##// END OF EJS Templates
authentication: introduce a group sync flag for plugins....
marcink -
r2495:4f076134 default
parent child
Show More
@@ -77,7 +77,6 class hybrid_property(object):
77 self.fdel(instance)
77 self.fdel(instance)
78
78
79
79
80
81 class LazyFormencode(object):
80 class LazyFormencode(object):
82 def __init__(self, formencode_obj, *args, **kwargs):
81 def __init__(self, formencode_obj, *args, **kwargs):
83 self.formencode_obj = formencode_obj
82 self.formencode_obj = formencode_obj
@@ -106,6 +105,8 class RhodeCodeAuthPluginBase(object):
106 "lastname": "last name",
105 "lastname": "last name",
107 "email": "email address",
106 "email": "email address",
108 "groups": '["list", "of", "groups"]',
107 "groups": '["list", "of", "groups"]',
108 "user_group_sync":
109 'True|False defines if returned user groups should be synced',
109 "extern_name": "name in external source of record",
110 "extern_name": "name in external source of record",
110 "extern_type": "type of external source of record",
111 "extern_type": "type of external source of record",
111 "admin": 'True|False defines if user should be RhodeCode super admin',
112 "admin": 'True|False defines if user should be RhodeCode super admin',
@@ -114,6 +115,7 class RhodeCodeAuthPluginBase(object):
114 "active_from_extern":
115 "active_from_extern":
115 "True|False\None, active state from the external auth, "
116 "True|False\None, active state from the external auth, "
116 "None means use definition from RhodeCode extern_type active value"
117 "None means use definition from RhodeCode extern_type active value"
118
117 }
119 }
118 # set on authenticate() method and via set_auth_type func.
120 # set on authenticate() method and via set_auth_type func.
119 auth_type = None
121 auth_type = None
@@ -412,8 +414,9 class RhodeCodeAuthPluginBase(object):
412 new_hash = auth.get('_hash_migrate')
414 new_hash = auth.get('_hash_migrate')
413 if new_hash:
415 if new_hash:
414 self._migrate_hash_to_bcrypt(username, passwd, new_hash)
416 self._migrate_hash_to_bcrypt(username, passwd, new_hash)
417 if 'user_group_sync' not in auth:
418 auth['user_group_sync'] = False
415 return self._validate_auth_return(auth)
419 return self._validate_auth_return(auth)
416
417 return auth
420 return auth
418
421
419 def _migrate_hash_to_bcrypt(self, username, password, new_hash):
422 def _migrate_hash_to_bcrypt(self, username, password, new_hash):
@@ -538,16 +541,19 class RhodeCodeExternalAuthPlugin(RhodeC
538 # enforce user is just in given groups, all of them has to be ones
541 # enforce user is just in given groups, all of them has to be ones
539 # created from plugins. We store this info in _group_data JSON
542 # created from plugins. We store this info in _group_data JSON
540 # field
543 # field
541 try:
544
542 groups = auth['groups'] or []
545 if auth['user_group_sync']:
543 log.debug(
546 try:
544 'Performing user_group sync based on set `%s` '
547 groups = auth['groups'] or []
545 'returned by this plugin', groups)
548 log.debug(
546 UserGroupModel().enforce_groups(user, groups, self.name)
549 'Performing user_group sync based on set `%s` '
547 except Exception:
550 'returned by `%s` plugin', groups, self.name)
548 # for any reason group syncing fails, we should
551 UserGroupModel().enforce_groups(user, groups, self.name)
549 # proceed with login
552 except Exception:
550 log.error(traceback.format_exc())
553 # for any reason group syncing fails, we should
554 # proceed with login
555 log.error(traceback.format_exc())
556
551 Session().commit()
557 Session().commit()
552 return auth
558 return auth
553
559
@@ -671,7 +677,7 def authenticate(username, password, env
671 environ=environ or {})
677 environ=environ or {})
672
