kallithea Changeset - 88338675a0f7

Changeset - 88338675a0f7

Parent rev.

Child rev.

[Not reviewed]

beta

0 2 0

Marcin Kuzminski - 15 years ago 2010-11-24 03:31:33
marcin@python-works.com

fixed ldap issue and small template fix

2 files changed with 5 insertions and 5 deletions:

rhodecode/lib/auth.py

rhodecode/public/css/style.css

0 comments (0 inline, 0 general)

rhodecode/lib/auth.py

➞

Show inline comments

@@ @@ -16,203 +16,203 @@ @@
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on April 4, 2010
 @author: marcink
 """
 from pylons import config, session, url, request
 from pylons.controllers.util import abort, redirect
 from rhodecode.lib.exceptions import *
 from rhodecode.lib.utils import get_repo_slug
 from rhodecode.lib.auth_ldap import AuthLdap
 from rhodecode.model import meta
 from rhodecode.model.user import UserModel
 from rhodecode.model.caching_query import FromCache
 from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \
     UserToPerm
 import bcrypt
 from decorator import decorator
 import logging
 import random
 import traceback
 log = logging.getLogger(__name__)
 class PasswordGenerator(object):
     """This is a simple class for generating password from
         different sets of characters
         usage:
         passwd_gen = PasswordGenerator()
         #print 8-letter password containing only big and small letters of alphabet
         print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
     """
     ALPHABETS_NUM = r'''1234567890'''#[0]
     ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''#[1]
     ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''#[2]
     ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''    #[3]
     ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM + ALPHABETS_SPECIAL#[4]
     ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM#[5]
     ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
     ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM#[6]
     ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM#[7]
     def __init__(self, passwd=''):
         self.passwd = passwd
     def gen_password(self, len, type):
         self.passwd = ''.join([random.choice(type) for _ in xrange(len)])
         return self.passwd
 def get_crypt_password(password):
     """Cryptographic function used for password hashing based on sha1
     :param password: password to hash
     """
     return bcrypt.hashpw(password, bcrypt.gensalt(10))
 def check_password(password, hashed):
     return bcrypt.hashpw(password, hashed) == hashed
 def authfunc(environ, username, password):
     """
     Authentication function used in Mercurial/Git/ and access control,
     firstly checks for db authentication then if ldap is enabled for ldap
     authentication, also creates ldap user if not in database
     :param environ: needed only for using in Basic auth, can be None
     :param username: username
     :param password: password
     """
     user_model = UserModel()
     user = user_model.get_by_username(username, cache=False)
     if user is not None and user.is_ldap is False:
         if user.active:
             if user.username == 'default' and user.active:
                 log.info('user %s authenticated correctly', username)
                 return True
             elif user.username == username and check_password(password, user.password):
                 log.info('user %s authenticated correctly', username)
                 return True
         else:
             log.error('user %s is disabled', username)
     else:
         #since ldap is searching in case insensitive check if this user is still
         #not in our system
         username = username.lower()
         user_obj = user_model.get_by_username(username, cache=False,
                                             case_insensitive=True)
         if user_obj is not None:
             return False
         if user_obj is not None and user_obj.is_ldap is False:
             return False
         from rhodecode.model.settings import SettingsModel
         ldap_settings = SettingsModel().get_ldap_settings()
         #======================================================================
         # FALLBACK TO LDAP AUTH IN ENABLE
         #======================================================================
         if ldap_settings.get('ldap_active', False):
             kwargs = {
                   'server':ldap_settings.get('ldap_host', ''),
                   'base_dn':ldap_settings.get('ldap_base_dn', ''),
                   'port':ldap_settings.get('ldap_port'),
                   'bind_dn':ldap_settings.get('ldap_dn_user'),
                   'bind_pass':ldap_settings.get('ldap_dn_pass'),
                   'use_ldaps':ldap_settings.get('ldap_ldaps'),
                   'ldap_version':3,
+                  }
             log.debug('Checking for ldap authentication')
             try:
                 aldap = AuthLdap(**kwargs)
                 res = aldap.authenticate_ldap(username, password)
                 authenticated = res[1]['uid'][0] == username
                 if authenticated and user_model.create_ldap(username, password):
                     log.info('created new ldap user')
                 return authenticated
             except (LdapUsernameError, LdapPasswordError):
                 return False
             except:
                 log.error(traceback.format_exc())
                 return False
     return False
 class  AuthUser(object):
     """
     A simple object that handles a mercurial username for authentication
     """
     def __init__(self):
         self.username = 'None'
         self.name = ''
         self.lastname = ''
         self.email = ''
         self.user_id = None
         self.is_authenticated = False
         self.is_admin = False
         self.permissions = {}
     def __repr__(self):
         return "<AuthUser('id:%s:%s')>" % (self.user_id, self.username)
 def set_available_permissions(config):
     """
     This function will propagate pylons globals with all available defined
     permission given in db. We don't wannt to check each time from db for new
     permissions since adding a new permission also requires application restart
     ie. to decorate new views with the newly created permission
     :param config:
     """
     log.info('getting information about all available permissions')
     try:
         sa = meta.Session()
         all_perms = sa.query(Permission).all()
     except:
         pass
     finally:
         meta.Session.remove()
     config['available_permissions'] = [x.permission_name for x in all_perms]
 def set_base_path(config):
     config['base_path'] = config['pylons.app_globals'].base_path
 def fill_perms(user):
     """
     Fills user permission attribute with permissions taken from database
     :param user:
     """
     sa = meta.Session()
     user.permissions['repositories'] = {}
     user.permissions['global'] = set()
     #===========================================================================
     # fetch default permissions
     #===========================================================================
     default_user = UserModel().get_by_username('default', cache=True)
     default_perms = sa.query(RepoToPerm, Repository, Permission)\
         .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
         .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
         .filter(RepoToPerm.user == default_user).all()
     if user.is_admin:
         #=======================================================================
         # #admin have all default rights set to admin
         #=======================================================================
         user.permissions['global'].add('hg.admin')
         for perm in default_perms:
             p = 'repository.admin'
             user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p

