brownbeagle-gitauth 0.0.3.3 → 0.0.4.0

data/lib/gitauth/command.rb

@@ -1,10 +1,10 @@
 #--
 #   Copyright (C) 2009 Brown Beagle Software
+#   Copyright (C) 2009 Darcy Laycock <sutto@sutto.net>
 #   Copyright (C) 2009 Nokia Corporation and/or its subsidiary(-ies)
 #   Copyright (C) 2007, 2008 Johan Sørensen <johan@johansorensen.com>
 #   Copyright (C) 2008 Tim Dysinger <tim@dysinger.net>
 #   Copyright (C) 2008 Tor Arne Vestbø <tavestbo@trolltech.com>
-#   Copyright (C) 2008 Darcy Laycock <sutto@sutto.net>
 #
 #   This program is free software: you can redistribute it and/or modify
 #   it under the terms of the GNU Affero General Public License as published by
@@ -29,7 +29,6 @@
 
 module GitAuth
   class Command
-    class BadCommandError < StandardError; end
     
     # Standard Commands
     READ_COMMANDS  = ["git-upload-pack", "git upload-pack"]
@@ -47,7 +46,7 @@ module GitAuth
     end
     
     def bad?
-      !!@bad_command
+      @bad_command
     end
     
     def write?
@@ -58,33 +57,30 @@ module GitAuth
       !bad? && !write?
     end
     
-    # These exceptions are FUGLY.
-    # Clean up, mmkay?
-    def process!
-      raise BadCommandError if @command.include?("\n") || @command !~ /^git/i
+    def process
+      return if @command.include?("\n") || @command !~ /^git[ \-]/i
       @verb, @argument = split_command
-      raise BadCommandError if @argument.nil? || @argument.is_a?(Array) 
+      return if @argument.nil? || @argument.is_a?(Array) 
       # Check if it's read / write
       if READ_COMMANDS.include?(@verb)
         @verb_type = :read
       elsif WRITE_COMMANDS.include?(@verb)
         @verb_type = :write
       else
-        raise BadCommandError
+        return
       end
       if PATH_REGEXP =~ @argument
         @path = $2
-        raise BadCommandError unless @path
+        return unless @path
       else
-        raise BadCommandError
+        return
       end
       @bad_command = false
-    rescue BadCommandError
     end
     
-    def self.parse!(command)
+    def self.parse(command)
       command = self.new(command)
-      command.process!
+      command.process
       command
     end
     

data/lib/gitauth/group.rb

@@ -1,6 +1,6 @@
 #--
 #   Copyright (C) 2009 Brown Beagle Software
-#   Copyright (C) 2008 Darcy Laycock <sutto@sutto.net>
+#   Copyright (C) 2009 Darcy Laycock <sutto@sutto.net>
 #
 #   This program is free software: you can redistribute it and/or modify
 #   it under the terms of the GNU Affero General Public License as published by
@@ -73,7 +73,7 @@ module GitAuth
     end
     
     def self.get(name)
-      GitAuth.logger.debug "Getting group named #{name.inspect}"
+      GitAuth::Logger.debug "Getting group named #{name.inspect}"
       real_name = name.to_s.gsub(/^@/, "")
       self.all.detect { |g| g.name == real_name }
     end

data/lib/gitauth/message.rb

@@ -0,0 +1,69 @@
+#--
+#   Copyright (C) 2009 Brown Beagle Software
+#   Copyright (C) 2009 Darcy Laycock <sutto@sutto.net>
+#
+#   This program is free software: you can redistribute it and/or modify
+#   it under the terms of the GNU Affero General Public License as published by
+#   the Free Software Foundation, either version 3 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU Affero General Public License for more details.
+#
+#   You should have received a copy of the GNU Affero General Public License
+#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#++
+
+require 'yaml'
+
+module GitAuth
+  class Message
+    
+    TEMPLATES = YAML.load_file(BASE_DIR.join("resources", "messages.yml"))
+    
+    attr_accessor :type, :name, :message, :variables
+    
+    def initialize(type, name, variables = {})
+      @type      = type
+      @name      = name
+      @variables = {}
+      variables.each_pair { |k,v| @variables[k.to_s] = v }
+      auto_set_message!
+    end
+    
+    def success?
+      @type.to_sym == :notice
+    end
+    
+    def error?
+      @type.to_sym == :error
+    end
+    
+    class << self
+      # Handy accessor / generate methods
+      # for a given error code.
+      
+      def error(name = :unknown)
+        new(:error, name)
+      end
+    
+      def notice(name = :unknown)
+        new(:notice, name)
+      end
+    
+      def warning(name = :unknown)
+        new(:warning, name)
+      end
+    end
+    
+    protected
+    
+    def auto_set_message!
+      raw_message = (TEMPLATES[@type.to_s] || {})[@name.to_s] || ""
+      @message = raw_message.gsub(/\:(\w+)/i) { |v| @variables[$1] || "" }
+    end
+    
+  end
+end

