Changeset - 54684e071457
Parent rev.
Child rev.
[Not reviewed]
beta
0 2 0
Marcin Kuzminski - 15 years ago 2010-11-23 12:58:45
marcin@python-works.com
fixes issue #78, ldap makes user validation caseInsensitive
and fixed validators to check for case insensitive values.
2 files changed with 14 insertions and 3 deletions:
rhodecode/lib/auth.py
10
2
rhodecode/model/forms.py
4
1
0 comments (0 inline, 0 general)
rhodecode/lib/auth.py
Show inline comments
 
@@ -94,31 +94,39 @@ def authfunc(environ, username, password
 
            if user.username == 'default' and user.active:
 
                log.info('user %s authenticated correctly', username)
 
                return True
 

			




	
	
	
		
 
            elif user.username == username and check_password(password, user.password):

			




	
	
	
		
 
                log.info('user %s authenticated correctly', username)

			




	
	
	
		
 
                return True

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            log.error('user %s is disabled', username)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
    else:

			




	
	
	
		
 

			




	
	
	
		
 
        #since ldap is searching in case insensitive check if this user is still

			




	
	
	
		
 
        #not in our system

			




	
	
	
		
 
        username = username.lower()

			




	
	
	
		
 
        if user_model.get_by_username(username, cache=False) is not None:

			




	
	
	
		
 
            return False 

			




	
	
	
		
 
        

			




	
	
	
		
 
        from rhodecode.model.settings import SettingsModel

			




	
	
	
		
 
        ldap_settings = SettingsModel().get_ldap_settings()

			




	
	
	
		
 

			




	
	
	
		
 
        #======================================================================

			




	
	
	
		
 
        # FALLBACK TO LDAP AUTH IN ENABLE                

			




	
	
	
		
 
        #======================================================================

			




	
	
	
		
 
        if ldap_settings.get('ldap_active', False):

			




	
	
	
		
 
            

			




	
	
	
		
 
            kwargs = {

			




	
	
	
		
 
                  'server':ldap_settings.get('ldap_host', ''),

			




	
	
	
		
 
                  'base_dn':ldap_settings.get('ldap_base_dn', ''),

			




	
	
	
		
 
                  'port':ldap_settings.get('ldap_port'),

			




	
	
	
		
 
                  'bind_dn':ldap_settings.get('ldap_dn_user'),

			




	
	
	
		
 
                  'bind_pass':ldap_settings.get('ldap_dn_pass'),

			




	
	
	
		
 
                  'use_ldaps':ldap_settings.get('ldap_ldaps'),

			




	
	
	
		
 
                  'ldap_version':3,

			




	
	
	
		
 
                  }

			




	
	
	
		
 
            log.debug('Checking for ldap authentication')

			




	
	
	
		
 
            try:

			




	
	
	
		
 
                aldap = AuthLdap(**kwargs)

			




	
	
		
 
@@ -205,26 +213,26 @@ def fill_perms(user):

			




	
	
	
		
 

			




	
	
	
		
 
        for perm in default_perms:

			




	
	
	
		
 
            p = 'repository.admin'

			




	
	
	
		
 
            user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p

			




	
	
	
		
 

			




	
	
	
		
 
    else:

			




	
	
	
		
 
        #=======================================================================

			




	
	
	
		
 
        # set default permissions

			




	
	
	
		
 
        #=======================================================================

			




	
	
	
		
 

			




	
	
	
		
 
        #default global

			




	
	
	
		
 
        default_global_perms = sa.query(UserToPerm)\

			




	
	
	
		
 
            .filter(UserToPerm.user == sa.query(User).filter(User.username ==

			




	
	
	
		
 
            'default').one())

			




	
	
	
		
 
            .filter(UserToPerm.user == sa.query(User)\

			




	
	
	
		
 
                   .filter(User.username == 'default').one())

			




	
	
	
		
 

			




	
	
	
		
 
        for perm in default_global_perms:

			




	
	
	
		
 
            user.permissions['global'].add(perm.permission.permission_name)

			




	
	
	
		
 

			




	
	
	
		
 
        #default repositories

			




	
	
	
		
 
        for perm in default_perms:

			




	
	
	
		
 
            if perm.Repository.private and not perm.Repository.user_id == user.user_id:

			




	
	
	
		
 
                #disable defaults for private repos,

			




	
	
	
		
 
                p = 'repository.none'

			




	
	
	
		
 
            elif perm.Repository.user_id == user.user_id:

