Show More
@@ -77,7 +77,6 b' class hybrid_property(object):' | |||||
77 | self.fdel(instance) |
|
77 | self.fdel(instance) | |
78 |
|
78 | |||
79 |
|
79 | |||
80 |
|
||||
81 | class LazyFormencode(object): |
|
80 | class LazyFormencode(object): | |
82 | def __init__(self, formencode_obj, *args, **kwargs): |
|
81 | def __init__(self, formencode_obj, *args, **kwargs): | |
83 | self.formencode_obj = formencode_obj |
|
82 | self.formencode_obj = formencode_obj | |
@@ -106,6 +105,8 b' class RhodeCodeAuthPluginBase(object):' | |||||
106 | "lastname": "last name", |
|
105 | "lastname": "last name", | |
107 | "email": "email address", |
|
106 | "email": "email address", | |
108 | "groups": '["list", "of", "groups"]', |
|
107 | "groups": '["list", "of", "groups"]', | |
|
108 | "user_group_sync": | |||
|
109 | 'True|False defines if returned user groups should be synced', | |||
109 | "extern_name": "name in external source of record", |
|
110 | "extern_name": "name in external source of record", | |
110 | "extern_type": "type of external source of record", |
|
111 | "extern_type": "type of external source of record", | |
111 | "admin": 'True|False defines if user should be RhodeCode super admin', |
|
112 | "admin": 'True|False defines if user should be RhodeCode super admin', | |
@@ -114,6 +115,7 b' class RhodeCodeAuthPluginBase(object):' | |||||
114 | "active_from_extern": |
|
115 | "active_from_extern": | |
115 | "True|False\None, active state from the external auth, " |
|
116 | "True|False\None, active state from the external auth, " | |
116 | "None means use definition from RhodeCode extern_type active value" |
|
117 | "None means use definition from RhodeCode extern_type active value" | |
|
118 | ||||
117 | } |
|
119 | } | |
118 | # set on authenticate() method and via set_auth_type func. |
|
120 | # set on authenticate() method and via set_auth_type func. | |
119 | auth_type = None |
|
121 | auth_type = None | |
@@ -412,8 +414,9 b' class RhodeCodeAuthPluginBase(object):' | |||||
412 | new_hash = auth.get('_hash_migrate') |
|
414 | new_hash = auth.get('_hash_migrate') | |
413 | if new_hash: |
|
415 | if new_hash: | |
414 | self._migrate_hash_to_bcrypt(username, passwd, new_hash) |
|
416 | self._migrate_hash_to_bcrypt(username, passwd, new_hash) | |
|
417 | if 'user_group_sync' not in auth: | |||
|
418 | auth['user_group_sync'] = False | |||
415 | return self._validate_auth_return(auth) |
|
419 | return self._validate_auth_return(auth) | |
416 |
|
||||
417 | return auth |
|
420 | return auth | |
418 |
|
421 | |||
419 | def _migrate_hash_to_bcrypt(self, username, password, new_hash): |
|
422 | def _migrate_hash_to_bcrypt(self, username, password, new_hash): | |
@@ -538,16 +541,19 b' class RhodeCodeExternalAuthPlugin(RhodeC' | |||||
538 | # enforce user is just in given groups, all of them has to be ones |
|
541 | # enforce user is just in given groups, all of them has to be ones | |
539 | # created from plugins. We store this info in _group_data JSON |
|
542 | # created from plugins. We store this info in _group_data JSON | |
540 | # field |
|
543 | # field | |
|
544 | ||||
|
545 | if auth['user_group_sync']: | |||
541 | try: |
|
546 | try: | |
542 | groups = auth['groups'] or [] |
|
547 | groups = auth['groups'] or [] | |
543 | log.debug( |
|
548 | log.debug( | |
544 | 'Performing user_group sync based on set `%s` ' |
|
549 | 'Performing user_group sync based on set `%s` ' | |
545 |
'returned by |
|
550 | 'returned by `%s` plugin', groups, self.name) | |
546 | UserGroupModel().enforce_groups(user, groups, self.name) |
|
551 | UserGroupModel().enforce_groups(user, groups, self.name) | |
547 | except Exception: |
|
552 | except Exception: | |
548 | # for any reason group syncing fails, we should |
|
553 | # for any reason group syncing fails, we should | |
549 | # proceed with login |
|
554 | # proceed with login | |
550 | log.error(traceback.format_exc()) |
|
555 | log.error(traceback.format_exc()) | |
|
556 | ||||
551 | Session().commit() |
|
557 | Session().commit() | |
552 | return auth |
|
558 | return auth | |
553 |
|
559 | |||
@@ -671,7 +677,7 b' def authenticate(username, password, env' | |||||
671 | environ=environ or {}) |
|
677 | environ=environ or {}) | |
672 |
|
678 | |||
673 | if plugin_cache_active: |
|
679 | if plugin_cache_active: | |
