kallithea Changeset - 88338675a0f7

Changeset - 88338675a0f7

Parent rev.

Child rev.

[Not reviewed]

beta

0 2 0

Marcin Kuzminski - 15 years ago 2010-11-24 03:31:33
marcin@python-works.com

fixed ldap issue and small template fix

2 files changed with 2 insertions and 2 deletions:

rhodecode/lib/auth.py

rhodecode/public/css/style.css

0 comments (0 inline, 0 general)

rhodecode/lib/auth.py

➞

Show inline comments

 #!/usr/bin/env python
 # encoding: utf-8
 # authentication and permission libraries
 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
+#
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on April 4, 2010
 @author: marcink
 """
 from pylons import config, session, url, request
 from pylons.controllers.util import abort, redirect
 from rhodecode.lib.exceptions import *
 from rhodecode.lib.utils import get_repo_slug
 from rhodecode.lib.auth_ldap import AuthLdap
 from rhodecode.model import meta
 from rhodecode.model.user import UserModel
 from rhodecode.model.caching_query import FromCache
 from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \
     UserToPerm
 import bcrypt
 from decorator import decorator
 import logging
 import random
 import traceback
 log = logging.getLogger(__name__)
 class PasswordGenerator(object):
     """This is a simple class for generating password from
         different sets of characters
         usage:
         passwd_gen = PasswordGenerator()
         #print 8-letter password containing only big and small letters of alphabet
         print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
     """
     ALPHABETS_NUM = r'''1234567890'''#[0]
     ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''#[1]
     ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''#[2]
     ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''    #[3]
     ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM + ALPHABETS_SPECIAL#[4]
     ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM#[5]
     ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
     ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM#[6]
     ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM#[7]
     def __init__(self, passwd=''):
         self.passwd = passwd
     def gen_password(self, len, type):
         self.passwd = ''.join([random.choice(type) for _ in xrange(len)])
         return self.passwd
 def get_crypt_password(password):
     """Cryptographic function used for password hashing based on sha1
     :param password: password to hash
     """
     return bcrypt.hashpw(password, bcrypt.gensalt(10))
 def check_password(password, hashed):
     return bcrypt.hashpw(password, hashed) == hashed
 def authfunc(environ, username, password):
     """
     Authentication function used in Mercurial/Git/ and access control,
     firstly checks for db authentication then if ldap is enabled for ldap
     authentication, also creates ldap user if not in database
     :param environ: needed only for using in Basic auth, can be None
     :param username: username
     :param password: password
     """
     user_model = UserModel()
     user = user_model.get_by_username(username, cache=False)
     if user is not None and user.is_ldap is False:
         if user.active:
             if user.username == 'default' and user.active:
                 log.info('user %s authenticated correctly', username)
                 return True
             elif user.username == username and check_password(password, user.password):
                 log.info('user %s authenticated correctly', username)
                 return True
         else:
             log.error('user %s is disabled', username)
     else:
         #since ldap is searching in case insensitive check if this user is still
         #not in our system
         username = username.lower()
         user_obj = user_model.get_by_username(username, cache=False,
                                             case_insensitive=True)
         if user_obj is not None:
+        if user_obj is not None and user_obj.is_ldap is False:
             return False
         from rhodecode.model.settings import SettingsModel
         ldap_settings = SettingsModel().get_ldap_settings()
         #======================================================================
         # FALLBACK TO LDAP AUTH IN ENABLE
         #======================================================================
         if ldap_settings.get('ldap_active', False):
             kwargs = {
                   'server':ldap_settings.get('ldap_host', ''),
                   'base_dn':ldap_settings.get('ldap_base_dn', ''),
                   'port':ldap_settings.get('ldap_port'),
                   'bind_dn':ldap_settings.get('ldap_dn_user'),
                   'bind_pass':ldap_settings.get('ldap_dn_pass'),
                   'use_ldaps':ldap_settings.get('ldap_ldaps'),
                   'ldap_version':3,
+                  }
             log.debug('Checking for ldap authentication')
             try:
                 aldap = AuthLdap(**kwargs)
                 res = aldap.authenticate_ldap(username, password)
                 authenticated = res[1]['uid'][0] == username
                 if authenticated and user_model.create_ldap(username, password):
                     log.info('created new ldap user')
                 return authenticated
             except (LdapUsernameError, LdapPasswordError):
                 return False
             except:
                 log.error(traceback.format_exc())
                 return False
     return False
 class  AuthUser(object):
     """
     A simple object that handles a mercurial username for authentication
     """
     def __init__(self):
         self.username = 'None'
         self.name = ''
