1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/ae53980fad82/ Changeset: ae53980fad82 User: greg Date: 2014-06-22 14:00:57 Summary: Move 2 Tool Shed utility functions into the middleware hg class. Affected #: 3 files diff -r 63919647ca8424a28042ccb79ea2db6e0c68d507 -r ae53980fad820db494c67ddb5ad0ad5f9deb9dd1 lib/galaxy/webapps/tool_shed/framework/middleware/hg.py --- a/lib/galaxy/webapps/tool_shed/framework/middleware/hg.py +++ b/lib/galaxy/webapps/tool_shed/framework/middleware/hg.py @@ -11,7 +11,6 @@ from galaxy.util import asbool from galaxy.util.hash_util import new_secure_hash -from tool_shed.util import commit_util from tool_shed.util import hg_util import tool_shed.repository_types.util as rt_util @@ -54,13 +53,15 @@ connection = engine.connect() path_info = environ[ 'PATH_INFO' ].lstrip( '/' ) user_id, repository_name = self.__get_user_id_repository_name_from_path_info( connection, path_info ) - sql_cmd = "SELECT times_downloaded FROM repository WHERE user_id = %d AND name = '%s'" % ( user_id, repository_name.lower() ) + sql_cmd = "SELECT times_downloaded FROM repository WHERE user_id = %d AND name = '%s'" % \ + ( user_id, repository_name.lower() ) result_set = connection.execute( sql_cmd ) for row in result_set: # Should only be 1 row... times_downloaded = row[ 'times_downloaded' ] times_downloaded += 1 - sql_cmd = "UPDATE repository SET times_downloaded = %d WHERE user_id = %d AND name = '%s'" % ( times_downloaded, user_id, repository_name.lower() ) + sql_cmd = "UPDATE repository SET times_downloaded = %d WHERE user_id = %d AND name = '%s'" % \ + ( times_downloaded, user_id, repository_name.lower() ) connection.execute( sql_cmd ) connection.close() elif cmd in [ 'unbundle', 'pushkey' ]: @@ -132,7 +133,7 @@ if filename and isinstance( filename, str ): if filename == rt_util.REPOSITORY_DEPENDENCY_DEFINITION_FILENAME: # Make sure the any complex repository dependency definitions contain valid <repository> tags. - is_valid, error_msg = commit_util.repository_tags_are_valid( filename, change_list ) + is_valid, error_msg = self.repository_tags_are_valid( filename, change_list ) if not is_valid: log.debug( error_msg ) return self.__display_exception_remotely( start_response, error_msg ) @@ -151,7 +152,7 @@ if filename and isinstance( filename, str ): if filename == rt_util.TOOL_DEPENDENCY_DEFINITION_FILENAME: # Make sure the any complex repository dependency definitions contain valid <repository> tags. - is_valid, error_msg = commit_util.repository_tags_are_valid( filename, change_list ) + is_valid, error_msg = self.repository_tags_are_valid( filename, change_list ) if not is_valid: log.debug( error_msg ) return self.__display_exception_remotely( start_response, error_msg ) @@ -174,7 +175,7 @@ rt_util.TOOL_DEPENDENCY_DEFINITION_FILENAME ]: # We check both files since tool dependency definitions files can contain complex # repository dependency definitions. - is_valid, error_msg = commit_util.repository_tags_are_valid( filename, change_list ) + is_valid, error_msg = self.repository_tags_are_valid( filename, change_list ) if not is_valid: log.debug( error_msg ) return self.__display_exception_remotely( start_response, error_msg ) @@ -186,6 +187,54 @@ return result.wsgi_application( environ, start_response ) return self.app( environ, start_response ) + def __authenticate( self, username, password ): + db_password = None + # Instantiate a database connection + engine = sqlalchemy.create_engine( self.db_url ) + connection = engine.connect() + result_set = connection.execute( "select email, password from galaxy_user where username = '%s'" % username.lower() ) + for row in result_set: + # Should only be 1 row... + db_email = row[ 'email' ] + db_password = row[ 'password' ] + connection.close() + if db_password: + # Check if password matches db_password when hashed. + return new_secure_hash( text_type=password ) == db_password + return False + + def __authenticate_remote_user( self, environ, username, password ): + """ + Look after a remote user and "authenticate" - upstream server should already have achieved + this for us, but we check that the user exists at least. Hg allow_push = must include username + - some versions of mercurial blow up with 500 errors. + """ + db_username = None + ru_email = environ[ 'HTTP_REMOTE_USER' ].lower() + ## Instantiate a database connection... + engine = sqlalchemy.create_engine( self.db_url ) + connection = engine.connect() + result_set = connection.execute( "select email, username, password from galaxy_user where email = '%s'" % ru_email ) + for row in result_set: + # Should only be 1 row... + db_email = row[ 'email' ] + db_password = row[ 'password' ] + db_username = row[ 'username' ] + connection.close() + if db_username: + # We could check the password here except that the function galaxy.web.framework.get_or_create_remote_user() + # does some random generation of a password - so that no-one knows the password and only the hash is stored... + return db_username == username + return False + + def __basic_authentication( self, environ, username, password ): + """The environ parameter is needed in basic authentication. We also check it if use_remote_user is true.""" + if asbool( self.config.get( 'use_remote_user', False ) ): + assert "HTTP_REMOTE_USER" in environ, "use_remote_user is set but no HTTP_REMOTE_USER variable" + return self.__authenticate_remote_user( environ, username, password ) + else: + return self.__authenticate( username, password ) + def __display_exception_remotely( self, start_response, msg ): # Display the exception to the remote user's command line. status = "500 %s" % msg @@ -213,49 +262,37 @@ user_id = row[ 'id' ] return user_id, repository_name - def __basic_authentication( self, environ, username, password ): - """The environ parameter is needed in basic authentication. We also check it if use_remote_user is true.""" - if asbool( self.config.get( 'use_remote_user', False ) ): - assert "HTTP_REMOTE_USER" in environ, "use_remote_user is set but no HTTP_REMOTE_USER variable" - return self.