674 | log.debug('Trying to fetch cached auth by %s', _password_hash[:6]) |
|
680 | log.debug('Trying to fetch cached auth by `...%s`', _password_hash[:6]) | |
675 | plugin_user = cache_manager.get( |
|
681 | plugin_user = cache_manager.get( | |
676 | _password_hash, createfunc=auth_func) |
|
682 | _password_hash, createfunc=auth_func) | |
677 | else: |
|
683 | else: |
@@ -267,6 +267,7 b' class RhodeCodeAuthPlugin(RhodeCodeExter' | |||||
267 | 'firstname': crowd_user["first-name"] or firstname, |
|
267 | 'firstname': crowd_user["first-name"] or firstname, | |
268 | 'lastname': crowd_user["last-name"] or lastname, |
|
268 | 'lastname': crowd_user["last-name"] or lastname, | |
269 | 'groups': crowd_user["groups"], |
|
269 | 'groups': crowd_user["groups"], | |
|
270 | 'user_group_sync': True, | |||
270 | 'email': crowd_user["email"] or email, |
|
271 | 'email': crowd_user["email"] or email, | |
271 | 'admin': admin, |
|
272 | 'admin': admin, | |
272 | 'active': active, |
|
273 | 'active': active, |
@@ -212,6 +212,7 b' class RhodeCodeAuthPlugin(RhodeCodeExter' | |||||
212 | 'firstname': safe_unicode(firstname or username), |
|
212 | 'firstname': safe_unicode(firstname or username), | |
213 | 'lastname': safe_unicode(lastname or ''), |
|
213 | 'lastname': safe_unicode(lastname or ''), | |
214 | 'groups': [], |
|
214 | 'groups': [], | |
|
215 | 'user_group_sync': False, | |||
215 | 'email': email or '', |
|
216 | 'email': email or '', | |
216 | 'admin': admin or False, |
|
217 | 'admin': admin or False, | |
217 | 'active': active, |
|
218 | 'active': active, |
@@ -154,6 +154,7 b' class RhodeCodeAuthPlugin(RhodeCodeExter' | |||||
154 | 'firstname': safe_unicode(firstname or username), |
|
154 | 'firstname': safe_unicode(firstname or username), | |
155 | 'lastname': safe_unicode(lastname or ''), |
|
155 | 'lastname': safe_unicode(lastname or ''), | |
156 | 'groups': [], |
|
156 | 'groups': [], | |
|
157 | 'user_group_sync': False, | |||
157 | 'email': email or '', |
|
158 | 'email': email or '', | |
158 | 'admin': admin or False, |
|
159 | 'admin': admin or False, | |
159 | 'active': active, |
|
160 | 'active': active, |
@@ -460,6 +460,7 b' class RhodeCodeAuthPlugin(RhodeCodeExter' | |||||
460 | 'lastname': safe_unicode( |
|
460 | 'lastname': safe_unicode( | |
461 | get_ldap_attr('attr_lastname') or lastname), |
|
461 | get_ldap_attr('attr_lastname') or lastname), | |
462 | 'groups': groups, |
|
462 | 'groups': groups, | |
|
463 | 'user_group_sync': False, | |||
463 | 'email': get_ldap_attr('attr_email') or email, |
|
464 | 'email': get_ldap_attr('attr_email') or email, | |
464 | 'admin': admin, |
|
465 | 'admin': admin, | |
465 | 'active': active, |
|
466 | 'active': active, |
@@ -136,6 +136,7 b' class RhodeCodeAuthPlugin(RhodeCodeExter' | |||||
136 | 'lastname': lastname, |
|
136 | 'lastname': lastname, | |
137 | 'groups': [g.gr_name for g in grp.getgrall() |
|
137 | 'groups': [g.gr_name for g in grp.getgrall() | |
138 | if username in g.gr_mem], |
|
138 | if username in g.gr_mem], | |
|
139 | 'user_group_sync': True, | |||
139 | 'email': email, |
|
140 | 'email': email, | |
140 | 'admin': admin, |
|
141 | 'admin': admin, | |
141 | 'active': active, |
|
142 | 'active': active, |
@@ -100,6 +100,7 b' class RhodeCodeAuthPlugin(RhodeCodeAuthP' | |||||
100 | "firstname": userobj.firstname, |
|
100 | "firstname": userobj.firstname, | |
101 | "lastname": userobj.lastname, |
|
101 | "lastname": userobj.lastname, | |
102 | "groups": [], |
|
102 | "groups": [], | |
|
103 | 'user_group_sync': False, | |||
103 | "email": userobj.email, |
|
104 | "email": userobj.email, | |
104 | "admin": userobj.admin, |
|
105 | "admin": userobj.admin, | |
105 | "active": userobj.active, |
|
106 | "active": userobj.active, |
@@ -111,6 +111,7 b' class RhodeCodeAuthPlugin(RhodeCodeAuthP' | |||||
111 | "firstname": userobj.firstname, |
|
111 | "firstname": userobj.firstname, | |
112 | "lastname": userobj.lastname, |
|
112 | "lastname": userobj.lastname, | |
113 | "groups": [], |
|
113 | "groups": [], | |
|
114 | 'user_group_sync': False, | |||
114 | "email": userobj.email, |
|
115 | "email": userobj.email, | |
115 | "admin": userobj.admin, |
|
116 | "admin": userobj.admin, | |
116 | "active": userobj.active, |
|
117 | "active": userobj.active, |
General Comments 0
You need to be logged in to leave comments.
Login now