kallithea Changeset - e80b2cbbd4ba

Changeset - e80b2cbbd4ba

Parent rev.

Child rev.

[Not reviewed]

Merge beta

0 12 0

Marcin Kuzminski - 15 years ago 2011-02-04 12:29:45
marcin@python-works.com

merge thayne ldap extensions

12 files changed with 324 insertions and 77 deletions:

docs/setup.rst

170

rhodecode/controllers/admin/ldap_settings.py

rhodecode/lib/auth.py

rhodecode/lib/auth_ldap.py

rhodecode/lib/db_manage.py

rhodecode/model/db.py

rhodecode/model/forms.py

rhodecode/model/settings.py

rhodecode/model/user.py

rhodecode/templates/admin/ldap/ldap.html

rhodecode/templates/admin/users/user_edit.html

rhodecode/templates/admin/users/users.html

0 comments (0 inline, 0 general)

docs/setup.rst

➞

Show inline comments

 .. _setup:
 Setup
 =====
 Setting up the application
 --------------------------
 First You'll ned to create RhodeCode config file. Run the following command
 to do this
 ::
  paster make-config RhodeCode production.ini
 - This will create `production.ini` config inside the directory
   this config contains various settings for RhodeCode, e.g proxy port,
   email settings, usage of static files, cache, celery settings and logging.
 Next we need to create the database.
 ::
  paster setup-app production.ini
 - This command will create all needed tables and an admin account.
   When asked for a path You can either use a new location of one with already
   existing ones. RhodeCode will simply add all new found repositories to
   it's database. Also make sure You specify correct path to repositories.
 - Remember that the given path for mercurial_ repositories must be write
   accessible for the application. It's very important since RhodeCode web
   interface will work even without such an access but, when trying to do a
   push it'll eventually fail with permission denied errors.
 You are ready to use rhodecode, to run it simply execute
 ::
  paster serve production.ini
 - This command runs the RhodeCode server the app should be available at the
 .0.0.1:5000. This ip and port is configurable via the production.ini
   file created in previous step
 - Use admin account you created to login.
 - Default permissions on each repository is read, and owner is admin. So
   remember to update these if needed. In the admin panel You can toggle ldap,
   anonymous, permissions settings. As well as edit more advanced options on
   users and repositories
 Using RhodeCode with SSH
 ------------------------
 RhodeCode repository structures are kept in directories with the same name
 as the project, when using repository groups, each group is a a subdirectory.
 This will allow You to use ssh for accessing repositories quite easy. There
 are some exceptions when using ssh for accessing repositories.
 You have to make sure that the webserver as well as the ssh users have unix
 permission for directories. Secondly when using ssh rhodecode will not
 authenticate those requests and permissions set by the web interface will not
 work on the repositories accessed via ssh. There is a solution to this to use
 auth hooks, that connects to rhodecode db, and runs check functions for
 permissions.
 TODO: post more info on this !
 if Your main directory (the same as set in RhodeCode settings) is set to
 for example `\home\hg` and repository You are using is `rhodecode`
 The command runned should look like this::
  hg clone ssh://user@server.com/home/hg/rhodecode
 Using external tools such as mercurial server or using ssh key based auth is
 fully supported.
 Setting up Whoosh full text search
 ----------------------------------
 Starting from version 1.1 whoosh index can be build using paster command.
 You have to specify the config file that stores location of index, and
 location of repositories (`--repo-location`). Starting from version 1.2 it is
 also possible to specify a comma separated list of repositories (`--index-only`)
 to build index only on chooses repositories skipping any other found in repos
 location
 There is possible also to pass `-f` to the options
 to enable full index rebuild. Without that indexing will run always in in
 incremental mode.
 incremental mode::
  paster make-index production.ini --repo-location=<location for repos>
 for full index rebuild You can use::
  paster make-index production.ini -f --repo-location=<location for repos>
 building index just for chosen repositories is possible with such command::
  paster make-index production.ini --repo-location=<location for repos> --index-only=vcs,rhodecode
 In order to do periodical index builds and keep Your index always up to date.
 It's recommended to do a crontab entry for incremental indexing.
 An example entry might look like this
 ::
  /path/to/python/bin/paster /path/to/rhodecode/production.ini --repo-location=<location for repos>
 When using incremental (default) mode whoosh will check last modification date
 of each file and add it to reindex if newer file is available. Also indexing
 daemon checks for removed files and removes them from index.
 Sometime You might want to rebuild index from scratch. You can do that using
 the `-f` flag passed to paster command or, in admin panel You can check
 `build from scratch` flag.
 Setting up LDAP support
 -----------------------
 RhodeCode starting from version 1.1 supports ldap authentication. In order
-to use ldap, You have to install python-ldap package. This package is available
+to use LDAP, You have to install python-ldap_ package. This package is available
 via pypi, so You can install it by running
 ::
  easy_install python-ldap
 ::
  pip install python-ldap
 .. note::
    python-ldap requires some certain libs on Your system, so before installing
    it check that You have at least `openldap`, and `sasl` libraries.
 ldap settings are located in admin->ldap section,
 LDAP settings are located in admin->ldap section,
 This is a typical LDAP setup::
  Connection settings
  Enable LDAP          = checked
  Host                 = host.example.org
  Port                 = 389
  Account              = <account>
  Password             = <password>
  Enable LDAPS         = checked
  Certificate Checks   = DEMAND
  Search settings
  Base DN              = CN=users,DC=host,DC=example,DC=org
  LDAP Filter          = (&(objectClass=user)(!(objectClass=computer)))
  LDAP Search Scope    = SUBTREE
 Here's a typical ldap setup::
  Attribute mappings
  Login Attribute      = uid
  First Name Attribute = firstName
  Last Name Attribute  = lastName
  E-mail Attribute     = mail
 .. _enable_ldap:
 Enable LDAP : required
     Whether to use LDAP for authenticating users.
 .. _ldap_host:
 Host : required
     LDAP server hostname or IP address.
 .. _Port:
 Port : required
 for un-encrypted LDAP, 636 for SSL-encrypted LDAP.
 .. _ldap_account:
  Enable ldap  = checked                 #controls if ldap access is enabled
  Host         = host.domain.org         #actual ldap server to connect
  Port         = 389 or 689 for ldaps    #ldap server ports
  Enable LDAPS = unchecked               #enable disable ldaps
  Account      = <account>               #access for ldap server(if required)
  Password     = <password>              #password for ldap server(if required)
  Base DN      = uid=%(user)s,CN=users,DC=host,DC=domain,DC=org
 Account : optional
     Only required if the LDAP server does not allow anonymous browsing of
     records.  This should be a special account for record browsing.  This
     will require `LDAP Password`_ below.
 .. _LDAP Password:
 Password : optional
     Only required if the LDAP server does not allow anonymous browsing of
     records.
 .. _Enable LDAPS:
 Enable LDAPS : optional
     Check this if SSL encryption is necessary for communication with the
     LDAP server - it will likely require `Port`_ to be set to a different
     value (standard LDAPS port is 636).  When LDAPS is enabled then
     `Certificate Checks`_ is required.
 .. _Certificate Checks:
 `Account` and `Password` are optional, and used for two-phase ldap
 authentication so those are credentials to access Your ldap, if it doesn't
 support anonymous search/user lookups.
 Certificate Checks : optional
     How SSL certificates verification is handled - this is only useful when
     `Enable LDAPS`_ is enabled.  Only DEMAND or HARD offer full SSL security while
     the other options are susceptible to man-in-the-middle attacks.  SSL
     certificates can be installed to /etc/openldap/cacerts so that the
     DEMAND or HARD options can be used with self-signed certificates or
     certificates that do not have traceable certificates of authority.
     NEVER
         A serve certificate will never be requested or checked.
     ALLOW
         A server certificate is requested.  Failure to provide a
         certificate or providing a bad certificate will not terminate the
         session.
     TRY
         A server certificate is requested.  Failure to provide a
         certificate does not halt the session; providing a bad certificate
         halts the session.
     DEMAND
         A server certificate is requested and must be provided and
         authenticated for the session to proceed.
 Base DN must have %(user)s template inside, it's a placer where Your uid used
 to login would go, it allows admins to specify not standard schema for uid
 variable
     HARD
         The same as DEMAND.
 .. _Base DN:
 Base DN : required
     The Distinguished Name (DN) where searches for users will be performed.
     Searches can be controlled by `LDAP Filter`_ and `LDAP Search Scope`_.
 .. _LDAP Filter:
 LDAP Filter : optional
     A LDAP filter defined by RFC 2254.  This is more useful when `LDAP
     Search Scope`_ is set to SUBTREE.  The filter is useful for limiting
     which LDAP objects are identified as representing Users for
     authentication.  The filter is augmented by `Login Attribute`_ below.
     This can commonly be left blank.
 .. _LDAP Search Scope:
 LDAP Search Scope : required
     This limits how far LDAP will search for a matching object.
     BASE
         Only allows searching of `Base DN`_ and is usually not what you
         want.
     ONELEVEL
         Searches all entries under `Base DN`_, but not Base DN itself.
     SUBTREE
         Searches all entries below `Base DN`_, but not Base DN itself.
         When using SUBTREE `LDAP Filter`_ is useful to limit object
         location.
 .. _Login Attribute:
 If all data are entered correctly, and `python-ldap` is properly installed
 Users should be granted to access RhodeCode wit ldap accounts. When
 logging at the first time an special ldap account is created inside RhodeCode,
 so You can control over permissions even on ldap users. If such user exists
 already in RhodeCode database ldap user with the same username would be not
 able to access RhodeCode.
 Login Attribute : required
     The LDAP record attribute that will be matched as the USERNAME or
     ACCOUNT used to connect to RhodeCode.  This will be added to `LDAP
     Filter`_ for locating the User object.  If `LDAP Filter`_ is specified as
     "LDAPFILTER", `Login Attribute`_ is specified as "uid" and the user has
     connected as "jsmith" then the `LDAP Filter`_ will be augmented as below
     ::
         (&(LDAPFILTER)(uid=jsmith))
 .. _ldap_attr_firstname:
 First Name Attribute : required
     The LDAP record attribute which represents the user's first name.
 .. _ldap_attr_lastname:
 Last Name Attribute : required
     The LDAP record attribute which represents the user's last name.
 .. _ldap_attr_email:
 Email Attribute : required
     The LDAP record attribute which represents the user's email address.
 If You have problems with ldap access and believe You entered correct
 information check out the RhodeCode logs,any error messages sent from
 ldap will be saved there.
 If all data are entered correctly, and python-ldap_ is properly installed
 users should be granted access to RhodeCode with ldap accounts.  At this
 time user information is copied from LDAP into the RhodeCode user database.
 This means that updates of an LDAP user object may not be reflected as a
 user update in RhodeCode.
 If You have problems with LDAP access and believe You entered correct
 information check out the RhodeCode logs, any error messages sent from LDAP
 will be saved there.
 Active Directory
 ''''''''''''''''
 RhodeCode can use Microsoft Active Directory for user authentication.  This
 is done through an LDAP or LDAPS connection to Active Directory.  The
 following LDAP configuration settings are typical for using Active
 Directory ::
  Base DN              = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local
  Login Attribute      = sAMAccountName
  First Name Attribute = givenName
  Last Name Attribute  = sn
  E-mail Attribute     = mail
 All other LDAP settings will likely be site-specific and should be
 appropriately configured.
 Setting Up Celery
 -----------------
 Since version 1.1 celery is configured by the rhodecode ini configuration files
 simply set use_celery=true in the ini file then add / change the configuration
 variables inside the ini file.
 Remember that the ini files uses format with '.' not with '_' like celery
 so for example setting `BROKER_HOST` in celery means setting `broker.host` in
 the config file.
 In order to make start using celery run::
  paster celeryd <configfile.ini>
 .. note::
    Make sure You run this command from same virtualenv, and with the same user
    that rhodecode runs.
 Nginx virtual host example
 --------------------------
 Sample config for nginx using proxy::
  server {
     listen          80;
     server_name     hg.myserver.com;
     access_log      /var/log/nginx/rhodecode.access.log;
     error_log       /var/log/nginx/rhodecode.error.log;
     location / {
             root /var/www/rhodecode/rhodecode/public/;
             if (!-f $request_filename){
                 proxy_pass      http://127.0.0.1:5000;
+            }
             #this is important if You want to use https !!!
             proxy_set_header X-Url-Scheme $scheme;
             include         /etc/nginx/proxy.conf;
+    }
+ }
 Here's the proxy.conf. It's tuned so it'll not timeout on long
 pushes and also on large pushes::
     proxy_redirect              off;
     proxy_set_header            Host $host;
     proxy_set_header            X-Host $http_host;
     proxy_set_header            X-Real-IP $remote_addr;
     proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header            Proxy-host $proxy_host;
     client_max_body_size        400m;
     client_body_buffer_size     128k;
     proxy_buffering             off;
     proxy_connect_timeout       3600;
     proxy_send_timeout          3600;
     proxy_read_timeout          3600;
     proxy_buffer_size           16k;
     proxy_buffers               4 16k;
     proxy_busy_buffers_size     64k;
     proxy_temp_file_write_size  64k;
 Also when using root path with nginx You might set the static files to false
 in production.ini file::
   [app:main]
     use = egg:rhodecode
     full_stack = true
     static_files = false
     lang=en
     cache_dir = %(here)s/data
 To not have the statics served by the application. And improve speed.
 Apache virtual host example
 ---------------------------
 Sample config for apache using proxy::
     <VirtualHost *:80>
             ServerName hg.myserver.com
             ServerAlias hg.myserver.com
             <Proxy *>
               Order allow,deny
               Allow from all
             </Proxy>
             #important !
             #Directive to properly generate url (clone url) for pylons
             ProxyPreserveHost On
             #rhodecode instance
             ProxyPass / http://127.0.0.1:5000/
             ProxyPassReverse / http://127.0.0.1:5000/
             #to enable https use line below
             #SetEnvIf X-Url-Scheme https HTTPS=1
     </VirtualHost>
 Additional tutorial
 http://wiki.pylonshq.com/display/pylonscookbook/Apache+as+a+reverse+proxy+for+Pylons
 Apache's example FCGI config
 ----------------------------
 TODO !
 Other configuration files
 -------------------------
 Some example init.d script can be found here, for debian and gentoo:
 https://rhodeocode.org/rhodecode/files/tip/init.d
 Troubleshooting
 ---------------
 - missing static files ?
  - make sure either to set the `static_files = true` in the .ini file or
    double check the root path for Your http setup. It should point to
    for example:
    /home/my-virtual-python/lib/python2.6/site-packages/rhodecode/public
 - can't install celery/rabbitmq
  - don't worry RhodeCode works without them too. No extra setup required
 - long lasting push timeouts ?
  - make sure You set a longer timeouts in Your proxy/fcgi settings, timeouts
    are caused by https server and not RhodeCode
 - large pushes timeouts ?
  - make sure You set a proper max_body_size for the http server
 .. _virtualenv: http://pypi.python.org/pypi/virtualenv
 .. _python: http://www.python.org/
 .. _mercurial: http://mercurial.selenic.com/
 .. _celery: http://celeryproject.org/
 .. _rabbitmq: http://www.rabbitmq.com/
@@ \ No newline at end of file @@
 .. _rabbitmq: http://www.rabbitmq.com/
 .. _python-ldap: http://www.python-ldap.org/