data/lib/gitauth/repo.rb

@@ -1,6 +1,6 @@
 #--
 #   Copyright (C) 2009 Brown Beagle Software
-#   Copyright (C) 2008 Darcy Laycock <sutto@sutto.net>
+#   Copyright (C) 2009 Darcy Laycock <sutto@sutto.net>
 #
 #   This program is free software: you can redistribute it and/or modify
 #   it under the terms of the GNU Affero General Public License as published by
@@ -19,20 +19,20 @@
 require 'fileutils'
 module GitAuth
   class Repo < SaveableClass(:repositories)
-    NAME_RE    = /^([\w\_\-\.\+]+(\.git)?)$/i
+    NAME_RE = /^([\w\_\-\.\+]+(\.git)?)$/i
     
     def self.get(name)
-      GitAuth.logger.debug "Getting Repo w/ name: '#{name}'"
-      self.all.detect { |r| r.name == name }
+      GitAuth::Logger.debug "Getting Repo w/ name: '#{name}'"
+      (all || []).detect { |r| r.name == name }
     end
     
     def self.create(name, path = name)
       return false if name.nil? || path.nil?
       return false if self.get(name) || self.all.any? { |r| r.path == path } || name !~ NAME_RE || path !~ NAME_RE
-      repository = self.new(name, path)
+      repository = new(name, path)
       return false unless repository.create_repo!
-      self.add_item(repository)
-      return repository
+      add_item(repository)
+      repository
     end
     
     attr_accessor :name, :path, :permissions
@@ -46,30 +46,27 @@ module GitAuth
       other.is_a?(Repo) && other.name == name && other.path == path
     end
     
-    def writeable_by(user_or_group)
-      @permissions[:write] ||= []
-      @permissions[:write] << user_or_group.to_s
-      @permissions[:write].uniq!
+    def writeable_by(whom)
+      add_permissions :write, whom
     end
     
-    def readable_by(user_or_group)
-      @permissions[:read] ||= []
-      @permissions[:read] << user_or_group.to_s
-      @permissions[:read].uniq!
+    def readable_by(whom)
+      add_permissions :read, whom
+    end
+    
+    def update_permissions!(user, permissions = [])
+      remove_permissions_for(user)
+      writeable_by(user) if permissions.include?("write")
+      readable_by(user)  if permissions.include?("read")
+      self.class.save!
     end
     
     def writeable_by?(user_or_group)
-      !(@permissions[:write] || []).detect do |writer|
-        writer = GitAuth.get_user_or_group(writer)
-        writer == user_or_group || (writer.is_a?(Group) && writer.member?(user_or_group, true))
-      end.nil?
+      has_permissions_for :write, user_or_group
     end
     
     def readable_by?(user_or_group)
-      !(@permissions[:read] || []).detect do |reader|
-        reader = GitAuth.get_user_or_group(reader)
-        reader == user_or_group || (reader.is_a?(Group) && reader.member?(user_or_group, true))
-      end.nil?
+      has_permissions_for :read, user_or_group
     end
     
     def remove_permissions_for(user_or_group)
@@ -79,31 +76,38 @@ module GitAuth
     end
     
     def real_path
-      File.join(GitAuth.settings.base_path, @path)
+      File.join(GitAuth::Settings.base_path, @path)
     end
     
     def create_repo!
       return false if !GitAuth.has_git?
-      path = self.real_path
-      unless File.exist?(path) && File.directory?(path)
-        FileUtils.mkdir_p(path)
+      unless File.directory?(real_path)
+        FileUtils.mkdir_p(real_path)
         output = ""
-        Dir.chdir(path) do
-          IO.popen("git --bare init") { |f| output << f.read }
-        end
-        return !!(output =~ /Initialized empty Git repository/)
+        Dir.chdir(real_path) { IO.popen("git --bare init") { |f| output << f.read } }
+        !!(output =~ /Initialized empty Git repository/)
       end
     end
     
     def destroy!
-      FileUtils.rm_rf(self.real_path) if File.exist?(self.real_path)
+      FileUtils.rm_rf(real_path) if File.exist?(real_path)
       self.class.all.reject! { |r| r == self }
       self.class.save!
     end
     