         self.lastname = ''
         self.email = ''
         self.user_id = None
         self.is_authenticated = False
         self.is_admin = False
         self.permissions = {}
     def __repr__(self):
         return "<AuthUser('id:%s:%s')>" % (self.user_id, self.username)
 def set_available_permissions(config):
     """
     This function will propagate pylons globals with all available defined
     permission given in db. We don't wannt to check each time from db for new
     permissions since adding a new permission also requires application restart
     ie. to decorate new views with the newly created permission
     :param config:
     """
     log.info('getting information about all available permissions')
     try:
         sa = meta.Session()
         all_perms = sa.query(Permission).all()
     except:
         pass
     finally:
         meta.Session.remove()
     config['available_permissions'] = [x.permission_name for x in all_perms]
 def set_base_path(config):
     config['base_path'] = config['pylons.app_globals'].base_path
 def fill_perms(user):
     """
     Fills user permission attribute with permissions taken from database
     :param user:
     """
     sa = meta.Session()
     user.permissions['repositories'] = {}
     user.permissions['global'] = set()
     #===========================================================================
     # fetch default permissions
     #===========================================================================
     default_user = UserModel().get_by_username('default', cache=True)
     default_perms = sa.query(RepoToPerm, Repository, Permission)\
         .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
         .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
         .filter(RepoToPerm.user == default_user).all()
     if user.is_admin:
         #=======================================================================
         # #admin have all default rights set to admin
         #=======================================================================
         user.permissions['global'].add('hg.admin')
         for perm in default_perms:
             p = 'repository.admin'
             user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
     else:
         #=======================================================================
         # set default permissions
         #=======================================================================
         #default global
         default_global_perms = sa.query(UserToPerm)\
             .filter(UserToPerm.user == sa.query(User)\
                    .filter(User.username == 'default').one())
         for perm in default_global_perms:
             user.permissions['global'].add(perm.permission.permission_name)
         #default repositories
         for perm in default_perms:
             if perm.Repository.private and not perm.Repository.user_id == user.user_id:
                 #disable defaults for private repos,
                 p = 'repository.none'
             elif perm.Repository.user_id == user.user_id:
                 #set admin if owner
                 p = 'repository.admin'
             else:
                 p = perm.Permission.permission_name
             user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
         #=======================================================================
         # #overwrite default with user permissions if any
         #=======================================================================
         user_perms = sa.query(RepoToPerm, Permission, Repository)\
             .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
             .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
             .filter(RepoToPerm.user_id == user.user_id).all()
         for perm in user_perms:
             if perm.Repository.user_id == user.user_id:#set admin if owner
                 p = 'repository.admin'
             else:
                 p = perm.Permission.permission_name
             user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
     meta.Session.remove()
     return user
 def get_user(session):
     """
     Gets user from session, and wraps permissions into user
     :param session:
     """
     user = session.get('rhodecode_user', AuthUser())
     #if the user is not logged in we check for anonymous access
     #if user is logged and it's a default user check if we still have anonymous
     #access enabled
     if user.user_id is None or user.username == 'default':
         anonymous_user = UserModel().get_by_username('default', cache=True)
         if anonymous_user.active is True:
             #then we set this user is logged in
             user.is_authenticated = True
             user.user_id = anonymous_user.user_id
         else:
             user.is_authenticated = False
     if user.is_authenticated:
         user = UserModel().fill_data(user)
     user = fill_perms(user)
     session['rhodecode_user'] = user
     session.save()
     return user
 #===============================================================================
 # CHECK DECORATORS
 #===============================================================================
 class LoginRequired(object):
     """Must be logged in to execute this function else redirect to login page"""
     def __call__(self, func):
         return decorator(self.__wrapper, func)
     def __wrapper(self, func, *fargs, **fkwargs):
         user = session.get('rhodecode_user', AuthUser())
         log.debug('Checking login required for user:%s', user.username)
         if user.is_authenticated:
             log.debug('user %s is authenticated', user.username)
             return func(*fargs, **fkwargs)
         else:

rhodecode/public/css/style.css

➞

Show inline comments

@@ @@ -2128,254 +2128,254 @@ border-bottom:1px solid #c6d880; @@
+}
 #content div.box-left div.form div.fields div.field div.textarea,#content div.box-right div.form div.fields div.field div.textarea,#content div.box div.form div.fields div.field div.select select,#content div.box table th.selected input,#content div.box table td.selected input {
 margin:0;
+}
 #content div.box-left div.form div.fields div.field div.select,#content div.box-left div.form div.fields div.field div.checkboxes,#content div.box-left div.form div.fields div.field div.radios,#content div.box-right div.form div.fields div.field div.select,#content div.box-right div.form div.fields div.field div.checkboxes,#content div.box-right div.form div.fields div.field div.radios{
 margin:0 0 0 0px !important;
 padding:0;
+}
 #content div.box div.form div.fields div.field div.select,#content div.box div.form div.fields div.field div.checkboxes,#content div.box div.form div.fields div.field div.radios {
 margin:0 0 0 200px;
 padding:0;
+}
 #content div.box div.form div.fields div.field div.select a:hover,#content div.box div.form div.fields div.field div.select a.ui-selectmenu:hover,#content div.box div.action a:hover {
 color:#000;
 text-decoration:none;
+}
 #content div.box div.form div.fields div.field div.select a.ui-selectmenu-focus,#content div.box div.action a.ui-selectmenu-focus {
 border:1px solid #666;
+}
 #content div.box div.form div.fields div.field div.checkboxes div.checkbox,#content div.box div.form div.fields div.field div.radios div.radio {
 clear:both;
 overflow:hidden;
 margin:0;
 padding:8px 0 2px;
+}
 #content div.box div.form div.fields div.field div.checkboxes div.checkbox input,#content div.box div.form div.fields div.field div.radios div.radio input {
 float:left;
 margin:0;
+}
 #content div.box div.form div.fields div.field div.checkboxes div.checkbox label,#content div.box div.form div.fields div.field div.radios div.radio label {
 height:1%;
 display:block;
 float:left;
 margin:2px 0 0 4px;
+}
 div.form div.fields div.field div.button input,#content div.box div.form div.fields div.buttons input,div.form div.fields div.buttons input,#content div.box div.action div.button input {
 color:#000;
 font-family:Lucida Grande, Verdana, Lucida Sans Regular, Lucida Sans Unicode, Arial, sans-serif;
 font-size:11px;
 font-weight:700;
 margin:0;
+}
 div.form div.fields div.field div.button .ui-state-default,#content div.box div.form div.fields div.buttons input.ui-state-default {
 background:#e5e3e3 url("../images/button.png") repeat-x;
 border-top:1px solid #DDD;
 border-left:1px solid #c6c6c6;
 border-right:1px solid #DDD;
 border-bottom:1px solid #c6c6c6;
 color:#515151;
 outline:none;
 margin:0;
 padding:6px 12px;
+}
 div.form div.fields div.field div.button .ui-state-hover,#content div.box div.form div.fields div.buttons input.ui-state-hover {
 background:#b4b4b4 url("../images/button_selected.png") repeat-x;
 border-top:1px solid #ccc;
 border-left:1px solid #bebebe;
 border-right:1px solid #b1b1b1;
 border-bottom:1px solid #afafaf;
 color:#515151;
 outline:none;
 margin:0;
 padding:6px 12px;
+}
 div.form div.fields div.field div.highlight,#content div.box div.form div.fields div.buttons div.highlight {
 display:inline;
+}
 #content div.box div.form div.fields div.buttons,div.form div.fields div.buttons {
 margin:10px 0 0 200px;
 padding:0;
+}
 #content div.box-left div.form div.fields div.buttons,#content div.box-right div.form div.fields div.buttons,div.box-left div.form div.fields div.buttons,div.box-right div.form div.fields div.buttons {
 margin:10px 0 0;
+}
 #content div.box table td.user,#content div.box table td.address {
 width:10%;
 text-align:center;
+}
