# HG changeset patch
# User RhodeCode Admin <admin@rhodecode.com>
# Date 2023-08-21 07:40:30
# Node ID a3d84af6565eaf8a8f18d67ef436336f078acfd6
# Parent  b7ae2b2acee8c9d187de21ecb975b19403ce71af

ldap: small fixes and improvements over ldap authentication

diff --git a/rhodecode/authentication/base.py b/rhodecode/authentication/base.py
--- a/rhodecode/authentication/base.py
+++ b/rhodecode/authentication/base.py
@@ -477,7 +477,7 @@ class RhodeCodeAuthPluginBase(object):
         if isinstance(self.AUTH_CACHE_TTL, int):
             # plugin cache set inside is more important than the settings value
             cache_ttl = self.AUTH_CACHE_TTL
-        elif plugin_settings.get('cache_ttl'):
+        elif 'cache_ttl' in plugin_settings:
             cache_ttl = safe_int(plugin_settings.get('cache_ttl'), 0)
 
         plugin_cache_active = bool(cache_ttl and cache_ttl > 0)
@@ -637,7 +637,7 @@ class AuthLdapBase(object):
 
     @classmethod
     def _get_server_list(cls, servers):
-        return map(string.strip, servers.split(','))
+        return [s.strip() for s in servers.split(',')]
 
     @classmethod
     def get_uid(cls, username, server_addresses):
diff --git a/rhodecode/authentication/plugins/auth_ldap.py b/rhodecode/authentication/plugins/auth_ldap.py
--- a/rhodecode/authentication/plugins/auth_ldap.py
+++ b/rhodecode/authentication/plugins/auth_ldap.py
@@ -196,7 +196,7 @@ class AuthLdap(AuthLdapBase):
         ldap_conn = None
         try:
             ldap_conn = self._get_ldap_conn()
-            filter_ = '(&%s(%s=%s))' % (
+            filter_ = '(&{}({}={}))'.format(
                 self.LDAP_FILTER, self.attr_login, username)
             log.debug("Authenticating %r filter %s and scope: %s",
                       self.BASE_DN, filter_, scope_label)
@@ -446,8 +446,8 @@ class RhodeCodeAuthPlugin(RhodeCodeExter
         org_bind = current_args['bind_dn']
         passwd = current_args['bind_pass']
 
-        def has_bind_marker(username):
-            if self.DYNAMIC_BIND_VAR in username:
+        def has_bind_marker(_username):
+            if self.DYNAMIC_BIND_VAR in _username:
                 return True
 
         # we only passed in user with "special" variable
@@ -499,12 +499,12 @@ class RhodeCodeAuthPlugin(RhodeCodeExter
         log.debug('Checking for ldap authentication.')
 
         try:
-            aldap = AuthLdap(**ldap_args)
-            (user_dn, ldap_attrs) = aldap.authenticate_ldap(username, password)
+            auth_ldap = AuthLdap(**ldap_args)
+            (user_dn, ldap_attrs) = auth_ldap.authenticate_ldap(username, password)
             log.debug('Got ldap DN response %s', user_dn)
 
-            def get_ldap_attr(k):
-                return ldap_attrs.get(settings.get(k), [''])[0]
+            def get_ldap_attr(k) -> str:
+                return safe_str(ldap_attrs.get(settings.get(k), [b''])[0])
 
             # old attrs fetched from RhodeCode database
             admin = getattr(userobj, 'admin', False)
@@ -519,8 +519,8 @@ class RhodeCodeAuthPlugin(RhodeCodeExter
 
             user_attrs = {
                 'username': username,
-                'firstname': safe_str(get_ldap_attr('attr_firstname') or firstname),
-                'lastname': safe_str(get_ldap_attr('attr_lastname') or lastname),
+                'firstname': get_ldap_attr('attr_firstname') or firstname,
+                'lastname': get_ldap_attr('attr_lastname') or lastname,
                 'groups': groups,
                 'user_group_sync': False,
                 'email': get_ldap_attr('attr_email') or email,
diff --git a/rhodecode/authentication/views.py b/rhodecode/authentication/views.py
--- a/rhodecode/authentication/views.py
+++ b/rhodecode/authentication/views.py
@@ -99,6 +99,9 @@ class AuthnPluginViewBase(BaseAppView):
         Session().commit()
         SettingsModel().invalidate_settings_cache()
 
+        authn_registry = get_authn_registry(self.request.registry)
+        authn_registry.invalidate_auth_plugins_cache()
+
         # Display success message and redirect.
         h.flash(_('Auth settings updated successfully.'), category='success')
         redirect_to = self.request.resource_path(self.context, route_name='auth_home')
@@ -173,6 +176,8 @@ class AuthSettingsView(BaseAppView):
             h.flash(_('Error occurred during update of auth settings.'),
                     category='error')
 
+        authn_registry = get_authn_registry(self.request.registry)
+        authn_registry.invalidate_auth_plugins_cache()
         redirect_to = self.request.resource_path(self.context, route_name='auth_home')
 
         return HTTPFound(redirect_to)
diff --git a/rhodecode/lib/middleware/vcs.py b/rhodecode/lib/middleware/vcs.py
--- a/rhodecode/lib/middleware/vcs.py
+++ b/rhodecode/lib/middleware/vcs.py
@@ -158,6 +158,9 @@ def detect_vcs_request(environ, backends
         # e.g /_file_store/download
         '_file_store++',
 
+        # login
+        "_admin/login",
+
         # _admin/api is safe too
         '_admin/api',