])
if '://' not in path:
path = 'ssh://' + path
username, hostname = SCMTool.get_auth_from_uri(path, options.username)
if username is None:
username = getpass.getuser()
logging.debug('!!! %s, %s, %s' % (hostname, username, command))
client = SSHClient(namespace=options.local_site_name)
client.set_missing_host_key_policy(paramiko.WarningPolicy())
attempts = 0
password = None
key = client.get_user_key()
while True:
try:
client.connect(hostname,
username=username,
password=password,
pkey=key,
allow_agent=options.allow_agent)
break
except paramiko.AuthenticationException, e:
if attempts == 3 or not sys.stdin.isatty():
logging.error('Too many authentication failures for %s' %
username)
sys.exit(1)
attempts += 1
password = getpass.getpass("%s@%s's password: " %
(username, hostname))
except paramiko.SSHException, e:
logging.error('Error connecting to server: %s' % e)
sys.exit(1)
