##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
authentication: introduce a group sync flag for plugins....
marcink -
r2495:4f076134 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -77,7 +77,6 b' class hybrid_property(object):'
77 77 self.fdel(instance)
78 78
79 79
80
81 80 class LazyFormencode(object):
82 81 def __init__(self, formencode_obj, *args, **kwargs):
83 82 self.formencode_obj = formencode_obj
@@ -106,6 +105,8 b' class RhodeCodeAuthPluginBase(object):'
106 105 "lastname": "last name",
107 106 "email": "email address",
108 107 "groups": '["list", "of", "groups"]',
108 "user_group_sync":
109 'True|False defines if returned user groups should be synced',
109 110 "extern_name": "name in external source of record",
110 111 "extern_type": "type of external source of record",
111 112 "admin": 'True|False defines if user should be RhodeCode super admin',
@@ -114,6 +115,7 b' class RhodeCodeAuthPluginBase(object):'
114 115 "active_from_extern":
115 116 "True|False\None, active state from the external auth, "
116 117 "None means use definition from RhodeCode extern_type active value"
118
117 119 }
118 120 # set on authenticate() method and via set_auth_type func.
119 121 auth_type = None
@@ -412,8 +414,9 b' class RhodeCodeAuthPluginBase(object):'
412 414 new_hash = auth.get('_hash_migrate')
413 415 if new_hash:
414 416 self._migrate_hash_to_bcrypt(username, passwd, new_hash)
417 if 'user_group_sync' not in auth:
418 auth['user_group_sync'] = False
415 419 return self._validate_auth_return(auth)
416
417 420 return auth
418 421
419 422 def _migrate_hash_to_bcrypt(self, username, password, new_hash):
@@ -538,16 +541,19 b' class RhodeCodeExternalAuthPlugin(RhodeC'
538 541 # enforce user is just in given groups, all of them has to be ones
539 542 # created from plugins. We store this info in _group_data JSON
540 543 # field
541 try:
542 groups = auth['groups'] or []
543 log.debug(
544 'Performing user_group sync based on set `%s` '
545 'returned by this plugin', groups)
546 UserGroupModel().enforce_groups(user, groups, self.name)
547 except Exception:
548 # for any reason group syncing fails, we should
549 # proceed with login
550 log.error(traceback.format_exc())
544
545 if auth['user_group_sync']:
546 try:
547 groups = auth['groups'] or []
548 log.debug(
549 'Performing user_group sync based on set `%s` '
550 'returned by `%s` plugin', groups, self.name)
551 UserGroupModel().enforce_groups(user, groups, self.name)
552 except Exception:
553 # for any reason group syncing fails, we should
554 # proceed with login
555 log.error(traceback.format_exc())
556
551 557 Session().commit()
552 558 return auth
553 559
@@ -671,7 +677,7 b' def authenticate(username, password, env'
671 677 environ=environ or {})
672 678
673 679 if plugin_cache_active:
674 log.debug('Trying to fetch cached auth by %s', _password_hash[:6])
680 log.debug('Trying to fetch cached auth by `...%s`', _password_hash[:6])
675 681 plugin_user = cache_manager.get(
676 682 _password_hash, createfunc=auth_func)
677 683 else:
Show file before | Show file after | Hide comments
@@ -267,6 +267,7 b' class RhodeCodeAuthPlugin(RhodeCodeExter'
267 267 'firstname': crowd_user["first-name"] or firstname,
268 268 'lastname': crowd_user["last-name"] or lastname,
269 269 'groups': crowd_user["groups"],
270 'user_group_sync': True,
270 271 'email': crowd_user["email"] or email,
271 272 'admin': admin,
272 273 'active': active,
Show file before | Show file after | Hide comments
@@ -212,6 +212,7 b' class RhodeCodeAuthPlugin(RhodeCodeExter'
212 212 'firstname': safe_unicode(firstname or username),
213 213 'lastname': safe_unicode(lastname or ''),
214 214 'groups': [],
215 'user_group_sync': False,
215 216 'email': email or '',
216 217 'admin': admin or False,
217 218 'active': active,
Show file before | Show file after | Hide comments
@@ -154,6 +154,7 b' class RhodeCodeAuthPlugin(RhodeCodeExter'
154 154 'firstname': safe_unicode(firstname or username),
155 155 'lastname': safe_unicode(lastname or ''),
156 156 'groups': [],
157 'user_group_sync': False,
157 158 'email': email or '',
158 159 'admin': admin or False,
159 160 'active': active,
Show file before | Show file after | Hide comments
@@ -460,6 +460,7 b' class RhodeCodeAuthPlugin(RhodeCodeExter'
460 460 'lastname': safe_unicode(
461 461 get_ldap_attr('attr_lastname') or lastname),
462 462 'groups': groups,
463 'user_group_sync': False,
463 464 'email': get_ldap_attr('attr_email') or email,
464 465 'admin': admin,
465 466 'active': active,
Show file before | Show file after | Hide comments
@@ -136,6 +136,7 b' class RhodeCodeAuthPlugin(RhodeCodeExter'
136 136 'lastname': lastname,
137 137 'groups': [g.gr_name for g in grp.getgrall()
138 138 if username in g.gr_mem],
139 'user_group_sync': True,
139 140 'email': email,
140 141 'admin': admin,
141 142 'active': active,
Show file before | Show file after | Hide comments
@@ -100,6 +100,7 b' class RhodeCodeAuthPlugin(RhodeCodeAuthP'
100 100 "firstname": userobj.firstname,
101 101 "lastname": userobj.lastname,
102 102 "groups": [],
103 'user_group_sync': False,
103 104 "email": userobj.email,
104 105 "admin": userobj.admin,
105 106 "active": userobj.active,
Show file before | Show file after | Hide comments
@@ -111,6 +111,7 b' class RhodeCodeAuthPlugin(RhodeCodeAuthP'
111 111 "firstname": userobj.firstname,
112 112 "lastname": userobj.lastname,
113 113 "groups": [],
114 'user_group_sync': False,
114 115 "email": userobj.email,
115 116 "admin": userobj.admin,
116 117 "active": userobj.active,
General Comments 0
You need to be logged in to leave comments. Login now