# -*- coding: utf-8 -*-
"""
rhodecode.controllers.settings
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Settings controller for rhodecode
:created_on: Jun 30, 2010
:author: marcink
:copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
:license: GPLv3, see COPYING for more details.
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; version 2
# of the License or (at your opinion) any later version of the license.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
# MA 02110-1301, USA.
import logging
import traceback
import formencode
from pylons import tmpl_context as c, request, url
from pylons.controllers.util import redirect
from pylons.i18n.translation import _
import rhodecode.lib.helpers as h
from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAllDecorator
from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAllDecorator, \
NotAnonymous
from rhodecode.lib.base import BaseRepoController, render
from rhodecode.lib.utils import invalidate_cache, action_logger
from rhodecode.model.forms import RepoSettingsForm, RepoForkForm
from rhodecode.model.repo import RepoModel
from rhodecode.model.db import User
log = logging.getLogger(__name__)
class SettingsController(BaseRepoController):
@LoginRequired()
def __before__(self):
super(SettingsController, self).__before__()
@HasRepoPermissionAllDecorator('repository.admin')
def index(self, repo_name):
repo_model = RepoModel()
c.repo_info = repo = repo_model.get_by_repo_name(repo_name)
if not repo:
h.flash(_('%s repository is not mapped to db perhaps'
' it was created or renamed from the file system'
' please run the application again'
' in order to rescan repositories') % repo_name,
category='error')
return redirect(url('home'))
c.users_array = repo_model.get_users_js()
c.users_groups_array = repo_model.get_users_groups_js()
defaults = c.repo_info.get_dict()
#fill owner
if c.repo_info.user:
defaults.update({'user':c.repo_info.user.username})
else:
replacement_user = self.sa.query(User)\
.filter(User.admin == True).first().username
defaults.update({'user':replacement_user})
#fill repository users
for p in c.repo_info.repo_to_perm:
defaults.update({'u_perm_%s' % p.user.username:
p.permission.permission_name})
#fill repository groups
for p in c.repo_info.users_group_to_perm:
defaults.update({'g_perm_%s' % p.users_group.users_group_name:
@@ -112,91 +115,92 @@ class SettingsController(BaseRepoControl
errors.value.update({'user':c.repo_info.user.username})
return formencode.htmlfill.render(
render('settings/repo_settings.html'),
defaults=errors.value,
errors=errors.error_dict or {},
prefix_error=False,
encoding="UTF-8")
except Exception:
log.error(traceback.format_exc())
h.flash(_('error occurred during update of repository %s') \
% repo_name, category='error')
return redirect(url('repo_settings_home', repo_name=changed_name))
def delete(self, repo_name):
"""DELETE /repos/repo_name: Delete an existing item"""
# Forms posted to this method should contain a hidden field:
# <input type="hidden" name="_method" value="DELETE" />
# Or using helpers:
# h.form(url('repo_settings_delete', repo_name=ID),
# method='delete')
# url('repo_settings_delete', repo_name=ID)
repo = repo_model.get_by_repo_name(repo_name)
' it was moved or renamed from the filesystem'
try:
action_logger(self.rhodecode_user, 'user_deleted_repo',
repo_name, '', self.sa)
repo_model.delete(repo)
invalidate_cache('get_repo_cached_%s' % repo_name)
h.flash(_('deleted repository %s') % repo_name, category='success')
h.flash(_('An error occurred during deletion of %s') % repo_name,
@NotAnonymous()
@HasRepoPermissionAllDecorator('repository.read')
def fork(self, repo_name):
return render('settings/repo_fork.html')
def fork_create(self, repo_name):
c.repo_info = repo_model.get_by_repo_name(repo_name)
_form = RepoForkForm(old_data={'repo_type':c.repo_info.repo_type})()
form_result = {}
form_result = _form.to_python(dict(request.POST))
form_result.update({'repo_name':repo_name})
repo_model.create_fork(form_result, c.rhodecode_user)
h.flash(_('forked %s repository as %s') \
% (repo_name, form_result['fork_name']),
category='success')
action_logger(self.rhodecode_user,
'user_forked_repo:%s' % form_result['fork_name'],
except formencode.Invalid, errors:
c.new_repo = errors.value['fork_name']
r = render('settings/repo_fork.html')
r,
rhodecode.lib.auth
~~~~~~~~~~~~~~~~~~
authentication and permission libraries
:created_on: Apr 4, 2010
:copyright: (c) 2010 by marcink.
