def get_attrs(username, reponame): user = GsuserManager.get_user_by_name(username) if not user: return_all_none() userprofile = GsuserManager.get_userprofile_by_id(user.id) if not userprofile: return_all_none() repo = RepoManager.get_repo_by_userId_name(user.id, reponame) if not repo: return_all_none() abs_repo_path = repo.get_abs_repopath() return (user, userprofile, repo, abs_repo_path)
def get_user_repo_attr(username, reponame): nones = (None, None, None, None) user = GsuserManager.get_user_by_name(username) if not user: return nones userprofile = GsuserManager.get_userprofile_by_id(user.id) if not userprofile: return nones repo = RepoManager.get_repo_by_userId_name(user.id, reponame) if not repo: return nones abs_repopath = repo.get_abs_repopath() return (user, userprofile, repo, abs_repopath)
def keyauth(request, fingerprint, command): command = command.strip() last_blank_idx = command.rfind(' ') if last_blank_idx == -1: return not_git_command() pre_command = command[0:last_blank_idx] short_repo_path = command[last_blank_idx + 1:] if pre_command == '' or '"' in pre_command or '\'' in pre_command or short_repo_path == '': return not_git_command() first_repo_char_idx = -1 slash_idx = -1 last_repo_char_idx = -1 for i in range(0, len(short_repo_path)): schar = short_repo_path[i] if first_repo_char_idx == -1 and re.match('\w', schar): first_repo_char_idx = i if schar == '/': slash_idx = i if re.match('[a-zA-Z0-9_\-]', schar): last_repo_char_idx = i if not (first_repo_char_idx > -1 and first_repo_char_idx < slash_idx and slash_idx < last_repo_char_idx): return not_git_command() username = short_repo_path[first_repo_char_idx:slash_idx] reponame = short_repo_path[slash_idx + 1:last_repo_char_idx + 1] if reponame.endswith('.git'): reponame = reponame[0:len(reponame) - 4] if not (re.match('^[a-zA-Z0-9_\-]+$', username) and RepoManager.is_allowed_reponame_pattern(reponame)): return not_git_command() user = GsuserManager.get_user_by_name(username) if user is None: return not_git_command() userprofile = GsuserManager.get_userprofile_by_id(user.id) if userprofile is None: return not_git_command() if userprofile.used_quote > userprofile.quote: return not_git_command() repo = RepoManager.get_repo_by_userId_name(user.id, reponame) if repo is None: return not_git_command() quote = userprofile.quote # author of the repo userPubkey = KeyauthManager.get_userpubkey_by_userId_fingerprint( user.id, fingerprint) if userPubkey is not None: return response_full_git_command(quote, pre_command, user, user, repo) userpubkeys = KeyauthManager.list_userpubkey_by_fingerprint(fingerprint) for userpubkey in userpubkeys: # member of the repo repoMember = RepoManager.get_repo_member(repo.id, userpubkey.user_id) # member of the team user teamMember = TeamManager.get_teamMember_by_teamUserId_userId( user.id, userpubkey.user_id) if repoMember or teamMember: pushUser = GsuserManager.get_user_by_id(userpubkey.user_id) if 'git-receive-pack' in pre_command: if RepoManager.is_allowed_access_repo(repo, pushUser, REPO_PERMISSION.WRITE): return response_full_git_command(quote, pre_command, pushUser, user, repo) elif RepoManager.is_allowed_access_repo(repo, pushUser, REPO_PERMISSION.READ_ONLY): return response_full_git_command(quote, pre_command, pushUser, user, repo) return not_git_command()
def keyauth(request, fingerprint, command): command = command.strip() last_blank_idx = command.rfind(' ') if last_blank_idx == -1: return not_git_command() pre_command = command[0 : last_blank_idx] short_repo_path = command[last_blank_idx+1 :] if pre_command == '' or '"' in pre_command or '\'' in pre_command or short_repo_path == '': return not_git_command() first_repo_char_idx = -1 slash_idx = -1 last_repo_char_idx = -1 for i in range(0, len(short_repo_path)): schar = short_repo_path[i] if first_repo_char_idx == -1 and re.match('\w', schar): first_repo_char_idx = i if schar == '/': slash_idx = i if re.match('[a-zA-Z0-9_\-]', schar): last_repo_char_idx = i if not (first_repo_char_idx > -1 and first_repo_char_idx < slash_idx and slash_idx < last_repo_char_idx): return not_git_command() username = short_repo_path[first_repo_char_idx : slash_idx] reponame = short_repo_path[slash_idx+1 : last_repo_char_idx+1] if reponame.endswith('.git'): reponame = reponame[0 : len(reponame)-4] if not (re.match('^[a-zA-Z0-9_\-]+$', username) and RepoManager.is_allowed_reponame_pattern(reponame)): return not_git_command() user = GsuserManager.get_user_by_name(username) if user is None: return not_git_command() userprofile = GsuserManager.get_userprofile_by_id(user.id) if userprofile is None: return not_git_command() if userprofile.used_quote > userprofile.quote: return not_git_command() repo = RepoManager.get_repo_by_userId_name(user.id, reponame) if repo is None: return not_git_command() quote = userprofile.quote # author of the repo userPubkey = KeyauthManager.get_userpubkey_by_userId_fingerprint(user.id, fingerprint) if userPubkey is not None: return response_full_git_command(quote, pre_command, user, user, repo) userpubkeys = KeyauthManager.list_userpubkey_by_fingerprint(fingerprint) for userpubkey in userpubkeys: # member of the repo repoMember = RepoManager.get_repo_member(repo.id, userpubkey.user_id) # member of the team user teamMember = TeamManager.get_teamMember_by_teamUserId_userId(user.id, userpubkey.user_id) if repoMember or teamMember: pushUser = GsuserManager.get_user_by_id(userpubkey.user_id) if 'git-receive-pack' in pre_command: if RepoManager.is_allowed_access_repo(repo, pushUser, REPO_PERMISSION.WRITE): return response_full_git_command(quote, pre_command, pushUser, user, repo) elif RepoManager.is_allowed_access_repo(repo, pushUser, REPO_PERMISSION.READ_ONLY): return response_full_git_command(quote, pre_command, pushUser, user, repo) return not_git_command()