Show More
@@ -77,7 +77,6 b' class hybrid_property(object):' | |||
|
77 | 77 | self.fdel(instance) |
|
78 | 78 | |
|
79 | 79 | |
|
80 | ||
|
81 | 80 | class LazyFormencode(object): |
|
82 | 81 | def __init__(self, formencode_obj, *args, **kwargs): |
|
83 | 82 | self.formencode_obj = formencode_obj |
@@ -106,6 +105,8 b' class RhodeCodeAuthPluginBase(object):' | |||
|
106 | 105 | "lastname": "last name", |
|
107 | 106 | "email": "email address", |
|
108 | 107 | "groups": '["list", "of", "groups"]', |
|
108 | "user_group_sync": | |
|
109 | 'True|False defines if returned user groups should be synced', | |
|
109 | 110 | "extern_name": "name in external source of record", |
|
110 | 111 | "extern_type": "type of external source of record", |
|
111 | 112 | "admin": 'True|False defines if user should be RhodeCode super admin', |
@@ -114,6 +115,7 b' class RhodeCodeAuthPluginBase(object):' | |||
|
114 | 115 | "active_from_extern": |
|
115 | 116 | "True|False\None, active state from the external auth, " |
|
116 | 117 | "None means use definition from RhodeCode extern_type active value" |
|
118 | ||
|
117 | 119 | } |
|
118 | 120 | # set on authenticate() method and via set_auth_type func. |
|
119 | 121 | auth_type = None |
@@ -412,8 +414,9 b' class RhodeCodeAuthPluginBase(object):' | |||
|
412 | 414 | new_hash = auth.get('_hash_migrate') |
|
413 | 415 | if new_hash: |
|
414 | 416 | self._migrate_hash_to_bcrypt(username, passwd, new_hash) |
|
417 | if 'user_group_sync' not in auth: | |
|
418 | auth['user_group_sync'] = False | |
|
415 | 419 | return self._validate_auth_return(auth) |
|
416 | ||
|
417 | 420 | return auth |
|
418 | 421 | |
|
419 | 422 | def _migrate_hash_to_bcrypt(self, username, password, new_hash): |
@@ -538,16 +541,19 b' class RhodeCodeExternalAuthPlugin(RhodeC' | |||
|
538 | 541 | # enforce user is just in given groups, all of them has to be ones |
|
539 | 542 | # created from plugins. We store this info in _group_data JSON |
|
540 | 543 | # field |
|
541 | try: | |
|
542 |
|
|
|
543 |
|
|
|
544 | 'Performing user_group sync based on set `%s` ' | |
|
545 | 'returned by this plugin', groups) | |
|
546 | UserGroupModel().enforce_groups(user, groups, self.name) | |
|
547 | except Exception: | |
|
548 | # for any reason group syncing fails, we should | |
|
549 |
|
|
|
550 | log.error(traceback.format_exc()) | |
|
544 | ||
|
545 | if auth['user_group_sync']: | |
|
546 | try: | |
|
547 | groups = auth['groups'] or [] | |
|
548 | log.debug( | |
|
549 | 'Performing user_group sync based on set `%s` ' | |
|
550 | 'returned by `%s` plugin', groups, self.name) | |
|
551 | UserGroupModel().enforce_groups(user, groups, self.name) | |
|
552 | except Exception: | |
|
553 | # for any reason group syncing fails, we should | |
|
554 | # proceed with login | |
|
555 | log.error(traceback.format_exc()) | |
|
556 | ||
|
551 | 557 | Session().commit() |
|
552 | 558 | return auth |
|
553 | 559 | |
@@ -671,7 +677,7 b' def authenticate(username, password, env' | |||
|
671 | 677 | environ=environ or {}) |
|
672 | 678 | |
|
673 | 679 | if plugin_cache_active: |
|
674 | log.debug('Trying to fetch cached auth by %s', _password_hash[:6]) | |
|
680 | log.debug('Trying to fetch cached auth by `...%s`', _password_hash[:6]) | |
|
675 | 681 | plugin_user = cache_manager.get( |
|
676 | 682 | _password_hash, createfunc=auth_func) |
|
677 | 683 | else: |
@@ -267,6 +267,7 b' class RhodeCodeAuthPlugin(RhodeCodeExter' | |||
|
267 | 267 | 'firstname': crowd_user["first-name"] or firstname, |
|
268 | 268 | 'lastname': crowd_user["last-name"] or lastname, |
|
269 | 269 | 'groups': crowd_user["groups"], |
|
270 | 'user_group_sync': True, | |
|
270 | 271 | 'email': crowd_user["email"] or email, |
|
271 | 272 | 'admin': admin, |
|
272 | 273 | 'active': active, |
@@ -212,6 +212,7 b' class RhodeCodeAuthPlugin(RhodeCodeExter' | |||
|
212 | 212 | 'firstname': safe_unicode(firstname or username), |
|
213 | 213 | 'lastname': safe_unicode(lastname or ''), |
|
214 | 214 | 'groups': [], |
|
215 | 'user_group_sync': False, | |
|
215 | 216 | 'email': email or '', |
|
216 | 217 | 'admin': admin or False, |
|
217 | 218 | 'active': active, |
@@ -154,6 +154,7 b' class RhodeCodeAuthPlugin(RhodeCodeExter' | |||
|
154 | 154 | 'firstname': safe_unicode(firstname or username), |
|
155 | 155 | 'lastname': safe_unicode(lastname or ''), |
|
156 | 156 | 'groups': [], |
|
157 | 'user_group_sync': False, | |
|
157 | 158 | 'email': email or '', |
|
158 | 159 | 'admin': admin or False, |
|
159 | 160 | 'active': active, |
@@ -460,6 +460,7 b' class RhodeCodeAuthPlugin(RhodeCodeExter' | |||
|
460 | 460 | 'lastname': safe_unicode( |
|
461 | 461 | get_ldap_attr('attr_lastname') or lastname), |
|
462 | 462 | 'groups': groups, |
|
463 | 'user_group_sync': False, | |
|
463 | 464 | 'email': get_ldap_attr('attr_email') or email, |
|
464 | 465 | 'admin': admin, |
|
465 | 466 | 'active': active, |
@@ -136,6 +136,7 b' class RhodeCodeAuthPlugin(RhodeCodeExter' | |||
|
136 | 136 | 'lastname': lastname, |
|
137 | 137 | 'groups': [g.gr_name for g in grp.getgrall() |
|
138 | 138 | if username in g.gr_mem], |
|
139 | 'user_group_sync': True, | |
|
139 | 140 | 'email': email, |
|
140 | 141 | 'admin': admin, |
|
141 | 142 | 'active': active, |
General Comments 0
You need to be logged in to leave comments.
Login now