Esempio n. 1
0
def get_container_username(environ, config, clean_username=False):
    """
    Get's the container_auth username (or email). It tries to get username
    from REMOTE_USER if container_auth_enabled is enabled, if that fails
    it tries to get username from HTTP_X_FORWARDED_USER if proxypass_auth_enabled
    is enabled. clean_username extracts the username from this data if it's
    having @ in it.

    :param environ:
    :param config:
    :param clean_username:
    """
    username = None

    if str2bool(config.get('container_auth_enabled', False)):
        from paste.httpheaders import REMOTE_USER
        username = REMOTE_USER(environ)
        log.debug('extracted REMOTE_USER:%s' % (username))

    if not username and str2bool(config.get('proxypass_auth_enabled', False)):
        username = environ.get('HTTP_X_FORWARDED_USER')
        log.debug('extracted HTTP_X_FORWARDED_USER:%s' % (username))

    if username and clean_username:
        # Removing realm and domain from username
        username = username.partition('@')[0]
        username = username.rpartition('\\')[2]
    log.debug('Received username %s from container' % username)

    return username
Esempio n. 2
0
def get_container_username(environ, config, clean_username=False):
    """
    Get's the container_auth username (or email). It tries to get username
    from REMOTE_USER if container_auth_enabled is enabled, if that fails
    it tries to get username from HTTP_X_FORWARDED_USER if proxypass_auth_enabled
    is enabled. clean_username extracts the username from this data if it's
    having @ in it.

    :param environ:
    :param config:
    :param clean_username:
    """
    username = None

    if str2bool(config.get('container_auth_enabled', False)):
        from paste.httpheaders import REMOTE_USER
        username = REMOTE_USER(environ)
        log.debug('extracted REMOTE_USER:%s' % (username))

    if not username and str2bool(config.get('proxypass_auth_enabled', False)):
        username = environ.get('HTTP_X_FORWARDED_USER')
        log.debug('extracted HTTP_X_FORWARDED_USER:%s' % (username))

    if username and clean_username:
        # Removing realm and domain from username
        username = username.partition('@')[0]
        username = username.rpartition('\\')[2]
    log.debug('Received username %s from container' % username)

    return username
Esempio n. 3
0
def gravatar_url(email_address, size=30):
    from pylons import url  ## doh, we need to re-import url to mock it later
    if(str2bool(config['app_conf'].get('use_gravatar')) and
       config['app_conf'].get('alternative_gravatar_url')):
        tmpl = config['app_conf'].get('alternative_gravatar_url', '')
        parsed_url = urlparse.urlparse(url.current(qualified=True))
        tmpl = tmpl.replace('{email}', email_address)\
                   .replace('{md5email}', hashlib.md5(email_address.lower()).hexdigest()) \
                   .replace('{netloc}', parsed_url.netloc)\
                   .replace('{scheme}', parsed_url.scheme)\
                   .replace('{size}', str(size))
        return tmpl

    if (not str2bool(config['app_conf'].get('use_gravatar')) or
        not email_address or email_address == '*****@*****.**'):
        f = lambda a, l: min(l, key=lambda x: abs(x - a))
        return url("/images/user%s.png" % f(size, [14, 16, 20, 24, 30]))

    ssl_enabled = 'https' == request.environ.get('wsgi.url_scheme')
    default = 'identicon'
    baseurl_nossl = "http://www.gravatar.com/avatar/"
    baseurl_ssl = "https://secure.gravatar.com/avatar/"
    baseurl = baseurl_ssl if ssl_enabled else baseurl_nossl

    if isinstance(email_address, unicode):
        #hashlib crashes on unicode items
        email_address = safe_str(email_address)
    # construct the url
    gravatar_url = baseurl + hashlib.md5(email_address.lower()).hexdigest() + "?"
    gravatar_url += urllib.urlencode({'d': default, 's': str(size)})

    return gravatar_url
Esempio n. 4
0
    def __before__(self):
        c.rhodecode_version = __version__
        c.rhodecode_instanceid = config.get('instance_id')
        c.rhodecode_name = config.get('rhodecode_title')
        c.use_gravatar = str2bool(config.get('use_gravatar'))
        c.ga_code = config.get('rhodecode_ga_code')
        # Visual options
        c.visual = AttributeDict({})
        rc_config = RhodeCodeSetting.get_app_settings()

        c.visual.show_public_icon = str2bool(rc_config.get('rhodecode_show_public_icon'))
        c.visual.show_private_icon = str2bool(rc_config.get('rhodecode_show_private_icon'))
        c.visual.stylify_metatags = str2bool(rc_config.get('rhodecode_stylify_metatags'))
        c.visual.lightweight_dashboard = str2bool(rc_config.get('rhodecode_lightweight_dashboard'))
        c.visual.lightweight_dashboard_items = safe_int(config.get('dashboard_items', 100))

        c.repo_name = get_repo_slug(request)
        c.backends = BACKENDS.keys()
        c.unread_notifications = NotificationModel()\
                        .get_unread_cnt_for_user(c.rhodecode_user.user_id)
        self.cut_off_limit = int(config.get('cut_off_limit'))

        self.sa = meta.Session
        self.scm_model = ScmModel(self.sa)
        self.ip_addr = ''
Esempio n. 5
0
def send_email(recipients, subject, body='', html_body='', email_config=None):
    """
    Sends an email with defined parameters from the .ini files.

    :param recipients: list of recipients, it this is empty the defined email
        address from field 'email_to' is used instead
    :param subject: subject of the mail
    :param body: body of the mail
    :param html_body: html version of body
    """
    log = get_logger(send_email)

    email_config = email_config or config
    subject = "%s %s" % (email_config.get('email_prefix', ''), subject)
    if not recipients:
        # if recipients are not defined we send to email_config + all admins
        admins = [
            u.email for u in User.query().filter(User.admin == True).all()
        ]
        recipients = [email_config.get('email_to')] + admins

    mail_server = email_config.get('smtp_server') or None
    if mail_server is None:
        log.error("SMTP server information missing. Sending email failed. "
                  "Make sure that `smtp_server` variable is configured "
                  "inside the .ini file")
        return False

    mail_from = email_config.get('app_email_from', 'RhodeCode')
    user = email_config.get('smtp_username')
    passwd = email_config.get('smtp_password')
    mail_port = email_config.get('smtp_port')
    tls = str2bool(email_config.get('smtp_use_tls'))
    ssl = str2bool(email_config.get('smtp_use_ssl'))
    debug = str2bool(email_config.get('debug'))
    smtp_auth = email_config.get('smtp_auth')

    try:
        m = SmtpMailer(mail_from,
                       user,
                       passwd,
                       mail_server,
                       smtp_auth,
                       mail_port,
                       ssl,
                       tls,
                       debug=debug)
        m.send(recipients, subject, body, html_body)
    except Exception:
        log.exception('Mail sending failed')
        return False
    return True
Esempio n. 6
0
    def __before__(self):
        """
        __before__ is called before controller methods and after __call__
        """
        c.rhodecode_version = __version__
        c.rhodecode_instanceid = config.get('instance_id')
        c.rhodecode_name = config.get('rhodecode_title')
        c.rhodecode_bugtracker = config.get('bugtracker', 'http://bitbucket.org/marcinkuzminski/rhodecode/issues')
        c.use_gravatar = str2bool(config.get('use_gravatar'))
        c.ga_code = config.get('rhodecode_ga_code')
        # Visual options
        c.visual = AttributeDict({})
        rc_config = RhodeCodeSetting.get_app_settings()
        ## DB stored
        c.visual.show_public_icon = str2bool(rc_config.get('rhodecode_show_public_icon'))
        c.visual.show_private_icon = str2bool(rc_config.get('rhodecode_show_private_icon'))
        c.visual.stylify_metatags = str2bool(rc_config.get('rhodecode_stylify_metatags'))
        c.visual.dashboard_items = safe_int(rc_config.get('rhodecode_dashboard_items', 100))
        c.visual.repository_fields = str2bool(rc_config.get('rhodecode_repository_fields'))
        c.visual.show_version = str2bool(rc_config.get('rhodecode_show_version'))