 #content div.box div.action div.button,#login div.form div.fields div.field div.input div.link,#register div.form div.fields div.field div.input div.link {
 text-align:right;
 margin:6px 0 0;
 padding:0;
+}
 #content div.box div.action div.button input.ui-state-default,#login div.form div.fields div.buttons input.ui-state-default,#register div.form div.fields div.buttons input.ui-state-default {
 background:#e5e3e3 url("../images/button.png") repeat-x;
 border-top:1px solid #DDD;
 border-left:1px solid #c6c6c6;
 border-right:1px solid #DDD;
 border-bottom:1px solid #c6c6c6;
 color:#515151;
 margin:0;
 padding:6px 12px;
+}
 #content div.box div.action div.button input.ui-state-hover,#login div.form div.fields div.buttons input.ui-state-hover,#register div.form div.fields div.buttons input.ui-state-hover {
 background:#b4b4b4 url("../images/button_selected.png") repeat-x;
 border-top:1px solid #ccc;
 border-left:1px solid #bebebe;
 border-right:1px solid #b1b1b1;
 border-bottom:1px solid #afafaf;
 color:#515151;
 margin:0;
 padding:6px 12px;
+}
 #content div.box div.pagination div.results,#content div.box div.pagination-wh div.results {
 text-align:left;
 float:left;
 margin:0;
 padding:0;
+}
 #content div.box div.pagination div.results span,#content div.box div.pagination-wh div.results span {
 height:1%;
 display:block;
 float:left;
 background:#ebebeb url("../images/pager.png") repeat-x;
 border-top:1px solid #dedede;
 border-left:1px solid #cfcfcf;
 border-right:1px solid #c4c4c4;
 border-bottom:1px solid #c4c4c4;
 color:#4A4A4A;
 font-weight:700;
 margin:0;
 padding:6px 8px;
+}
 #content div.box div.pagination ul.pager li.disabled,#content div.box div.pagination-wh a.disabled {
 color:#B4B4B4;
 padding:6px;
+}
 #login,#register {
 width:520px;
 margin:10% auto 0;
 padding:0;
+}
 #login div.color,#register div.color {
 clear:both;
 overflow:hidden;
 background:#FFF;
 margin:10px auto 0;
 padding:3px 3px 3px 0;
+}
 #login div.color a,#register div.color a {
 width:20px;
 height:20px;
 display:block;
 float:left;
 margin:0 0 0 3px;
 padding:0;
+}
 #login div.title h5,#register div.title h5 {
 color:#fff;
 margin:10px;
 padding:0;
+}
 #login div.form div.fields div.field,#register div.form div.fields div.field {
 clear:both;
 overflow:hidden;
 margin:0;
 padding:0 0 10px;
+}
 #login div.form div.fields div.field span.error-message,#register div.form div.fields div.field span.error-message {
 height:1%;
 display:block;
 color:red;
 margin:8px 0 0;
 padding:0;
 width: 320px;
+max-width: 320px;
+}
 #login div.form div.fields div.field div.label label,#register div.form div.fields div.field div.label label {
 color:#000;
 font-weight:700;
+}
 #login div.form div.fields div.field div.input,#register div.form div.fields div.field div.input {
 float:left;
 margin:0;
 padding:0;
+}
 #login div.form div.fields div.field div.checkbox,#register div.form div.fields div.field div.checkbox {
 margin:0 0 0 184px;
 padding:0;
+}
 #login div.form div.fields div.field div.checkbox label,#register div.form div.fields div.field div.checkbox label {
 color:#565656;
 font-weight:700;
+}
 #login div.form div.fields div.buttons input,#register div.form div.fields div.buttons input {
 color:#000;
 font-size:1em;
 font-weight:700;
 font-family:Verdana, Helvetica, Sans-Serif;
 margin:0;
+}
 #changeset_content .container .wrapper,#graph_content .container .wrapper {
 width:600px;
+}
 #changeset_content .container .left,#graph_content .container .left {
 float:left;
 width:70%;
 padding-left:5px;
+}
 #changeset_content .container .left .date,.ac .match {
 font-weight:700;
 padding-top: 5px;
 padding-bottom:5px;
+}
 div#legend_container table td,div#legend_choices table td {
 border:none !important;
 height:20px !important;
 padding:0 !important;
+}
 #q_filter{
 border:0 none;
 color:#AAAAAA;
 margin-bottom:-4px;
 margin-top:-4px;
 padding-left:3px;
+}

0 comments (0 inline, 0 general)