kallithea Changeset - c0335c1dee36

Changeset - c0335c1dee36

Parent rev.

Child rev.

[Not reviewed]

beta

1 9 0

Marcin Kuzminski - 15 years ago 2011-04-27 01:19:17
marcin@python-works.com

added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Updated docs for new ldap fixes. Removed depracated settings model, in exchange for db model classmethods.

10 files changed with 99 insertions and 165 deletions:

docs/setup.rst

rhodecode/controllers/admin/ldap_settings.py

rhodecode/controllers/admin/settings.py

rhodecode/lib/auth.py

rhodecode/lib/auth_ldap.py

rhodecode/lib/utils.py

rhodecode/model/db.py

rhodecode/model/settings.py

103

rhodecode/tests/functional/test_admin_ldap_settings.py

rhodecode/tests/functional/test_admin_settings.py

0 comments (0 inline, 0 general)

docs/setup.rst

➞

Show inline comments

@@ @@ -140,20 +140,20 @@ or in the admin panel you can check `bui @@
 Setting up LDAP support
 -----------------------
 RhodeCode starting from version 1.1 supports ldap authentication. In order
 to use LDAP, you have to install the python-ldap_ package. This package is available
 via pypi, so you can install it by running
 to use LDAP, you have to install the python-ldap_ package. This package is
 available via pypi, so you can install it by running
 ::
+using easy_install::
     easy_install python-ldap
 ::
+using pip::
     pip install python-ldap
 .. note::
    python-ldap requires some certain libs on your system, so before installing
    it check that you have at least `openldap`, and `sasl` libraries.
@@ @@ -165,13 +165,13 @@ Here's a typical ldap setup:: @@
  Connection settings
  Enable LDAP          = checked
  Host                 = host.example.org
  Port                 = 389
  Account              = <account>
  Password             = <password>
- Enable LDAPS         = checked
+ Connection Security  = LDAPS connection
  Certificate Checks   = DEMAND
  Search settings
  Base DN              = CN=users,DC=host,DC=example,DC=org
  LDAP Filter          = (&(objectClass=user)(!(objectClass=computer)))
  LDAP Search Scope    = SUBTREE
@@ @@ -209,17 +209,25 @@ Account : optional @@
 Password : optional
     Only required if the LDAP server does not allow anonymous browsing of
     records.
 .. _Enable LDAPS:
 Enable LDAPS : optional
     Check this if SSL encryption is necessary for communication with the
     LDAP server - it will likely require `Port`_ to be set to a different
     value (standard LDAPS port is 636).  When LDAPS is enabled then
     `Certificate Checks`_ is required.
 Connection Security : required
     Defines the connection to LDAP server
     No encryption
         Plain non encrypted connection
     LDAPS connection
         Enable ldaps connection. It will likely require `Port`_ to be set to
         a different value (standard LDAPS port is 636). When LDAPS is enabled
         then `Certificate Checks`_ is required.
     START_TLS on LDAP connection
         START TLS connection
 .. _Certificate Checks:
 Certificate Checks : optional
     How SSL certificates verification is handled - this is only useful when
     `Enable LDAPS`_ is enabled.  Only DEMAND or HARD offer full SSL security while

