Show More
| @@ -1,148 +1,148 b'' | |||||
| 1 | # -*- coding: utf-8 -*- |
|
1 | # -*- coding: utf-8 -*- | |
| 2 | """ |
|
2 | """ | |
| 3 | rhodecode.controllers.admin.ldap_settings |
|
3 | rhodecode.controllers.admin.ldap_settings | |
| 4 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
4 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
| 5 |
|
5 | |||
| 6 | ldap controller for RhodeCode |
|
6 | ldap controller for RhodeCode | |
| 7 |
|
7 | |||
| 8 | :created_on: Nov 26, 2010 |
|
8 | :created_on: Nov 26, 2010 | |
| 9 | :author: marcink |
|
9 | :author: marcink | |
| 10 | :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> |
|
10 | :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> | |
| 11 | :license: GPLv3, see COPYING for more details. |
|
11 | :license: GPLv3, see COPYING for more details. | |
| 12 | """ |
|
12 | """ | |
| 13 | # This program is free software: you can redistribute it and/or modify |
|
13 | # This program is free software: you can redistribute it and/or modify | |
| 14 | # it under the terms of the GNU General Public License as published by |
|
14 | # it under the terms of the GNU General Public License as published by | |
| 15 | # the Free Software Foundation, either version 3 of the License, or |
|
15 | # the Free Software Foundation, either version 3 of the License, or | |
| 16 | # (at your option) any later version. |
|
16 | # (at your option) any later version. | |
| 17 | # |
|
17 | # | |
| 18 | # This program is distributed in the hope that it will be useful, |
|
18 | # This program is distributed in the hope that it will be useful, | |
| 19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 21 | # GNU General Public License for more details. |
|
21 | # GNU General Public License for more details. | |
| 22 | # |
|
22 | # | |
| 23 | # You should have received a copy of the GNU General Public License |
|
23 | # You should have received a copy of the GNU General Public License | |
| 24 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
24 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
| 25 | import logging |
|
25 | import logging | |
| 26 | import formencode |
|
26 | import formencode | |
| 27 | import traceback |
|
27 | import traceback | |
| 28 |
|
28 | |||
| 29 | from formencode import htmlfill |
|
29 | from formencode import htmlfill | |
| 30 |
|
30 | |||
| 31 | from pylons import request, response, session, tmpl_context as c, url |
|
31 | from pylons import request, response, session, tmpl_context as c, url | |
| 32 | from pylons.controllers.util import abort, redirect |
|
32 | from pylons.controllers.util import abort, redirect | |
| 33 | from pylons.i18n.translation import _ |
|
33 | from pylons.i18n.translation import _ | |
| 34 |
|
34 | |||
| 35 | from sqlalchemy.exc import DatabaseError |
|
35 | from sqlalchemy.exc import DatabaseError | |
| 36 |
|
36 | |||
| 37 | from rhodecode.lib.base import BaseController, render |
|
37 | from rhodecode.lib.base import BaseController, render | |
| 38 | from rhodecode.lib import helpers as h |
|
38 | from rhodecode.lib import helpers as h | |
| 39 | from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator |
|
39 | from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator | |
| 40 | from rhodecode.lib.exceptions import LdapImportError |
|
40 | from rhodecode.lib.exceptions import LdapImportError | |
| 41 | from rhodecode.model.forms import LdapSettingsForm |
|
41 | from rhodecode.model.forms import LdapSettingsForm | |
| 42 | from rhodecode.model.db import RhodeCodeSetting |
|
42 | from rhodecode.model.db import RhodeCodeSetting | |
| 43 | from rhodecode.model.meta import Session |
|
43 | from rhodecode.model.meta import Session | |
| 44 |
|
44 | |||
| 45 | log = logging.getLogger(__name__) |
|
45 | log = logging.getLogger(__name__) | |
| 46 |
|
46 | |||
| 47 |
|
47 | |||
| 48 | class LdapSettingsController(BaseController): |
|
48 | class LdapSettingsController(BaseController): | |
| 49 |
|
49 | |||
| 50 | search_scope_choices = [('BASE', _('BASE'),), |
|
50 | search_scope_choices = [('BASE', _('BASE'),), | |
| 51 | ('ONELEVEL', _('ONELEVEL'),), |
|
51 | ('ONELEVEL', _('ONELEVEL'),), | |
| 52 | ('SUBTREE', _('SUBTREE'),), |
|
52 | ('SUBTREE', _('SUBTREE'),), | |
| 53 | ] |
|
53 | ] | |
| 54 | search_scope_default = 'SUBTREE' |
|
54 | search_scope_default = 'SUBTREE' | |
| 55 |
|
55 | |||
| 56 | tls_reqcert_choices = [('NEVER', _('NEVER'),), |
|
56 | tls_reqcert_choices = [('NEVER', _('NEVER'),), | |
| 57 | ('ALLOW', _('ALLOW'),), |
|
57 | ('ALLOW', _('ALLOW'),), | |
| 58 | ('TRY', _('TRY'),), |
|
58 | ('TRY', _('TRY'),), | |
| 59 | ('DEMAND', _('DEMAND'),), |
|
59 | ('DEMAND', _('DEMAND'),), | |
| 60 | ('HARD', _('HARD'),), |
|
60 | ('HARD', _('HARD'),), | |
| 61 | ] |
|
61 | ] | |
| 62 | tls_reqcert_default = 'DEMAND' |
|
62 | tls_reqcert_default = 'DEMAND' | |
| 63 |
|
63 | |||
| 64 | tls_kind_choices = [('PLAIN', _('No encryption'),), |
|
64 | tls_kind_choices = [('PLAIN', _('No encryption'),), | |
| 65 | ('LDAPS', _('LDAPS connection'),), |
|
65 | ('LDAPS', _('LDAPS connection'),), | |
| 66 | ('START_TLS', _('START_TLS on LDAP connection'),) |
|
66 | ('START_TLS', _('START_TLS on LDAP connection'),) | |
| 67 | ] |
|
67 | ] | |
| 68 |
|
68 | |||
| 69 | tls_kind_default = 'PLAIN' |
|
69 | tls_kind_default = 'PLAIN' | |
| 70 |
|
70 | |||
| 71 | @LoginRequired() |
|
71 | @LoginRequired() | |
| 72 | @HasPermissionAllDecorator('hg.admin') |
|
72 | @HasPermissionAllDecorator('hg.admin') | |
| 73 | def __before__(self): |
|
73 | def __before__(self): | |
| 74 | c.search_scope_choices = self.search_scope_choices |
|
74 | c.search_scope_choices = self.search_scope_choices | |
| 75 | c.tls_reqcert_choices = self.tls_reqcert_choices |
|
75 | c.tls_reqcert_choices = self.tls_reqcert_choices | |
| 76 | c.tls_kind_choices = self.tls_kind_choices |
|
76 | c.tls_kind_choices = self.tls_kind_choices | |
| 77 |
|
77 | |||
| 78 | c.search_scope_cur = self.search_scope_default |
|
78 | c.search_scope_cur = self.search_scope_default | |
| 79 | c.tls_reqcert_cur = self.tls_reqcert_default |
|
79 | c.tls_reqcert_cur = self.tls_reqcert_default | |
| 80 | c.tls_kind_cur = self.tls_kind_default |
|
80 | c.tls_kind_cur = self.tls_kind_default | |
| 81 |
|
81 | |||
| 82 | super(LdapSettingsController, self).__before__() |
|
82 | super(LdapSettingsController, self).__before__() | |
| 83 |
|
83 | |||
| 84 | def index(self): |
|
84 | def index(self): | |
| 85 | defaults = RhodeCodeSetting.get_ldap_settings() |
|
85 | defaults = RhodeCodeSetting.get_ldap_settings() | |
| 86 | c.search_scope_cur = defaults.get('ldap_search_scope') |
|
86 | c.search_scope_cur = defaults.get('ldap_search_scope') | |
| 87 | c.tls_reqcert_cur = defaults.get('ldap_tls_reqcert') |
|
87 | c.tls_reqcert_cur = defaults.get('ldap_tls_reqcert') | |
| 88 | c.tls_kind_cur = defaults.get('ldap_tls_kind') |
|
88 | c.tls_kind_cur = defaults.get('ldap_tls_kind') | |
| 89 |
|
89 | |||
| 90 | return htmlfill.render( |
|
90 | return htmlfill.render( | |
| 91 | render('admin/ldap/ldap.html'), |
|
91 | render('admin/ldap/ldap.html'), | |
| 92 | defaults=defaults, |
|
92 | defaults=defaults, | |
| 93 | encoding="UTF-8", |
|
93 | encoding="UTF-8", | |
| 94 | force_defaults=True,) |
|
94 | force_defaults=True,) | |
| 95 |
|