        ## INI stored
        self.cut_off_limit = int(config.get('cut_off_limit'))
        c.visual.allow_repo_location_change = str2bool(config.get('allow_repo_location_change', True))
        c.visual.allow_custom_hooks_settings = str2bool(config.get('allow_custom_hooks_settings', True))

        c.repo_name = get_repo_slug(request)  # can be empty
        c.backends = BACKENDS.keys()
        c.unread_notifications = NotificationModel()\
                        .get_unread_cnt_for_user(c.rhodecode_user.user_id)
        self.sa = meta.Session
        self.scm_model = ScmModel(self.sa)
Esempio n. 7
0
    def update_perm(self, id):
        """PUT /users_perm/id: Update an existing item"""
        # url('users_group_perm', id=ID, method='put')

        users_group = UserGroup.get_or_404(id)
        grant_create_perm = str2bool(request.POST.get('create_repo_perm'))
        grant_fork_perm = str2bool(request.POST.get('fork_repo_perm'))
        inherit_perms = str2bool(
            request.POST.get('inherit_default_permissions'))

        usergroup_model = UserGroupModel()

        try:
            users_group.inherit_default_permissions = inherit_perms
            Session().add(users_group)

            if grant_create_perm:
                usergroup_model.revoke_perm(id, 'hg.create.none')
                usergroup_model.grant_perm(id, 'hg.create.repository')
                h.flash(
                    _("Granted 'repository create' permission to user group"),
                    category='success')
            else:
                usergroup_model.revoke_perm(id, 'hg.create.repository')
                usergroup_model.grant_perm(id, 'hg.create.none')
                h.flash(
                    _("Revoked 'repository create' permission to user group"),
                    category='success')

            if grant_fork_perm:
                usergroup_model.revoke_perm(id, 'hg.fork.none')
                usergroup_model.grant_perm(id, 'hg.fork.repository')
                h.flash(
                    _("Granted 'repository fork' permission to user group"),
                    category='success')
            else:
                usergroup_model.revoke_perm(id, 'hg.fork.repository')
                usergroup_model.grant_perm(id, 'hg.fork.none')
                h.flash(
                    _("Revoked 'repository fork' permission to user group"),
                    category='success')

            Session().commit()
        except Exception:
            log.error(traceback.format_exc())
            h.flash(_('An error occurred during permissions saving'),
                    category='error')

        return redirect(url('edit_users_group', id=id))
Esempio n. 8
0
    def update_application_permissions(self, form_result):
        if 'perm_user_id' in form_result:
            perm_user = User.get(safe_int(form_result['perm_user_id']))
        else:
            # used mostly to do lookup for default user
            perm_user = User.get_by_username(form_result['perm_user_name'])

        try:
            # stage 1 set anonymous access
            if perm_user.username == User.DEFAULT_USER:
                perm_user.active = str2bool(form_result['anonymous'])
                self.sa.add(perm_user)

            # stage 2 reset defaults and set them from form data
            self._set_new_user_perms(perm_user,
                                     form_result,
                                     preserve=[
                                         'default_repo_perm',
                                         'default_group_perm',
                                         'default_user_group_perm',
                                         'default_repo_group_create',
                                         'default_user_group_create',
                                         'default_repo_create_on_write',
                                         'default_repo_create',
                                         'default_fork_create',
                                         'default_inherit_default_permissions',
                                     ])

            self.sa.commit()
        except (DatabaseError, ):
            log.error(traceback.format_exc())
            self.sa.rollback()
            raise
Esempio n. 9
0
def gravatar_url(email_address, size=30, ssl_enabled=True):
    from pylons import url  # doh, we need to re-import url to mock it later
    from rhodecode import CONFIG

    _def = '*****@*****.**'  # default gravatar
    use_gravatar = str2bool(CONFIG.get('use_gravatar'))
    alternative_gravatar_url = CONFIG.get('alternative_gravatar_url', '')
    email_address = email_address or _def
    if not use_gravatar or not email_address or email_address == _def:
        f = lambda a, l: min(l, key=lambda x: abs(x - a))
        return url("/images/user%s.png" % f(size, [14, 16, 20, 24, 30]))

    if use_gravatar and alternative_gravatar_url:
        tmpl = alternative_gravatar_url
        parsed_url = urlparse.urlparse(url.current(qualified=True))
        tmpl = tmpl.replace('{email}', email_address)\
                   .replace('{md5email}', hashlib.md5(email_address.lower()).hexdigest()) \
                   .replace('{netloc}', parsed_url.netloc)\
                   .replace('{scheme}', parsed_url.scheme)\
                   .replace('{size}', str(size))
        return tmpl

    default = 'identicon'
    baseurl_nossl = "http://www.gravatar.com/avatar/"
    baseurl_ssl = "https://secure.gravatar.com/avatar/"
    baseurl = baseurl_ssl if ssl_enabled else baseurl_nossl

    if isinstance(email_address, unicode):
        #hashlib crashes on unicode items
        email_address = safe_str(email_address)
    # construct the url
    gravatar_url = baseurl + hashlib.md5(email_address.lower()).hexdigest() + "?"
    gravatar_url += urllib.urlencode({'d': default, 's': str(size)})

    return gravatar_url
Esempio n. 10
0
    def test_str2bool(self):
        from rhodecode.lib.utils2 import str2bool

        test_cases = [
            ("t", True),
            ("true", True),
            ("y", True),
            ("yes", True),
            ("on", True),
            ("1", True),
            ("Y", True),
            ("yeS", True),
            ("Y", True),
            ("TRUE", True),
            ("T", True),
            ("False", False),
            ("F", False),
            ("FALSE", False),
            ("0", False),
            ("-1", False),
            ("", False),
        ]

        for case in test_cases:
            self.assertEqual(str2bool(case[0]), case[1])
Esempio n. 11
0
def gravatar_url(email_address, size=30):
    from pylons import url  # doh, we need to re-import url to mock it later
    _def = '*****@*****.**'
    use_gravatar = str2bool(config['app_conf'].get('use_gravatar'))
    email_address = email_address or _def
    if (not use_gravatar or not email_address or email_address == _def):
        f = lambda a, l: min(l, key=lambda x: abs(x - a))
        return url("/images/user%s.png" % f(size, [14, 16, 20, 24, 30]))

    if use_gravatar and config['app_conf'].get('alternative_gravatar_url'):
        tmpl = config['app_conf'].get('alternative_gravatar_url', '')
        parsed_url = urlparse.urlparse(url.current(qualified=True))
        tmpl = tmpl.replace('{email}', email_address)\
                   .replace('{md5email}', hashlib.md5(email_address.lower()).hexdigest()) \
                   .replace('{netloc}', parsed_url.netloc)\
                   .replace('{scheme}', parsed_url.scheme)\
                   .replace('{size}', str(size))
        return tmpl

    ssl_enabled = 'https' == request.environ.get('wsgi.url_scheme')
    default = 'identicon'
    baseurl_nossl = "http://www.gravatar.com/avatar/"
    baseurl_ssl = "https://secure.gravatar.com/avatar/"
    baseurl = baseurl_ssl if ssl_enabled else baseurl_nossl

    if isinstance(email_address, unicode):
        #hashlib crashes on unicode items
        email_address = safe_str(email_address)
    # construct the url
    gravatar_url = baseurl + hashlib.md5(
        email_address.lower()).hexdigest() + "?"
    gravatar_url += urllib.urlencode({'d': default, 's': str(size)})