rhodecode/controllers/admin/ldap_settings.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.controllers.admin.ldap_settings
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     ldap controller for RhodeCode
     :created_on: Nov 26, 2010
     :author: marcink
     :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 import logging
 import formencode
 import traceback
 from formencode import htmlfill
 from pylons import request, response, session, tmpl_context as c, url
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from rhodecode.lib.base import BaseController, render
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator
 from rhodecode.lib.auth_ldap import LdapImportError
 from rhodecode.model.settings import SettingsModel
 from rhodecode.model.forms import LdapSettingsForm
 from sqlalchemy.exc import DatabaseError
 log = logging.getLogger(__name__)
 class LdapSettingsController(BaseController):
     search_scope_choices = [('BASE',     _('BASE'),),
                             ('ONELEVEL', _('ONELEVEL'),),
                             ('SUBTREE',  _('SUBTREE'),),
+                            ]
     search_scope_default = 'SUBTREE'
     tls_reqcert_choices = [('NEVER',  _('NEVER'),),
                            ('ALLOW',  _('ALLOW'),),
                            ('TRY',    _('TRY'),),
                            ('DEMAND', _('DEMAND'),),
                            ('HARD',   _('HARD'),),
+                           ]
     tls_reqcert_default = 'DEMAND'
     @LoginRequired()
     @HasPermissionAllDecorator('hg.admin')
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
         c.search_scope_choices = self.search_scope_choices
         c.tls_reqcert_choices  = self.tls_reqcert_choices
         super(LdapSettingsController, self).__before__()
     def index(self):
         defaults = SettingsModel().get_ldap_settings()
         c.search_scope_cur = defaults.get('ldap_search_scope')
         c.tls_reqcert_cur  = defaults.get('ldap_tls_reqcert')
         return htmlfill.render(
                     render('admin/ldap/ldap.html'),
                     defaults=defaults,
                     encoding="UTF-8",
                     force_defaults=True,)
     def ldap_settings(self):
         """POST ldap create and store ldap settings"""
         settings_model = SettingsModel()
         _form = LdapSettingsForm()()
         _form = LdapSettingsForm([x[0] for x in self.tls_reqcert_choices],
                                  [x[0] for x in self.search_scope_choices])()
         try:
             form_result = _form.to_python(dict(request.POST))
             try:
                 for k, v in form_result.items():
                     if k.startswith('ldap_'):
                         setting = settings_model.get(k)
                         setting.app_settings_value = v
                         self.sa.add(setting)
                 self.sa.commit()
                 h.flash(_('Ldap settings updated successfully'),
                     category='success')
             except (DatabaseError,):
                 raise
         except LdapImportError:
             h.flash(_('Unable to activate ldap. The "python-ldap" library '
                       'is missing.'), category='warning')
         except formencode.Invalid, errors:
             c.search_scope_cur = self.search_scope_default
             c.tls_reqcert_cur  = self.search_scope_default
             return htmlfill.render(
                 render('admin/ldap/ldap.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('error occurred during update of ldap settings'),
                     category='error')
         return redirect(url('ldap_home'))