:license: LICENSE_NAME, see LICENSE_FILE for more details.
import bcrypt
import random
from decorator import decorator
from pylons import config, session, url, request
from pylons.controllers.util import abort, redirect
from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError
from rhodecode.lib.utils import get_repo_slug
from rhodecode.lib.auth_ldap import AuthLdap
from rhodecode.model import meta
from rhodecode.model.user import UserModel
from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \
UserToPerm, UsersGroupToPerm, UsersGroupMember
PERM_WEIGHTS = {'repository.none':0,
'repository.read':1,
'repository.write':3,
'repository.admin':3}
class PasswordGenerator(object):
"""This is a simple class for generating password from
different sets of characters
usage:
passwd_gen = PasswordGenerator()
#print 8-letter password containing only big and small letters of alphabet
print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
ALPHABETS_NUM = r'''1234567890'''#[0]
ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''#[1]
ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''#[2]
ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?''' #[3]
ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM + ALPHABETS_SPECIAL#[4]
ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM#[5]
ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM#[6]
ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM#[7]
def __init__(self, passwd=''):
self.passwd = passwd
def gen_password(self, len, type):
self.passwd = ''.join([random.choice(type) for _ in xrange(len)])
return self.passwd
def get_crypt_password(password):
"""Cryptographic function used for password hashing based on pybcrypt
@@ -339,96 +340,100 @@ def get_user(session):
class LoginRequired(object):
"""Must be logged in to execute this function else
redirect to login page"""
def __call__(self, func):
return decorator(self.__wrapper, func)
def __wrapper(self, func, *fargs, **fkwargs):
user = session.get('rhodecode_user', AuthUser())
log.debug('Checking login required for user:%s', user.username)
if user.is_authenticated:
log.debug('user %s is authenticated', user.username)
return func(*fargs, **fkwargs)
log.warn('user %s not authenticated', user.username)
p = ''
if request.environ.get('SCRIPT_NAME') != '/':
p += request.environ.get('SCRIPT_NAME')
p += request.environ.get('PATH_INFO')
if request.environ.get('QUERY_STRING'):
p += '?' + request.environ.get('QUERY_STRING')
log.debug('redirecting to login page with %s', p)
return redirect(url('login_home', came_from=p))
class NotAnonymous(object):
log.debug('Checking if user is not anonymous')
anonymous = user.username == 'default'
if anonymous:
h.flash(_('You need to be a registered user to perform this action'),
category='warning')
class PermsDecorator(object):
"""Base class for decorators"""
def __init__(self, *required_perms):
available_perms = config['available_permissions']
for perm in required_perms:
if perm not in available_perms:
raise Exception("'%s' permission is not defined" % perm)
self.required_perms = set(required_perms)
self.user_perms = None
# _wrapper.__name__ = func.__name__
# _wrapper.__dict__.update(func.__dict__)
# _wrapper.__doc__ = func.__doc__
self.user = session.get('rhodecode_user', AuthUser())
self.user_perms = self.user.permissions
log.debug('checking %s permissions %s for %s %s',
self.__class__.__name__, self.required_perms, func.__name__,
self.user)
if self.check_permissions():
log.debug('Permission granted for %s %s', func.__name__, self.user)
log.warning('Permission denied for %s %s', func.__name__, self.user)
#redirect with forbidden ret code
return abort(403)
def check_permissions(self):
"""Dummy function for overriding"""
raise Exception('You have to write this function in child class')
class HasPermissionAllDecorator(PermsDecorator):
"""Checks for access permission for all given predicates. All of them
have to be meet in order to fulfill the request
## -*- coding: utf-8 -*-
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="mainhtml">
<head>
<title>${_('Sign In')} - ${c.rhodecode_name}</title>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<link rel="icon" href="${h.url("/images/icons/database_gear.png")}" type="image/png" />
<meta name="robots" content="index, nofollow"/>
<!-- stylesheets -->
<link rel="stylesheet" type="text/css" href="${h.url('/css/style.css')}" media="screen" />
</head>
<body>
<div id="login">
<div class="flash_msg">
<% messages = h.flash.pop_messages() %>
% if messages:
<ul id="flash-messages">
% for message in messages:
<li class="${message.category}_msg">${message}</li>
% endfor
</ul>
% endif
</div>
<!-- login -->
<div class="title top-left-rounded-corner top-right-rounded-corner">
<h5>${_('Sign In to')} ${c.rhodecode_name}</h5>
<div class="inner">
${h.form(h.url.current(came_from=c.came_from))}
<div class="form">
<!-- fields -->
<div class="fields">
<div class="field">
<div class="label">
<label for="username">${_('Username')}:</label>
<div class="input">
${h.text('username',class_='focus',size=40)}
<label for="password">${_('Password')}:</label>
${h.password('password',class_='focus',size=40)}
##<div class="field">
## <div class="checkbox">
## <input type="checkbox" id="remember" name="remember" />
## <label for="remember">Remember me</label>
## </div>
##</div>
<div class="buttons">
${h.submit('sign_in','Sign In',class_="ui-button")}
<!-- end fields -->
<!-- links -->
<div class="links">
${h.link_to(_('Forgot your password ?'),h.url('reset_password'))}
%if h.HasPermissionAny('hg.admin', 'hg.register.auto_activate', 'hg.register.manual_activate')():
/
${h.link_to(_("Don't have an account ?"),h.url('register'))}
%endif
Status change: