Changeset - 1943c6f00cd8
Parent rev.
Child rev.
[Not reviewed]
stable
0 1 0
Mads Kiilerich - 6 years ago 2019-07-31 21:31:23
mads@kiilerich.com
user: allow LDAP users with non-ASCII characters in the DN

The database and sqlalchemy use unicode, so any attempt at storing encoded data
is wrong and might fail.

Thus, use safe_unicode instead of encoding it using safe_str.
1 file changed with 3 insertions and 3 deletions:
kallithea/model/user.py
3
3
0 comments (0 inline, 0 general)
kallithea/model/user.py
Show inline comments
 
@@ -16,49 +16,49 @@ kallithea.model.user
 
~~~~~~~~~~~~~~~~~~~~
 

			




	
	
	
		
 
users model for Kallithea

			




	
	
	
		
 

			




	
	
	
		
 
This file was forked by the Kallithea project in July 2014.

			




	
	
	
		
 
Original author and date, and relevant copyright and licensing information is below:

			




	
	
	
		
 
:created_on: Apr 9, 2010

			




	
	
	
		
 
:author: marcink

			




	
	
	
		
 
:copyright: (c) 2013 RhodeCode GmbH, and others.

			




	
	
	
		
 
:license: GPLv3, see LICENSE.md for more details.

			




	
	
	
		
 
"""

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
import hashlib

			




	
	
	
		
 
import hmac

			




	
	
	
		
 
import logging

			




	
	
	
		
 
import time

			




	
	
	
		
 
import traceback

			




	
	
	
		
 

			




	
	
	
		
 
from tg import config

			




	
	
	
		
 
from tg.i18n import ugettext as _

			




	
	
	
		
 

			




	
	
	
		
 
from sqlalchemy.exc import DatabaseError

			




	
	
	
		
 

			




	
	
	
		
 
from kallithea.lib.utils2 import safe_str, generate_api_key, get_current_authuser

			




	
	
	
		
 
from kallithea.lib.utils2 import safe_unicode, generate_api_key, get_current_authuser

			




	
	
	
		
 
from kallithea.lib.caching_query import FromCache

			




	
	
	
		
 
from kallithea.model.db import Permission, User, UserToPerm, \

			




	
	
	
		
 
    UserEmailMap, UserIpMap

			




	
	
	
		
 
from kallithea.lib.exceptions import DefaultUserException, \

			




	
	
	
		
 
    UserOwnsReposException

			




	
	
	
		
 
from kallithea.model.meta import Session

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
log = logging.getLogger(__name__)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class UserModel(object):

			




	
	
	
		
 
    password_reset_token_lifetime = 86400 # 24 hours

			




	
	
	
		
 

			




	
	
	
		
 
    def get(self, user_id, cache=False):

			




	
	
	
		
 
        user = User.query()

			




	
	
	
		
 
        if cache:

			




	
	
	
		
 
            user = user.options(FromCache("sql_cache_short",

			




	
	
	
		
 
                                          "get_user_%s" % user_id))

			




	
	
	
		
 
        return user.get(user_id)

			




	
	
	
		
 

			




	
	
	
		
 
    def get_user(self, user):

			




	
	
	
		
 
        return User.guess_instance(user)

			




	
	
	
		
 

			




	
	
		
 
@@ -124,51 +124,51 @@ class UserModel(object):

			




	
	
	
		
 
        user_data = {

			




	
	
	
		
 
            'username': username, 'password': password,

			




	
	
	
		
 
            'email': email, 'firstname': firstname, 'lastname': lastname,

			




	
	
	
		
 
            'active': active, 'admin': admin

			




	
	
	
		
 
        }

			




	
	
	
		
 
        # raises UserCreationError if it's not allowed

			




	
	
	
		
 
        check_allowed_create_user(user_data, cur_user)

			




	
	
	
		
 

			




	
	
	
		
 
        log.debug('Checking for %s account in Kallithea database', username)

			




	
	
	
		
 
        user = User.get_by_username(username, case_insensitive=True)

			




	
	
	
		
 
        if user is None:

			




	
	
	
		
 
            log.debug('creating new user %s', username)

			




	
	
	
		
 
            new_user = User()

			




	
	
	
		
 
            edit = False

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            log.debug('updating user %s', username)

			




	
	
	
		
 
            new_user = user

			




	
	
	
		
 
            edit = True

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            new_user.username = username

			




	
	
	
		
 
            new_user.admin = admin

			




	
	
	
		
 
            new_user.email = email

			




	
	
	
		
 
            new_user.active = active

			




	
	
	
		
 
            new_user.extern_name = safe_str(extern_name) \

			




	
	
	
		
 
            new_user.extern_name = safe_unicode(extern_name) \

			




	
	
	
		
 
                if extern_name else None

			




	
	
	
		
 
            new_user.extern_type = safe_str(extern_type) \

			




	
	
	
		
 
            new_user.extern_type = safe_unicode(extern_type) \

			




	
	
	
		
 
                if extern_type else None

			




	
	
	
		
 
            new_user.name = firstname

			




	
	
	
		
 
            new_user.lastname = lastname

			




	
	
	
		
 

			




	
	
	
		
 
            if not edit:

			




	
	
	
		
 
                new_user.api_key = generate_api_key()

			




	
	
	
		
 

			




	
	
	
		
 
            # set password only if creating an user or password is changed

			




	
	
	
		
 
            password_change = new_user.password and \

			




	
	
	
		
 
                not check_password(password, new_user.password)

			




	
	
	
		
 
            if not edit or password_change:

			




	
	
	
		
 
                reason = 'new password' if edit else 'new user'

			




	
	
	
		
 
                log.debug('Updating password reason=>%s', reason)

			




	
	
	
		
 
                new_user.password = get_crypt_password(password) \

			




	
	
	
		
 
                    if password else ''

			




	
	
	
		
 

			




	
	
	
		
 
            if user is None:

			




	
	
	
		
 
                Session().add(new_user)

			




	
	
	
		
 
                Session().flush() # make database assign new_user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
            if not edit:

			




	
	
	
		
 
                log_create_user(new_user.get_dict(), cur_user)

			




	
	
	
		
 

			




	
	
	
		
 
            return new_user

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.