    return gravatar_url
Esempio n. 12
0
 def list_enabled_social_plugins(self, settings):
     enabled = []
     for plug in SOCIAL_PLUGINS_LIST:
         if str2bool(settings.get('rhodecode_auth_{}_enabled'.format(plug)
                                  )):
             enabled.append(plug)
     return enabled
Esempio n. 13
0
def get_container_username(environ, config):
    username = None

    if str2bool(config.get('container_auth_enabled', False)):
        from paste.httpheaders import REMOTE_USER
        username = REMOTE_USER(environ)

    if not username and str2bool(config.get('proxypass_auth_enabled', False)):
        username = environ.get('HTTP_X_FORWARDED_USER')

    if username:
        # Removing realm and domain from username
        username = username.partition('@')[0]
        username = username.rpartition('\\')[2]
        log.debug('Received username %s from container' % username)

    return username
Esempio n. 14
0
    def update_perm(self, id):
        """PUT /users_perm/id: Update an existing item"""
        # url('users_group_perm', id=ID, method='put')

        users_group = UsersGroup.get_or_404(id)
        grant_create_perm = str2bool(request.POST.get('create_repo_perm'))
        grant_fork_perm = str2bool(request.POST.get('fork_repo_perm'))
        inherit_perms = str2bool(request.POST.get('inherit_default_permissions'))

        usersgroup_model = UsersGroupModel()

        try:
            users_group.inherit_default_permissions = inherit_perms
            Session().add(users_group)

            if grant_create_perm:
                usersgroup_model.revoke_perm(id, 'hg.create.none')
                usersgroup_model.grant_perm(id, 'hg.create.repository')
                h.flash(_("Granted 'repository create' permission to users group"),
                        category='success')
            else:
                usersgroup_model.revoke_perm(id, 'hg.create.repository')
                usersgroup_model.grant_perm(id, 'hg.create.none')
                h.flash(_("Revoked 'repository create' permission to users group"),
                        category='success')

            if grant_fork_perm:
                usersgroup_model.revoke_perm(id, 'hg.fork.none')
                usersgroup_model.grant_perm(id, 'hg.fork.repository')
                h.flash(_("Granted 'repository fork' permission to users group"),
                        category='success')
            else:
                usersgroup_model.revoke_perm(id, 'hg.fork.repository')
                usersgroup_model.grant_perm(id, 'hg.fork.none')
                h.flash(_("Revoked 'repository fork' permission to users group"),
                        category='success')

            Session().commit()
        except Exception:
            log.error(traceback.format_exc())
            h.flash(_('An error occurred during permissions saving'),
                    category='error')

        return redirect(url('edit_users_group', id=id))
Esempio n. 15
0
    def update(self, form_result):
        perm_user = User.get_by_username(username=form_result['perm_user_name'])
        u2p = self.sa.query(UserToPerm).filter(UserToPerm.user == perm_user).all()

        try:
            def _make_new(usr, perm_name):
                new = UserToPerm()
                new.user = usr
                new.permission = Permission.get_by_key(perm_name)
                return new
            # clear current entries, to make this function idempotent
            # it will fix even if we define more permissions or permissions
            # are somehow missing
            for p in u2p:
                self.sa.delete(p)
            #create fresh set of permissions
            for def_perm_key in ['default_repo_perm', 'default_group_perm',
                                 'default_register', 'default_create',
                                 'default_fork']:
                p = _make_new(perm_user, form_result[def_perm_key])
                self.sa.add(p)

            #stage 2 update all default permissions for repos if checked
            if form_result['overwrite_default_repo'] == True:
                _def_name = form_result['default_repo_perm'].split('repository.')[-1]
                _def = Permission.get_by_key('repository.' + _def_name)
                # repos
                for r2p in self.sa.query(UserRepoToPerm)\
                               .filter(UserRepoToPerm.user == perm_user)\
                               .all():

                    #don't reset PRIVATE repositories
                    if not r2p.repository.private:
                        r2p.permission = _def
                        self.sa.add(r2p)

            if form_result['overwrite_default_group'] == True:
                _def_name = form_result['default_group_perm'].split('group.')[-1]
                # groups
                _def = Permission.get_by_key('group.' + _def_name)
                for g2p in self.sa.query(UserRepoGroupToPerm)\
                               .filter(UserRepoGroupToPerm.user == perm_user)\
                               .all():
                    g2p.permission = _def
                    self.sa.add(g2p)

            # stage 3 set anonymous access
            if perm_user.username == 'default':
                perm_user.active = str2bool(form_result['anonymous'])
                self.sa.add(perm_user)

            self.sa.commit()
        except (DatabaseError,):
            log.error(traceback.format_exc())
            self.sa.rollback()
            raise
Esempio n. 16
0
 def update(self, repo_name, pull_request_id):
     pull_request_id = safe_int(pull_request_id)
     pull_request = PullRequest.get_or_404(pull_request_id)
     # only owner or admin can update it
     allowed_to_update = PullRequestModel().check_user_update(
         pull_request, c.rhodecode_user)
     if allowed_to_update:
         if 'reviewers_ids' in request.POST:
             self._update_reviewers(pull_request_id)
         elif str2bool(request.POST.get('update_commits', 'false')):
             self._update_commits(pull_request)
         elif str2bool(request.POST.get('close_pull_request', 'false')):
             self._reject_close(pull_request)
         elif str2bool(request.POST.get('edit_pull_request', 'false')):
             self._edit_pull_request(pull_request)
         else:
             raise HTTPBadRequest()
         return True
     raise HTTPForbidden()
Esempio n. 17
0
    def __before__(self):
        c.rhodecode_version = __version__
        c.rhodecode_instanceid = config.get("instance_id")
        c.rhodecode_name = config.get("rhodecode_title")
        c.use_gravatar = str2bool(config.get("use_gravatar"))
        c.ga_code = config.get("rhodecode_ga_code")
        # Visual options
        c.visual = AttributeDict({})
        c.visual.show_public_icon = str2bool(config.get("rhodecode_show_public_icon"))
        c.visual.show_private_icon = str2bool(config.get("rhodecode_show_private_icon"))
        c.visual.stylify_metatags = str2bool(config.get("rhodecode_stylify_metatags"))

        c.repo_name = get_repo_slug(request)
        c.backends = BACKENDS.keys()
        c.unread_notifications = NotificationModel().get_unread_cnt_for_user(c.rhodecode_user.user_id)
        self.cut_off_limit = int(config.get("cut_off_limit"))

        self.sa = meta.Session
        self.scm_model = ScmModel(self.sa)
        self.ip_addr = ""
Esempio n. 18
0
    def __call__(self, environ, start_response):
        self.__fixup(environ)
        debug = str2bool(self.config.get('debug'))
        is_ssl = environ['wsgi.url_scheme'] == 'https'

        def custom_start_response(status, headers, exc_info=None):
            if is_ssl and str2bool(self.config.get('use_htsts')) and not debug:
                headers.append(('Strict-Transport-Security',
                                'max-age=8640000; includeSubDomains'))
            return start_response(status, headers, exc_info)

        return self.application(environ, custom_start_response)
Esempio n. 19
0
 def _check_ssl(self, environ, start_response):
     """
     Checks the SSL check flag and returns False if SSL is not present
     and required True otherwise
     """
     org_proto = environ["wsgi._org_proto"]
     # check if we have SSL required  ! if not it's a bad request !
     require_ssl = str2bool(RhodeCodeUi.get_by_key("push_ssl").ui_value)
     if require_ssl and org_proto == "http":
         log.debug("proto is %s and SSL is required BAD REQUEST !" % org_proto)
         return False
     return True
Esempio n. 20
0
 def __init__(self, application, config):
     self.application = application
     self.config = config
     # base path of repo locations
     self.basepath = self.config['base_path']
     # authenticate this VCS request using authfunc
     auth_ret_code_detection = \
         str2bool(self.config.get('auth_ret_code_detection', False))
     self.authenticate = BasicAuth('', authenticate,
                                   config.get('auth_ret_code'),
                                   auth_ret_code_detection)
     self.ip_addr = '0.0.0.0'
Esempio n. 21
0
    def __call__(self, environ, start_response):
        self.__fixup(environ)
        debug = str2bool(self.config.get('debug'))
        is_ssl = environ['wsgi.url_scheme'] == 'https'