+    def make_empty!
+      tmp_path = "/tmp/gitauth-#{rand(100000)}-#{Time.now.to_i}"
+      FileUtils.mkdir(tmp_path)
+      system('git', 'clone', real_path, "#{tmp_path}/current-repo")
+      Dir.chdir("#{tmp_path}/current-repo") do
+        IO.popen("touch .gitignore && git commit -am 'Initial Empty Repository' && git push origin master") { |f| f.close }
+      end
+      FileUtils.rm_rf(tmp_path)
+    end
+    
     def execute_post_create_hook!
       script = File.expand_path("~/.gitauth/post-create")
-      if File.exist?(script) && File.executable?(script)
+      if File.executable?(script)
         system(script, @name, @path)
         return $?.success?
       else
@@ -112,5 +116,20 @@ module GitAuth
       end
     end
     
+    protected
+    
+    def add_permissions(type, whom)
+      @permissions[type] ||= []
+      @permissions[type] << whom.to_s
+      @permissions[type].uniq!
+    end
+    
+    def has_permissions_for(whom, type)
+      !(@permissions[type] || []).detect do |reader|
+        reader = GitAuth.get_user_or_group(reader)
+        reader == whom || (reader.is_a?(Group) && reader.member?(whom, true))
+      end.nil?
+    end
+    
   end
 end

data/lib/gitauth/saveable_class.rb

@@ -1,6 +1,6 @@
 #--
 #   Copyright (C) 2009 Brown Beagle Software
-#   Copyright (C) 2008 Darcy Laycock <sutto@sutto.net>
+#   Copyright (C) 2009 Darcy Laycock <sutto@sutto.net>
 #
 #   This program is free software: you can redistribute it and/or modify
 #   it under the terms of the GNU Affero General Public License as published by
@@ -16,7 +16,6 @@
 #   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #++
 
-
 module GitAuth
   def self.SaveableClass(kind)
     klass = Class.new
@@ -25,32 +24,36 @@ module GitAuth
     
     saveable_class_def = <<-END
     
-      #{path_name} = File.join(GitAuth::GITAUTH_DIR, #{yaml_file_name.inspect})
+      #{path_name} = GitAuth::GITAUTH_DIR.join(#{yaml_file_name.inspect})
+
+      class << self
     
-      def self.all
-        @@all_#{kind} ||= nil
-      end
+        def all
+          @@all_#{kind} ||= nil
+        end
       
-      def self.all=(value)
-        @@all_#{kind} = value
-      end
+        def all=(value)
+          @@all_#{kind} = value
+        end
       
-      def self.load!
-        self.all = YAML.load_file(#{path_name}) rescue nil if File.exist?(#{path_name})
-        self.all = [] unless self.all.is_a?(Array)
-      end
+        def load!
+          self.all = YAML.load_file(#{path_name}) rescue nil if File.exist?(#{path_name})
+          self.all = [] unless self.all.is_a?(Array)
+        end
 
-      def self.save!
-        load! if self.all.nil?
-        File.open(#{path_name}, "w+") do |f|
-          f.write self.all.to_yaml
+        def save!
+          load! if self.all.nil?
+          File.open(#{path_name}, "w+") do |f|
+            f.write self.all.to_yaml
+          end
         end
-      end
       
-      def self.add_item(item)
-        self.load! if self.all.nil?
-        self.all << item
-        self.save!
+        def add_item(item)
+          self.load! if self.all.nil?
+          self.all << item
+          self.save!
+        end
+    
       end
     
     END

data/lib/gitauth/settings.rb

@@ -0,0 +1,49 @@
+#--
+#   Copyright (C) 2009 Brown Beagle Software
+#   Copyright (C) 2009 Darcy Laycock <sutto@sutto.net>
+#
+#   This program is free software: you can redistribute it and/or modify
+#   it under the terms of the GNU Affero General Public License as published by
+#   the Free Software Foundation, either version 3 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU Affero General Public License for more details.
+#
+#   You should have received a copy of the GNU Affero General Public License
+#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#++
+
+
+module GitAuth
+  class Settings < Perennial::Settings
+   
+    def self.setup!(options = {})
+      @@configuration = {}
+      settings_file = self.default_settings_path
+      if File.exist?(settings_file)
+        loaded_yaml = YAML.load(File.read(settings_file))
+        # We don't use the default namespace etc.
+        @@configuration.merge!(loaded_yaml || {})
+      end
+      @@configuration.merge! options
+      @@configuration.symbolize_keys!
+      # Generate a module 
+      mod = generate_settings_accessor_mixin
+      extend  mod
+      include mod
+      @@setup = true
+    end
+    
+    def self.update!(hash)
+      settings_file = self.default_settings_path
+      settings = File.file?(settings_file) ? YAML.load(File.read(settings_file)) : {}
+      hash.each_pair { |k,v| settings[k.to_s] = v }
+      File.open(settings_file, "w+") { |f| f.write(settings.to_yaml) }
+      setup!
+    end
+    
+  end
+end