rhodecode/controllers/admin/ldap_settings.py

➞

Show inline comments

@@ @@ -29,19 +29,20 @@ import traceback @@
 from formencode import htmlfill
 from pylons import request, response, session, tmpl_context as c, url
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from sqlalchemy.exc import DatabaseError
 from rhodecode.lib.base import BaseController, render
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator
 from rhodecode.lib.auth_ldap import LdapImportError
 from rhodecode.model.settings import SettingsModel
 from rhodecode.lib.exceptions import LdapImportError
 from rhodecode.model.forms import LdapSettingsForm
-from sqlalchemy.exc import DatabaseError
+from rhodecode.model.db import RhodeCodeSettings
 log = logging.getLogger(__name__)
 class LdapSettingsController(BaseController):
@@ @@ -71,16 +72,21 @@ class LdapSettingsController(BaseControl @@
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
         c.search_scope_choices = self.search_scope_choices
         c.tls_reqcert_choices = self.tls_reqcert_choices
         c.tls_kind_choices = self.tls_kind_choices
         c.search_scope_cur = self.search_scope_default
         c.tls_reqcert_cur = self.tls_reqcert_default
         c.tls_kind_cur = self.tls_kind_default
         super(LdapSettingsController, self).__before__()
     def index(self):
-        defaults = SettingsModel().get_ldap_settings()
+        defaults = RhodeCodeSettings.get_ldap_settings()
         c.search_scope_cur = defaults.get('ldap_search_scope')
         c.tls_reqcert_cur = defaults.get('ldap_tls_reqcert')
         c.tls_kind_cur = defaults.get('ldap_tls_kind')
         return htmlfill.render(
                     render('admin/ldap/ldap.html'),
@@ @@ -88,24 +94,23 @@ class LdapSettingsController(BaseControl @@
                     encoding="UTF-8",
                     force_defaults=True,)
     def ldap_settings(self):
         """POST ldap create and store ldap settings"""
         settings_model = SettingsModel()
         _form = LdapSettingsForm([x[0] for x in self.tls_reqcert_choices],
                                  [x[0] for x in self.search_scope_choices],
                                  [x[0] for x in self.tls_kind_choices])()
         try:
             form_result = _form.to_python(dict(request.POST))
             try:
                 for k, v in form_result.items():
                     if k.startswith('ldap_'):
-                        setting = settings_model.get(k)
+                        setting = RhodeCodeSettings.get_by_name(k)
                         setting.app_settings_value = v
                         self.sa.add(setting)
                 self.sa.commit()
                 h.flash(_('Ldap settings updated successfully'),
                     category='success')
@@ @@ -113,20 +118,19 @@ class LdapSettingsController(BaseControl @@
                 raise
         except LdapImportError:
             h.flash(_('Unable to activate ldap. The "python-ldap" library '
                       'is missing.'), category='warning')
         except formencode.Invalid, errors:
             e = errors.error_dict or {}
             c.search_scope_cur = self.search_scope_default
             c.tls_reqcert_cur = self.search_scope_default
             return htmlfill.render(
                 render('admin/ldap/ldap.html'),
                 defaults=errors.value,
-                errors=errors.error_dict or {},
+                errors=e,
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('error occurred during update of ldap settings'),
                     category='error')

rhodecode/controllers/admin/settings.py

➞

Show inline comments

@@ @@ -37,17 +37,17 @@ from rhodecode.lib import helpers as h @@
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \
     HasPermissionAnyDecorator, NotAnonymous
 from rhodecode.lib.base import BaseController, render
 from rhodecode.lib.celerylib import tasks, run_task
 from rhodecode.lib.utils import repo2db_mapper, invalidate_cache, \
     set_rhodecode_config, repo_name_slug
 from rhodecode.model.db import RhodeCodeUi, Repository, Group
 from rhodecode.model.db import RhodeCodeUi, Repository, Group, \
     RhodeCodeSettings
 from rhodecode.model.forms import UserForm, ApplicationSettingsForm, \
     ApplicationUiSettingsForm
 from rhodecode.model.scm import ScmModel
 from rhodecode.model.settings import SettingsModel
 from rhodecode.model.user import UserModel
 log = logging.getLogger(__name__)
 class SettingsController(BaseController):
@@ @@ -65,13 +65,13 @@ class SettingsController(BaseController) @@
     @HasPermissionAllDecorator('hg.admin')
     def index(self, format='html'):
         """GET /admin/settings: All items in the collection"""
         # url('admin_settings')
-        defaults = SettingsModel().get_app_settings()
+        defaults = RhodeCodeSettings.get_app_settings()
         defaults.update(self.get_hg_ui_settings())
         return htmlfill.render(
             render('admin/settings/settings.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False
@@ @@ -118,24 +118,23 @@ class SettingsController(BaseController) @@
             h.flash(_('Whoosh reindex task scheduled'), category='success')
         if setting_id == 'global':
             application_form = ApplicationSettingsForm()()
             try:
                 form_result = application_form.to_python(dict(request.POST))
                 settings_model = SettingsModel()
                 try:
-                    hgsettings1 = settings_model.get('title')
+                    hgsettings1 = RhodeCodeSettings.get_by_name('title')
                     hgsettings1.app_settings_value = \
                         form_result['rhodecode_title']
-                    hgsettings2 = settings_model.get('realm')
+                    hgsettings2 = RhodeCodeSettings.get_by_name('realm')
                     hgsettings2.app_settings_value = \
                         form_result['rhodecode_realm']
-                    hgsettings3 = settings_model.get('ga_code')
+                    hgsettings3 = RhodeCodeSettings.get_by_name('ga_code')
                     hgsettings3.app_settings_value = \
                         form_result['rhodecode_ga_code']
                     self.sa.add(hgsettings1)
                     self.sa.add(hgsettings2)
                     self.sa.add(hgsettings3)

