Changeset - c9fcb3b04d4a
Parent rev.
Child rev.
[Not reviewed]
default
0 6 0
Mads Kiilerich - 10 years ago 2015-07-31 15:44:07
madski@unity3d.com
auth: don't return extern_type from auth modules - it is not used anyway
6 files changed with 0 insertions and 10 deletions:
kallithea/lib/auth_modules/__init__.py
1
kallithea/lib/auth_modules/auth_container.py
2
kallithea/lib/auth_modules/auth_crowd.py
2
kallithea/lib/auth_modules/auth_internal.py
1
kallithea/lib/auth_modules/auth_ldap.py
2
kallithea/lib/auth_modules/auth_pam.py
2
0 comments (0 inline, 0 general)
kallithea/lib/auth_modules/__init__.py
Show inline comments
 
@@ -33,49 +33,48 @@ log = logging.getLogger(__name__)
 

			




	
	
	
		
 
class LazyFormencode(object):

			




	
	
	
		
 
    def __init__(self, formencode_obj, *args, **kwargs):

			




	
	
	
		
 
        self.formencode_obj = formencode_obj

			




	
	
	
		
 
        self.args = args

			




	
	
	
		
 
        self.kwargs = kwargs

			




	
	
	
		
 

			




	
	
	
		
 
    def __call__(self, *args, **kwargs):

			




	
	
	
		
 
        from inspect import isfunction

			




	
	
	
		
 
        formencode_obj = self.formencode_obj

			




	
	
	
		
 
        if isfunction(formencode_obj):

			




	
	
	
		
 
            #case we wrap validators into functions

			




	
	
	
		
 
            formencode_obj = self.formencode_obj(*args, **kwargs)

			




	
	
	
		
 
        return formencode_obj(*self.args, **self.kwargs)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class KallitheaAuthPluginBase(object):

			




	
	
	
		
 
    auth_func_attrs = {

			




	
	
	
		
 
        "username": "unique username",

			




	
	
	
		
 
        "firstname": "first name",

			




	
	
	
		
 
        "lastname": "last name",

			




	
	
	
		
 
        "email": "email address",

			




	
	
	
		
 
        "groups": '["list", "of", "groups"]',

			




	
	
	
		
 
        "extern_name": "name in external source of record",

			




	
	
	
		
 
        "extern_type": "type of external source of record",

			




	
	
	
		
 
        "admin": 'True|False defines if user should be Kallithea admin',

			




	
	
	
		
 
        "active": 'True|False defines active state of user in Kallithea',

			




	
	
	
		
 
        "active_from_extern": "True|False|None, active state from the external auth, "

			




	
	
	
		
 
                              "None means use value from the auth plugin"

			




	
	
	
		
 
    }

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def validators(self):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Exposes Kallithea validators modules

			




	
	
	
		
 
        """

			




	
	
	
		
 
        # this is a hack to overcome issues with pylons threadlocals and

			




	
	
	
		
 
        # translator object _() not being registered properly.

			




	
	
	
		
 
        class LazyCaller(object):

			




	
	
	
		
 
            def __init__(self, name):

			




	
	
	
		
 
                self.validator_name = name

			




	
	
	
		
 

			




	
	
	
		
 
            def __call__(self, *args, **kwargs):

			




	
	
	
		
 
                from kallithea.model import validators as v

			




	
	
	
		
 
                obj = getattr(v, self.validator_name)

			




	
	
	
		
 
                #log.debug('Initializing lazy formencode object: %s' % obj)

			




	
	
	
		
 
                return LazyFormencode(obj, *args, **kwargs)

			




	
	
	
		
 

			




	
	
	
		
 

			




        

    


    
    

    

        

                

                    kallithea/lib/auth_modules/auth_container.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -154,41 +154,39 @@ class KallitheaAuthPlugin(auth_modules.K

			




	
	
	
		
 
        if not userobj:

			




	
	
	
		
 
            userobj = self.get_user('', environ=environ, settings=settings)

			




	
	
	
		
 

			




	
	
	
		
 
        # we don't care passed username/password for container auth plugins.

			




	
	
	
		
 
        # only way to log in is using environ

			




	
	
	
		
 
        username = None

			




	
	
	
		
 
        if userobj:

			




	
	
	
		
 
            username = getattr(userobj, 'username')

			




	
	
	
		
 

			




	
	
	
		
 
        if not username:

			




	
	
	
		
 
            # we don't have any objects in DB, user doesn't exist, extract

			




	
	
	
		
 
            # username from environ based on the settings

			




	
	
	
		
 
            username = self._get_username(environ, settings)

			




	
	
	
		
 

			




	
	
	
		
 
        # if cannot fetch username, it's a no-go for this plugin to proceed

			




	
	