data/lib/gitauth/user.rb

@@ -1,6 +1,6 @@
 #--
 #   Copyright (C) 2009 Brown Beagle Software
-#   Copyright (C) 2008 Darcy Laycock <sutto@sutto.net>
+#   Copyright (C) 2009 Darcy Laycock <sutto@sutto.net>
 #
 #   This program is free software: you can redistribute it and/or modify
 #   it under the terms of the GNU Affero General Public License as published by
@@ -21,17 +21,19 @@ module GitAuth
   class User < SaveableClass(:users)
         
     def self.get(name)
-      GitAuth.logger.debug "Getting user for the name '#{name}'"
-      self.all.detect { |r| r.name == name }
+      GitAuth::Logger.debug "Getting user for the name '#{name}'"
+      (all || []).detect { |r| r.name == name }
     end
     
     def self.create(name, admin, key)
-      # Basic sanity checking.
+      # Basic sanity checking
       return false if name.nil? || admin.nil? || key.nil?
+      # Require that the name is valid and admin is a boolean.
       return false unless name =~ /^([\w\_\-\.]+)$/ && !!admin == admin
-      user = self.new(name, admin)
-      if user.write_ssh_key!(key)
-        self.add_item(user)
+      # Check there isn't an existing user
+      return false unless get(name).blank?
+      if (user = new(name, admin)).write_ssh_key!(key)
+        add_item(user)
         return true
       else
         return false
@@ -55,7 +57,7 @@ module GitAuth
         return false
       else
         output = "#{command_prefix} #{cleaned_key}"
-        File.open(GitAuth.settings.authorized_keys_file, "a+") do |file|
+        File.open(GitAuth::Settings.authorized_keys_file, "a+") do |file|
           file.puts output
         end
         return true
@@ -63,14 +65,17 @@ module GitAuth
     end
     
     def command_prefix
-      "command=\"#{GitAuth.settings.shell_executable} #{@name}\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding#{shell_accessible? ? "" : ",no-pty"}"
+      options  = ["command=\"#{GitAuth::Settings.shell_executable} #{@name}\"",
+                  "no-port-forwarding", "no-X11-forwarding", "no-agent-forwarding"]
+      options << "no-pty" if !shell_accessible?
+      options.join(",")
     end
     
     def destroy!
       GitAuth::Repo.all.each  { |r| r.remove_permissions_for(self) }
       GitAuth::Group.all.each { |g| g.remove_member(self) }
       # Remove the public key from the authorized_keys file.
-      auth_keys_path = GitAuth.settings.authorized_keys_file
+      auth_keys_path = GitAuth::Settings.authorized_keys_file
       if File.exist?(auth_keys_path)
         contents = File.read(auth_keys_path)
         contents.gsub!(/#{command_prefix} ssh-\w+ [a-zA-Z0-9\/\+]+==\r?\n?/m, "")
@@ -87,9 +92,7 @@ module GitAuth
       !!@admin
     end
     
-    def shell_accessible?
-      admin?
-    end
+    alias shell_accessible? admin?
     
     def pushable?(repo)
       admin? || repo.writeable_by?(self)
@@ -100,13 +103,13 @@ module GitAuth
     end
     
     def can_execute?(command, repo)
-      return nil if command.bad?
+      return if command.bad?
       if command.write?
-        GitAuth.logger.debug "Checking if #{self.name} can push to #{repo.name}"
-        return self.pushable?(repo)
+        GitAuth::Logger.debug "Checking if #{self.name} can push to #{repo.name}"
+        pushable?(repo)
       else
-        GitAuth.logger.debug "Checking if #{self.name} can pull from #{repo.name}"
-        return self.pullable?(repo)
+        GitAuth::Logger.debug "Checking if #{self.name} can pull from #{repo.name}"
+        pullable?(repo)
       end
     end
     

data/lib/gitauth/web_app.rb

@@ -1,6 +1,6 @@
 #--
 #   Copyright (C) 2009 Brown Beagle Software
-#   Copyright (C) 2008 Darcy Laycock <sutto@sutto.net>
+#   Copyright (C) 2009 Darcy Laycock <sutto@sutto.net>
 #
 #   This program is free software: you can redistribute it and/or modify
 #   it under the terms of the GNU Affero General Public License as published by
@@ -16,26 +16,89 @@
 #   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #++
 