rhodecode/public/css/style.css

➞

Show inline comments

@@ @@ -2224,158 +2224,158 @@ text-align:center; @@
 text-align:right;
 margin:6px 0 0;
 padding:0;
+}
 #content div.box div.action div.button input.ui-state-default,#login div.form div.fields div.buttons input.ui-state-default,#register div.form div.fields div.buttons input.ui-state-default {
 background:#e5e3e3 url("../images/button.png") repeat-x;
 border-top:1px solid #DDD;
 border-left:1px solid #c6c6c6;
 border-right:1px solid #DDD;
 border-bottom:1px solid #c6c6c6;
 color:#515151;
 margin:0;
 padding:6px 12px;
+}
 #content div.box div.action div.button input.ui-state-hover,#login div.form div.fields div.buttons input.ui-state-hover,#register div.form div.fields div.buttons input.ui-state-hover {
 background:#b4b4b4 url("../images/button_selected.png") repeat-x;
 border-top:1px solid #ccc;
 border-left:1px solid #bebebe;
 border-right:1px solid #b1b1b1;
 border-bottom:1px solid #afafaf;
 color:#515151;
 margin:0;
 padding:6px 12px;
+}
 #content div.box div.pagination div.results,#content div.box div.pagination-wh div.results {
 text-align:left;
 float:left;
 margin:0;
 padding:0;
+}
 #content div.box div.pagination div.results span,#content div.box div.pagination-wh div.results span {
 height:1%;
 display:block;
 float:left;
 background:#ebebeb url("../images/pager.png") repeat-x;
 border-top:1px solid #dedede;
 border-left:1px solid #cfcfcf;
 border-right:1px solid #c4c4c4;
 border-bottom:1px solid #c4c4c4;
 color:#4A4A4A;
 font-weight:700;
 margin:0;
 padding:6px 8px;
+}
 #content div.box div.pagination ul.pager li.disabled,#content div.box div.pagination-wh a.disabled {
 color:#B4B4B4;
 padding:6px;
+}
 #login,#register {
 width:520px;
 margin:10% auto 0;
 padding:0;
+}
 #login div.color,#register div.color {
 clear:both;
 overflow:hidden;
 background:#FFF;
 margin:10px auto 0;
 padding:3px 3px 3px 0;
+}
 #login div.color a,#register div.color a {
 width:20px;
 height:20px;
 display:block;
 float:left;
 margin:0 0 0 3px;
 padding:0;
+}
 #login div.title h5,#register div.title h5 {
 color:#fff;
 margin:10px;
 padding:0;
+}
 #login div.form div.fields div.field,#register div.form div.fields div.field {
 clear:both;
 overflow:hidden;
 margin:0;
 padding:0 0 10px;
+}
 #login div.form div.fields div.field span.error-message,#register div.form div.fields div.field span.error-message {
 height:1%;
 display:block;
 color:red;
 margin:8px 0 0;
 padding:0;
 width: 320px;
+max-width: 320px;
+}
 #login div.form div.fields div.field div.label label,#register div.form div.fields div.field div.label label {
 color:#000;
 font-weight:700;
+}
 #login div.form div.fields div.field div.input,#register div.form div.fields div.field div.input {
 float:left;
 margin:0;
 padding:0;
+}
 #login div.form div.fields div.field div.checkbox,#register div.form div.fields div.field div.checkbox {
 margin:0 0 0 184px;
 padding:0;
+}
 #login div.form div.fields div.field div.checkbox label,#register div.form div.fields div.field div.checkbox label {
 color:#565656;
 font-weight:700;
+}
 #login div.form div.fields div.buttons input,#register div.form div.fields div.buttons input {
 color:#000;
 font-size:1em;
 font-weight:700;
 font-family:Verdana, Helvetica, Sans-Serif;
 margin:0;
+}
 #changeset_content .container .wrapper,#graph_content .container .wrapper {
 width:600px;
+}
 #changeset_content .container .left,#graph_content .container .left {
 float:left;
 width:70%;
 padding-left:5px;
+}
 #changeset_content .container .left .date,.ac .match {
 font-weight:700;
 padding-top: 5px;
 padding-bottom:5px;
+}
 div#legend_container table td,div#legend_choices table td {
 border:none !important;
 height:20px !important;
 padding:0 !important;
+}
 #q_filter{
 border:0 none;
 color:#AAAAAA;
 margin-bottom:-4px;
 margin-top:-4px;
 padding-left:3px;
+}

0 comments (0 inline, 0 general)