rhodecode/lib/auth.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.lib.auth
     ~~~~~~~~~~~~~~~~~~
     authentication and permission libraries
     :created_on: Apr 4, 2010
     :copyright: (c) 2010 by marcink.
     :license: LICENSE_NAME, see LICENSE_FILE for more details.
 """
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 import bcrypt
 import random
 import logging
 import traceback
 from decorator import decorator
 from pylons import config, session, url, request
 from pylons.controllers.util import abort, redirect
 from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError
 from rhodecode.lib.utils import get_repo_slug
 from rhodecode.lib.auth_ldap import AuthLdap
 from rhodecode.model import meta
 from rhodecode.model.user import UserModel
 from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \
     UserToPerm
 log = logging.getLogger(__name__)
 class PasswordGenerator(object):
     """This is a simple class for generating password from
         different sets of characters
         usage:
         passwd_gen = PasswordGenerator()
         #print 8-letter password containing only big and small letters of alphabet
         print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
     """
     ALPHABETS_NUM = r'''1234567890'''#[0]
     ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''#[1]
     ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''#[2]
     ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''    #[3]
     ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM + ALPHABETS_SPECIAL#[4]
     ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM#[5]
     ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
     ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM#[6]
     ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM#[7]
     def __init__(self, passwd=''):
         self.passwd = passwd
     def gen_password(self, len, type):
         self.passwd = ''.join([random.choice(type) for _ in xrange(len)])
         return self.passwd
 def get_crypt_password(password):
     """Cryptographic function used for password hashing based on sha1
     :param password: password to hash
     """
     return bcrypt.hashpw(password, bcrypt.gensalt(10))
 def check_password(password, hashed):
     return bcrypt.hashpw(password, hashed) == hashed
 def authfunc(environ, username, password):
     """
     Dummy authentication function used in Mercurial/Git/ and access control,
     :param environ: needed only for using in Basic auth
     """
     return authenticate(username, password)
 def authenticate(username, password):
     """
     Authentication function used for access control,
     firstly checks for db authentication then if ldap is enabled for ldap
     authentication, also creates ldap user if not in database
     :param username: username
     :param password: password
     """
     user_model = UserModel()
     user = user_model.get_by_username(username, cache=False)
     log.debug('Authenticating user using RhodeCode account')
-    if user is not None and user.is_ldap is False:
+    if user is not None and not user.ldap_dn:
         if user.active:
             if user.username == 'default' and user.active:
                 log.info('user %s authenticated correctly as anonymous user',
                          username)
                 return True
             elif user.username == username and check_password(password, user.password):
                 log.info('user %s authenticated correctly', username)
                 return True
         else:
             log.warning('user %s is disabled', username)
     else:
         log.debug('Regular authentication failed')
         user_obj = user_model.get_by_username(username, cache=False,
                                             case_insensitive=True)
-        if user_obj is not None and user_obj.is_ldap is False:
+        if user_obj is not None and not user_obj.ldap_dn:
             log.debug('this user already exists as non ldap')
             return False
         from rhodecode.model.settings import SettingsModel
         ldap_settings = SettingsModel().get_ldap_settings()
         #======================================================================
         # FALLBACK TO LDAP AUTH IN ENABLE
         #======================================================================
         if ldap_settings.get('ldap_active', False):
             log.debug("Authenticating user using ldap")
             kwargs = {
                   'server':ldap_settings.get('ldap_host', ''),
                   'base_dn':ldap_settings.get('ldap_base_dn', ''),
                   'port':ldap_settings.get('ldap_port'),
                   'bind_dn':ldap_settings.get('ldap_dn_user'),
                   'bind_pass':ldap_settings.get('ldap_dn_pass'),
                   'use_ldaps':ldap_settings.get('ldap_ldaps'),
                   'tls_reqcert':ldap_settings.get('ldap_tls_reqcert'),
                   'ldap_filter':ldap_settings.get('ldap_filter'),
                   'search_scope':ldap_settings.get('ldap_search_scope'),
                   'attr_login':ldap_settings.get('ldap_attr_login'),
                   'ldap_version':3,
+                  }
             log.debug('Checking for ldap authentication')
             try:
                 aldap = AuthLdap(**kwargs)
                 res = aldap.authenticate_ldap(username, password)
                 log.debug('Got ldap response %s', res)
                 (user_dn, ldap_attrs) = aldap.authenticate_ldap(username, password)
                 log.debug('Got ldap DN response %s', user_dn)
                 if user_model.create_ldap(username, password):
                 user_attrs = {
                     'name'     : ldap_attrs[ldap_settings.get('ldap_attr_firstname')][0],
                     'lastname' : ldap_attrs[ldap_settings.get('ldap_attr_lastname')][0],
                     'email'    : ldap_attrs[ldap_settings.get('ldap_attr_email')][0],
+                    }
                 if user_model.create_ldap(username, password, user_dn, user_attrs):
                     log.info('created new ldap user')
                 return True
             except (LdapUsernameError, LdapPasswordError,):
                 pass
             except (Exception,):
                 log.error(traceback.format_exc())
                 pass
     return False
 class  AuthUser(object):
     """
     A simple object that handles a mercurial username for authentication
     """
     def __init__(self):
         self.username = 'None'
         self.name = ''
         self.lastname = ''
         self.email = ''
         self.user_id = None
         self.is_authenticated = False
         self.is_admin = False
         self.permissions = {}
     def __repr__(self):
         return "<AuthUser('id:%s:%s')>" % (self.user_id, self.username)
 def set_available_permissions(config):
     """This function will propagate pylons globals with all available defined
     permission given in db. We don't wannt to check each time from db for new
     permissions since adding a new permission also requires application restart
     ie. to decorate new views with the newly created permission
     :param config: current pylons config instance
     """
     log.info('getting information about all available permissions')
     try:
         sa = meta.Session()
         all_perms = sa.query(Permission).all()
     except:
         pass
     finally:
         meta.Session.remove()
     config['available_permissions'] = [x.permission_name for x in all_perms]
 def set_base_path(config):
     config['base_path'] = config['pylons.app_globals'].base_path
 def fill_perms(user):
     """Fills user permission attribute with permissions taken from database
     :param user:
     """
     sa = meta.Session()
     user.permissions['repositories'] = {}
     user.permissions['global'] = set()
     #===========================================================================
     # fetch default permissions
     #===========================================================================
     default_user = UserModel().get_by_username('default', cache=True)
     default_perms = sa.query(RepoToPerm, Repository, Permission)\
         .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
         .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
         .filter(RepoToPerm.user == default_user).all()
     if user.is_admin:
         #=======================================================================
         # #admin have all default rights set to admin
         #=======================================================================
         user.permissions['global'].add('hg.admin')
         for perm in default_perms:
             p = 'repository.admin'
             user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
     else:
         #=======================================================================
         # set default permissions
         #=======================================================================
         #default global
         default_global_perms = sa.query(UserToPerm)\
             .filter(UserToPerm.user == sa.query(User)\
                    .filter(User.username == 'default').one())
         for perm in default_global_perms:
             user.permissions['global'].add(perm.permission.permission_name)
         #default repositories
         for perm in default_perms:
             if perm.Repository.private and not perm.Repository.user_id == user.user_id:
                 #disable defaults for private repos,
                 p = 'repository.none'
             elif perm.Repository.user_id == user.user_id:
                 #set admin if owner
                 p = 'repository.admin'
             else:
                 p = perm.Permission.permission_name
             user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
         #=======================================================================
         # #overwrite default with user permissions if any
         #=======================================================================
         user_perms = sa.query(RepoToPerm, Permission, Repository)\
             .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
             .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
             .filter(RepoToPerm.user_id == user.user_id).all()
         for perm in user_perms:
             if perm.Repository.user_id == user.user_id:#set admin if owner
                 p = 'repository.admin'
             else:
                 p = perm.Permission.permission_name
             user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
     meta.Session.remove()
     return user
 def get_user(session):
     """
     Gets user from session, and wraps permissions into user
     :param session:
     """
     user = session.get('rhodecode_user', AuthUser())
     #if the user is not logged in we check for anonymous access
     #if user is logged and it's a default user check if we still have anonymous
     #access enabled
     if user.user_id is None or user.username == 'default':
         anonymous_user = UserModel().get_by_username('default', cache=True)
         if anonymous_user.active is True:
             #then we set this user is logged in
             user.is_authenticated = True
             user.user_id = anonymous_user.user_id
         else:
             user.is_authenticated = False
     if user.is_authenticated:
         user = UserModel().fill_data(user)
     user = fill_perms(user)
     session['rhodecode_user'] = user
     session.save()
     return user
 #===============================================================================
 # CHECK DECORATORS
 #===============================================================================
 class LoginRequired(object):
     """Must be logged in to execute this function else
     redirect to login page"""
     def __call__(self, func):
         return decorator(self.__wrapper, func)
     def __wrapper(self, func, *fargs, **fkwargs):
         user = session.get('rhodecode_user', AuthUser())
         log.debug('Checking login required for user:%s', user.username)
         if user.is_authenticated:
             log.debug('user %s is authenticated', user.username)
             return func(*fargs, **fkwargs)
         else:
             log.warn('user %s not authenticated', user.username)
             p = ''
             if request.environ.get('SCRIPT_NAME') != '/':
                 p += request.environ.get('SCRIPT_NAME')
             p += request.environ.get('PATH_INFO')
             if request.environ.get('QUERY_STRING'):
                 p += '?' + request.environ.get('QUERY_STRING')
             log.debug('redirecting to login page with %s', p)
             return redirect(url('login_home', came_from=p))
 class NotAnonymous(object):
     """Must be logged in to execute this function else
     redirect to login page"""
     def __call__(self, func):
         return decorator(self.__wrapper, func)
     def __wrapper(self, func, *fargs, **fkwargs):
         user = session.get('rhodecode_user', AuthUser())
         log.debug('Checking if user is not anonymous')

