Changeset - 88338675a0f7
Parent rev.
Child rev.
[Not reviewed]
beta
0 2 0
Marcin Kuzminski - 15 years ago 2010-11-24 03:31:33
marcin@python-works.com
fixed ldap issue and small template fix
2 files changed with 5 insertions and 5 deletions:
rhodecode/lib/auth.py
4
4
rhodecode/public/css/style.css
1
1
0 comments (0 inline, 0 general)
rhodecode/lib/auth.py
Show inline comments
 
@@ -64,107 +64,107 @@ class PasswordGenerator(object):
 
    def gen_password(self, len, type):
 
        self.passwd = ''.join([random.choice(type) for _ in xrange(len)])
 
        return self.passwd
 

			




	
	
	
		
 

			




	
	
	
		
 
def get_crypt_password(password):

			




	
	
	
		
 
    """Cryptographic function used for password hashing based on sha1

			




	
	
	
		
 
    :param password: password to hash

			




	
	
	
		
 
    """

			




	
	
	
		
 
    return bcrypt.hashpw(password, bcrypt.gensalt(10))

			




	
	
	
		
 

			




	
	
	
		
 
def check_password(password, hashed):

			




	
	
	
		
 
    return bcrypt.hashpw(password, hashed) == hashed

			




	
	
	
		
 

			




	
	
	
		
 
def authfunc(environ, username, password):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Authentication function used in Mercurial/Git/ and access control,

			




	
	
	
		
 
    firstly checks for db authentication then if ldap is enabled for ldap

			




	
	
	
		
 
    authentication, also creates ldap user if not in database

			




	
	
	
		
 
    

			




	
	
	
		
 
    :param environ: needed only for using in Basic auth, can be None

			




	
	
	
		
 
    :param username: username

			




	
	
	
		
 
    :param password: password

			




	
	
	
		
 
    """

			




	
	
	
		
 
    user_model = UserModel()

			




	
	
	
		
 
    user = user_model.get_by_username(username, cache=False)

			




	
	
	
		
 

			




	
	
	
		
 
    if user is not None and user.is_ldap is False:

			




	
	
	
		
 
        if user.active:

			




	
	
	
		
 

			




	
	
	
		
 
            if user.username == 'default' and user.active:

			




	
	
	
		
 
                log.info('user %s authenticated correctly', username)

			




	
	
	
		
 
                return True

			




	
	
	
		
 

			




	
	
	
		
 
            elif user.username == username and check_password(password, user.password):

			




	
	
	
		
 
                log.info('user %s authenticated correctly', username)

			




	
	
	
		
 
                return True

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            log.error('user %s is disabled', username)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
    else:

			




	
	
	
		
 

			




	
	
	
		
 
        #since ldap is searching in case insensitive check if this user is still

			




	
	
	
		
 
        #not in our system

			




	
	
	
		
 
        username = username.lower()

			




	
	
	
		
 
        user_obj = user_model.get_by_username(username, cache=False,

			




	
	
	
		
 
                                            case_insensitive=True)

			




	
	
	
		
 
        if user_obj is not None:

			




	
	
	
		
 
            return False 

			




	
	
	
		
 
        

			




	
	
	
		
 
        if user_obj is not None and user_obj.is_ldap is False:

			




	
	
	
		
 
            return False

			




	
	
	
		
 

			




	
	
	
		
 
        from rhodecode.model.settings import SettingsModel

			




	
	
	
		
 
        ldap_settings = SettingsModel().get_ldap_settings()

			




	
	
	
		
 

			




	
	
	
		
 
        #======================================================================

			




	
	
	
		
 
        # FALLBACK TO LDAP AUTH IN ENABLE                

			




	
	
	
		
 
        #======================================================================

			




	
	
	
		
 
        if ldap_settings.get('ldap_active', False):

			




	
	
	
		
 
            

			




	
	
	
		
 

			




	
	
	
		
 
            kwargs = {

			




	
	
	
		
 
                  'server':ldap_settings.get('ldap_host', ''),

			




	
	
	
		
 
                  'base_dn':ldap_settings.get('ldap_base_dn', ''),

			




	
	
	
		
 
                  'port':ldap_settings.get('ldap_port'),

			




	
	
	
		
 
                  'bind_dn':ldap_settings.get('ldap_dn_user'),

			




	
	
	
		
 
                  'bind_pass':ldap_settings.get('ldap_dn_pass'),

			




	
	
	
		
 
                  'use_ldaps':ldap_settings.get('ldap_ldaps'),

			




	
	
	
		
 
                  'ldap_version':3,

			




	
	
	
		
 
                  }

			




	
	
	
		
 
            log.debug('Checking for ldap authentication')

			




	
	
	
		
 
            try:

			




	
	
	
		
 
                aldap = AuthLdap(**kwargs)

			




	
	
	
		
 
                res = aldap.authenticate_ldap(username, password)

			




	
	
	
		
 

			




	
	
	
		
 
                authenticated = res[1]['uid'][0] == username

			




	
	
	
		
 

			




	
	
	
		
 
                if authenticated and user_model.create_ldap(username, password):

			




	
	
	
		
 
                    log.info('created new ldap user')

			




	
	
	
		
 

			




	
	
	
		
 
                return authenticated

			




	
	
	
		
 
            except (LdapUsernameError, LdapPasswordError):

