# HG changeset patch # User Marcin Kuzminski # Date 2017-02-21 17:05:29 # Node ID 01fbc7af12d6520534cdeb451eb32d960641ea10 # Parent 4b56dcb16aee77db3d2f0ac984bc80a479119b94 auth: refactor code and simplified instructions. - added new rfc selector - cleanup imports diff --git a/rhodecode/authentication/base.py b/rhodecode/authentication/base.py --- a/rhodecode/authentication/base.py +++ b/rhodecode/authentication/base.py @@ -627,3 +627,21 @@ def authenticate(username, password, env log.debug("User `%s` failed to authenticate against %s", display_user, plugin.get_id()) return None + + +def chop_at(s, sub, inclusive=False): + """Truncate string ``s`` at the first occurrence of ``sub``. + + If ``inclusive`` is true, truncate just after ``sub`` rather than at it. + + >>> chop_at("plutocratic brats", "rat") + 'plutoc' + >>> chop_at("plutocratic brats", "rat", True) + 'plutocrat' + """ + pos = s.find(sub) + if pos == -1: + return s + if inclusive: + return s[:pos+len(sub)] + return s[:pos] diff --git a/rhodecode/authentication/plugins/auth_crowd.py b/rhodecode/authentication/plugins/auth_crowd.py --- a/rhodecode/authentication/plugins/auth_crowd.py +++ b/rhodecode/authentication/plugins/auth_crowd.py @@ -28,10 +28,9 @@ import base64 import logging import urllib2 -from pylons.i18n.translation import lazy_ugettext as _ -from sqlalchemy.ext.hybrid import hybrid_property - -from rhodecode.authentication.base import RhodeCodeExternalAuthPlugin +from rhodecode.translation import _ +from rhodecode.authentication.base import ( + RhodeCodeExternalAuthPlugin, hybrid_property) from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase from rhodecode.authentication.routes import AuthnPluginResourceBase from rhodecode.lib.colander_utils import strip_whitespace diff --git a/rhodecode/authentication/plugins/auth_headers.py b/rhodecode/authentication/plugins/auth_headers.py --- a/rhodecode/authentication/plugins/auth_headers.py +++ b/rhodecode/authentication/plugins/auth_headers.py @@ -21,15 +21,14 @@ import colander import logging -from sqlalchemy.ext.hybrid import hybrid_property - -from rhodecode.authentication.base import RhodeCodeExternalAuthPlugin +from rhodecode.translation import _ +from rhodecode.authentication.base import ( + RhodeCodeExternalAuthPlugin, hybrid_property) from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase from rhodecode.authentication.routes import AuthnPluginResourceBase from rhodecode.lib.colander_utils import strip_whitespace from rhodecode.lib.utils2 import str2bool, safe_unicode from rhodecode.model.db import User -from rhodecode.translation import _ log = logging.getLogger(__name__) diff --git a/rhodecode/authentication/plugins/auth_jasig_cas.py b/rhodecode/authentication/plugins/auth_jasig_cas.py --- a/rhodecode/authentication/plugins/auth_jasig_cas.py +++ b/rhodecode/authentication/plugins/auth_jasig_cas.py @@ -30,10 +30,9 @@ import rhodecode import urllib import urllib2 -from pylons.i18n.translation import lazy_ugettext as _ -from sqlalchemy.ext.hybrid import hybrid_property - -from rhodecode.authentication.base import RhodeCodeExternalAuthPlugin +from rhodecode.translation import _ +from rhodecode.authentication.base import ( + RhodeCodeExternalAuthPlugin, hybrid_property) from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase from rhodecode.authentication.routes import AuthnPluginResourceBase from rhodecode.lib.colander_utils import strip_whitespace diff --git a/rhodecode/authentication/plugins/auth_ldap.py b/rhodecode/authentication/plugins/auth_ldap.py --- a/rhodecode/authentication/plugins/auth_ldap.py +++ b/rhodecode/authentication/plugins/auth_ldap.py @@ -27,10 +27,9 @@ import colander import