			




	
	
	
		
 
                #set admin if owner

			




	
	
	
		
 
                p = 'repository.admin'

			




        

    


    
    

    

        

                

                    rhodecode/model/forms.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -58,25 +58,25 @@ class ValidAuthToken(formencode.validato

			




	
	
	
		
 
def ValidUsername(edit, old_data):

			




	
	
	
		
 
    class _ValidUsername(formencode.validators.FancyValidator):

			




	
	
	
		
 

			




	
	
	
		
 
        def validate_python(self, value, state):

			




	
	
	
		
 
            if value in ['default', 'new_user']:

			




	
	
	
		
 
                raise formencode.Invalid(_('Invalid username'), value, state)

			




	
	
	
		
 
            #check if user is unique

			




	
	
	
		
 
            old_un = None

			




	
	
	
		
 
            if edit:

			




	
	
	
		
 
                old_un = UserModel().get(old_data.get('user_id')).username

			




	
	
	
		
 

			




	
	
	
		
 
            if old_un != value or not edit:

			




	
	
	
		
 
                if UserModel().get_by_username(value, cache=False):

			




	
	
	
		
 
                if UserModel().get_by_username(value.lower(), cache=False):

			




	
	
	
		
 
                    raise formencode.Invalid(_('This username already exists') ,

			




	
	
	
		
 
                                             value, state)

			




	
	
	
		
 

			




	
	
	
		
 
    return _ValidUsername

			




	
	
	
		
 

			




	
	
	
		
 
class ValidPassword(formencode.validators.FancyValidator):

			




	
	
	
		
 

			




	
	
	
		
 
    def to_python(self, value, state):

			




	
	
	
		
 

			




	
	
	
		
 
        if value:

			




	
	
	
		
 

			




	
	
	
		
 
            if value.get('password'):

			




	
	
		
 
@@ -235,40 +235,43 @@ class ValidSettings(formencode.validator

			




	
	
	
		
 
class ValidPath(formencode.validators.FancyValidator):

			




	
	
	
		
 
    def to_python(self, value, state):

			




	
	
	
		
 

			




	
	
	
		
 
        if not os.path.isdir(value):

			




	
	
	
		
 
            msg = _('This is not a valid path')

			




	
	
	
		
 
            raise formencode.Invalid(msg, value, state,

			




	
	
	
		
 
                                     error_dict={'paths_root_path':msg})

			




	
	
	
		
 
        return value

			




	
	
	
		
 

			




	
	
	
		
 
def UniqSystemEmail(old_data):

			




	
	
	
		
 
    class _UniqSystemEmail(formencode.validators.FancyValidator):

			




	
	
	
		
 
        def to_python(self, value, state):

			




	
	
	
		
 
            value = value.lower()

			




	
	
	
		
 
            #TODO:write test for MixedCase scenarios

			




	
	
	
		
 
            if old_data.get('email') != value:

			




	
	
	
		
 
                sa = meta.Session()

			




	
	
	
		
 
                try:

			




	
	
	
		
 
                    user = sa.query(User).filter(User.email == value).scalar()

			




	
	
	
		
 
                    if user:

			




	
	
	
		
 
                        raise formencode.Invalid(_("That e-mail address is already taken") ,

			




	
	
	
		
 
                                                 value, state)

			




	
	
	
		
 
                finally:

			




	
	
	
		
 
                    meta.Session.remove()

			




	
	
	
		
 

			




	
	
	
		
 
            return value

			




	
	
	
		
 

			




	
	
	
		
 
    return _UniqSystemEmail

			




	
	
	
		
 

			




	
	
	
		
 
class ValidSystemEmail(formencode.validators.FancyValidator):

			




	
	
	
		
 
    def to_python(self, value, state):

			




	
	
	
		
 
        value = value.lower()

			




	
	
	
		
 
        sa = meta.Session

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            user = sa.query(User).filter(User.email == value).scalar()

			




	
	
	
		
 
            if  user is None:

			




	
	
	
		
 
                raise formencode.Invalid(_("That e-mail address doesn't exist.") ,

			




	
	
	
		
 
                                         value, state)

			




	
	
	
		
 
        finally:

			




	
	
	
		
 
            meta.Session.remove()

			




	
	
	
		
 

			




	
	
	
		
 
        return value

			




	
	
	
		
 

			




	
	
	
		
 
class LdapLibValidator(formencode.validators.FancyValidator):

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.