rhodecode/lib/auth_ldap.py

➞

Show inline comments

 #!/usr/bin/env python
 # encoding: utf-8
 # ldap authentication lib
 # Copyright (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
+#
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on Nov 17, 2010
 @author: marcink
 """
 from rhodecode.lib.exceptions import *
 import logging
 log = logging.getLogger(__name__)
 try:
     import ldap
 except ImportError:
     pass
 class AuthLdap(object):
     def __init__(self, server, base_dn, port=389, bind_dn='', bind_pass='',
                  use_ldaps=False, ldap_version=3):
                  use_ldaps=False, tls_reqcert='DEMAND', ldap_version=3,
                  ldap_filter='(&(objectClass=user)(!(objectClass=computer)))',
                  search_scope='SUBTREE',
                  attr_login='uid'):
         self.ldap_version = ldap_version
         if use_ldaps:
             port = port or 689
         self.LDAP_USE_LDAPS = use_ldaps
         self.TLS_REQCERT = ldap.__dict__['OPT_X_TLS_' + tls_reqcert]
         self.LDAP_SERVER_ADDRESS = server
         self.LDAP_SERVER_PORT = port
         #USE FOR READ ONLY BIND TO LDAP SERVER
         self.LDAP_BIND_DN = bind_dn
         self.LDAP_BIND_PASS = bind_pass
         ldap_server_type = 'ldap'
         if self.LDAP_USE_LDAPS:ldap_server_type = ldap_server_type + 's'
         self.LDAP_SERVER = "%s://%s:%s" % (ldap_server_type,
                                                self.LDAP_SERVER_ADDRESS,
                                                self.LDAP_SERVER_PORT)
         self.BASE_DN = base_dn
         self.LDAP_FILTER = ldap_filter
         self.SEARCH_SCOPE = ldap.__dict__['SCOPE_' + search_scope]
         self.attr_login = attr_login
     def authenticate_ldap(self, username, password):
         """Authenticate a user via LDAP and return his/her LDAP properties.
         Raises AuthenticationError if the credentials are rejected, or
         EnvironmentError if the LDAP server can't be reached.
         :param username: username
         :param password: password
         """
         from rhodecode.lib.helpers import chop_at
         uid = chop_at(username, "@%s" % self.LDAP_SERVER_ADDRESS)
         if "," in username:
             raise LdapUsernameError("invalid character in username: ,")
         try:
             ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, '/etc/openldap/cacerts')
             ldap.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF)
             ldap.set_option(ldap.OPT_RESTART, ldap.OPT_ON)
             ldap.set_option(ldap.OPT_TIMEOUT, 20)
             ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 10)
             ldap.set_option(ldap.OPT_TIMELIMIT, 15)
             if self.LDAP_USE_LDAPS:
                 ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, self.TLS_REQCERT)
             server = ldap.initialize(self.LDAP_SERVER)
             if self.ldap_version == 2:
                 server.protocol = ldap.VERSION2
             else:
                 server.protocol = ldap.VERSION3
             if self.LDAP_BIND_DN and self.LDAP_BIND_PASS:
                 server.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS)
             dn = self.BASE_DN % {'user':uid}
             log.debug("Authenticating %r at %s", dn, self.LDAP_SERVER)
             server.simple_bind_s(dn, password)
             filt = '(&%s(%s=%s))' % (self.LDAP_FILTER, self.attr_login, username)
             log.debug("Authenticating %r filt %s at %s", self.BASE_DN, filt, self.LDAP_SERVER)
             lobjects = server.search_ext_s(self.BASE_DN, self.SEARCH_SCOPE, filt)
             if not lobjects:
                 raise ldap.NO_SUCH_OBJECT()
             properties = server.search_s(dn, ldap.SCOPE_SUBTREE)
             if not properties:
                 raise ldap.NO_SUCH_OBJECT()
             for (dn, attrs) in lobjects:
                 try:
                     server.simple_bind_s(dn, password)
                     break
                 except ldap.INVALID_CREDENTIALS, e:
                     log.debug("LDAP rejected password for user '%s' (%s): %s", uid, username, dn)
                 else:
                     log.debug("No matching LDAP objecs for authentication of '%s' (%s)", uid, username)
                     raise LdapPasswordError()
         except ldap.NO_SUCH_OBJECT, e:
             log.debug("LDAP says no such user '%s' (%s)", uid, username)
             raise LdapUsernameError()
         except ldap.INVALID_CREDENTIALS, e:
             log.debug("LDAP rejected password for user '%s' (%s)", uid, username)
             raise LdapPasswordError()
         except ldap.SERVER_DOWN, e:
             raise LdapConnectionError("LDAP can't access authentication server")
         return properties[0]
         return (dn, attrs)

