kallithea Changeset - ab0e122b38a7

Changeset - ab0e122b38a7

Parent rev.

Child rev.

[Not reviewed]

default

0 1 0

Marcin Kuzminski - 14 years ago 2012-02-19 19:21:14
marcin@python-works.com

backported to stable #355 LDAP passwords stored

1 file changed with 11 insertions and 4 deletions:

rhodecode/lib/auth.py

0 comments (0 inline, 0 general)

rhodecode/lib/auth.py

➞

Show inline comments

@@ @@ -55,50 +55,52 @@ log = logging.getLogger(__name__) @@
 class PasswordGenerator(object):
     """This is a simple class for generating password from
         different sets of characters
         usage:
         passwd_gen = PasswordGenerator()
         #print 8-letter password containing only big and small letters
             of alphabet
         print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
     """
     ALPHABETS_NUM = r'''1234567890'''
     ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''
     ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''
     ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''
     ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \
         + ALPHABETS_NUM + ALPHABETS_SPECIAL
     ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM
     ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
     ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM
     ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM
     def __init__(self, passwd=''):
         self.passwd = passwd
     def gen_password(self, len, type):
         self.passwd = ''.join([random.choice(type) for _ in xrange(len)])
     def gen_password(self, length, type_=None):
         if type_ is None:
             type_ = self.ALPHABETS_FULL
         self.passwd = ''.join([random.choice(type_) for _ in xrange(length)])
         return self.passwd
 class RhodeCodeCrypto(object):
     @classmethod
     def hash_string(cls, str_):
         """
         Cryptographic function used for password hashing based on pybcrypt
         or pycrypto in windows
         :param password: password to hash
         """
         if __platform__ in PLATFORM_WIN:
             return sha256(str_).hexdigest()
         elif __platform__ in PLATFORM_OTHERS:
             return bcrypt.hashpw(str_, bcrypt.gensalt(10))
         else:
             raise Exception('Unknown or unsupported platform %s' \
                             % __platform__)
     @classmethod
     def hash_check(cls, password, hashed):
         """
@@ @@ -190,51 +192,56 @@ def authenticate(username, password): @@
                   'bind_pass': ldap_settings.get('ldap_dn_pass'),
                   'tls_kind': ldap_settings.get('ldap_tls_kind'),
                   'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),
                   'ldap_filter': ldap_settings.get('ldap_filter'),
                   'search_scope': ldap_settings.get('ldap_search_scope'),
                   'attr_login': ldap_settings.get('ldap_attr_login'),
                   'ldap_version': 3,
+                  }
             log.debug('Checking for ldap authentication')
             try:
                 aldap = AuthLdap(**kwargs)
                 (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,
                                                                 password)
                 log.debug('Got ldap DN response %s', user_dn)
                 get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\
                                                            .get(k), [''])[0]
                 user_attrs = {
                  'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),
                  'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),
                  'email': get_ldap_attr('ldap_attr_email'),
+                }
                 if user_model.create_ldap(username, password, user_dn,
                 # don't store LDAP password since we don't need it. Override
                 # with some random generated password
                 _password = PasswordGenerator().gen_password(length=8)
                 # create this user on the fly if it doesn't exist in rhodecode
                 # database
                 if user_model.create_ldap(username, _password, user_dn,
                                           user_attrs):
-                    log.info('created new ldap user %s', username)
+                    log.info('created new ldap user %s' % username)
                 return True
             except (LdapUsernameError, LdapPasswordError,):
                 pass
             except (Exception,):
                 log.error(traceback.format_exc())
                 pass
     return False
 class  AuthUser(object):
     """
     A simple object that handles all attributes of user in RhodeCode
     It does lookup based on API key,given user, or user present in session
     Then it fills all required information for such user. It also checks if
     anonymous access is enabled and if so, it returns default user as logged
     in
     """
     def __init__(self, user_id=None, api_key=None):
         self.user_id = user_id
         self.api_key = None

0 comments (0 inline, 0 general)