	
		
 
        if not username:

			




	
	
	
		
 
            return None

			




	
	
	
		
 

			




	
	
	
		
 
        # old attrs fetched from Kallithea database

			




	
	
	
		
 
        admin = getattr(userobj, 'admin', False)

			




	
	
	
		
 
        active = getattr(userobj, 'active', True)

			




	
	
	
		
 
        email = getattr(userobj, 'email', '')

			




	
	
	
		
 
        firstname = getattr(userobj, 'firstname', '')

			




	
	
	
		
 
        lastname = getattr(userobj, 'lastname', '')

			




	
	
	
		
 
        extern_type = getattr(userobj, 'extern_type', '')

			




	
	
	
		
 

			




	
	
	
		
 
        user_data = {

			




	
	
	
		
 
            'username': username,

			




	
	
	
		
 
            'firstname': safe_unicode(firstname or username),

			




	
	
	
		
 
            'lastname': safe_unicode(lastname or ''),

			




	
	
	
		
 
            'groups': [],

			




	
	
	
		
 
            'email': email or '',

			




	
	
	
		
 
            'admin': admin or False,

			




	
	
	
		
 
            'active': active,

			




	
	
	
		
 
            'active_from_extern': True,

			




	
	
	
		
 
            'extern_name': username,

			




	
	
	
		
 
            'extern_type': extern_type,

			




	
	
	
		
 
        }

			




	
	
	
		
 

			




	
	
	
		
 
        log.info('user `%s` authenticated correctly' % user_data['username'])

			




	
	
	
		
 
        return user_data

			




        

    


    
    

    

        

                

                    kallithea/lib/auth_modules/auth_crowd.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -199,46 +199,44 @@ class KallitheaAuthPlugin(auth_modules.K

			




	
	
	
		
 
        This is later validated for correctness

			




	
	
	
		
 
        """

			




	
	
	
		
 
        if not username or not password:

			




	
	
	
		
 
            log.debug('Empty username or password skipping...')

			




	
	
	
		
 
            return None

			




	
	
	
		
 

			




	
	
	
		
 
        log.debug("Crowd settings: \n%s" % (formatted_json(settings)))

			




	
	
	
		
 
        server = CrowdServer(**settings)

			




	
	
	
		
 
        server.set_credentials(settings["app_name"], settings["app_password"])

			




	
	
	
		
 
        crowd_user = server.user_auth(username, password)

			




	
	
	
		
 
        log.debug("Crowd returned: \n%s" % (formatted_json(crowd_user)))

			




	
	
	
		
 
        if not crowd_user["status"]:

			




	
	
	
		
 
            return None

			




	
	
	
		
 

			




	
	
	
		
 
        res = server.user_groups(crowd_user["name"])

			




	
	
	
		
 
        log.debug("Crowd groups: \n%s" % (formatted_json(res)))

			




	
	
	
		
 
        crowd_user["groups"] = [x["name"] for x in res["groups"]]

			




	
	
	
		
 

			




	
	
	
		
 
        # old attrs fetched from Kallithea database

			




	
	
	
		
 
        admin = getattr(userobj, 'admin', False)

			




	
	
	
		
 
        active = getattr(userobj, 'active', True)

			




	
	
	
		
 
        email = getattr(userobj, 'email', '')

			




	
	
	
		
 
        firstname = getattr(userobj, 'firstname', '')

			




	
	
	
		
 
        lastname = getattr(userobj, 'lastname', '')

			




	
	
	
		
 
        extern_type = getattr(userobj, 'extern_type', '')

			




	
	
	
		
 

			




	
	
	
		
 
        user_data = {

			




	
	
	
		
 
            'username': username,

			




	
	
	
		
 
            'firstname': crowd_user["first-name"] or firstname,

			




	
	
	
		
 
            'lastname': crowd_user["last-name"] or lastname,

			




	
	
	
		
 
            'groups': crowd_user["groups"],

			




	
	
	
		
 
            'email': crowd_user["email"] or email,

			




	
	
	
		
 
            'admin': admin,

			




	
	
	
		
 
            'active': active,

			




	
	
	
		
 
            'active_from_extern': crowd_user.get('active'),

			




	
	
	
		
 
            'extern_name': crowd_user["name"],

			




	
	
	
		
 
            'extern_type': extern_type,

			




	
	
	
		
 
        }

			




	
	
	
		
 

			




	
	
	
		
 
        # set an admin if we're in admin_groups of crowd

			




	
	
	
		
 
        for group in settings["admin_groups"].split(","):

			




	
	
	
		
 
            if group in user_data["groups"]:

			




	
	
	
		
 
                user_data["admin"] = True

			




	
	
	
		
 
        log.debug("Final crowd user object: \n%s" % (formatted_json(user_data)))

			




	
	
	
		
 
        log.info('user %s authenticated correctly' % user_data['username'])

			




	
	
	
		
 
        return user_data

			




        

    


    
    

    

        

                

                    kallithea/lib/auth_modules/auth_internal.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -57,44 +57,43 @@ class KallitheaAuthPlugin(auth_modules.K

			




	
	
	
		
 
        know that user exists in database.

