diff --git a/rhodecode/authentication/__init__.py b/rhodecode/authentication/__init__.py --- a/rhodecode/authentication/__init__.py +++ b/rhodecode/authentication/__init__.py @@ -37,6 +37,7 @@ log = logging.getLogger(__name__) # Plugin ID prefixes to distinct between normal and legacy plugins. plugin_prefix = 'egg:' legacy_plugin_prefix = 'py:' +plugin_default_auth_ttl = 30 # TODO: Currently this is only used to discover the authentication plugins. diff --git a/rhodecode/authentication/base.py b/rhodecode/authentication/base.py --- a/rhodecode/authentication/base.py +++ b/rhodecode/authentication/base.py @@ -439,7 +439,11 @@ class RhodeCodeAuthPluginBase(object): def get_ttl_cache(self, settings=None): plugin_settings = settings or self.get_settings() - cache_ttl = 0 + # we set default to 30, we make a compromise here, + # performance > security, mostly due to LDAP/SVN, majority + # of users pick cache_ttl to be enabled + from rhodecode.authentication import plugin_default_auth_ttl + cache_ttl = plugin_default_auth_ttl if isinstance(self.AUTH_CACHE_TTL, (int, long)): # plugin cache set inside is more important than the settings value diff --git a/rhodecode/authentication/schema.py b/rhodecode/authentication/schema.py --- a/rhodecode/authentication/schema.py +++ b/rhodecode/authentication/schema.py @@ -20,6 +20,7 @@ import colander +from rhodecode.authentication import plugin_default_auth_ttl from rhodecode.translation import _ @@ -39,7 +40,7 @@ class AuthnPluginSettingsSchemaBase(cola ) cache_ttl = colander.SchemaNode( colander.Int(), - default=0, + default=plugin_default_auth_ttl, description=_('Amount of seconds to cache the authentication and ' 'permissions check response call for this plugin. \n' 'Useful for expensive calls like LDAP to improve the ' diff --git a/rhodecode/authentication/tests/conftest.py b/rhodecode/authentication/tests/conftest.py --- a/rhodecode/authentication/tests/conftest.py +++ b/rhodecode/authentication/tests/conftest.py @@ -30,10 +30,7 @@ class EnabledAuthPlugin(object): """ def __init__(self, plugin): - self.new_value = set([ - 'egg:rhodecode-enterprise-ce#rhodecode', - plugin.get_id() - ]) + self.new_value = {'egg:rhodecode-enterprise-ce#rhodecode', plugin.get_id()} def __enter__(self): from rhodecode.model.settings import SettingsModel @@ -47,7 +44,7 @@ class EnabledAuthPlugin(object): 'auth_plugins', ','.join(self._old_value)) -class DisabledAuthPlugin(): +class DisabledAuthPlugin(object): """ Context manager that updates the 'auth_plugins' setting in DB to disable a plugin. Previous setting is restored on exit. diff --git a/rhodecode/config/environment.py b/rhodecode/config/environment.py --- a/rhodecode/config/environment.py +++ b/rhodecode/config/environment.py @@ -18,12 +18,10 @@ # RhodeCode Enterprise Edition, including its added features, Support services, # and proprietary license terms, please see https://rhodecode.com/licenses/ - import os import logging import rhodecode - from rhodecode.config import utils from rhodecode.lib.utils import load_rcextensions @@ -52,6 +50,8 @@ def load_pyramid_environment(global_conf if settings['is_test']: rhodecode.is_test = True rhodecode.disable_error_handler = True + from rhodecode import authentication + authentication.plugin_default_auth_ttl = 0 utils.initialize_test_environment(settings_merged)