kallithea Changeset - 335b55caa81d

Changeset - 335b55caa81d

Parent rev.

Child rev.

[Not reviewed]

beta

0 1 0

Marcin Kuzminski - 14 years ago 2012-02-14 22:30:40
marcin@python-works.com

#355 replaced stored LDAP password with some random generated one

1 file changed with 6 insertions and 1 deletions:

rhodecode/lib/auth.py

0 comments (0 inline, 0 general)

rhodecode/lib/auth.py

➞

Show inline comments

@@ @@ -180,97 +180,102 @@ def authenticate(username, password): @@
                 log.info('user %s authenticated correctly' % username)
                 return True
         else:
             log.warning('user %s is disabled' % username)
     else:
         log.debug('Regular authentication failed')
         user_obj = User.get_by_username(username, case_insensitive=True)
         if user_obj is not None and not user_obj.ldap_dn:
             log.debug('this user already exists as non ldap')
             return False
         ldap_settings = RhodeCodeSetting.get_ldap_settings()
         #======================================================================
         # FALLBACK TO LDAP AUTH IF ENABLE
         #======================================================================
         if str2bool(ldap_settings.get('ldap_active')):
             log.debug("Authenticating user using ldap")
             kwargs = {
                   'server': ldap_settings.get('ldap_host', ''),
                   'base_dn': ldap_settings.get('ldap_base_dn', ''),
                   'port': ldap_settings.get('ldap_port'),
                   'bind_dn': ldap_settings.get('ldap_dn_user'),
                   'bind_pass': ldap_settings.get('ldap_dn_pass'),
                   'tls_kind': ldap_settings.get('ldap_tls_kind'),
                   'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),
                   'ldap_filter': ldap_settings.get('ldap_filter'),
                   'search_scope': ldap_settings.get('ldap_search_scope'),
                   'attr_login': ldap_settings.get('ldap_attr_login'),
                   'ldap_version': 3,
+                  }
             log.debug('Checking for ldap authentication')
             try:
                 aldap = AuthLdap(**kwargs)
                 (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,
                                                                 password)
                 log.debug('Got ldap DN response %s' % user_dn)
                 get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\
                                                            .get(k), [''])[0]
                 user_attrs = {
                  'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),
                  'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),
                  'email': get_ldap_attr('ldap_attr_email'),
+                }
                 if user_model.create_ldap(username, password, user_dn,
                 # don't store LDAP password since we don't need it. Override
                 # with some random generated password
                 _password = PasswordGenerator().gen_password(length=8)
                 # create this user on the fly if it doesn't exist in rhodecode
                 # database
                 if user_model.create_ldap(username, _password, user_dn,
                                           user_attrs):
                     log.info('created new ldap user %s' % username)
                 Session.commit()
                 return True
             except (LdapUsernameError, LdapPasswordError,):
                 pass
             except (Exception,):
                 log.error(traceback.format_exc())
                 pass
     return False
 def login_container_auth(username):
     user = User.get_by_username(username)
     if user is None:
         user_attrs = {
             'name': username,
             'lastname': None,
             'email': None,
+        }
         user = UserModel().create_for_container_auth(username, user_attrs)
         if not user:
             return None
         log.info('User %s was created by container authentication' % username)
     if not user.active:
         return None
     user.update_lastlogin()
     Session.commit()
     log.debug('User %s is now logged in by container authentication',
               user.username)
     return user
 def get_container_username(environ, config):
     username = None
     if str2bool(config.get('container_auth_enabled', False)):
         from paste.httpheaders import REMOTE_USER
         username = REMOTE_USER(environ)
     if not username and str2bool(config.get('proxypass_auth_enabled', False)):
         username = environ.get('HTTP_X_FORWARDED_USER')
     if username:

0 comments (0 inline, 0 general)