Changeset - 335b55caa81d
Parent rev.
Child rev.
[Not reviewed]
beta
0 1 0
Marcin Kuzminski - 14 years ago 2012-02-14 22:30:40
marcin@python-works.com
#355 replaced stored LDAP password with some random generated one
1 file changed with 6 insertions and 1 deletions:
rhodecode/lib/auth.py
6
1
0 comments (0 inline, 0 general)
rhodecode/lib/auth.py
Show inline comments
 
@@ -204,49 +204,54 @@ def authenticate(username, password):
 
                  'bind_pass': ldap_settings.get('ldap_dn_pass'),
 
                  'tls_kind': ldap_settings.get('ldap_tls_kind'),
 
                  'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),
 
                  'ldap_filter': ldap_settings.get('ldap_filter'),
 
                  'search_scope': ldap_settings.get('ldap_search_scope'),
 
                  'attr_login': ldap_settings.get('ldap_attr_login'),
 
                  'ldap_version': 3,
 
                  }
 
            log.debug('Checking for ldap authentication')
 
            try:
 
                aldap = AuthLdap(**kwargs)
 
                (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,
 
                                                                password)
 
                log.debug('Got ldap DN response %s' % user_dn)
 

			




	
	
	
		
 
                get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\

			




	
	
	
		
 
                                                           .get(k), [''])[0]

			




	
	
	
		
 

			




	
	
	
		
 
                user_attrs = {

			




	
	
	
		
 
                 'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),

			




	
	
	
		
 
                 'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),

			




	
	
	
		
 
                 'email': get_ldap_attr('ldap_attr_email'),

			




	
	
	
		
 
                }

			




	
	
	
		
 

			




	
	
	
		
 
                if user_model.create_ldap(username, password, user_dn,

			




	
	
	
		
 
                # don't store LDAP password since we don't need it. Override 

			




	
	
	
		
 
                # with some random generated password

			




	
	
	
		
 
                _password = PasswordGenerator().gen_password(length=8)

			




	
	
	
		
 
                # create this user on the fly if it doesn't exist in rhodecode

			




	
	
	
		
 
                # database

			




	
	
	
		
 
                if user_model.create_ldap(username, _password, user_dn,

			




	
	
	
		
 
                                          user_attrs):

			




	
	
	
		
 
                    log.info('created new ldap user %s' % username)

			




	
	
	
		
 

			




	
	
	
		
 
                Session.commit()

			




	
	
	
		
 
                return True

			




	
	
	
		
 
            except (LdapUsernameError, LdapPasswordError,):

			




	
	
	
		
 
                pass

			




	
	
	
		
 
            except (Exception,):

			




	
	
	
		
 
                log.error(traceback.format_exc())

			




	
	
	
		
 
                pass

			




	
	
	
		
 
    return False

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def login_container_auth(username):

			




	
	
	
		
 
    user = User.get_by_username(username)

			




	
	
	
		
 
    if user is None:

			




	
	
	
		
 
        user_attrs = {

			




	
	
	
		
 
            'name': username,

			




	
	
	
		
 
            'lastname': None,

			




	
	
	
		
 
            'email': None,

			




	
	
	
		
 
        }

			




	
	
	
		
 
        user = UserModel().create_for_container_auth(username, user_attrs)

			




	
	
	
		
 
        if not user:

			




	
	
	
		
 
            return None

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.