kallithea Changeset - c81379d100e0

Changeset - c81379d100e0

Parent rev.

Child rev.

[Not reviewed]

default

0 1 0

Denis Blanchette - 11 years ago 2015-01-23 17:06:06
dblanchette@coveo.com

pull request: fix user automatically activated with LDAP authentication (Issue #78)

1 file changed with 1 insertions and 1 deletions:

kallithea/lib/auth_modules/auth_ldap.py

0 comments (0 inline, 0 general)

kallithea/lib/auth_modules/auth_ldap.py

➞

Show inline comments

@@ @@ -289,75 +289,75 @@ class KallitheaAuthPlugin(auth_modules.K @@
         def_user_perms = User.get_default_user().AuthUser.permissions['global']
         return 'hg.extern_activate.auto' in def_user_perms
     def auth(self, userobj, username, password, settings, **kwargs):
         """
         Given a user object (which may be null), username, a plaintext password,
         and a settings object (containing all the keys needed as listed in settings()),
         authenticate this user's login attempt.
         Return None on failure. On success, return a dictionary of the form:
             see: KallitheaAuthPluginBase.auth_func_attrs
         This is later validated for correctness
         """
         if not username or not password:
             log.debug('Empty username or password skipping...')
             return None
         kwargs = {
             'server': settings.get('host', ''),
             'base_dn': settings.get('base_dn', ''),
             'port': settings.get('port'),
             'bind_dn': settings.get('dn_user'),
             'bind_pass': settings.get('dn_pass'),
             'tls_kind': settings.get('tls_kind'),
             'tls_reqcert': settings.get('tls_reqcert'),
             'ldap_filter': settings.get('filter'),
             'search_scope': settings.get('search_scope'),
             'attr_login': settings.get('attr_login'),
             'ldap_version': 3,
+        }
         if kwargs['bind_dn'] and not kwargs['bind_pass']:
             log.debug('Using dynamic binding.')
             kwargs['bind_dn'] = kwargs['bind_dn'].replace('$login', username)
             kwargs['bind_pass'] = password
         log.debug('Checking for ldap authentication')
         try:
             aldap = AuthLdap(**kwargs)
             (user_dn, ldap_attrs) = aldap.authenticate_ldap(username, password)
             log.debug('Got ldap DN response %s' % user_dn)
             get_ldap_attr = lambda k: ldap_attrs.get(settings.get(k), [''])[0]
             # old attrs fetched from Kallithea database
             admin = getattr(userobj, 'admin', False)
-            active = getattr(userobj, 'active', True)
+            active = getattr(userobj, 'active', self.user_activation_state())
             email = getattr(userobj, 'email', '')
             firstname = getattr(userobj, 'firstname', '')
             lastname = getattr(userobj, 'lastname', '')
             extern_type = getattr(userobj, 'extern_type', '')
             user_attrs = {
                 'username': username,
                 'firstname': safe_unicode(get_ldap_attr('attr_firstname') or firstname),
                 'lastname': safe_unicode(get_ldap_attr('attr_lastname') or lastname),
                 'groups': [],
                 'email': get_ldap_attr('attr_email' or email),
                 'admin': admin,
                 'active': active,
                 "active_from_extern": None,
                 'extern_name': user_dn,
                 'extern_type': extern_type,
+            }
             log.info('user %s authenticated correctly' % user_attrs['username'])
             return user_attrs
         except (LdapUsernameError, LdapPasswordError, LdapImportError):
             log.error(traceback.format_exc())
             return None
         except (Exception,):
             log.error(traceback.format_exc())
             return None

0 comments (0 inline, 0 general)