95 | |||
| 96 | def ldap_settings(self): |
|
96 | def ldap_settings(self): | |
| 97 | """POST ldap create and store ldap settings""" |
|
97 | """POST ldap create and store ldap settings""" | |
| 98 |
|
98 | |||
| 99 | _form = LdapSettingsForm([x[0] for x in self.tls_reqcert_choices], |
|
99 | _form = LdapSettingsForm([x[0] for x in self.tls_reqcert_choices], | |
| 100 | [x[0] for x in self.search_scope_choices], |
|
100 | [x[0] for x in self.search_scope_choices], | |
| 101 | [x[0] for x in self.tls_kind_choices])() |
|
101 | [x[0] for x in self.tls_kind_choices])() | |
| 102 | # check the ldap lib |
|
102 | # check the ldap lib | |
| 103 | ldap_active = False |
|
103 | ldap_active = False | |
| 104 | try: |
|
104 | try: | |
| 105 | import ldap |
|
105 | import ldap | |
| 106 | ldap_active = True |
|
106 | ldap_active = True | |
| 107 | except ImportError: |
|
107 | except ImportError: | |
| 108 | pass |
|
108 | pass | |
| 109 |
|
109 | |||
| 110 | try: |
|
110 | try: | |
| 111 | form_result = _form.to_python(dict(request.POST)) |
|
111 | form_result = _form.to_python(dict(request.POST)) | |
| 112 |
|
112 | |||
| 113 | try: |
|
113 | try: | |
| 114 |
|
114 | |||
| 115 | for k, v in form_result.items(): |
|
115 | for k, v in form_result.items(): | |
| 116 | if k.startswith('ldap_'): |
|
116 | if k.startswith('ldap_'): | |
| 117 | if k == 'ldap_active': |
|
117 | if k == 'ldap_active': | |
| 118 | v = ldap_active |
|
118 | v = v if ldap_active else False | |
| 119 | setting = RhodeCodeSetting.get_by_name(k) |
|
119 | setting = RhodeCodeSetting.get_by_name(k) | |
| 120 | setting.app_settings_value = v |
|
120 | setting.app_settings_value = v | |
| 121 | Session().add(setting) |
|
121 | Session().add(setting) | |
| 122 |
|
122 | |||
| 123 | Session().commit() |
|
123 | Session().commit() | |
| 124 | h.flash(_('LDAP settings updated successfully'), |
|
124 | h.flash(_('LDAP settings updated successfully'), | |
| 125 | category='success') |
|
125 | category='success') | |
| 126 | if not ldap_active: |
|
126 | if not ldap_active: | |
| 127 | #if ldap is missing send an info to user |
|
127 | #if ldap is missing send an info to user | |
| 128 |
h.flash(_('Unable to activate ldap. The "python-ldap" |
|
128 | h.flash(_('Unable to activate ldap. The "python-ldap" ' | |
| 129 | 'is missing.'), category='warning') |
|
129 | 'library is missing.'), category='warning') | |
| 130 |
|
130 | |||
| 131 | except (DatabaseError,): |
|
131 | except (DatabaseError,): | |
| 132 | raise |
|
132 | raise | |
| 133 |
|
133 | |||
| 134 | except formencode.Invalid, errors: |
|
134 | except formencode.Invalid, errors: | |
| 135 | e = errors.error_dict or {} |
|
135 | e = errors.error_dict or {} | |
| 136 |
|
136 | |||
| 137 | return htmlfill.render( |
|
137 | return htmlfill.render( | |
| 138 | render('admin/ldap/ldap.html'), |
|
138 | render('admin/ldap/ldap.html'), | |
| 139 | defaults=errors.value, |
|
139 | defaults=errors.value, | |
| 140 | errors=e, |
|
140 | errors=e, | |
| 141 | prefix_error=False, |
|
141 | prefix_error=False, | |
| 142 | encoding="UTF-8") |
|
142 | encoding="UTF-8") | |
| 143 | except Exception: |
|
143 | except Exception: | |
| 144 | log.error(traceback.format_exc()) |
|
144 | log.error(traceback.format_exc()) | |
| 145 | h.flash(_('Error occurred during update of ldap settings'), |
|
145 | h.flash(_('Error occurred during update of ldap settings'), | |
| 146 | category='error') |
|
146 | category='error') | |
| 147 |
|
147 | |||
| 148 | return redirect(url('ldap_home')) |
|
148 | return redirect(url('ldap_home')) | |
General Comments 0
You need to be logged in to leave comments.
Login now