rhodecode/lib/db_manage.py

➞

Show inline comments

@@ @@ -147,362 +147,365 @@ class DbManage(object): @@
         print (msg)
         if curr_version == __dbversion__:
             sys.exit('This database is already at the newest version')
         #======================================================================
         # UPGRADE STEPS
         #======================================================================
         class UpgradeSteps(object):
             """Those steps follow schema versions so for example schema
             for example schema with seq 002 == step_2 and so on.
             """
             def __init__(self, klass):
                 self.klass = klass
             def step_0(self):
                 #step 0 is the schema upgrade, and than follow proper upgrades
                 print ('attempting to do database upgrade to version %s' \
                                 % __dbversion__)
                 api.upgrade(db_uri, repository_path, __dbversion__)
                 print ('Schema upgrade completed')
             def step_1(self):
                 pass
             def step_2(self):
                 print ('Patching repo paths for newer version of RhodeCode')
                 self.klass.fix_repo_paths()
                 print ('Patching default user of RhodeCode')
                 self.klass.fix_default_user()
                 log.info('Changing ui settings')
                 self.klass.create_ui_settings()
             def step_3(self):
                 print ('Adding additional settings into RhodeCode db')
                 self.klass.fix_settings()
         upgrade_steps = [0] + range(curr_version + 1, __dbversion__ + 1)
         #CALL THE PROPER ORDER OF STEPS TO PERFORM FULL UPGRADE
         for step in upgrade_steps:
             print ('performing upgrade step %s' % step)
             callable = getattr(UpgradeSteps(self), 'step_%s' % step)()
     def fix_repo_paths(self):
         """Fixes a old rhodecode version path into new one without a '*'
         """
         paths = self.sa.query(RhodeCodeUi)\
                 .filter(RhodeCodeUi.ui_key == '/')\
                 .scalar()
         paths.ui_value = paths.ui_value.replace('*', '')
         try:
             self.sa.add(paths)
             self.sa.commit()
         except:
             self.sa.rollback()
             raise
     def fix_default_user(self):
         """Fixes a old default user with some 'nicer' default values,
         used mostly for anonymous access
         """
         def_user = self.sa.query(User)\
                 .filter(User.username == 'default')\
                 .one()
         def_user.name = 'Anonymous'
         def_user.lastname = 'User'
         def_user.email = 'anonymous@rhodecode.org'
         try:
             self.sa.add(def_user)
             self.sa.commit()
         except:
             self.sa.rollback()
             raise
     def fix_settings(self):
         """Fixes rhodecode settings adds ga_code key for google analytics
         """
         hgsettings3 = RhodeCodeSettings('ga_code', '')
         try:
             self.sa.add(hgsettings3)
             self.sa.commit()
         except:
             self.sa.rollback()
             raise
     def admin_prompt(self, second=False):
         if not self.tests:
             import getpass
             def get_password():
                 password = getpass.getpass('Specify admin password (min 6 chars):')
                 confirm = getpass.getpass('Confirm password:')
                 if password != confirm:
                     log.error('passwords mismatch')
                     return False
                 if len(password) < 6:
                     log.error('password is to short use at least 6 characters')
                     return False
                 return password
             username = raw_input('Specify admin username:')
             password = get_password()
             if not password:
                 #second try
                 password = get_password()
                 if not password:
                     sys.exit()
             email = raw_input('Specify admin email:')
             self.create_user(username, password, email, True)
         else:
             log.info('creating admin and regular test users')
             self.create_user('test_admin', 'test12', 'test_admin@mail.com', True)
             self.create_user('test_regular', 'test12', 'test_regular@mail.com', False)
             self.create_user('test_regular2', 'test12', 'test_regular2@mail.com', False)
     def create_ui_settings(self):
         """Creates ui settings, fills out hooks
         and disables dotencode
         """
         #HOOKS
         hooks1_key = 'changegroup.update'
         hooks1_ = self.sa.query(RhodeCodeUi)\
             .filter(RhodeCodeUi.ui_key == hooks1_key).scalar()
         hooks1 = RhodeCodeUi() if hooks1_ is None else hooks1_
         hooks1.ui_section = 'hooks'
         hooks1.ui_key = hooks1_key
         hooks1.ui_value = 'hg update >&2'
         hooks1.ui_active = False
         hooks2_key = 'changegroup.repo_size'
         hooks2_ = self.sa.query(RhodeCodeUi)\
             .filter(RhodeCodeUi.ui_key == hooks2_key).scalar()
         hooks2 = RhodeCodeUi() if hooks2_ is None else hooks2_
         hooks2.ui_section = 'hooks'
         hooks2.ui_key = hooks2_key
         hooks2.ui_value = 'python:rhodecode.lib.hooks.repo_size'
         hooks3 = RhodeCodeUi()
         hooks3.ui_section = 'hooks'
         hooks3.ui_key = 'pretxnchangegroup.push_logger'
         hooks3.ui_value = 'python:rhodecode.lib.hooks.log_push_action'
         hooks4 = RhodeCodeUi()
         hooks4.ui_section = 'hooks'
         hooks4.ui_key = 'preoutgoing.pull_logger'
         hooks4.ui_value = 'python:rhodecode.lib.hooks.log_pull_action'
         #For mercurial 1.7 set backward comapatibility with format
         dotencode_disable = RhodeCodeUi()
         dotencode_disable.ui_section = 'format'
         dotencode_disable.ui_key = 'dotencode'
         dotencode_disable.ui_value = 'false'
         try:
             self.sa.add(hooks1)
             self.sa.add(hooks2)
             self.sa.add(hooks3)
             self.sa.add(hooks4)
             self.sa.add(dotencode_disable)
             self.sa.commit()
         except:
             self.sa.rollback()
             raise
     def create_ldap_options(self):
         """Creates ldap settings"""
         try:
             for k in ['ldap_active', 'ldap_host', 'ldap_port', 'ldap_ldaps',
                       'ldap_dn_user', 'ldap_dn_pass', 'ldap_base_dn']:
                       'ldap_tls_reqcert', 'ldap_dn_user', 'ldap_dn_pass',
                       'ldap_base_dn', 'ldap_filter', 'ldap_search_scope',
                       'ldap_attr_login', 'ldap_attr_firstname', 'ldap_attr_lastname',
                       'ldap_attr_email']:
                 setting = RhodeCodeSettings(k, '')
                 self.sa.add(setting)
             self.sa.commit()
         except:
             self.sa.rollback()
             raise
     def config_prompt(self, test_repo_path=''):
         log.info('Setting up repositories config')
         if not self.tests and not test_repo_path:
             path = raw_input('Specify valid full path to your repositories'
                         ' you can change this later in application settings:')
         else:
             path = test_repo_path
         if not os.path.isdir(path):
             log.error('You entered wrong path: %s', path)
             sys.exit()
         self.create_ui_settings()
         #HG UI OPTIONS
         web1 = RhodeCodeUi()
         web1.ui_section = 'web'
         web1.ui_key = 'push_ssl'
         web1.ui_value = 'false'
         web2 = RhodeCodeUi()
         web2.ui_section = 'web'
         web2.ui_key = 'allow_archive'
         web2.ui_value = 'gz zip bz2'
         web3 = RhodeCodeUi()
         web3.ui_section = 'web'
         web3.ui_key = 'allow_push'
         web3.ui_value = '*'
         web4 = RhodeCodeUi()
         web4.ui_section = 'web'
         web4.ui_key = 'baseurl'
         web4.ui_value = '/'
         paths = RhodeCodeUi()
         paths.ui_section = 'paths'
         paths.ui_key = '/'
         paths.ui_value = path
         hgsettings1 = RhodeCodeSettings('realm', 'RhodeCode authentication')
         hgsettings2 = RhodeCodeSettings('title', 'RhodeCode')
         hgsettings3 = RhodeCodeSettings('ga_code', '')
         try:
             self.sa.add(web1)
             self.sa.add(web2)
             self.sa.add(web3)
             self.sa.add(web4)
             self.sa.add(paths)
             self.sa.add(hgsettings1)
             self.sa.add(hgsettings2)
             self.sa.add(hgsettings3)
             self.sa.commit()
         except:
             self.sa.rollback()
             raise
         self.create_ldap_options()
         log.info('created ui config')
     def create_user(self, username, password, email='', admin=False):
         log.info('creating administrator user %s', username)
         new_user = User()
         new_user.username = username
         new_user.password = get_crypt_password(password)
         new_user.name = 'RhodeCode'
         new_user.lastname = 'Admin'
         new_user.email = email
         new_user.admin = admin
         new_user.active = True
         try:
             self.sa.add(new_user)
             self.sa.commit()
         except:
             self.sa.rollback()
             raise
     def create_default_user(self):
         log.info('creating default user')
         #create default user for handling default permissions.
         def_user = User()
         def_user.username = 'default'
         def_user.password = get_crypt_password(str(uuid.uuid1())[:8])
         def_user.name = 'Anonymous'
         def_user.lastname = 'User'
         def_user.email = 'anonymous@rhodecode.org'
         def_user.admin = False
         def_user.active = False
         try:
             self.sa.add(def_user)
             self.sa.commit()
         except:
             self.sa.rollback()
             raise
     def create_permissions(self):
         #module.(access|create|change|delete)_[name]
         #module.(read|write|owner)
         perms = [('repository.none', 'Repository no access'),
                  ('repository.read', 'Repository read access'),
                  ('repository.write', 'Repository write access'),
                  ('repository.admin', 'Repository admin access'),
                  ('hg.admin', 'Hg Administrator'),
                  ('hg.create.repository', 'Repository create'),
                  ('hg.create.none', 'Repository creation disabled'),
                  ('hg.register.none', 'Register disabled'),
                  ('hg.register.manual_activate', 'Register new user with rhodecode without manual activation'),
                  ('hg.register.auto_activate', 'Register new user with rhodecode without auto activation'),
+                ]
         for p in perms:
             new_perm = Permission()
             new_perm.permission_name = p[0]
             new_perm.permission_longname = p[1]
             try:
                 self.sa.add(new_perm)
                 self.sa.commit()
             except:
                 self.sa.rollback()
                 raise
     def populate_default_permissions(self):
         log.info('creating default user permissions')
         default_user = self.sa.query(User)\
         .filter(User.username == 'default').scalar()
         reg_perm = UserToPerm()
         reg_perm.user = default_user
         reg_perm.permission = self.sa.query(Permission)\
         .filter(Permission.permission_name == 'hg.register.manual_activate')\
         .scalar()
         create_repo_perm = UserToPerm()
         create_repo_perm.user = default_user
         create_repo_perm.permission = self.sa.query(Permission)\
         .filter(Permission.permission_name == 'hg.create.repository')\
         .scalar()
         default_repo_perm = UserToPerm()
         default_repo_perm.user = default_user
         default_repo_perm.permission = self.sa.query(Permission)\
         .filter(Permission.permission_name == 'repository.read')\
         .scalar()
         try:
             self.sa.add(reg_perm)
             self.sa.add(create_repo_perm)
             self.sa.add(default_repo_perm)
             self.sa.commit()
         except:
             self.sa.rollback()
             raise