        def custom_start_response(status, headers, exc_info=None):
            if is_ssl and str2bool(self.config.get('use_htsts')) and not debug:
                headers.append(('Strict-Transport-Security',
                                'max-age=8640000; includeSubDomains'))
            return start_response(status, headers, exc_info)

        return self.application(environ, custom_start_response)
Esempio n. 22
0
 def _check_ssl(self, environ, start_response):
     """
     Checks the SSL check flag and returns False if SSL is not present
     and required True otherwise
     """
     org_proto = environ['wsgi._org_proto']
     #check if we have SSL required  ! if not it's a bad request !
     require_ssl = str2bool(RhodeCodeUi.get_by_key('push_ssl').ui_value)
     if require_ssl and org_proto == 'http':
         log.debug('proto is %s and SSL is required BAD REQUEST !'
                   % org_proto)
         return False
     return True
Esempio n. 23
0
def includeme(config):
    settings = config.get_settings()

    # Create admin navigation registry and add it to the pyramid registry.
    labs_active = str2bool(settings.get('labs_settings_active', False))
    navigation_registry = NavigationRegistry(labs_active=labs_active)
    config.registry.registerUtility(navigation_registry)

    config.add_route(name='admin_settings_open_source',
                     pattern=ADMIN_PREFIX + '/settings/open_source')

    # Scan module for configuration decorators.
    config.scan()
def fixups(models, _SESSION):
    from pylons import config
    from rhodecode.lib.utils2 import str2bool

    Optional = models.Optional

    def get_by_name(cls, key):
        return cls.query().filter(cls.app_settings_name == key).scalar()

    def create_or_update(cls, key, val=Optional(''), type=Optional('unicode')):
        res = get_by_name(cls, key)
        if not res:
            val = Optional.extract(val)
            type = Optional.extract(type)
            res = cls(key, val, type)
        else:
            res.app_settings_name = key
            if not isinstance(val, Optional):
                # update if set
                res.app_settings_value = val
            if not isinstance(type, Optional):
                # update if set
                res.app_settings_type = type
        return res

    notify('migrating options from .ini file')
    use_gravatar = str2bool(config.get('use_gravatar'))
    print('Setting gravatar use to: %s' % use_gravatar)
    sett = create_or_update(models.RhodeCodeSetting,
        'use_gravatar', use_gravatar, 'bool')
    _SESSION().add(sett)
    _SESSION.commit()
    # set the new format of gravatar URL
    gravatar_url = models.User.DEFAULT_GRAVATAR_URL
    if config.get('alternative_gravatar_url'):
        gravatar_url = config.get('alternative_gravatar_url')

    print('Setting gravatar url to:%s' % gravatar_url)
    sett = create_or_update(models.RhodeCodeSetting,
        'gravatar_url', gravatar_url, 'unicode')
    _SESSION().add(sett)
    _SESSION.commit()

    # now create new changed value of clone_url
    clone_uri_tmpl = models.Repository.DEFAULT_CLONE_URI
    print('settings new clone url template to %s' % clone_uri_tmpl)

    sett = create_or_update(models.RhodeCodeSetting,
        'clone_uri_tmpl', clone_uri_tmpl, 'unicode')
    _SESSION().add(sett)
    _SESSION.commit()
Esempio n. 25
0
 def __before__(self):
     super(FeedController, self).__before__()
     #common values for feeds
     self.description = _('Changes on %s repository')
     self.title = self.title = _('%s %s feed') % (c.rhodecode_name, '%s')
     self.language = 'en-us'
     self.ttl = "5"
     import rhodecode
     CONF = rhodecode.CONFIG
     self.include_diff = str2bool(CONF.get('rss_include_diff', False))
     self.feed_nr = safe_int(CONF.get('rss_items_per_page', 20))
     # we need to protect from parsing huge diffs here other way
     # we can kill the server
     self.feed_diff_limit = safe_int(CONF.get('rss_cut_off_limit', 32 * 1024))
Esempio n. 26
0
 def __before__(self):
     super(FeedController, self).__before__()
     #common values for feeds
     self.description = _('Changes on %s repository')
     self.title = self.title = _('%s %s feed') % (c.rhodecode_name, '%s')
     self.language = 'en-us'
     self.ttl = "5"
     import rhodecode
     CONF = rhodecode.CONFIG
     self.include_diff = str2bool(CONF.get('rss_include_diff', False))
     self.feed_nr = safe_int(CONF.get('rss_items_per_page', 20))
     # we need to protect from parsing huge diffs here other way
     # we can kill the server
     self.feed_diff_limit = safe_int(CONF.get('rss_cut_off_limit', 32 * 1024))
Esempio n. 27
0
    def command(self):
        from pylons import config
        try:
            CELERY_ON = str2bool(config['app_conf'].get('use_celery'))
        except KeyError:
            CELERY_ON = False

        if not CELERY_ON:
            raise Exception('Please enable celery_on in .ini config '
                            'file before running celeryd')
        rhodecode.CELERY_ON = CELERY_ON
        load_rcextensions(config['here'])
        cmd = self.celery_command(app_or_default())
        return cmd.run(**vars(self.options))
Esempio n. 28
0
    def __before__(self):
        c.rhodecode_version = __version__
        c.rhodecode_instanceid = config.get('instance_id')
        c.rhodecode_name = config.get('rhodecode_title')
        c.use_gravatar = str2bool(config.get('use_gravatar'))
        c.ga_code = config.get('rhodecode_ga_code')
        c.repo_name = get_repo_slug(request)
        c.backends = BACKENDS.keys()
        c.unread_notifications = NotificationModel()\
                        .get_unread_cnt_for_user(c.rhodecode_user.user_id)
        self.cut_off_limit = int(config.get('cut_off_limit'))

        self.sa = meta.Session
        self.scm_model = ScmModel(self.sa)
Esempio n. 29
0
    def show_all(self, repo_name):
        # filter types
        c.active = 'open'
        c.source = str2bool(request.GET.get('source'))
        c.closed = str2bool(request.GET.get('closed'))
        c.my = str2bool(request.GET.get('my'))
        c.awaiting_review = str2bool(request.GET.get('awaiting_review'))
        c.awaiting_my_review = str2bool(request.GET.get('awaiting_my_review'))
        c.repo_name = repo_name

        opened_by = None
        if c.my:
            c.active = 'my'
            opened_by = [c.rhodecode_user.user_id]

        statuses = [PullRequest.STATUS_NEW, PullRequest.STATUS_OPEN]
        if c.closed:
            c.active = 'closed'
            statuses = [PullRequest.STATUS_CLOSED]

        if c.awaiting_review and not c.source:
            c.active = 'awaiting'
        if c.source and not c.awaiting_review:
            c.active = 'source'
        if c.awaiting_my_review:
            c.active = 'awaiting_my'

        data = self._get_pull_requests_list(repo_name=repo_name,
                                            opened_by=opened_by,
                                            statuses=statuses)
        if not request.is_xhr:
            c.data = json.dumps(data['data'])
            c.records_total = data['recordsTotal']
            return render('/pullrequests/pullrequests.html')
        else:
            return json.dumps(data)
Esempio n. 30
0
def show_id(cs):
    """
    Configurable function that shows ID
    by default it's r123:fffeeefffeee