			




	
	
	
		
 
                return False

			




	
	
	
		
 
            except:

			




	
	
	
		
 
                log.error(traceback.format_exc())

			




	
	
	
		
 
                return False

			




	
	
	
		
 
    return False

			




	
	
	
		
 

			




	
	
	
		
 
class  AuthUser(object):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    A simple object that handles a mercurial username for authentication

			




	
	
	
		
 
    """

			




	
	
	
		
 
    def __init__(self):

			




	
	
	
		
 
        self.username = 'None'

			




	
	
	
		
 
        self.name = ''

			




	
	
	
		
 
        self.lastname = ''

			




	
	
	
		
 
        self.email = ''

			




	
	
	
		
 
        self.user_id = None

			




	
	
	
		
 
        self.is_authenticated = False

			




	
	
	
		
 
        self.is_admin = False

			




	
	
	
		
 
        self.permissions = {}

			




	
	
	
		
 

			




	
	
	
		
 
    def __repr__(self):

			




	
	
	
		
 
        return "<AuthUser('id:%s:%s')>" % (self.user_id, self.username)

			




	
	
	
		
 

			




	
	
	
		
 
def set_available_permissions(config):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    This function will propagate pylons globals with all available defined

			




	
	
	
		
 
    permission given in db. We don't wannt to check each time from db for new 

			




        

    


    
    

    

        

                

                    rhodecode/public/css/style.css
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -2272,97 +2272,97 @@ padding:6px 8px;

			




	
	
	
		
 

			




	
	
	
		
 
#content div.box div.pagination ul.pager li.disabled,#content div.box div.pagination-wh a.disabled {

			




	
	
	
		
 
color:#B4B4B4;

			




	
	
	
		
 
padding:6px;

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
#login,#register {

			




	
	
	
		
 
width:520px;

			




	
	
	
		
 
margin:10% auto 0;

			




	
	
	
		
 
padding:0;

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
#login div.color,#register div.color {

			




	
	
	
		
 
clear:both;

			




	
	
	
		
 
overflow:hidden;

			




	
	
	
		
 
background:#FFF;

			




	
	
	
		
 
margin:10px auto 0;

			




	
	
	
		
 
padding:3px 3px 3px 0;

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
#login div.color a,#register div.color a {

			




	
	
	
		
 
width:20px;

			




	
	
	
		
 
height:20px;

			




	
	
	
		
 
display:block;

			




	
	
	
		
 
float:left;

			




	
	
	
		
 
margin:0 0 0 3px;

			




	
	
	
		
 
padding:0;

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
#login div.title h5,#register div.title h5 {

			




	
	
	
		
 
color:#fff;

			




	
	
	
		
 
margin:10px;

			




	
	
	
		
 
padding:0;

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
#login div.form div.fields div.field,#register div.form div.fields div.field {

			




	
	
	
		
 
clear:both;

			




	
	
	
		
 
overflow:hidden;

			




	
	
	
		
 
margin:0;

			




	
	
	
		
 
padding:0 0 10px;

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
#login div.form div.fields div.field span.error-message,#register div.form div.fields div.field span.error-message {

			




	
	
	
		
 
height:1%;

			




	
	
	
		
 
display:block;

			




	
	
	
		
 
color:red;

			




	
	
	
		
 
margin:8px 0 0;

			




	
	
	
		
 
padding:0;

			




	
	
	
		
 
width: 320px;

			




	
	
	
		
 
max-width: 320px;

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
#login div.form div.fields div.field div.label label,#register div.form div.fields div.field div.label label {

			




	
	
	
		
 
color:#000;

			




	
	
	
		
 
font-weight:700;

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
#login div.form div.fields div.field div.input,#register div.form div.fields div.field div.input {

			




	
	
	
		
 
float:left;

			




	
	
	
		
 
margin:0;

			




	
	
	
		
 
padding:0;

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
#login div.form div.fields div.field div.checkbox,#register div.form div.fields div.field div.checkbox {

			




	
	
	
		
 
margin:0 0 0 184px;

			




	
	
	
		
 
padding:0;

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
#login div.form div.fields div.field div.checkbox label,#register div.form div.fields div.field div.checkbox label {

			




	
	
	
		
 
color:#565656;

			




	
	
	
		
 
font-weight:700;

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
#login div.form div.fields div.buttons input,#register div.form div.fields div.buttons input {

			




	
	
	
		
 
color:#000;

			




	
	
	
		
 
font-size:1em;

			




	
	
	
		
 
font-weight:700;

			




	
	
	
		
 
font-family:Verdana, Helvetica, Sans-Serif;

			




	
	
	
		
 
margin:0;

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
#changeset_content .container .wrapper,#graph_content .container .wrapper {

			




	
	
	
		
 
width:600px;

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
#changeset_content .container .left,#graph_content .container .left {

			




	
	
	
		
 
float:left;

			




	
	
	
		
 
width:70%;

			




	
	
	
		
 
padding-left:5px;

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
#changeset_content .container .left .date,.ac .match {

			




	
	
	
		
 
font-weight:700;

			




	
	
	
		
 
padding-top: 5px;

			




	
	
	
		
 
padding-bottom:5px;

			




	
	
	
		
 
}

			




	
	
	
		
 

			




	
	
	
		
 
div#legend_container table td,div#legend_choices table td {

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.