rhodecode/lib/auth.py

➞

Show inline comments

@@ @@ -45,13 +45,13 @@ from rhodecode.lib import str2bool @@
 from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError
 from rhodecode.lib.utils import get_repo_slug
 from rhodecode.lib.auth_ldap import AuthLdap
 from rhodecode.model import meta
 from rhodecode.model.user import UserModel
 from rhodecode.model.db import Permission
+from rhodecode.model.db import Permission, RhodeCodeSettings
 log = logging.getLogger(__name__)
 class PasswordGenerator(object):
     """This is a simple class for generating password from
@@ @@ -146,12 +146,13 @@ def authenticate(username, password): @@
     firstly checks for db authentication then if ldap is enabled for ldap
     authentication, also creates ldap user if not in database
     :param username: username
     :param password: password
     """
     user_model = UserModel()
     user = user_model.get_by_username(username, cache=False)
     log.debug('Authenticating user using RhodeCode account')
     if user is not None and not user.ldap_dn:
         if user.active:
@@ @@ -173,15 +174,13 @@ def authenticate(username, password): @@
                                             case_insensitive=True)
         if user_obj is not None and not user_obj.ldap_dn:
             log.debug('this user already exists as non ldap')
             return False
         from rhodecode.model.settings import SettingsModel
         ldap_settings = SettingsModel().get_ldap_settings()
         ldap_settings = RhodeCodeSettings.get_ldap_settings()
         #======================================================================
         # FALLBACK TO LDAP AUTH IF ENABLE
         #======================================================================
         if str2bool(ldap_settings.get('ldap_active')):
             log.debug("Authenticating user using ldap")
             kwargs = {
@@ @@ -201,19 +200,19 @@ def authenticate(username, password): @@
             try:
                 aldap = AuthLdap(**kwargs)
                 (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,
                                                                 password)
                 log.debug('Got ldap DN response %s', user_dn)
                 get_ldap_attr = lambda k:ldap_attrs.get(ldap_settings\
                                                            .get(k), [''])[0]
                 user_attrs = {
                     'name': ldap_attrs.get(ldap_settings\
                                        .get('ldap_attr_firstname'), [''])[0],
                     'lastname': ldap_attrs.get(ldap_settings\
                                            .get('ldap_attr_lastname'),[''])[0],
                     'email': ldap_attrs.get(ldap_settings\
                                         .get('ldap_attr_email'), [''])[0],
                     'name': get_ldap_attr('ldap_attr_firstname'),
                     'lastname': get_ldap_attr('ldap_attr_lastname'),
                     'email': get_ldap_attr('ldap_attr_email'),
+                    }
                 if user_model.create_ldap(username, password, user_dn,
                                           user_attrs):
                     log.info('created new ldap user %s', username)