    :param cs: changeset instance
    """
    from rhodecode import CONFIG
    def_len = safe_int(CONFIG.get('show_sha_length', 12))
    show_rev = str2bool(CONFIG.get('show_revision_number', True))

    raw_id = cs.raw_id[:def_len]
    if show_rev:
        return 'r%s:%s' % (cs.revision, raw_id)
    else:
        return '%s' % (raw_id)
Esempio n. 31
0
def show_id(cs):
    """
    Configurable function that shows ID
    by default it's r123:fffeeefffeee

    :param cs: changeset instance
    """
    from rhodecode import CONFIG
    def_len = safe_int(CONFIG.get('show_sha_length', 12))
    show_rev = str2bool(CONFIG.get('show_revision_number', True))

    raw_id = cs.raw_id[:def_len]
    if show_rev:
        return 'r%s:%s' % (cs.revision, raw_id)
    else:
        return '%s' % (raw_id)
def fixups(models, _SESSION):
    notify('Fixing default auth modules')
    plugins = 'rhodecode.lib.auth_modules.auth_rhodecode'
    opts = []
    ldap_enabled = str2bool(
        getattr(get_by_name(models.RhodeCodeSetting, 'ldap_active'),
                'app_settings_value', False))
    if ldap_enabled:
        plugins += ',rhodecode.lib.auth_modules.auth_ldap'
        opts.append(('auth_ldap_enabled', 'True', 'bool'))

    opts.append(('auth_plugins', plugins, 'list'), )
    opts.append(('auth_rhodecode_enabled', 'True', 'bool'))

    for name, default, type_ in opts:
        setting = get_by_name(models.RhodeCodeSetting, name)
        if not setting:
            # if we don't have this option create it
            setting = models.RhodeCodeSetting(name, default, type_)

        _SESSION().add(setting)
        _SESSION().commit()

    #copy over the LDAP settings
    old_ldap = [
        ('ldap_active', 'false', 'bool'), ('ldap_host', '', 'unicode'),
        ('ldap_port', '389', 'int'), ('ldap_tls_kind', 'PLAIN', 'unicode'),
        ('ldap_tls_reqcert', '', 'unicode'), ('ldap_dn_user', '', 'unicode'),
        ('ldap_dn_pass', '', 'unicode'), ('ldap_base_dn', '', 'unicode'),
        ('ldap_filter', '', 'unicode'), ('ldap_search_scope', '', 'unicode'),
        ('ldap_attr_login', '', 'unicode'),
        ('ldap_attr_firstname', '', 'unicode'),
        ('ldap_attr_lastname', '', 'unicode'),
        ('ldap_attr_email', '', 'unicode')
    ]
    for k, v, t in old_ldap:
        old_setting = get_by_name(models.RhodeCodeSetting, k)
        name = 'auth_%s' % k
        setting = get_by_name(models.RhodeCodeSetting, name)
        if not setting:
            # if we don't have this option create it
            setting = models.RhodeCodeSetting(name,
                                              old_setting.app_settings_value,
                                              t)

        _SESSION().add(setting)
        _SESSION().commit()
Esempio n. 33
0
    def propagate_data(self):
        user_model = UserModel()
        self.anonymous_user = User.get_by_username('default', cache=True)
        is_user_loaded = False

        # try go get user by api key
        if self._api_key and self._api_key != self.anonymous_user.api_key:
            log.debug('Auth User lookup by API KEY %s' % self._api_key)
            is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
        # lookup by userid
        elif (self.user_id is not None
              and self.user_id != self.anonymous_user.user_id):
            log.debug('Auth User lookup by USER ID %s' % self.user_id)
            is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
        # lookup by username
        elif self.username and \
            str2bool(config.get('container_auth_enabled', False)):

            log.debug('Auth User lookup by USER NAME %s' % self.username)
            dbuser = login_container_auth(self.username)
            if dbuser is not None:
                log.debug('filling all attributes to object')
                for k, v in dbuser.get_dict().items():
                    setattr(self, k, v)
                self.set_authenticated()
                is_user_loaded = True
        else:
            log.debug('No data in %s that could been used to log in' % self)

        if not is_user_loaded:
            # if we cannot authenticate user try anonymous
            if self.anonymous_user.active:
                user_model.fill_data(self, user_id=self.anonymous_user.user_id)
                # then we set this user is logged in
                self.is_authenticated = True
            else:
                self.user_id = None
                self.username = None
                self.is_authenticated = False

        if not self.username:
            self.username = '******'

        log.debug('Auth User is now %s' % self)
        user_model.fill_perms(self)
Esempio n. 34
0
    def propagate_data(self):
        user_model = UserModel()
        self.anonymous_user = User.get_by_username('default', cache=True)
        is_user_loaded = False

        # try go get user by api key
        if self._api_key and self._api_key != self.anonymous_user.api_key:
            log.debug('Auth User lookup by API KEY %s' % self._api_key)
            is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
        # lookup by userid
        elif (self.user_id is not None and
              self.user_id != self.anonymous_user.user_id):
            log.debug('Auth User lookup by USER ID %s' % self.user_id)
            is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
        # lookup by username
        elif self.username and \
            str2bool(config.get('container_auth_enabled', False)):

            log.debug('Auth User lookup by USER NAME %s' % self.username)
            dbuser = login_container_auth(self.username)
            if dbuser is not None:
                log.debug('filling all attributes to object')
                for k, v in dbuser.get_dict().items():
                    setattr(self, k, v)
                self.set_authenticated()
                is_user_loaded = True
        else:
            log.debug('No data in %s that could been used to log in' % self)

        if not is_user_loaded:
            # if we cannot authenticate user try anonymous
            if self.anonymous_user.active:
                user_model.fill_data(self, user_id=self.anonymous_user.user_id)
                # then we set this user is logged in
                self.is_authenticated = True
            else:
                self.user_id = None
                self.username = None
                self.is_authenticated = False

        if not self.username:
            self.username = '******'

        log.debug('Auth User is now %s' % self)
        user_model.fill_perms(self)
Esempio n. 35
0
    def test_create(self, repo_stub):
        model = VcsSettingsModel(repo=repo_stub.repo_name)
        model._create_or_update_ui(model.repo_settings,
                                   'test-section',
                                   'test-key',
                                   active=False,
                                   value='False')
        Session().commit()

        created_ui = model.repo_settings.get_ui_by_section_and_key(
            'test-section', 'test-key')

        try:
            assert created_ui.ui_active is False
            assert str2bool(created_ui.ui_value) is False
        finally:
            Session().delete(created_ui)
            Session().commit()
Esempio n. 36
0
    def delete_repos_group_user_perm(self, group_name):
        """
        DELETE an existing repositories group permission user