logging import traceback -from pylons.i18n.translation import lazy_ugettext as _ -from sqlalchemy.ext.hybrid import hybrid_property - -from rhodecode.authentication.base import RhodeCodeExternalAuthPlugin +from rhodecode.translation import _ +from rhodecode.authentication.base import ( + RhodeCodeExternalAuthPlugin, chop_at, hybrid_property) from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase from rhodecode.authentication.routes import AuthnPluginResourceBase from rhodecode.lib.colander_utils import strip_whitespace @@ -72,14 +71,15 @@ class LdapSettingsSchema(AuthnPluginSett host = colander.SchemaNode( colander.String(), default='', - description=_('Host of the LDAP Server'), + description=_('Host of the LDAP Server \n' + '(e.g., 192.168.2.154, or ldap-server.domain.com'), preparer=strip_whitespace, title=_('LDAP Host'), widget='string') port = colander.SchemaNode( colander.Int(), default=389, - description=_('Port that the LDAP server is listening on'), + description=_('Custom port that the LDAP server is listening on. Default: 389'), preparer=strip_whitespace, title=_('Port'), validator=colander.Range(min=0, max=65536), @@ -87,7 +87,9 @@ class LdapSettingsSchema(AuthnPluginSett dn_user = colander.SchemaNode( colander.String(), default='', - description=_('User to connect to LDAP'), + description=_('Optional user DN/account to connect to LDAP if authentication is required. \n' + 'e.g., cn=admin,dc=mydomain,dc=com, or ' + 'uid=root,cn=users,dc=mydomain,dc=com, or admin@mydomain.com'), missing='', preparer=strip_whitespace, title=_('Account'), @@ -95,7 +97,7 @@ class LdapSettingsSchema(AuthnPluginSett dn_pass = colander.SchemaNode( colander.String(), default='', - description=_('Password to connect to LDAP'), + description=_('Password to authenticate for given user DN.'), missing='', preparer=strip_whitespace, title=_('Password'), @@ -117,7 +119,9 @@ class LdapSettingsSchema(AuthnPluginSett base_dn = colander.SchemaNode( colander.String(), default='', - description=_('Base DN to search (e.g., dc=mydomain,dc=com)'), + description=_('Base DN to search. Dynamic bind is supported. Add `$login` marker ' + 'in it to be replaced with current user credentials \n' + '(e.g., dc=mydomain,dc=com, or ou=Users,dc=mydomain,dc=com)'), missing='', preparer=strip_whitespace, title=_('Base DN'), @@ -125,22 +129,25 @@ class LdapSettingsSchema(AuthnPluginSett filter = colander.SchemaNode( colander.String(), default='', - description=_('Filter to narrow results (e.g., ou=Users, etc)'), + description=_('Filter to narrow results \n' + '(e.g., (&(objectCategory=Person)(objectClass=user)), or \n' + '(memberof=cn=rc-login,ou=groups,ou=company,dc=mydomain,dc=com)))'), missing='', preparer=strip_whitespace, title=_('LDAP Search Filter'), widget='string') + search_scope = colander.SchemaNode( colander.String(), - default=search_scope_choices[0], - description=_('How deep to search LDAP'), + default=search_scope_choices[2], + description=_('How deep to search LDAP. If unsure set to SUBTREE'), title=_('LDAP Search Scope'), validator=colander.OneOf(search_scope_choices), widget='select') attr_login = colander.SchemaNode( colander.String(), - default='', - description=_('LDAP Attribute to map to user name'), + default='uid', + description=_('LDAP Attribute to map to user name (e.g., uid, or sAMAccountName)'), preparer=strip_whitespace, title=_('Login Attribute'), missing_msg=_('The LDAP Login attribute of the CN must be specified'), @@ -148,7 +155,7 @@ class LdapSettingsSchema(AuthnPluginSett attr_firstname = colander.SchemaNode( colander.String(), default='', - description=_('LDAP Attribute to map to first name'), + description=_('LDAP Attribute to