Show More
@@ -477,7 +477,7 b' class RhodeCodeAuthPluginBase(object):' | |||||
477 | if isinstance(self.AUTH_CACHE_TTL, int): |
|
477 | if isinstance(self.AUTH_CACHE_TTL, int): | |
478 | # plugin cache set inside is more important than the settings value |
|
478 | # plugin cache set inside is more important than the settings value | |
479 | cache_ttl = self.AUTH_CACHE_TTL |
|
479 | cache_ttl = self.AUTH_CACHE_TTL | |
480 |
elif |
|
480 | elif 'cache_ttl' in plugin_settings: | |
481 | cache_ttl = safe_int(plugin_settings.get('cache_ttl'), 0) |
|
481 | cache_ttl = safe_int(plugin_settings.get('cache_ttl'), 0) | |
482 |
|
482 | |||
483 | plugin_cache_active = bool(cache_ttl and cache_ttl > 0) |
|
483 | plugin_cache_active = bool(cache_ttl and cache_ttl > 0) | |
@@ -637,7 +637,7 b' class AuthLdapBase(object):' | |||||
637 |
|
637 | |||
638 | @classmethod |
|
638 | @classmethod | |
639 | def _get_server_list(cls, servers): |
|
639 | def _get_server_list(cls, servers): | |
640 |
return |
|
640 | return [s.strip() for s in servers.split(',')] | |
641 |
|
641 | |||
642 | @classmethod |
|
642 | @classmethod | |
643 | def get_uid(cls, username, server_addresses): |
|
643 | def get_uid(cls, username, server_addresses): |
@@ -196,7 +196,7 b' class AuthLdap(AuthLdapBase):' | |||||
196 | ldap_conn = None |
|
196 | ldap_conn = None | |
197 | try: |
|
197 | try: | |
198 | ldap_conn = self._get_ldap_conn() |
|
198 | ldap_conn = self._get_ldap_conn() | |
199 |
filter_ = '(& |
|
199 | filter_ = '(&{}({}={}))'.format( | |
200 | self.LDAP_FILTER, self.attr_login, username) |
|
200 | self.LDAP_FILTER, self.attr_login, username) | |
201 | log.debug("Authenticating %r filter %s and scope: %s", |
|
201 | log.debug("Authenticating %r filter %s and scope: %s", | |
202 | self.BASE_DN, filter_, scope_label) |
|
202 | self.BASE_DN, filter_, scope_label) | |
@@ -446,8 +446,8 b' class RhodeCodeAuthPlugin(RhodeCodeExter' | |||||
446 | org_bind = current_args['bind_dn'] |
|
446 | org_bind = current_args['bind_dn'] | |
447 | passwd = current_args['bind_pass'] |
|
447 | passwd = current_args['bind_pass'] | |
448 |
|
448 | |||
449 | def has_bind_marker(username): |
|
449 | def has_bind_marker(_username): | |
450 | if self.DYNAMIC_BIND_VAR in username: |
|
450 | if self.DYNAMIC_BIND_VAR in _username: | |
451 | return True |
|
451 | return True | |
452 |
|
452 | |||
453 | # we only passed in user with "special" variable |
|
453 | # we only passed in user with "special" variable | |
@@ -499,12 +499,12 b' class RhodeCodeAuthPlugin(RhodeCodeExter' | |||||
499 | log.debug('Checking for ldap authentication.') |
|
499 | log.debug('Checking for ldap authentication.') | |
500 |
|
500 | |||
501 | try: |
|
501 | try: | |
502 | aldap = AuthLdap(**ldap_args) |
|
502 | auth_ldap = AuthLdap(**ldap_args) | |
503 | (user_dn, ldap_attrs) = aldap.authenticate_ldap(username, password) |
|
503 | (user_dn, ldap_attrs) = auth_ldap.authenticate_ldap(username, password) | |
504 | log.debug('Got ldap DN response %s', user_dn) |
|
504 | log.debug('Got ldap DN response %s', user_dn) | |
505 |
|
505 | |||
506 | def get_ldap_attr(k): |
|
506 | def get_ldap_attr(k) -> str: | |
507 | return ldap_attrs.get(settings.get(k), [''])[0] |
|
507 | return safe_str(ldap_attrs.get(settings.get(k), [b''])[0]) | |
508 |
|
508 | |||
509 | # old attrs fetched from RhodeCode database |
|
509 | # old attrs fetched from RhodeCode database | |
510 | admin = getattr(userobj, 'admin', False) |
|
510 | admin = getattr(userobj, 'admin', False) | |
@@ -519,8 +519,8 b' class RhodeCodeAuthPlugin(RhodeCodeExter' | |||||
519 |
|
519 | |||
520 | user_attrs = { |
|
520 | user_attrs = { | |
521 | 'username': username, |
|
521 | 'username': username, | |
522 |
'firstname': |
|
522 | 'firstname': get_ldap_attr('attr_firstname') or firstname, | |
523 |
'lastname': |
|
523 | 'lastname': get_ldap_attr('attr_lastname') or lastname, | |
524 | 'groups': groups, |
|
524 | 'groups': groups, | |
525 | 'user_group_sync': False, |
|
525 | 'user_group_sync': False, | |
526 | 'email': get_ldap_attr('attr_email') or email, |
|
526 | 'email': get_ldap_attr('attr_email') or email, |
@@ -99,6 +99,9 b' class AuthnPluginViewBase(BaseAppView):' | |||||
99 | Session().commit() |
|
99 | Session().commit() | |
100 | SettingsModel().invalidate_settings_cache() |
|
100 | SettingsModel().invalidate_settings_cache() | |
101 |
|
101 | |||
|
102 | authn_registry = get_authn_registry(self.request.registry) | |||
|
103 | authn_registry.invalidate_auth_plugins_cache() | |||
|
104 | ||||
102 | # Display success message and redirect. |
|
105 | # Display success message and redirect. | |
103 | h.flash(_('Auth settings updated successfully.'), category='success') |
|
106 | h.flash(_('Auth settings updated successfully.'), category='success') | |
104 | redirect_to = self.request.resource_path(self.context, route_name='auth_home') |
|
107 | redirect_to = self.request.resource_path(self.context, route_name='auth_home') | |
@@ -173,6 +176,8 b' class AuthSettingsView(BaseAppView):' | |||||
173 | h.flash(_('Error occurred during update of auth settings.'), |
|
176 | h.flash(_('Error occurred during update of auth settings.'), | |
174 | category='error') |
|
177 | category='error') | |
175 |
|
178 | |||
|
179 | authn_registry = get_authn_registry(self.request.registry) | |||
|
180 | authn_registry.invalidate_auth_plugins_cache() | |||
176 | redirect_to = self.request.resource_path(self.context, route_name='auth_home') |
|
181 | redirect_to = self.request.resource_path(self.context, route_name='auth_home') | |
177 |
|
182 | |||
178 | return HTTPFound(redirect_to) |
|
183 | return HTTPFound(redirect_to) |
@@ -158,6 +158,9 b' def detect_vcs_request(environ, backends' | |||||
158 | # e.g /_file_store/download |
|
158 | # e.g /_file_store/download | |
159 | '_file_store++', |
|
159 | '_file_store++', | |
160 |
|
160 | |||
|
161 | # login | |||
|
162 | "_admin/login", | |||
|
163 | ||||
161 | # _admin/api is safe too |
|
164 | # _admin/api is safe too | |
162 | '_admin/api', |
|
165 | '_admin/api', | |
163 |
|
166 |
General Comments 0
You need to be logged in to leave comments.
Login now