rhodecode/model/db.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.model.db
     ~~~~~~~~~~~~~~~~~~
     Database Models for RhodeCode
     :created_on: Apr 08, 2010
     :author: marcink
     :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 import logging
 import datetime
 from sqlalchemy import *
 from sqlalchemy.exc import DatabaseError
 from sqlalchemy.orm import relationship, backref, class_mapper
 from sqlalchemy.orm.session import Session
 from rhodecode.model.meta import Base
 log = logging.getLogger(__name__)
 class BaseModel(object):
     @classmethod
     def _get_keys(cls):
         """return column names for this model """
         return class_mapper(cls).c.keys()
     def get_dict(self):
         """return dict with keys and values corresponding
         to this model data """
         d = {}
         for k in self._get_keys():
             d[k] = getattr(self, k)
         return d
     def get_appstruct(self):
         """return list with keys and values tupples corresponding
         to this model data """
         l = []
         for k in self._get_keys():
             l.append((k, getattr(self, k),))
         return l
     def populate_obj(self, populate_dict):
         """populate model with data from given populate_dict"""
         for k in self._get_keys():
             if k in populate_dict:
                 setattr(self, k, populate_dict[k])
 class RhodeCodeSettings(Base, BaseModel):
     __tablename__ = 'rhodecode_settings'
     __table_args__ = (UniqueConstraint('app_settings_name'), {'useexisting':True})
     app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     app_settings_name = Column("app_settings_name", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     app_settings_value = Column("app_settings_value", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     def __init__(self, k='', v=''):
         self.app_settings_name = k
         self.app_settings_value = v
     def __repr__(self):
         return "<%s('%s:%s')>" % (self.__class__.__name__,
                                   self.app_settings_name, self.app_settings_value)
 class RhodeCodeUi(Base, BaseModel):
     __tablename__ = 'rhodecode_ui'
     __table_args__ = {'useexisting':True}
     ui_id = Column("ui_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     ui_section = Column("ui_section", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     ui_key = Column("ui_key", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     ui_value = Column("ui_value", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     ui_active = Column("ui_active", Boolean(), nullable=True, unique=None, default=True)
 class User(Base, BaseModel):
     __tablename__ = 'users'
     __table_args__ = (UniqueConstraint('username'), UniqueConstraint('email'), {'useexisting':True})
     user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     username = Column("username", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     password = Column("password", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     active = Column("active", Boolean(), nullable=True, unique=None, default=None)
     admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)
     name = Column("name", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     lastname = Column("lastname", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     email = Column("email", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)
-    is_ldap = Column("is_ldap", Boolean(), nullable=False, unique=None, default=False)
+    ldap_dn = Column("ldap_dn", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     user_log = relationship('UserLog', cascade='all')
     user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')
     repositories = relationship('Repository')
     user_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all')
     @property
     def full_contact(self):
         return '%s %s <%s>' % (self.name, self.lastname, self.email)
     @property
     def is_admin(self):
         return self.admin
     def __repr__(self):
         return "<%s('id:%s:%s')>" % (self.__class__.__name__,
                                      self.user_id, self.username)
     def update_lastlogin(self):
         """Update user lastlogin"""
         try:
             session = Session.object_session(self)
             self.last_login = datetime.datetime.now()
             session.add(self)
             session.commit()
             log.debug('updated user %s lastlogin', self.username)
         except (DatabaseError,):
             session.rollback()
 class UserLog(Base, BaseModel):
     __tablename__ = 'user_logs'
     __table_args__ = {'useexisting':True}
     user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
     repository_id = Column("repository_id", Integer(length=None, convert_unicode=False, assert_unicode=None), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
     repository_name = Column("repository_name", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     user_ip = Column("user_ip", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     action = Column("action", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None)
     user = relationship('User')
     repository = relationship('Repository')
 class UsersGroup(Base, BaseModel):
     __tablename__ = 'users_groups'
     __table_args__ = {'useexisting':True}
     users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     users_group_name = Column("users_group_name", String(length=None, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
     users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)
     members = relationship('UsersGroupMember', cascade="all, delete, delete-orphan", lazy="joined")
 class UsersGroupMember(Base, BaseModel):
     __tablename__ = 'users_groups_members'
     __table_args__ = {'useexisting':True}
     users_group_member_id = Column("users_group_member_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
     user = relationship('User', lazy='joined')
     users_group = relationship('UsersGroup')
     def __init__(self, gr_id, u_id):
         self.users_group_id = gr_id
         self.user_id = u_id
 class Repository(Base, BaseModel):
     __tablename__ = 'repositories'
     __table_args__ = (UniqueConstraint('repo_name'), {'useexisting':True},)
     repo_id = Column("repo_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     repo_name = Column("repo_name", String(length=None, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
     repo_type = Column("repo_type", String(length=None, convert_unicode=False, assert_unicode=None), nullable=False, unique=False, default='hg')
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
     private = Column("private", Boolean(), nullable=True, unique=None, default=None)
     enable_statistics = Column("statistics", Boolean(), nullable=True, unique=None, default=True)
     enable_downloads = Column("downloads", Boolean(), nullable=True, unique=None, default=True)
     description = Column("description", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     fork_id = Column("fork_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=False, default=None)
     group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=False, default=None)
     user = relationship('User')
     fork = relationship('Repository', remote_side=repo_id)
     group = relationship('Group')
     repo_to_perm = relationship('RepoToPerm', cascade='all')
     stats = relationship('Statistics', cascade='all', uselist=False)
     repo_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id', cascade='all')
     logs = relationship('UserLog', cascade='all')
     def __repr__(self):
         return "<%s('%s:%s')>" % (self.__class__.__name__,
                                   self.repo_id, self.repo_name)
 class Group(Base, BaseModel):
     __tablename__ = 'groups'
     __table_args__ = (UniqueConstraint('group_name'), {'useexisting':True},)
     group_id = Column("group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     group_name = Column("group_name", String(length=None, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
     group_parent_id = Column("group_parent_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=None, default=None)
     parent_group = relationship('Group', remote_side=group_id)
     def __init__(self, group_name='', parent_group=None):
         self.group_name = group_name
         self.parent_group = parent_group
     def __repr__(self):
         return "<%s('%s:%s')>" % (self.__class__.__name__, self.group_id,
                                   self.group_name)
 class Permission(Base, BaseModel):
     __tablename__ = 'permissions'
     __table_args__ = {'useexisting':True}
     permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     permission_name = Column("permission_name", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     permission_longname = Column("permission_longname", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     def __repr__(self):
         return "<%s('%s:%s')>" % (self.__class__.__name__,
                                   self.permission_id, self.permission_name)
 class RepoToPerm(Base, BaseModel):
     __tablename__ = 'repo_to_perm'
     __table_args__ = (UniqueConstraint('user_id', 'repository_id'), {'useexisting':True})
     repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
     permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
     repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
     user = relationship('User')
     permission = relationship('Permission')
     repository = relationship('Repository')
 class UserToPerm(Base, BaseModel):
     __tablename__ = 'user_to_perm'
     __table_args__ = (UniqueConstraint('user_id', 'permission_id'), {'useexisting':True})
     user_to_perm_id = Column("user_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
     permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
     user = relationship('User')
     permission = relationship('Permission')
 class UsersGroupToPerm(Base, BaseModel):
     __tablename__ = 'users_group_to_perm'
     __table_args__ = (UniqueConstraint('users_group_id', 'permission_id'), {'useexisting':True})
     users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
     permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
     users_group = relationship('UsersGroup')
     permission = relationship('Permission')
 class GroupToPerm(Base, BaseModel):
     __tablename__ = 'group_to_perm'
     __table_args__ = (UniqueConstraint('group_id', 'permission_id'), {'useexisting':True})
     group_to_perm_id = Column("group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
     permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
     group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
     user = relationship('User')
     permission = relationship('Permission')
     group = relationship('Group')
 class Statistics(Base, BaseModel):
     __tablename__ = 'statistics'
     __table_args__ = (UniqueConstraint('repository_id'), {'useexisting':True})
     stat_id = Column("stat_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=True, default=None)
     stat_on_revision = Column("stat_on_revision", Integer(), nullable=False)
     commit_activity = Column("commit_activity", LargeBinary(), nullable=False)#JSON data
     commit_activity_combined = Column("commit_activity_combined", LargeBinary(), nullable=False)#JSON data
     languages = Column("languages", LargeBinary(), nullable=False)#JSON data
     repository = relationship('Repository', single_parent=True)
 class UserFollowing(Base, BaseModel):
     __tablename__ = 'user_followings'
     __table_args__ = (UniqueConstraint('user_id', 'follows_repository_id'),
                       UniqueConstraint('user_id', 'follows_user_id')