			




	
	
	
		
 
        """

			




	
	
	
		
 
        return super(KallitheaAuthPlugin, self).accepts(user,

			




	
	
	
		
 
                                                        accepts_empty=False)

			




	
	
	
		
 

			




	
	
	
		
 
    def auth(self, userobj, username, password, settings, **kwargs):

			




	
	
	
		
 
        if not userobj:

			




	
	
	
		
 
            log.debug('userobj was:%s skipping' % (userobj, ))

			




	
	
	
		
 
            return None

			




	
	
	
		
 
        if userobj.extern_type != self.name:

			




	
	
	
		
 
            log.warning("userobj:%s extern_type mismatch got:`%s` expected:`%s`"

			




	
	
	
		
 
                     % (userobj, userobj.extern_type, self.name))

			




	
	
	
		
 
            return None

			




	
	
	
		
 

			




	
	
	
		
 
        user_data = {

			




	
	
	
		
 
            "username": userobj.username,

			




	
	
	
		
 
            "firstname": userobj.firstname,

			




	
	
	
		
 
            "lastname": userobj.lastname,

			




	
	
	
		
 
            "groups": [],

			




	
	
	
		
 
            "email": userobj.email,

			




	
	
	
		
 
            "admin": userobj.admin,

			




	
	
	
		
 
            "active": userobj.active,

			




	
	
	
		
 
            "active_from_extern": userobj.active,

			




	
	
	
		
 
            "extern_name": userobj.user_id,

			




	
	
	
		
 
            'extern_type': userobj.extern_type,

			




	
	
	
		
 
        }

			




	
	
	
		
 

			




	
	
	
		
 
        log.debug(formatted_json(user_data))

			




	
	
	
		
 
        if userobj.active:

			




	
	
	
		
 
            from kallithea.lib import auth

			




	
	
	
		
 
            password_match = auth.KallitheaCrypto.hash_check(password, userobj.password)

			




	
	
	
		
 
            if userobj.username == User.DEFAULT_USER and userobj.active:

			




	
	
	
		
 
                log.info('user %s authenticated correctly as anonymous user' %

			




	
	
	
		
 
                         username)

			




	
	
	
		
 
                return user_data

			




	
	
	
		
 

			




	
	
	
		
 
            elif userobj.username == username and password_match:

			




	
	
	
		
 
                log.info('user %s authenticated correctly' % user_data['username'])

			




	
	
	
		
 
                return user_data

			




	
	
	
		
 
            log.error("user %s had a bad password" % username)

			




	
	
	
		
 
            return None

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            log.warning('user %s tried auth but is disabled' % username)

			




	
	
	
		
 
            return None

			




        

    


    
    

    

        

                

                    kallithea/lib/auth_modules/auth_ldap.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -317,47 +317,45 @@ class KallitheaAuthPlugin(auth_modules.K

			




	
	
	
		
 
            'search_scope': settings.get('search_scope'),

			




	
	
	
		
 
            'attr_login': settings.get('attr_login'),

			




	
	
	
		
 
            'ldap_version': 3,

			




	
	
	
		
 
        }

			




	
	
	
		
 

			




	
	
	
		
 
        if kwargs['bind_dn'] and not kwargs['bind_pass']:

			




	
	
	
		
 
            log.debug('Using dynamic binding.')

			




	
	
	
		
 
            kwargs['bind_dn'] = kwargs['bind_dn'].replace('$login', username)

			




	
	
	
		
 
            kwargs['bind_pass'] = password

			




	
	
	
		
 
        log.debug('Checking for ldap authentication')

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            aldap = AuthLdap(**kwargs)

			




	
	
	
		
 
            (user_dn, ldap_attrs) = aldap.authenticate_ldap(username, password)

			




	
	
	
		
 
            log.debug('Got ldap DN response %s' % user_dn)

			




	
	
	
		
 

			




	
	
	
		
 
            get_ldap_attr = lambda k: ldap_attrs.get(settings.get(k), [''])[0]

			




	
	
	
		
 

			




	
	
	
		
 
            # old attrs fetched from Kallithea database

			




	
	
	
		
 
            admin = getattr(userobj, 'admin', False)

			




	
	
	
		
 
            active = getattr(userobj, 'active', self.user_activation_state())

			




	
	
	
		
 
            email = getattr(userobj, 'email', '')

			