map to first name (e.g., givenName)'), missing='', preparer=strip_whitespace, title=_('First Name Attribute'), @@ -156,7 +163,7 @@ class LdapSettingsSchema(AuthnPluginSett attr_lastname = colander.SchemaNode( colander.String(), default='', - description=_('LDAP Attribute to map to last name'), + description=_('LDAP Attribute to map to last name (e.g., sn)'), missing='', preparer=strip_whitespace, title=_('Last Name Attribute'), @@ -164,7 +171,9 @@ class LdapSettingsSchema(AuthnPluginSett attr_email = colander.SchemaNode( colander.String(), default='', - description=_('LDAP Attribute to map to email address'), + description=_('LDAP Attribute to map to email address (e.g., mail).\n' + 'Emails are a crucial part of RhodeCode. \n' + 'If possible add a valid email attribute to ldap users.'), missing='', preparer=strip_whitespace, title=_('Email Attribute'), @@ -182,7 +191,7 @@ class AuthLdap(object): def __init__(self, server, base_dn, port=389, bind_dn='', bind_pass='', tls_kind='PLAIN', tls_reqcert='DEMAND', ldap_version=3, search_scope='SUBTREE', attr_login='uid', - ldap_filter='(&(objectClass=user)(!(objectClass=computer)))'): + ldap_filter=None): if ldap == Missing: raise LdapImportError("Missing or incompatible ldap library") @@ -236,14 +245,13 @@ class AuthLdap(object): server.start_tls_s() if self.LDAP_BIND_DN and self.LDAP_BIND_PASS: - log.debug('Trying simple_bind with password and given DN: %s', + log.debug('Trying simple_bind with password and given login DN: %s', self.LDAP_BIND_DN) server.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS) return server def get_uid(self, username): - from rhodecode.lib.helpers import chop_at uid = username for server_addr in self.SERVER_ADDRESSES: uid = chop_at(username, "@%s" % server_addr) @@ -292,8 +300,11 @@ class AuthLdap(object): self.BASE_DN, self.SEARCH_SCOPE, filter_) if not lobjects: + log.debug("No matching LDAP objects for authentication " + "of UID:'%s' username:(%s)", uid, username) raise ldap.NO_SUCH_OBJECT() + log.debug('Found matching ldap object, trying to authenticate') for (dn, _attrs) in lobjects: if dn is None: continue @@ -304,15 +315,13 @@ class AuthLdap(object): break else: - log.debug("No matching LDAP objects for authentication " - "of '%s' (%s)", uid, username) raise LdapPasswordError('Failed to authenticate user ' 'with given password') except ldap.NO_SUCH_OBJECT: log.debug("LDAP says no such user '%s' (%s), org_exc:", uid, username, exc_info=True) - raise LdapUsernameError() + raise LdapUsernameError('Unable to find user') except ldap.SERVER_DOWN: org_exc = traceback.format_exc() raise LdapConnectionError( @@ -447,7 +456,7 @@ class RhodeCodeAuthPlugin(RhodeCodeExter 'email': get_ldap_attr('attr_email') or email, 'admin': admin, 'active': active, - "active_from_extern": None, + 'active_from_extern': None, 'extern_name': user_dn, 'extern_type': extern_type, } diff --git a/rhodecode/authentication/plugins/auth_pam.py b/rhodecode/authentication/plugins/auth_pam.py --- a/rhodecode/authentication/plugins/auth_pam.py +++ b/rhodecode/authentication/plugins/auth_pam.py @@ -17,6 +17,7 @@ # This program is dual-licensed. If you wish to learn more about the # RhodeCode Enterprise Edition, including its added features, Support services, # and proprietary license terms, please see https://rhodecode.com/licenses/ + """ RhodeCode authentication library for PAM """ @@ -29,10 +30,9 @@ import pwd import re import socket -from pylons.i18n.translation import lazy_ugettext as _ -from sqlalchemy.ext.hybrid import hybrid_property - -from rhodecode.authentication.base import RhodeCodeExternalAuthPlugin +from rhodecode.translation import _ +from rhodecode.authentication.base import ( + RhodeCodeExternalAuthPlugin, hybrid_property) from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase from rhodecode.authentication.routes import AuthnPluginResourceBase from rhodecode.lib.colander_utils import strip_whitespace diff --git a/rhodecode/authentication/plugins/auth_rhodecode.py b/rhodecode/authentication/plugins/auth_rhodecode.py --- a/rhodecode/authentication/plugins/auth_rhodecode.py +++ b/rhodecode/authentication/plugins/auth_rhodecode.py @@ -25,9 +25,8 @@ RhodeCode authentication plugin for buil import logging from pylons.i18n.translation import lazy_ugettext as _ -from sqlalchemy.ext.hybrid import hybrid_property -from rhodecode.authentication.base import RhodeCodeAuthPluginBase +from rhodecode.authentication.base import RhodeCodeAuthPluginBase, hybrid_property from rhodecode.authentication.routes import AuthnPluginResourceBase from rhodecode.lib.utils2 import safe_str from rhodecode.model.db import User diff --git a/rhodecode/authentication/plugins/auth_token.py b/rhodecode/authentication/plugins/auth_token.py --- a/rhodecode/authentication/plugins/auth_token.py +++ b/rhodecode/authentication/plugins/auth_token.py @@ -24,10 +24,9 @@ RhodeCode authentication token plugin fo import logging -from sqlalchemy.ext.hybrid import hybrid_property - from rhodecode.translation import _ -from rhodecode.authentication.base import RhodeCodeAuthPluginBase, VCS_TYPE +from rhodecode.authentication.base import ( + RhodeCodeAuthPluginBase, VCS_TYPE, hybrid_property) from rhodecode.authentication.routes import AuthnPluginResourceBase from rhodecode.model.db import User, UserApiKeys diff --git a/rhodecode/authentication/schema.py b/rhodecode/authentication/schema.py --- a/rhodecode/authentication/schema.py +++ b/rhodecode/authentication/schema.py @@ -40,10 +40,11 @@ class AuthnPluginSettingsSchemaBase(cola cache_ttl = colander.SchemaNode( colander.Int(), default=0, - description=_('Amount of seconds to cache the authentication ' - 'call for this plugin. Useful for long calls like ' - 'LDAP to improve the responsiveness of the ' - 'authentication system (0 means disabled).'), + description=_('Amount of seconds to cache the authentication response' + 'call for this plugin. \n' + 'Useful for long calls like LDAP to improve the ' + 'performance of the authentication system ' + '(0 means disabled).'), missing=0, title=_('Auth Cache TTL'), validator=colander.Range(min=0, max=None), diff --git a/rhodecode/events/base.py b/rhodecode/events/base.py --- a/rhodecode/events/base.py +++ b/rhodecode/events/base.py @@ -57,7 +57,12 @@ class RhodecodeEvent(object): def actor(self): auth_user = self.auth_user if auth_user: - return auth_user.get_instance() + instance = auth_user.get_instance() + if not instance: + return AttributeDict(dict( + username=auth_user.username + )) + return SYSTEM_USER @property diff --git a/rhodecode/public/css/main-content.less b/rhodecode/public/css/main-content.less --- a/rhodecode/public/css/main-content.less +++ b/rhodecode/public/css/main-content.less @@ -61,6 +61,7 @@ .help-block { display: block; margin-left: @label-width; + white-space: pre; } .action_button { @@ -116,7 +117,7 @@ float: none; margin-left: @label-width; - .help-block{ + .help-block { margin-left: 0; } } diff --git a/rhodecode/templates/admin/auth/plugin_settings.mako b/rhodecode/templates/admin/auth/plugin_settings.mako --- a/rhodecode/templates/admin/auth/plugin_settings.mako +++ b/rhodecode/templates/admin/auth/plugin_settings.mako @@ -111,6 +111,7 @@ $("#tls_kind").select2(select2Options); $("#tls_reqcert").select2(select2Options); $("#search_scope").select2(select2Options); + $("#group_extraction_type").select2(select2Options); });