rhodecode/model/forms.py

➞

Show inline comments

@@ @@ -145,393 +145,391 @@ class ValidPassword(formencode.validator @@
             if value.get('new_password'):
                 try:
                     value['new_password'] = \
                         get_crypt_password(value['new_password'])
                 except UnicodeEncodeError:
                     e_dict = {'new_password':_('Invalid characters in password')}
                     raise formencode.Invalid('', value, state, error_dict=e_dict)
             return value
 class ValidPasswordsMatch(formencode.validators.FancyValidator):
     def validate_python(self, value, state):
         if value['password'] != value['password_confirmation']:
             e_dict = {'password_confirmation':
                    _('Password do not match')}
             raise formencode.Invalid('', value, state, error_dict=e_dict)
 class ValidAuth(formencode.validators.FancyValidator):
     messages = {
             'invalid_password':_('invalid password'),
             'invalid_login':_('invalid user name'),
             'disabled_account':_('Your account is disabled')
+            }
     #error mapping
     e_dict = {'username':messages['invalid_login'],
               'password':messages['invalid_password']}
     e_dict_disable = {'username':messages['disabled_account']}
     def validate_python(self, value, state):
         password = value['password']
         username = value['username']
         user = UserModel().get_by_username(username)
         if authenticate(username, password):
             return value
         else:
             if user and user.active is False:
                 log.warning('user %s is disabled', username)
                 raise formencode.Invalid(self.message('disabled_account',
                                          state=State_obj),
                                          value, state,
                                          error_dict=self.e_dict_disable)
             else:
                 log.warning('user %s not authenticated', username)
                 raise formencode.Invalid(self.message('invalid_password',
                                          state=State_obj), value, state,
                                          error_dict=self.e_dict)
 class ValidRepoUser(formencode.validators.FancyValidator):
     def to_python(self, value, state):
         sa = meta.Session()
         try:
             self.user_db = sa.query(User)\
                 .filter(User.active == True)\
                 .filter(User.username == value).one()
         except Exception:
             raise formencode.Invalid(_('This username is not valid'),
                                      value, state)
         finally:
             meta.Session.remove()
         return self.user_db.user_id
 def ValidRepoName(edit, old_data):
     class _ValidRepoName(formencode.validators.FancyValidator):
         def to_python(self, value, state):
             slug = h.repo_name_slug(value)
             if slug in ['_admin']:
                 raise formencode.Invalid(_('This repository name is disallowed'),
                                          value, state)
             if old_data.get('repo_name') != value or not edit:
                 if RepoModel().get_by_repo_name(slug, cache=False):
                     raise formencode.Invalid(_('This repository already exists') ,
                                              value, state)
             return slug
     return _ValidRepoName
 def ValidForkType(old_data):
     class _ValidForkType(formencode.validators.FancyValidator):
         def to_python(self, value, state):
             if old_data['repo_type'] != value:
                 raise formencode.Invalid(_('Fork have to be the same type as original'),
                                          value, state)
             return value
     return _ValidForkType
 class ValidPerms(formencode.validators.FancyValidator):
     messages = {'perm_new_user_name':_('This username is not valid')}
     def to_python(self, value, state):
         perms_update = []
         perms_new = []
         #build a list of permission to update and new permission to create
         for k, v in value.items():
             if k.startswith('perm_'):
                 if  k.startswith('perm_new_user'):
                     new_perm = value.get('perm_new_user', False)
                     new_user = value.get('perm_new_user_name', False)
                     if new_user and new_perm:
                         if (new_user, new_perm) not in perms_new:
                             perms_new.append((new_user, new_perm))
                 else:
                     usr = k[5:]
                     if usr == 'default':
                         if value['private']:
                             #set none for default when updating to private repo
                             v = 'repository.none'
                     perms_update.append((usr, v))
         value['perms_updates'] = perms_update
         value['perms_new'] = perms_new
         sa = meta.Session
         for k, v in perms_new:
             try:
                 self.user_db = sa.query(User)\
                     .filter(User.active == True)\
                     .filter(User.username == k).one()
             except Exception:
                 msg = self.message('perm_new_user_name',
                                      state=State_obj)
                 raise formencode.Invalid(msg, value, state,
                                          error_dict={'perm_new_user_name':msg})
         return value
 class ValidSettings(formencode.validators.FancyValidator):
     def to_python(self, value, state):
         #settings  form can't edit user
         if value.has_key('user'):
             del['value']['user']
         return value
 class ValidPath(formencode.validators.FancyValidator):
     def to_python(self, value, state):
         if not os.path.isdir(value):
             msg = _('This is not a valid path')
             raise formencode.Invalid(msg, value, state,
                                      error_dict={'paths_root_path':msg})
         return value
 def UniqSystemEmail(old_data):
     class _UniqSystemEmail(formencode.validators.FancyValidator):
         def to_python(self, value, state):
             value = value.lower()
             if old_data.get('email') != value:
                 sa = meta.Session()
                 try:
                     user = sa.query(User).filter(User.email == value).scalar()
                     if user:
                         raise formencode.Invalid(_("This e-mail address is already taken") ,
                                                  value, state)
                 finally:
                     meta.Session.remove()
             return value
     return _UniqSystemEmail
 class ValidSystemEmail(formencode.validators.FancyValidator):
     def to_python(self, value, state):
         value = value.lower()
         sa = meta.Session
         try:
             user = sa.query(User).filter(User.email == value).scalar()
             if  user is None:
                 raise formencode.Invalid(_("This e-mail address doesn't exist.") ,
                                          value, state)
         finally:
             meta.Session.remove()
         return value
 class LdapLibValidator(formencode.validators.FancyValidator):
     def to_python(self, value, state):
         try:
             import ldap
         except ImportError:
             raise LdapImportError
         return value
-class BaseDnValidator(formencode.validators.FancyValidator):
+class AttrLoginValidator(formencode.validators.FancyValidator):
     def to_python(self, value, state):
         try:
             value % {'user':'valid'}
             if value.find('%(user)s') == -1:
                 raise formencode.Invalid(_("You need to specify %(user)s in "
                                            "template for example uid=%(user)s "
                                            ",dc=company...") ,
                                          value, state)
         except KeyError:
             raise formencode.Invalid(_("Wrong template used, only %(user)s "
                                        "is an valid entry") ,
                                          value, state)
         if not value or not isinstance(value, (str, unicode)):
             raise formencode.Invalid(_("The LDAP Login attribute of the CN must be specified "
                                        "- this is the name of the attribute that is equivalent to 'username'"),
                                      value, state)
         return value
 #===============================================================================
 # FORMS
 #===============================================================================
 class LoginForm(formencode.Schema):
     allow_extra_fields = True
     filter_extra_fields = True
     username = UnicodeString(
                              strip=True,
                              min=1,
                              not_empty=True,
                              messages={
                                        'empty':_('Please enter a login'),
                                        'tooShort':_('Enter a value %(min)i characters long or more')}
+                            )
     password = UnicodeString(
                             strip=True,
                             min=6,
                             not_empty=True,
                             messages={
                                       'empty':_('Please enter a password'),
                                       'tooShort':_('Enter %(min)i characters or more')}
+                                )
     #chained validators have access to all data
     chained_validators = [ValidAuth]
 def UserForm(edit=False, old_data={}):
     class _UserForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         username = All(UnicodeString(strip=True, min=1, not_empty=True),
                        ValidUsername(edit, old_data))
         if edit:
             new_password = All(UnicodeString(strip=True, min=6, not_empty=False))
             admin = StringBoolean(if_missing=False)
         else:
             password = All(UnicodeString(strip=True, min=6, not_empty=True))
         active = StringBoolean(if_missing=False)
         name = UnicodeString(strip=True, min=1, not_empty=True)
         lastname = UnicodeString(strip=True, min=1, not_empty=True)
         email = All(Email(not_empty=True), UniqSystemEmail(old_data))
         chained_validators = [ValidPassword]
     return _UserForm
 def UsersGroupForm(edit=False, old_data={}, available_members=[]):
     class _UsersGroupForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         users_group_name = All(UnicodeString(strip=True, min=1, not_empty=True),
                        ValidUsersGroup(edit, old_data))
         users_group_active = StringBoolean(if_missing=False)
         if edit:
             users_group_members = OneOf(available_members, hideList=False,
                                         testValueList=True,
                                         if_missing=None, not_empty=False)
     return _UsersGroupForm
 def RegisterForm(edit=False, old_data={}):
     class _RegisterForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         username = All(ValidUsername(edit, old_data),
                        UnicodeString(strip=True, min=1, not_empty=True))
         password = All(UnicodeString(strip=True, min=6, not_empty=True))
         password_confirmation = All(UnicodeString(strip=True, min=6, not_empty=True))
         active = StringBoolean(if_missing=False)
         name = UnicodeString(strip=True, min=1, not_empty=True)
         lastname = UnicodeString(strip=True, min=1, not_empty=True)
         email = All(Email(not_empty=True), UniqSystemEmail(old_data))
         chained_validators = [ValidPasswordsMatch, ValidPassword]
     return _RegisterForm
 def PasswordResetForm():
     class _PasswordResetForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         email = All(ValidSystemEmail(), Email(not_empty=True))
     return _PasswordResetForm
 def RepoForm(edit=False, old_data={}, supported_backends=BACKENDS.keys()):
     class _RepoForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         repo_name = All(UnicodeString(strip=True, min=1, not_empty=True),
                         ValidRepoName(edit, old_data))
         description = UnicodeString(strip=True, min=1, not_empty=True)
         private = StringBoolean(if_missing=False)
         enable_statistics = StringBoolean(if_missing=False)
         enable_downloads = StringBoolean(if_missing=False)
         repo_type = OneOf(supported_backends)
         if edit:
             user = All(Int(not_empty=True), ValidRepoUser)
         chained_validators = [ValidPerms]
     return _RepoForm
 def RepoForkForm(edit=False, old_data={}, supported_backends=BACKENDS.keys()):
     class _RepoForkForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         fork_name = All(UnicodeString(strip=True, min=1, not_empty=True),
                         ValidRepoName(edit, old_data))
         description = UnicodeString(strip=True, min=1, not_empty=True)
         private = StringBoolean(if_missing=False)
         repo_type = All(ValidForkType(old_data), OneOf(supported_backends))
     return _RepoForkForm
 def RepoSettingsForm(edit=False, old_data={}):
     class _RepoForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         repo_name = All(UnicodeString(strip=True, min=1, not_empty=True),
                         ValidRepoName(edit, old_data))
         description = UnicodeString(strip=True, min=1, not_empty=True)
         private = StringBoolean(if_missing=False)
         chained_validators = [ValidPerms, ValidSettings]
     return _RepoForm
 def ApplicationSettingsForm():
     class _ApplicationSettingsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         rhodecode_title = UnicodeString(strip=True, min=1, not_empty=True)
         rhodecode_realm = UnicodeString(strip=True, min=1, not_empty=True)
         rhodecode_ga_code = UnicodeString(strip=True, min=1, not_empty=False)
     return _ApplicationSettingsForm
 def ApplicationUiSettingsForm():
     class _ApplicationUiSettingsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         web_push_ssl = OneOf(['true', 'false'], if_missing='false')
         paths_root_path = All(ValidPath(), UnicodeString(strip=True, min=1, not_empty=True))
         hooks_changegroup_update = OneOf(['True', 'False'], if_missing=False)
         hooks_changegroup_repo_size = OneOf(['True', 'False'], if_missing=False)
         hooks_pretxnchangegroup_push_logger = OneOf(['True', 'False'], if_missing=False)
         hooks_preoutgoing_pull_logger = OneOf(['True', 'False'], if_missing=False)
     return _ApplicationUiSettingsForm
 def DefaultPermissionsForm(perms_choices, register_choices, create_choices):
     class _DefaultPermissionsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         overwrite_default = StringBoolean(if_missing=False)
         anonymous = OneOf(['True', 'False'], if_missing=False)
         default_perm = OneOf(perms_choices)
         default_register = OneOf(register_choices)
         default_create = OneOf(create_choices)
     return _DefaultPermissionsForm
 def LdapSettingsForm():
+def LdapSettingsForm(tls_reqcert_choices, search_scope_choices):
     class _LdapSettingsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         pre_validators = [LdapLibValidator]
         ldap_active = StringBoolean(if_missing=False)
         ldap_host = UnicodeString(strip=True,)
         ldap_port = Number(strip=True,)
         ldap_ldaps = StringBoolean(if_missing=False)
         ldap_tls_reqcert = OneOf(tls_reqcert_choices)
         ldap_dn_user = UnicodeString(strip=True,)
         ldap_dn_pass = UnicodeString(strip=True,)
         ldap_base_dn = All(BaseDnValidator, UnicodeString(strip=True,))
         ldap_base_dn = UnicodeString(strip=True,)
         ldap_filter = UnicodeString(strip=True,)
         ldap_search_scope = OneOf(search_scope_choices)
         ldap_attr_login = All(AttrLoginValidator, UnicodeString(strip=True,))
         ldap_attr_firstname = UnicodeString(strip=True,)
         ldap_attr_lastname = UnicodeString(strip=True,)
         ldap_attr_email = UnicodeString(strip=True,)
     return _LdapSettingsForm