        :param group_name:
        """
        try:
            recursive = str2bool(request.POST.get('recursive', False))
            ReposGroupModel().delete_permission(
                repos_group=group_name, obj=request.POST['user_id'],
                obj_type='user', recursive=recursive
            )
            Session().commit()
        except Exception:
            log.error(traceback.format_exc())
            h.flash(_('An error occurred during deletion of group user'),
                    category='error')
            raise HTTPInternalServerError()
Esempio n. 37
0
    def _get_config(self):
        import rhodecode
        config = rhodecode.CONFIG

        return {
            'language':
            'en-us',
            'feed_ttl':
            '5',  # TTL of feed,
            'feed_include_diff':
            str2bool(config.get('rss_include_diff', False)),
            'feed_items_per_page':
            safe_int(config.get('rss_items_per_page', 20)),
            'feed_diff_limit':
            # we need to protect from parsing huge diffs here other way
            # we can kill the server
            safe_int(config.get('rss_cut_off_limit', 32 * 1024)),
        }
Esempio n. 38
0
def gravatar_url(email_address, size=30):
    if (not str2bool(config['app_conf'].get('use_gravatar')) or
        not email_address or email_address == '*****@*****.**'):
        f = lambda a, l: min(l, key=lambda x: abs(x - a))
        return url("/images/user%s.png" % f(size, [14, 16, 20, 24, 30]))

    ssl_enabled = 'https' == request.environ.get('wsgi.url_scheme')
    default = 'identicon'
    baseurl_nossl = "http://www.gravatar.com/avatar/"
    baseurl_ssl = "https://secure.gravatar.com/avatar/"
    baseurl = baseurl_ssl if ssl_enabled else baseurl_nossl

    if isinstance(email_address, unicode):
        #hashlib crashes on unicode items
        email_address = safe_str(email_address)
    # construct the url
    gravatar_url = baseurl + hashlib.md5(email_address.lower()).hexdigest() + "?"
    gravatar_url += urllib.urlencode({'d': default, 's': str(size)})

    return gravatar_url
Esempio n. 39
0
    def delete_repos_group_users_group_perm(self, group_name):
        """
        DELETE an existing repository group permission user group

        :param group_name:
        """

        try:
            recursive = str2bool(request.POST.get('recursive', False))
            ReposGroupModel().delete_permission(
                repos_group=group_name,
                obj=request.POST['users_group_id'],
                obj_type='users_group',
                recursive=recursive)
            Session().commit()
        except Exception:
            log.error(traceback.format_exc())
            h.flash(_('An error occurred during deletion of group'
                      ' user groups'),
                    category='error')
            raise HTTPInternalServerError()
Esempio n. 40
0
def gravatar_url(email_address, size=30):
    if (not str2bool(config['app_conf'].get('use_gravatar'))
            or not email_address
            or email_address == '*****@*****.**'):
        f = lambda a, l: min(l, key=lambda x: abs(x - a))
        return url("/images/user%s.png" % f(size, [14, 16, 20, 24, 30]))

    ssl_enabled = 'https' == request.environ.get('wsgi.url_scheme')
    default = 'identicon'
    baseurl_nossl = "http://www.gravatar.com/avatar/"
    baseurl_ssl = "https://secure.gravatar.com/avatar/"
    baseurl = baseurl_ssl if ssl_enabled else baseurl_nossl

    if isinstance(email_address, unicode):
        #hashlib crashes on unicode items
        email_address = safe_str(email_address)
    # construct the url
    gravatar_url = baseurl + hashlib.md5(
        email_address.lower()).hexdigest() + "?"
    gravatar_url += urllib.urlencode({'d': default, 's': str(size)})

    return gravatar_url
Esempio n. 41
0
    def __fixup(self, environ):
        """
        Function to fixup the environ as needed. In order to use this
        middleware you should set this header inside your
        proxy ie. nginx, apache etc.
        """
        # DETECT PROTOCOL !
        if 'HTTP_X_URL_SCHEME' in environ:
            proto = environ.get('HTTP_X_URL_SCHEME')
        elif 'HTTP_X_FORWARDED_SCHEME' in environ:
            proto = environ.get('HTTP_X_FORWARDED_SCHEME')
        elif 'HTTP_X_FORWARDED_PROTO' in environ:
            proto = environ.get('HTTP_X_FORWARDED_PROTO')
        else:
            proto = 'http'
        org_proto = proto

        # if we have force, just override
        if str2bool(self.config.get('force_https')):
            proto = 'https'

        environ['wsgi.url_scheme'] = proto
        environ['wsgi._org_proto'] = org_proto
Esempio n. 42
0
    def delete_repos_group_user_perm(self, group_name):
        """
        DELETE an existing repository group permission user

        :param group_name:
        """
        try:
            if not c.rhodecode_user.is_admin:
                if c.rhodecode_user.user_id == safe_int(request.POST['user_id']):
                    msg = _('Cannot revoke permission for yourself as admin')
                    h.flash(msg, category='warning')
                    raise Exception('revoke admin permission on self')
            recursive = str2bool(request.POST.get('recursive', False))
            ReposGroupModel().delete_permission(
                repos_group=group_name, obj=request.POST['user_id'],
                obj_type='user', recursive=recursive
            )
            Session().commit()
        except Exception:
            log.error(traceback.format_exc())
            h.flash(_('An error occurred during deletion of group user'),
                    category='error')
            raise HTTPInternalServerError()
Esempio n. 43
0
    def __fixup(self, environ):
        """
        Function to fixup the environ as needed. In order to use this
        middleware you should set this header inside your
        proxy ie. nginx, apache etc.
        """
        # DETECT PROTOCOL !
        if 'HTTP_X_URL_SCHEME' in environ:
            proto = environ.get('HTTP_X_URL_SCHEME')
        elif 'HTTP_X_FORWARDED_SCHEME' in environ:
            proto = environ.get('HTTP_X_FORWARDED_SCHEME')
        elif 'HTTP_X_FORWARDED_PROTO' in environ:
            proto = environ.get('HTTP_X_FORWARDED_PROTO')
        else:
            proto = 'http'
        org_proto = proto

        # if we have force, just override
        if str2bool(self.config.get('force_https')):
            proto = 'https'

        environ['wsgi.url_scheme'] = proto
        environ['wsgi._org_proto'] = org_proto
Esempio n. 44
0
    def _get_hg_ui_settings(self):
        ret = RhodeCodeUi.query().all()

        if not ret:
            raise Exception('Could not get application ui settings !')
        settings = {}
        for each in ret:
            k = each.ui_key
            v = each.ui_value
            if k == '/':
                k = 'root_path'

            if k == 'push_ssl':
                v = str2bool(v)

            if k.find('.') != -1:
                k = k.replace('.', '_')

            if each.ui_section in ['hooks', 'extensions']:
                v = each.ui_active

            settings[each.ui_section + '_' + k] = v
        return settings
Esempio n. 45
0
    def test_update(self, repo_stub, settings_util):
        model = VcsSettingsModel(repo=repo_stub.repo_name)

        largefiles, phases = model.HG_SETTINGS
        section = 'test-section'
        key = 'test-key'
        settings_util.create_repo_rhodecode_ui(repo_stub,
                                               section,
                                               'True',
                                               key=key,
                                               active=True)

        model._create_or_update_ui(model.repo_settings,
                                   section,
                                   key,
                                   active=False,
                                   value='False')
        Session().commit()

        created_ui = model.repo_settings.get_ui_by_section_and_key(
            section, key)
        assert created_ui.ui_active is False
        assert str2bool(created_ui.ui_value) is False
Esempio n. 46
0
    def test_str2bool(self):
        from rhodecode.lib.utils2 import str2bool
        test_cases = [
            ('t', True),
            ('true', True),
            ('y', True),
            ('yes', True),
            ('on', True),
            ('1', True),
            ('Y', True),
            ('yeS', True),
            ('Y', True),
            ('TRUE', True),
            ('T', True),
            ('False', False),
            ('F', False),
            ('FALSE', False),
            ('0', False),
            ('-1', False),
            ('', False), ]

        for case in test_cases:
            self.assertEqual(str2bool(case[0]), case[1])
Esempio n. 47
0
    def _get_hg_ui_settings(self):
        ret = RhodeCodeUi.query().all()

        if not ret:
            raise Exception('Could not get application ui settings !')
        settings = {}
        for each in ret:
            k = each.ui_key
            v = each.ui_value
            if k == '/':
                k = 'root_path'

            if k == 'push_ssl':
                v = str2bool(v)

            if k.find('.') != -1:
                k = k.replace('.', '_')

            if each.ui_section in ['hooks', 'extensions']:
                v = each.ui_active

            settings[each.ui_section + '_' + k] = v
        return settings
Esempio n. 48
0
    def _get_username(self, environ, settings):
        username = None
        environ = environ or {}
        if not environ:
            log.debug('got empty environ: %s' % environ)

        settings = settings or {}
        if settings.get('header'):
            header = settings.get('header')
            username = environ.get(header)
            log.debug('extracted %s:%s' % (header, username))