-require 'sinatra'
+# Preload Rack and sinatra. Do so in this order so
+# that we can ensure the load path is 'correct'
+GitAuth.require_vendored 'rack'
+GitAuth.require_vendored 'sinatra'
+
 require 'digest/sha2'
 module GitAuth
   class WebApp < Sinatra::Base
     
+    cattr_accessor :current_server
+    
+    def self.has_auth?
+      username = GitAuth::Settings["web_username"]
+      password = GitAuth::Settings["web_password_hash"]
+      !(username.blank? || password.blank?)
+    end
+    
+    def self.update_auth
+      raw_username = Readline.readline('GitAuth Username (default is \'gitauth\'): ')
+      raw_username = 'gitauth' if raw_username.blank?
+      raw_password = ''
+      while raw_password.blank?
+        system "stty -echo" 
+        raw_password = Readline.readline('GitAuth Password: ')
+        system "stty echo"
+        print "\n"
+        puts "You need to provide a password, please try again" if raw_password.blank?
+      end
+      GitAuth::Settings.update!({
+        :web_username      => raw_username,
+        :web_password_hash => Digest::SHA256.hexdigest(raw_password)
+      })
+    end
+    
+    def self.check_auth
+      if !has_auth?
+        if $stderr.tty?
+          GitAuth::Logger.logger.verbose = true 
+          puts "For gitauth to continue, you need to provide a username and password."
+          update_auth
+        else
+          GitAuth::Logger.fatal "You need to provide a username and password for GitAuth to function; Please run 'gitauth webapp` once"
+          exit!
+        end
+      end
+    end
+    
+    def self.run(options = {})
+      check_auth
+      set options
+      handler      = detect_rack_handler
+      handler_name = handler.name.gsub(/.*::/, '')
+      GitAuth::Logger.info "Starting up web server on #{port}"
+      handler.run self, :Host => host, :Port => port do |server|
+        GitAuth::WebApp.current_server = server
+        set :running, true
+      end
+    rescue Errno::EADDRINUSE => e
+      GitAuth::Logger.fatal "Server is already running on port #{port}"
+    end
+    
+    def self.stop
+      if current_server.present?
+        current_server.respond_to?(:stop!) ? current_server.stop! : current_server.stop
+      end
+      GitAuth::Logger.debug "Stopped Server."
+    end
+    
+    use GitAuth::AuthSetupMiddleware
+    
     use Rack::Auth::Basic do |username, password|
-      [username, Digest::SHA256.hexdigest(password)] == [GitAuth.settings.web_username, GitAuth.settings.web_password_hash]
+      [username, Digest::SHA256.hexdigest(password)] == [GitAuth::Settings["web_username"], GitAuth::Settings["web_password_hash"]]
     end
     
     configure do
       set :port, 8998
-      set :views, File.join(GitAuth::BASE_DIR, "views")
-      set :public, File.join(GitAuth::BASE_DIR, "public")
+      set :views,  GitAuth::BASE_DIR.join("views")
+      set :public, GitAuth::BASE_DIR.join("public")
       set :static, true
       set :methodoverride, true
     end
     
-    before do
-      GitAuth.force_setup!
-    end
+    before { GitAuth.reload_models! }
     
     helpers do
       include Rack::Utils
@@ -70,7 +133,6 @@ module GitAuth
       erb :index
     end
     
-    
     # Listing / Index Page
     
     get '/repos/:name' do
@@ -119,7 +181,7 @@ module GitAuth
       path = name if path.to_s.strip.empty?
       if repo = GitAuth::Repo.create(name, path)
         if repo.execute_post_create_hook!
-          redirect "/repo_name=#{URI.encode(name)}"
+          redirect "/?repo_name=#{URI.encode(name)}"
         else
           redirect root_with_message("Repository added but the post-create hook exited unsuccessfully.")
         end
@@ -223,7 +285,6 @@ module GitAuth
       end
     end
     
-    
     # Misc Helpers
     
     def root_with_message(message)