##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
ldap: small fixes and improvements over ldap authentication
super-admin -
r5140:a3d84af6 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -477,7 +477,7 b' class RhodeCodeAuthPluginBase(object):'
477 if isinstance(self.AUTH_CACHE_TTL, int):
477 if isinstance(self.AUTH_CACHE_TTL, int):
478 # plugin cache set inside is more important than the settings value
478 # plugin cache set inside is more important than the settings value
479 cache_ttl = self.AUTH_CACHE_TTL
479 cache_ttl = self.AUTH_CACHE_TTL
480 elif plugin_settings.get('cache_ttl'):
480 elif 'cache_ttl' in plugin_settings:
481 cache_ttl = safe_int(plugin_settings.get('cache_ttl'), 0)
481 cache_ttl = safe_int(plugin_settings.get('cache_ttl'), 0)
482
482
483 plugin_cache_active = bool(cache_ttl and cache_ttl > 0)
483 plugin_cache_active = bool(cache_ttl and cache_ttl > 0)
@@ -637,7 +637,7 b' class AuthLdapBase(object):'
637
637
638 @classmethod
638 @classmethod
639 def _get_server_list(cls, servers):
639 def _get_server_list(cls, servers):
640 return map(string.strip, servers.split(','))
640 return [s.strip() for s in servers.split(',')]
641
641
642 @classmethod
642 @classmethod
643 def get_uid(cls, username, server_addresses):
643 def get_uid(cls, username, server_addresses):
Show file before | Show file after | Hide comments
@@ -196,7 +196,7 b' class AuthLdap(AuthLdapBase):'
196 ldap_conn = None
196 ldap_conn = None
197 try:
197 try:
198 ldap_conn = self._get_ldap_conn()
198 ldap_conn = self._get_ldap_conn()
199 filter_ = '(&%s(%s=%s))' % (
199 filter_ = '(&{}({}={}))'.format(
200 self.LDAP_FILTER, self.attr_login, username)
200 self.LDAP_FILTER, self.attr_login, username)
201 log.debug("Authenticating %r filter %s and scope: %s",
201 log.debug("Authenticating %r filter %s and scope: %s",
202 self.BASE_DN, filter_, scope_label)
202 self.BASE_DN, filter_, scope_label)
@@ -446,8 +446,8 b' class RhodeCodeAuthPlugin(RhodeCodeExter'
446 org_bind = current_args['bind_dn']
446 org_bind = current_args['bind_dn']
447 passwd = current_args['bind_pass']
447 passwd = current_args['bind_pass']
448
448
449 def has_bind_marker(username):
449 def has_bind_marker(_username):
450 if self.DYNAMIC_BIND_VAR in username:
450 if self.DYNAMIC_BIND_VAR in _username:
451 return True
451 return True
452
452
453 # we only passed in user with "special" variable
453 # we only passed in user with "special" variable
@@ -499,12 +499,12 b' class RhodeCodeAuthPlugin(RhodeCodeExter'
499 log.debug('Checking for ldap authentication.')
499 log.debug('Checking for ldap authentication.')
500
500
501 try:
501 try:
502 aldap = AuthLdap(**ldap_args)
502 auth_ldap = AuthLdap(**ldap_args)
503 (user_dn, ldap_attrs) = aldap.authenticate_ldap(username, password)
503 (user_dn, ldap_attrs) = auth_ldap.authenticate_ldap(username, password)
504 log.debug('Got ldap DN response %s', user_dn)
504 log.debug('Got ldap DN response %s', user_dn)
505
505
506 def get_ldap_attr(k):
506 def get_ldap_attr(k) -> str:
507 return ldap_attrs.get(settings.get(k), [''])[0]
507 return safe_str(ldap_attrs.get(settings.get(k), [b''])[0])
508
508
509 # old attrs fetched from RhodeCode database
509 # old attrs fetched from RhodeCode database
510 admin = getattr(userobj, 'admin', False)
510 admin = getattr(userobj, 'admin', False)
@@ -519,8 +519,8 b' class RhodeCodeAuthPlugin(RhodeCodeExter'
519
519
520 user_attrs = {
520 user_attrs = {
521 'username': username,
521 'username': username,
522 'firstname': safe_str(get_ldap_attr('attr_firstname') or firstname),
522 'firstname': get_ldap_attr('attr_firstname') or firstname,
523 'lastname': safe_str(get_ldap_attr('attr_lastname') or lastname),
523 'lastname': get_ldap_attr('attr_lastname') or lastname,
524 'groups': groups,
524 'groups': groups,
525 'user_group_sync': False,
525 'user_group_sync': False,
526 'email': get_ldap_attr('attr_email') or email,
526 'email': get_ldap_attr('attr_email') or email,
Show file before | Show file after | Hide comments
@@ -99,6 +99,9 b' class AuthnPluginViewBase(BaseAppView):'
99 Session().commit()
99 Session().commit()
100 SettingsModel().invalidate_settings_cache()
100 SettingsModel().invalidate_settings_cache()
101
101
102 authn_registry = get_authn_registry(self.request.registry)
103 authn_registry.invalidate_auth_plugins_cache()
104
102 # Display success message and redirect.
105 # Display success message and redirect.
103 h.flash(_('Auth settings updated successfully.'), category='success')
106 h.flash(_('Auth settings updated successfully.'), category='success')
104 redirect_to = self.request.resource_path(self.context, route_name='auth_home')
107 redirect_to = self.request.resource_path(self.context, route_name='auth_home')
@@ -173,6 +176,8 b' class AuthSettingsView(BaseAppView):'
173 h.flash(_('Error occurred during update of auth settings.'),
176 h.flash(_('Error occurred during update of auth settings.'),
174 category='error')
177 category='error')
175
178
179 authn_registry = get_authn_registry(self.request.registry)
180 authn_registry.invalidate_auth_plugins_cache()
176 redirect_to = self.request.resource_path(self.context, route_name='auth_home')
181 redirect_to = self.request.resource_path(self.context, route_name='auth_home')
177
182
178 return HTTPFound(redirect_to)
183 return HTTPFound(redirect_to)
Show file before | Show file after | Hide comments
@@ -158,6 +158,9 b' def detect_vcs_request(environ, backends'
158 # e.g /_file_store/download
158 # e.g /_file_store/download
159 '_file_store++',
159 '_file_store++',
160
160
161 # login
162 "_admin/login",
163
161 # _admin/api is safe too
164 # _admin/api is safe too
162 '_admin/api',
165 '_admin/api',
163
166
General Comments 0
You need to be logged in to leave comments. Login now