678
673 if plugin_cache_active:
679 if plugin_cache_active:
674 log.debug('Trying to fetch cached auth by %s', _password_hash[:6])
680 log.debug('Trying to fetch cached auth by `...%s`', _password_hash[:6])
675 plugin_user = cache_manager.get(
681 plugin_user = cache_manager.get(
676 _password_hash, createfunc=auth_func)
682 _password_hash, createfunc=auth_func)
677 else:
683 else:
@@ -267,6 +267,7 class RhodeCodeAuthPlugin(RhodeCodeExter
267 'firstname': crowd_user["first-name"] or firstname,
267 'firstname': crowd_user["first-name"] or firstname,
268 'lastname': crowd_user["last-name"] or lastname,
268 'lastname': crowd_user["last-name"] or lastname,
269 'groups': crowd_user["groups"],
269 'groups': crowd_user["groups"],
270 'user_group_sync': True,
270 'email': crowd_user["email"] or email,
271 'email': crowd_user["email"] or email,
271 'admin': admin,
272 'admin': admin,
272 'active': active,
273 'active': active,
@@ -212,6 +212,7 class RhodeCodeAuthPlugin(RhodeCodeExter
212 'firstname': safe_unicode(firstname or username),
212 'firstname': safe_unicode(firstname or username),
213 'lastname': safe_unicode(lastname or ''),
213 'lastname': safe_unicode(lastname or ''),
214 'groups': [],
214 'groups': [],
215 'user_group_sync': False,
215 'email': email or '',
216 'email': email or '',
216 'admin': admin or False,
217 'admin': admin or False,
217 'active': active,
218 'active': active,
@@ -154,6 +154,7 class RhodeCodeAuthPlugin(RhodeCodeExter
154 'firstname': safe_unicode(firstname or username),
154 'firstname': safe_unicode(firstname or username),
155 'lastname': safe_unicode(lastname or ''),
155 'lastname': safe_unicode(lastname or ''),
156 'groups': [],
156 'groups': [],
157 'user_group_sync': False,
157 'email': email or '',
158 'email': email or '',
158 'admin': admin or False,
159 'admin': admin or False,
159 'active': active,
160 'active': active,
@@ -460,6 +460,7 class RhodeCodeAuthPlugin(RhodeCodeExter
460 'lastname': safe_unicode(
460 'lastname': safe_unicode(
461 get_ldap_attr('attr_lastname') or lastname),
461 get_ldap_attr('attr_lastname') or lastname),
462 'groups': groups,
462 'groups': groups,
463 'user_group_sync': False,
463 'email': get_ldap_attr('attr_email') or email,
464 'email': get_ldap_attr('attr_email') or email,
464 'admin': admin,
465 'admin': admin,
465 'active': active,
466 'active': active,
@@ -136,6 +136,7 class RhodeCodeAuthPlugin(RhodeCodeExter
136 'lastname': lastname,
136 'lastname': lastname,
137 'groups': [g.gr_name for g in grp.getgrall()
137 'groups': [g.gr_name for g in grp.getgrall()
138 if username in g.gr_mem],
138 if username in g.gr_mem],
139 'user_group_sync': True,
139 'email': email,
140 'email': email,
140 'admin': admin,
141 'admin': admin,
141 'active': active,
142 'active': active,
@@ -100,6 +100,7 class RhodeCodeAuthPlugin(RhodeCodeAuthP
100 "firstname": userobj.firstname,
100 "firstname": userobj.firstname,
101 "lastname": userobj.lastname,
101 "lastname": userobj.lastname,
102 "groups": [],
102 "groups": [],
103 'user_group_sync': False,
103 "email": userobj.email,
104 "email": userobj.email,
104 "admin": userobj.admin,
105 "admin": userobj.admin,
105 "active": userobj.active,
106 "active": userobj.active,
@@ -111,6 +111,7 class RhodeCodeAuthPlugin(RhodeCodeAuthP
111 "firstname": userobj.firstname,
111 "firstname": userobj.firstname,
112 "lastname": userobj.lastname,
112 "lastname": userobj.lastname,
113 "groups": [],
113 "groups": [],
114 'user_group_sync': False,
114 "email": userobj.email,
115 "email": userobj.email,
115 "admin": userobj.admin,
116 "admin": userobj.admin,
116 "active": userobj.active,
117 "active": userobj.active,
General Comments 0
You need to be logged in to leave comments. Login now