__authenticate_remote_user( environ, username, password ) - else: - return self.__authenticate( username, password ) - - def __authenticate( self, username, password ): - db_password = None - # Instantiate a database connection - engine = sqlalchemy.create_engine( self.db_url ) - connection = engine.connect() - result_set = connection.execute( "select email, password from galaxy_user where username = '%s'" % username.lower() ) - for row in result_set: - # Should only be 1 row... - db_email = row[ 'email' ] - db_password = row[ 'password' ] - connection.close() - if db_password: - # Check if password matches db_password when hashed. - return new_secure_hash( text_type=password ) == db_password - return False - - def __authenticate_remote_user( self, environ, username, password ): + def repository_tag_is_valid( self, filename, line ): """ - Look after a remote user and "authenticate" - upstream server should already have achieved this for us, but we check that the - user exists at least. Hg allow_push = must include username - some versions of mercurial blow up with 500 errors. + Checks changes made to <repository> tags in a dependency definition file being pushed to the + Tool Shed from the command line to ensure that all required attributes exist. """ - db_username = None - ru_email = environ[ 'HTTP_REMOTE_USER' ].lower() - ## Instantiate a database connection... - engine = sqlalchemy.create_engine( self.db_url ) - connection = engine.connect() - result_set = connection.execute( "select email, username, password from galaxy_user where email = '%s'" % ru_email ) - for row in result_set: - # Should only be 1 row... - db_email = row[ 'email' ] - db_password = row[ 'password' ] - db_username = row[ 'username' ] - connection.close() - if db_username: - # We could check the password here except that the function galaxy.web.framework.get_or_create_remote_user() does some random generation of - # a password - so that no-one knows the password and only the hash is stored... - return db_username == username - return False + required_attributes = [ 'toolshed', 'name', 'owner', 'changeset_revision' ] + defined_attributes = line.split() + for required_attribute in required_attributes: + defined = False + for defined_attribute in defined_attributes: + if defined_attribute.startswith( required_attribute ): + defined = True + break + if not defined: + error_msg = 'The %s file contains a <repository> tag that is missing the required attribute %s. ' % \ + ( filename, required_attribute ) + error_msg += 'Automatically populating dependency definition attributes occurs only when using ' + error_msg += 'the Tool Shed upload utility. ' + return False, error_msg + return True, '' + + def repository_tags_are_valid( self, filename, change_list ): + """ + Make sure the any complex repository dependency definitions contain valid <repository> tags when pushing + changes to the tool shed on the command line. + """ + tag = '<repository' + for change_dict in change_list: + lines = get_change_lines_in_file_for_tag( tag, change_dict ) + for line in lines: + is_valid, error_msg = repository_tag_is_valid( filename, line ) + if not is_valid: + return False, error_msg + return True, '' diff -r 63919647ca8424a28042ccb79ea2db6e0c68d507 -r ae53980fad820db494c67ddb5ad0ad5f9deb9dd1 lib/tool_shed/dependencies/dependency_manager.py --- a/lib/tool_shed/dependencies/dependency_manager.py +++ b/lib/tool_shed/dependencies/dependency_manager.py @@ -177,6 +177,7 @@ new_root[ index ] = new_elem return root_altered, new_root, error_message + class ToolDependencyAttributeHandler( object ): def __init__( self, app, unpopulate ): diff -r 63919647ca8424a28042ccb79ea2db6e0c68d507 -r ae53980fad820db494c67ddb5ad0ad5f9deb9dd1 lib/tool_shed/util/commit_util.py --- a/lib/tool_shed/util/commit_util.py +++ b/lib/tool_shed/util/commit_util.py @@ -221,41 +221,6 @@ gzipped_file.close() shutil.move( uncompressed, uploaded_file_name ) -def repository_tag_is_valid( filename, line ): - """ - Checks changes made to <repository> tags in a dependency definition file being pushed to the - Tool Shed from the command line to ensure that all required attributes exist. - """ - required_attributes = [ 'toolshed', 'name', 'owner', 'changeset_revision' ] - defined_attributes = line.split() - for required_attribute in required_attributes: - defined = False - for defined_attribute in defined_attributes: - if defined_attribute.startswith( required_attribute ): - defined = True - break - if not defined: - error_msg = 'The %s file contains a <repository> tag that is missing the required attribute %s. ' % \ - ( filename, required_attribute ) - error_msg += 'Automatically populating dependency definition attributes occurs only when using ' - error_msg += 'the Tool Shed upload utility. ' - return False, error_msg - return True, '' - -def repository_tags_are_valid( filename, change_list ): - """ - Make sure the any complex repository dependency definitions contain valid <repository> tags when pushing - changes to the tool shed on the command line. - """ - tag = '<repository' - for change_dict in change_list: - lines = get_change_lines_in_file_for_tag( tag, change_dict ) - for line in lines: - is_valid, error_msg = repository_tag_is_valid( filename, line ) - if not is_valid: - return False, error_msg - return True, '' - def uncompress( repository, uploaded_file_name, uploaded_file_filename, isgzip=False, isbz2=False ): if isgzip: handle_gzip( repository, uploaded_file_name ) Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.