rhodecode/lib/auth_ldap.py

➞

Show inline comments

 #!/usr/bin/env python
 # encoding: utf-8
 # ldap authentication lib
 # Copyright (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
+#
 # -*- coding: utf-8 -*-
 """
     rhodecode.controllers.changelog
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     RhodeCode authentication library for LDAP
     :created_on: Created on Nov 17, 2010
     :author: marcink
     :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 Created on Nov 17, 2010
 @author: marcink
 """
 from rhodecode.lib.exceptions import *
 import logging
 from rhodecode.lib.exceptions import LdapConnectionError, LdapUsernameError, \
     LdapPasswordError
 log = logging.getLogger(__name__)
 try:
     import ldap
 except ImportError:
     # means that python-ldap is not installed
     pass
 class AuthLdap(object):
     def __init__(self, server, base_dn, port=389, bind_dn='', bind_pass='',
-                 tls_kind = 'PLAIN', tls_reqcert='DEMAND', ldap_version=3,
                  tls_kind='PLAIN', tls_reqcert='DEMAND', ldap_version=3,
                  ldap_filter='(&(objectClass=user)(!(objectClass=computer)))',
                  search_scope='SUBTREE',
                  attr_login='uid'):
         self.ldap_version = ldap_version
         ldap_server_type = 'ldap'
@@ @@ -61,13 +68,12 @@ class AuthLdap(object): @@
         self.BASE_DN = base_dn
         self.LDAP_FILTER = ldap_filter
         self.SEARCH_SCOPE = ldap.__dict__['SCOPE_' + search_scope]
         self.attr_login = attr_login
     def authenticate_ldap(self, username, password):
         """Authenticate a user via LDAP and return his/her LDAP properties.
         Raises AuthenticationError if the credentials are rejected, or
         EnvironmentError if the LDAP server can't be reached.
@@ @@ -99,25 +105,27 @@ class AuthLdap(object): @@
             if self.TLS_KIND == 'START_TLS':
                 server.start_tls_s()
             if self.LDAP_BIND_DN and self.LDAP_BIND_PASS:
                 server.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS)
             filt = '(&%s(%s=%s))' % (self.LDAP_FILTER, self.attr_login, username)
             filt = '(&%s(%s=%s))' % (self.LDAP_FILTER, self.attr_login,
                                      username)
             log.debug("Authenticating %r filt %s at %s", self.BASE_DN,
                       filt, self.LDAP_SERVER)
             lobjects = server.search_ext_s(self.BASE_DN, self.SEARCH_SCOPE,
                                            filt)
             if not lobjects:
                 raise ldap.NO_SUCH_OBJECT()
             for (dn, _attrs) in lobjects:
                 try:
                     server.simple_bind_s(dn, password)
                     attrs = server.search_ext_s(dn, ldap.SCOPE_BASE, '(objectClass=*)')[0][1]
                     attrs = server.search_ext_s(dn, ldap.SCOPE_BASE,
                                                 '(objectClass=*)')[0][1]
                     break
                 except ldap.INVALID_CREDENTIALS, e:
                     log.debug("LDAP rejected password for user '%s' (%s): %s",
                               uid, username, dn)
@@ @@ -127,9 +135,10 @@ class AuthLdap(object): @@
                 raise LdapPasswordError()
         except ldap.NO_SUCH_OBJECT, e:
             log.debug("LDAP says no such user '%s' (%s)", uid, username)
             raise LdapUsernameError()
         except ldap.SERVER_DOWN, e:
             raise LdapConnectionError("LDAP can't access authentication server")
             raise LdapConnectionError("LDAP can't access "
                                       "authentication server")
         return (dn, attrs)

rhodecode/lib/utils.py

➞

Show inline comments

@@ @@ -41,13 +41,14 @@ from webhelpers.text import collapse, re @@
 from vcs.backends.base import BaseChangeset
 from vcs.utils.lazy import LazyProperty
 from rhodecode.model import meta
 from rhodecode.model.caching_query import FromCache
 from rhodecode.model.db import Repository, User, RhodeCodeUi, UserLog, Group
 from rhodecode.model.db import Repository, User, RhodeCodeUi, UserLog, Group, \
     RhodeCodeSettings
 from rhodecode.model.repo import RepoModel
 from rhodecode.model.user import UserModel
 log = logging.getLogger(__name__)
@@ @@ -284,14 +285,13 @@ def make_ui(read_from='file', path=None, @@
 def set_rhodecode_config(config):
     """Updates pylons config with new settings from database
     :param config:
     """
     from rhodecode.model.settings import SettingsModel
     hgsettings = SettingsModel().get_app_settings()
     hgsettings = RhodeCodeSettings.get_app_settings()
     for k, v in hgsettings.items():
         config[k] = v
 def invalidate_cache(cache_key, *args):

