1 new commit in galaxy-central:
https://bitbucket.org/galaxy/galaxy-central/commits/2477c4ef8aa4/ Changeset: 2477c4ef8aa4 User: inithello Date: 2013-03-27 15:10:26 Summary: Merged correctly this time. Affected #: 2 files
diff -r 3b918b912fe68718eb0b20c5c76e0e639f1cf42c -r 2477c4ef8aa4742319bfd9d892f2dbcadf072743 .hgignore --- a/.hgignore +++ b/.hgignore @@ -24,15 +24,21 @@ # Python bytecode *.pyc
+# Galaxy Runtime Files +paster.lock +paster.log +paster.pid + # Tool Shed Runtime Files -community_webapp.log -community_webapp.pid +tool_shed_webapp.lock +tool_shed_webapp.log +tool_shed_webapp.pid hgweb.config*
# Config files universe_wsgi.ini reports_wsgi.ini -community_wsgi.ini +tool_shed_wsgi.ini
# Config files. datatypes_conf.xml
diff -r 3b918b912fe68718eb0b20c5c76e0e639f1cf42c -r 2477c4ef8aa4742319bfd9d892f2dbcadf072743 lib/galaxy/webapps/tool_shed/framework/middleware/hg.py --- a/lib/galaxy/webapps/tool_shed/framework/middleware/hg.py +++ b/lib/galaxy/webapps/tool_shed/framework/middleware/hg.py @@ -4,7 +4,8 @@ import os, logging import sqlalchemy from paste.auth.basic import AuthBasicAuthenticator -from paste.httpheaders import REMOTE_USER, AUTH_TYPE +from paste.httpheaders import AUTH_TYPE +from paste.httpheaders import REMOTE_USER
from galaxy.webapps.tool_shed import model from galaxy.util.hash_util import new_secure_hash @@ -12,13 +13,15 @@
log = logging.getLogger(__name__)
+ class Hg( object ): + def __init__( self, app, config ): print "mercurial version is:", mercurial.__version__.version self.app = app self.config = config # Authenticate this mercurial request using basic authentication - self.authentication = AuthBasicAuthenticator( '', self.__basic_authentication ) + self.authentication = AuthBasicAuthenticator( 'hgweb in the tool shed', self.__basic_authentication ) self.remote_address = None self.repository = None self.username = None @@ -28,6 +31,7 @@ self.db_url = self.config[ 'database_connection' ] else: self.db_url = "sqlite:///%s?isolation_level=IMMEDIATE" % self.config[ 'database_file' ] + def __call__( self, environ, start_response ): cmd = self.__get_hg_command( **environ ) if cmd == 'changegroup': @@ -89,16 +93,23 @@ else: return result.wsgi_application( environ, start_response ) return self.app( environ, start_response ) + def __get_hg_command( self, **kwd ): - # Pulls mercurial commands from environ[ 'QUERY_STRING" ] and returns them. + """Pulls mercurial commands from environ[ 'QUERY_STRING" ] and returns them.""" if 'QUERY_STRING' in kwd: for qry in kwd[ 'QUERY_STRING' ].split( '&' ): if qry.startswith( 'cmd' ): return qry.split( '=' )[ -1 ] return None + def __basic_authentication( self, environ, username, password ): - # The environ parameter is needed in basic authentication. - return self.__authenticate( username, password ) + """The environ parameter is needed in basic authentication. We also check it if use_remote_user is true.""" + if asbool( self.config.get( 'use_remote_user', False ) ): + assert "HTTP_REMOTE_USER" in environ, "use_remote_user is set but no HTTP_REMOTE_USER variable" + return self.__authenticate_remote_user( environ, username, password ) + else: + return self.__authenticate( username, password ) + def __authenticate( self, username, password ): # Instantiate a database connection engine = sqlalchemy.create_engine( self.db_url ) @@ -111,3 +122,26 @@ connection.close() # Check if password matches db_password when hashed. return new_secure_hash( text_type=password ) == db_password + + def __authenticate_remote_user( self, environ, username, password ): + """ + Look after a remote user and "authenticate" - upstream server should already have achieved this for us, but we check that the + user exists at least. Hg allow_push = must include username - some versions of mercurial blow up with 500 errors. + """ + ru_email = environ[ 'HTTP_REMOTE_USER' ].lower() + ## Instantiate a database connection... + engine = sqlalchemy.create_engine( self.db_url ) + connection = engine.connect() + result_set = connection.execute( "select email, username, password from galaxy_user where email = '%s'" % ru_email ) + for row in result_set: + # Should only be 1 row... + db_email = row[ 'email' ] + db_password = row[ 'password' ] + db_username = row[ 'username' ] + connection.close() + + """ + We could check the password here except that the function galaxy.web.framework.get_or_create_remote_user() does some random generation of + a password - so that no-one knows the password and only the hash is stored... + """ + return db_username == username
Repository URL: https://bitbucket.org/galaxy/galaxy-central/
--
This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.
galaxy-commits@lists.galaxyproject.org