        # fallback mode
        if not username and settings.get('fallback_header'):
            header = settings.get('fallback_header')
            username = environ.get(header)
            log.debug('extracted %s:%s' % (header, username))

        if username and str2bool(settings.get('clean_username')):
            log.debug('Received username `%s` from headers' % username)
            username = self._clean_username(username)
            log.debug('New cleanup user is:%s' % username)
        return username
    def delete(self, user_group_id):
        """DELETE /user_groups/user_group_id: Delete an existing item"""
        # Forms posted to this method should contain a hidden field:
        #    <input type="hidden" name="_method" value="DELETE" />
        # Or using helpers:
        #    h.form(url('users_group', user_group_id=ID),
        #           method='delete')
        # url('users_group', user_group_id=ID)
        user_group_id = safe_int(user_group_id)
        c.user_group = UserGroup.get_or_404(user_group_id)
        force = str2bool(request.POST.get('force'))

        try:
            UserGroupModel().delete(c.user_group, force=force)
            Session().commit()
            h.flash(_('Successfully deleted user group'), category='success')
        except UserGroupAssignedException as e:
            h.flash(str(e), category='error')
        except Exception:
            log.exception("Exception during deletion of user group")
            h.flash(_('An error occurred during deletion of user group'),
                    category='error')
        return redirect(url('users_groups'))
Esempio n. 50
0
    def __fixup(self, environ):
        """
        Function to fixup the environ as needed. In order to use this
        middleware you should set this header inside your
        proxy ie. nginx, apache etc.
        """

        if str2bool(self.config.get("force_https")):
            proto = "https"
        else:
            if "HTTP_X_URL_SCHEME" in environ:
                proto = environ.get("HTTP_X_URL_SCHEME")
            elif "HTTP_X_FORWARDED_SCHEME" in environ:
                proto = environ.get("HTTP_X_FORWARDED_SCHEME")
            elif "HTTP_X_FORWARDED_PROTO" in environ:
                proto = environ.get("HTTP_X_FORWARDED_PROTO")
            else:
                proto = "http"
        if proto == "https":
            environ["wsgi.url_scheme"] = proto
        else:
            environ["wsgi.url_scheme"] = "http"

        return None
Esempio n. 51
0
def load_environment(global_conf, app_conf, initial=False):
    """
    Configure the Pylons environment via the ``pylons.config``
    object
    """
    config = PylonsConfig()

    # Pylons paths
    root = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
    paths = dict(
        root=root,
        controllers=os.path.join(root, 'controllers'),
        static_files=os.path.join(root, 'public'),
        templates=[os.path.join(root, 'templates')]
    )

    # Initialize config with the basic options
    config.init_app(global_conf, app_conf, package='rhodecode', paths=paths)

    # store some globals into rhodecode
    rhodecode.CELERY_ON = str2bool(config['app_conf'].get('use_celery'))
    rhodecode.CELERY_EAGER = str2bool(config['app_conf'].get('celery.always.eager'))

    config['routes.map'] = make_map(config)
    config['pylons.app_globals'] = app_globals.Globals(config)
    config['pylons.h'] = helpers
    rhodecode.CONFIG = config

    load_rcextensions(root_path=config['here'])

    # Setup cache object as early as possible
    import pylons
    pylons.cache._push_object(config['pylons.app_globals'].cache)

    # Create the Mako TemplateLookup, with the default auto-escaping
    config['pylons.app_globals'].mako_lookup = TemplateLookup(
        directories=paths['templates'],
        error_handler=handle_mako_error,
        module_directory=os.path.join(app_conf['cache_dir'], 'templates'),
        input_encoding='utf-8', default_filters=['escape'],
        imports=['from webhelpers.html import escape'])

    # sets the c attribute access when don't existing attribute are accessed
    config['pylons.strict_tmpl_context'] = True
    test = os.path.split(config['__file__'])[-1] == 'test.ini'
    if test:
        if os.environ.get('TEST_DB'):
            # swap config if we pass enviroment variable
            config['sqlalchemy.db1.url'] = os.environ.get('TEST_DB')

        from rhodecode.lib.utils import create_test_env, create_test_index
        from rhodecode.tests import  TESTS_TMP_PATH
        # set RC_NO_TMP_PATH=1 to disable re-creating the database and
        # test repos
        if not int(os.environ.get('RC_NO_TMP_PATH', 0)):
            create_test_env(TESTS_TMP_PATH, config)
        # set RC_WHOOSH_TEST_DISABLE=1 to disable whoosh index during tests
        if not int(os.environ.get('RC_WHOOSH_TEST_DISABLE', 0)):
            create_test_index(TESTS_TMP_PATH, config, True)

    #check git version
    check_git_version()
    DbManage.check_waitress()
    # MULTIPLE DB configs
    # Setup the SQLAlchemy database engine
    sa_engine_db1 = engine_from_config(config, 'sqlalchemy.db1.')
    init_model(sa_engine_db1)

    repos_path = make_ui('db').configitems('paths')[0][1]
    repo2db_mapper(ScmModel().repo_scan(repos_path),
                   remove_obsolete=False, install_git_hook=False)
    set_available_permissions(config)
    config['base_path'] = repos_path
    set_rhodecode_config(config)

    instance_id = rhodecode.CONFIG.get('instance_id')
    if instance_id == '*':
        instance_id = '%s-%s' % (os.uname()[1], os.getpid())
        rhodecode.CONFIG['instance_id'] = instance_id

    # CONFIGURATION OPTIONS HERE (note: all config options will override
    # any Pylons config options)

    # store config reference into our module to skip import magic of
    # pylons
    rhodecode.CONFIG.update(config)
    return config
Esempio n. 52
0
def authenticate(username, password):
    """
    Authentication function used for access control,
    firstly checks for db authentication then if ldap is enabled for ldap
    authentication, also creates ldap user if not in database

    :param username: username
    :param password: password
    """

    user_model = UserModel()
    user = User.get_by_username(username)

    log.debug('Authenticating user using RhodeCode account')
    if user is not None and not user.ldap_dn:
        if user.active:
            if user.username == 'default' and user.active:
                log.info('user %s authenticated correctly as anonymous user' %
                         username)
                return True

            elif user.username == username and check_password(password,
                                                              user.password):
                log.info('user %s authenticated correctly' % username)
                return True
        else:
            log.warning('user %s tried auth but is disabled' % username)

    else:
        log.debug('Regular authentication failed')
        user_obj = User.get_by_username(username, case_insensitive=True)

        if user_obj is not None and not user_obj.ldap_dn:
            log.debug('this user already exists as non ldap')
            return False

        ldap_settings = RhodeCodeSetting.get_ldap_settings()
        #======================================================================
        # FALLBACK TO LDAP AUTH IF ENABLE
        #======================================================================
        if str2bool(ldap_settings.get('ldap_active')):
            log.debug("Authenticating user using ldap")
            kwargs = {
                  'server': ldap_settings.get('ldap_host', ''),
                  'base_dn': ldap_settings.get('ldap_base_dn', ''),
                  'port': ldap_settings.get('ldap_port'),
                  'bind_dn': ldap_settings.get('ldap_dn_user'),
                  'bind_pass': ldap_settings.get('ldap_dn_pass'),
                  'tls_kind': ldap_settings.get('ldap_tls_kind'),
                  'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),
                  'ldap_filter': ldap_settings.get('ldap_filter'),
                  'search_scope': ldap_settings.get('ldap_search_scope'),
                  'attr_login': ldap_settings.get('ldap_attr_login'),
                  'ldap_version': 3,
                  }
            log.debug('Checking for ldap authentication')
            try:
                aldap = AuthLdap(**kwargs)
                (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,
                                                                password)
                log.debug('Got ldap DN response %s' % user_dn)

                get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\
                                                           .get(k), [''])[0]

                user_attrs = {
                 'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),
                 'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),
                 'email': get_ldap_attr('ldap_attr_email'),
                 'active': 'hg.extern_activate.auto' in User.get_default_user()\
                                                .AuthUser.permissions['global']
                }

                # don't store LDAP password since we don't need it. Override
                # with some random generated password
                _password = PasswordGenerator().gen_password(length=8)
                # create this user on the fly if it doesn't exist in rhodecode
                # database
                if user_model.create_ldap(username, _password, user_dn,
                                          user_attrs):
                    log.info('created new ldap user %s' % username)

                Session().commit()
                return True
            except (LdapUsernameError, LdapPasswordError, LdapImportError):
                pass
            except (Exception,):
                log.error(traceback.format_exc())
                pass
    return False
Esempio n. 53
0
        def to_python(self, value, state):
            perms_update = OrderedSet()
            perms_new = OrderedSet()
            # build a list of permission to update and new permission to create

            #CLEAN OUT ORG VALUE FROM NEW MEMBERS, and group them using
            new_perms_group = defaultdict(dict)
            for k, v in value.copy().iteritems():
                if k.startswith('perm_new_member'):
                    del value[k]
                    _type, part = k.split('perm_new_member_')
                    args = part.split('_')
                    if len(args) == 1:
                        new_perms_group[args[0]]['perm'] = v
                    elif len(args) == 2:
                        _key, pos = args
                        new_perms_group[pos][_key] = v

            # fill new permissions in order of how they were added
            for k in sorted(map(int, new_perms_group.keys())):
                perm_dict = new_perms_group[str(k)]
                new_member = perm_dict.get('name')
                new_perm = perm_dict.get('perm')
                new_type = perm_dict.get('type')
                if new_member and new_perm and new_type:
                    perms_new.add((new_member, new_perm, new_type))

            for k, v in value.iteritems():
                if k.startswith('u_perm_') or k.startswith('g_perm_'):
                    member = k[7:]
                    t = {'u': 'user',
                         'g': 'users_group'
                    }[k[0]]
                    if member == 'default':
                        if str2bool(value.get('repo_private')):
                            # set none for default when updating to
                            # private repo protects agains form manipulation
                            v = EMPTY_PERM
                    perms_update.add((member, v, t))

            value['perms_updates'] = list(perms_update)
            value['perms_new'] = list(perms_new)

            # update permissions
            for k, v, t in perms_new:
                try:
                    if t is 'user':
                        self.user_db = User.query()\
                            .filter(User.active == True)\
                            .filter(User.username == k).one()
                    if t is 'users_group':
                        self.user_db = UserGroup.query()\
                            .filter(UserGroup.users_group_active == True)\
                            .filter(UserGroup.users_group_name == k).one()

                except Exception:
                    log.exception('Updated permission failed')
                    msg = M(self, 'perm_new_member_type', state)
                    raise formencode.Invalid(msg, value, state,
                        error_dict=dict(perm_new_member_name=msg)
                    )
            return value
Esempio n. 54
0
 def app_settings_value(self):
     v = self._app_settings_value
     if v == "ldap_active":
         v = str2bool(v)
     return v
Esempio n. 55
0
 def app_settings_value(self):
     v = self._app_settings_value
     if self.app_settings_name == 'ldap_active':
         v = str2bool(v)
     return v
Esempio n. 56
0
    def diff(self, repo_name, f_path):
        ignore_whitespace = request.GET.get('ignorews') == '1'
        line_context = request.GET.get('context', 3)
        diff1 = request.GET.get('diff1', '')
        diff2 = request.GET.get('diff2', '')
        c.action = request.GET.get('diff')
        c.no_changes = diff1 == diff2
        c.f_path = f_path
        c.big_diff = False
        c.anchor_url = anchor_url
        c.ignorews_url = _ignorews_url
        c.context_url = _context_url
        c.changes = OrderedDict()
        c.changes[diff2] = []

        #special case if we want a show rev only, it's impl here
        #to reduce JS and callbacks

        if request.GET.get('show_rev'):
            if str2bool(request.GET.get('annotate', 'False')):
                _url = url('files_annotate_home', repo_name=c.repo_name,
                           revision=diff1, f_path=c.f_path)
            else:
                _url = url('files_home', repo_name=c.repo_name,
                           revision=diff1, f_path=c.f_path)

            return redirect(_url)
        try:
            if diff1 not in ['', None, 'None', '0' * 12, '0' * 40]:
                c.changeset_1 = c.rhodecode_repo.get_changeset(diff1)
                try:
                    node1 = c.changeset_1.get_node(f_path)
                except NodeDoesNotExistError:
                    c.changeset_1 = EmptyChangeset(cs=diff1,
                                                   revision=c.changeset_1.revision,
                                                   repo=c.rhodecode_repo)
                    node1 = FileNode(f_path, '', changeset=c.changeset_1)
            else:
                c.changeset_1 = EmptyChangeset(repo=c.rhodecode_repo)
                node1 = FileNode(f_path, '', changeset=c.changeset_1)

            if diff2 not in ['', None, 'None', '0' * 12, '0' * 40]:
                c.changeset_2 = c.rhodecode_repo.get_changeset(diff2)
                try:
                    node2 = c.changeset_2.get_node(f_path)
                except NodeDoesNotExistError:
                    c.changeset_2 = EmptyChangeset(cs=diff2,
                                                   revision=c.changeset_2.revision,
                                                   repo=c.rhodecode_repo)
                    node2 = FileNode(f_path, '', changeset=c.changeset_2)
            else:
                c.changeset_2 = EmptyChangeset(repo=c.rhodecode_repo)
                node2 = FileNode(f_path, '', changeset=c.changeset_2)
        except (RepositoryError, NodeError):
            log.error(traceback.format_exc())
            return redirect(url('files_home', repo_name=c.repo_name,
                                f_path=f_path))

        if c.action == 'download':
            _diff = diffs.get_gitdiff(node1, node2,
                                      ignore_whitespace=ignore_whitespace,
                                      context=line_context)
            diff = diffs.DiffProcessor(_diff, format='gitdiff')

            diff_name = '%s_vs_%s.diff' % (diff1, diff2)
            response.content_type = 'text/plain'
            response.content_disposition = (
                'attachment; filename=%s' % diff_name
            )
            return diff.as_raw()

        elif c.action == 'raw':
            _diff = diffs.get_gitdiff(node1, node2,
                                      ignore_whitespace=ignore_whitespace,
                                      context=line_context)
            diff = diffs.DiffProcessor(_diff, format='gitdiff')
            response.content_type = 'text/plain'
            return diff.as_raw()

        else:
            fid = h.FID(diff2, node2.path)
            line_context_lcl = get_line_ctx(fid, request.GET)
            ign_whitespace_lcl = get_ignore_ws(fid, request.GET)

            lim = request.GET.get('fulldiff') or self.cut_off_limit
            _, cs1, cs2, diff, st = diffs.wrapped_diff(filenode_old=node1,
                                         filenode_new=node2,
                                         cut_off_limit=lim,
                                         ignore_whitespace=ign_whitespace_lcl,
                                         line_context=line_context_lcl,
                                         enable_comments=False)
            op = ''
            filename = node1.path
            cs_changes = {
                'fid': [cs1, cs2, op, filename, diff, st]
            }
            c.changes = cs_changes

        return render('files/file_diff.html')