rhodecode/model/db.py

➞

Show inline comments

@@ @@ -62,12 +62,17 @@ class RhodeCodeSettings(Base): @@
     def __repr__(self):
         return "<%s('%s:%s')>" % (self.__class__.__name__,
                                   self.app_settings_name, self.app_settings_value)
     @classmethod
     def get_by_name(cls, ldap_key):
         return Session.query(cls)\
             .filter(cls.app_settings_name == ldap_key).scalar()
     @classmethod
     def get_app_settings(cls, cache=False):
         ret = Session.query(cls)
         if cache:
             ret = ret.options(FromCache("sql_cache_short", "get_hg_settings"))
@@ @@ -85,13 +90,13 @@ class RhodeCodeSettings(Base): @@
     def get_ldap_settings(cls, cache=False):
         ret = Session.query(cls)\
                 .filter(cls.app_settings_name.startswith('ldap_'))\
                 .all()
         fd = {}
         for row in ret:
-            fd.update({row.app_settings_name:str2bool(row.app_settings_value)})
             fd.update({row.app_settings_name:row.app_settings_value})
         return fd
 class RhodeCodeUi(Base):
     __tablename__ = 'rhodecode_ui'
     __table_args__ = {'useexisting':True}

rhodecode/model/settings.py

➞

Show inline comments

deleted file

rhodecode/tests/functional/test_admin_ldap_settings.py

➞

Show inline comments

 from rhodecode.tests import *
 class TestLdapSettingsController(TestController):
     def test_index(self):
         response = self.app.get(url(controller='admin/ldap_settings', action='index'))
         self.log_user()
         response = self.app.get(url(controller='admin/ldap_settings',
                                     action='index'))
         # Test response...
     def test_ldap_save_settings(self):
         pass
     def test_ldap_error_form(self):
         pass
     def test_ldap_login(self):
         pass
     def test_ldap_login_incorrect(self):
         pass

rhodecode/tests/functional/test_admin_settings.py

➞

Show inline comments

 from rhodecode.lib.auth import get_crypt_password, check_password
 from rhodecode.model.db import User
+from rhodecode.model.db import User, RhodeCodeSettings
 from rhodecode.tests import *
 from rhodecode.model.settings import SettingsModel
 class TestAdminSettingsController(TestController):
     def test_index(self):
         response = self.app.get(url('admin_settings'))
         # Test response...
@@ @@ -57,13 +56,13 @@ class TestAdminSettingsController(TestCo @@
                                                  rhodecode_title=old_title,
                                                  rhodecode_realm=old_realm,
                                                  rhodecode_ga_code=new_ga_code
                                                  ))
         assert 'Updated application settings' in response.session['flash'][0][1], 'no flash message about success of change'
-        assert SettingsModel(self.sa).get_app_settings()['rhodecode_ga_code'] == new_ga_code, 'change not in database'
+        assert RhodeCodeSettings.get_app_settings()['rhodecode_ga_code'] == new_ga_code, 'change not in database'
         response = response.follow()
         assert """_gaq.push(['_setAccount', '%s']);""" % new_ga_code in response.body
     def test_ga_code_inactive(self):
         self.log_user()
@@ @@ -76,13 +75,13 @@ class TestAdminSettingsController(TestCo @@
                                                  rhodecode_title=old_title,
                                                  rhodecode_realm=old_realm,
                                                  rhodecode_ga_code=new_ga_code
                                                  ))
         assert 'Updated application settings' in response.session['flash'][0][1], 'no flash message about success of change'
-        assert SettingsModel(self.sa).get_app_settings()['rhodecode_ga_code'] == new_ga_code, 'change not in database'
+        assert RhodeCodeSettings.get_app_settings()['rhodecode_ga_code'] == new_ga_code, 'change not in database'
         response = response.follow()
         assert """_gaq.push(['_setAccount', '%s']);""" % new_ga_code not in response.body
     def test_title_change(self):
@@ @@ -97,13 +96,13 @@ class TestAdminSettingsController(TestCo @@
                                                  rhodecode_realm=old_realm,
                                                  rhodecode_ga_code=''
                                                  ))
         assert 'Updated application settings' in response.session['flash'][0][1], 'no flash message about success of change'
-        assert SettingsModel(self.sa).get_app_settings()['rhodecode_title'] == new_title, 'change not in database'
+        assert RhodeCodeSettings.get_app_settings()['rhodecode_title'] == new_title, 'change not in database'
         response = response.follow()
         assert """<h1><a href="/">%s</a></h1>""" % new_title in response.body
     def test_my_account(self):

0 comments (0 inline, 0 general)