	
	
	
		
 
            firstname = getattr(userobj, 'firstname', '')

			




	
	
	
		
 
            lastname = getattr(userobj, 'lastname', '')

			




	
	
	
		
 
            extern_type = getattr(userobj, 'extern_type', '')

			




	
	
	
		
 

			




	
	
	
		
 
            user_data = {

			




	
	
	
		
 
                'username': username,

			




	
	
	
		
 
                'firstname': safe_unicode(get_ldap_attr('attr_firstname') or firstname),

			




	
	
	
		
 
                'lastname': safe_unicode(get_ldap_attr('attr_lastname') or lastname),

			




	
	
	
		
 
                'groups': [],

			




	
	
	
		
 
                'email': get_ldap_attr('attr_email') or email,

			




	
	
	
		
 
                'admin': admin,

			




	
	
	
		
 
                'active': active,

			




	
	
	
		
 
                "active_from_extern": None,

			




	
	
	
		
 
                'extern_name': user_dn,

			




	
	
	
		
 
                'extern_type': extern_type,

			




	
	
	
		
 
            }

			




	
	
	
		
 
            log.info('user %s authenticated correctly' % user_data['username'])

			




	
	
	
		
 
            return user_data

			




	
	
	
		
 

			




	
	
	
		
 
        except (LdapUsernameError, LdapPasswordError, LdapImportError):

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            return None

			




	
	
	
		
 
        except (Exception,):

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            return None

			




        

    


    
    

    

        

                

                    kallithea/lib/auth_modules/auth_pam.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -88,53 +88,51 @@ class KallitheaAuthPlugin(auth_modules.K

			




	
	
	
		
 
        if username not in _auth_cache:

			




	
	
	
		
 
            # Need lock here, as PAM authentication is not thread safe

			




	
	
	
		
 
            _pam_lock.acquire()

			




	
	
	
		
 
            try:

			




	
	
	
		
 
                auth_result = pam.authenticate(username, password,

			




	
	
	
		
 
                                               settings["service"])

			




	
	
	
		
 
                # cache result only if we properly authenticated

			




	
	
	
		
 
                if auth_result:

			




	
	
	
		
 
                    _auth_cache[username] = time.time()

			




	
	
	
		
 
            finally:

			




	
	
	
		
 
                _pam_lock.release()

			




	
	
	
		
 

			




	
	
	
		
 
            if not auth_result:

			




	
	
	
		
 
                log.error("PAM was unable to authenticate user: %s" % (username,))

			




	
	
	
		
 
                return None

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            log.debug("Using cached auth for user: %s" % (username,))

			




	
	
	
		
 

			




	
	
	
		
 
        # old attrs fetched from Kallithea database

			




	
	
	
		
 
        admin = getattr(userobj, 'admin', False)

			




	
	
	
		
 
        active = getattr(userobj, 'active', True)

			




	
	
	
		
 
        email = getattr(userobj, 'email', '') or "%s@%s" % (username, socket.gethostname())

			




	
	
	
		
 
        firstname = getattr(userobj, 'firstname', '')

			




	
	
	
		
 
        lastname = getattr(userobj, 'lastname', '')

			




	
	
	
		
 
        extern_type = getattr(userobj, 'extern_type', '')

			




	
	
	
		
 

			




	
	
	
		
 
        user_data = {

			




	
	
	
		
 
            'username': username,

			




	
	
	
		
 
            'firstname': firstname,

			




	
	
	
		
 
            'lastname': lastname,

			




	
	
	
		
 
            'groups': [g.gr_name for g in grp.getgrall() if username in g.gr_mem],

			




	
	
	
		
 
            'email': email,

			




	
	
	
		
 
            'admin': admin,

			




	
	
	
		
 
            'active': active,

			




	
	
	
		
 
            "active_from_extern": None,

			




	
	
	
		
 
            'extern_name': username,

			




	
	
	
		
 
            'extern_type': extern_type,

			




	
	
	
		
 
        }

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            user_data = pwd.getpwnam(username)

			




	
	
	
		
 
            regex = settings["gecos"]

			




	
	
	
		
 
            match = re.search(regex, user_data.pw_gecos)

			




	
	
	
		
 
            if match:

			




	
	
	
		
 
                user_data["firstname"] = match.group('first_name')

			




	
	
	
		
 
                user_data["lastname"] = match.group('last_name')

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 
            log.warning("Cannot extract additional info for PAM user %s", username)

			




	
	
	
		
 
            pass

			




	
	
	
		
 

			




	
	
	
		
 
        log.debug("pamuser: \n%s" % formatted_json(user_data))

			




	
	
	
		
 
        log.info('user %s authenticated correctly' % user_data['username'])

			




	
	
	
		
 
        return user_data

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.