rhodecode/model/settings.py

➞

Show inline comments

 #!/usr/bin/env python
 # encoding: utf-8
 # Model for RhodeCode settings
 # Copyright (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
+#
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on Nov 17, 2010
 Model for RhodeCode
 :author: marcink
 """
 from rhodecode.lib import helpers as h
 from rhodecode.model import BaseModel
 from rhodecode.model.caching_query import FromCache
 from rhodecode.model.db import  RhodeCodeSettings
 from sqlalchemy.orm import joinedload
 import logging
 log = logging.getLogger(__name__)
 class SettingsModel(BaseModel):
     """
     Settings model
     """
     def get(self, settings_key, cache=False):
         r = self.sa.query(RhodeCodeSettings)\
             .filter(RhodeCodeSettings.app_settings_name == settings_key).scalar()
         if cache:
             r = r.options(FromCache("sql_cache_short",
                                           "get_setting_%s" % settings_key))
         return r
     def get_app_settings(self, cache=False):
         """Get's config from database, each config key is prefixed with
         'rhodecode_' prefix, than global pylons config is updated with such
         keys
         """
         ret = self.sa.query(RhodeCodeSettings)
         if cache:
             ret = ret.options(FromCache("sql_cache_short", "get_hg_settings"))
         if not ret:
             raise Exception('Could not get application settings !')
         settings = {}
         for each in ret:
             settings['rhodecode_' + each.app_settings_name] = each.app_settings_value
         return settings
     def get_ldap_settings(self):
         """
         Returns ldap settings from database
         :returns:
         ldap_active
         ldap_host
         ldap_port
         ldap_ldaps
         ldap_tls_reqcert
         ldap_dn_user
         ldap_dn_pass
         ldap_base_dn
         ldap_filter
         ldap_search_scope
         ldap_attr_login
         ldap_attr_firstname
         ldap_attr_lastname
         ldap_attr_email
         """
         # ldap_search_scope
         r = self.sa.query(RhodeCodeSettings)\
                 .filter(RhodeCodeSettings.app_settings_name\
                         .startswith('ldap_'))\
                 .all()
         fd = {}
         for row in r:
             v = row.app_settings_value
             if v in ['0', '1']:
                 v = v == '1'
             fd.update({row.app_settings_name:v})
         return fd

rhodecode/model/user.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.model.user
     ~~~~~~~~~~~~~~~~~~~~
     users model for RhodeCode
     :created_on: Apr 9, 2010
     :author: marcink
     :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 import logging
 import traceback
 from pylons.i18n.translation import _
 from rhodecode.model import BaseModel
 from rhodecode.model.caching_query import FromCache
 from rhodecode.model.db import User
 from rhodecode.lib.exceptions import DefaultUserException, UserOwnsReposException
 from sqlalchemy.exc import DatabaseError
 log = logging.getLogger(__name__)
 class UserModel(BaseModel):
     def get(self, user_id, cache=False):
         user = self.sa.query(User)
         if cache:
             user = user.options(FromCache("sql_cache_short",
                                           "get_user_%s" % user_id))
         return user.get(user_id)
     def get_by_username(self, username, cache=False, case_insensitive=False):
         if case_insensitive:
             user = self.sa.query(User).filter(User.username.ilike(username))
         else:
             user = self.sa.query(User)\
                 .filter(User.username == username)
         if cache:
             user = user.options(FromCache("sql_cache_short",
                                           "get_user_%s" % username))
         return user.scalar()
     def create(self, form_data):
         try:
             new_user = User()
             for k, v in form_data.items():
                 setattr(new_user, k, v)
             self.sa.add(new_user)
             self.sa.commit()
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise
     def create_ldap(self, username, password):
+    def create_ldap(self, username, password, user_dn, attrs):
         """
         Checks if user is in database, if not creates this user marked
         as ldap user
         :param username:
         :param password:
         :param user_dn:
         :param attrs:
         """
         from rhodecode.lib.auth import get_crypt_password
         log.debug('Checking for such ldap account in RhodeCode database')
         if self.get_by_username(username, case_insensitive=True) is None:
             try:
                 new_user = User()
                 new_user.username = username.lower()#add ldap account always lowercase
+                new_user.username = username.lower() # add ldap account always lowercase
                 new_user.password = get_crypt_password(password)
-                new_user.email = '%s@ldap.server' % username
+                new_user.email = attrs['email']
                 new_user.active = True
                 new_user.is_ldap = True
                 new_user.name = '%s@ldap' % username
                 new_user.lastname = ''
                 new_user.ldap_dn = user_dn
                 new_user.name = attrs['name']
                 new_user.lastname = attrs['lastname']
                 self.sa.add(new_user)
                 self.sa.commit()
                 return True
             except (DatabaseError,):
                 log.error(traceback.format_exc())
                 self.sa.rollback()
                 raise
         log.debug('this %s user exists skipping creation of ldap account',
                   username)
         return False
     def create_registration(self, form_data):
         from rhodecode.lib.celerylib import tasks, run_task
         try:
             new_user = User()
             for k, v in form_data.items():
                 if k != 'admin':
                     setattr(new_user, k, v)
             self.sa.add(new_user)
             self.sa.commit()
             body = ('New user registration\n'
                     'username: %s\n'
                     'email: %s\n')
             body = body % (form_data['username'], form_data['email'])
             run_task(tasks.send_email, None,
                      _('[RhodeCode] New User registration'),
                      body)
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise
     def update(self, user_id, form_data):
         try:
             new_user = self.get(user_id, cache=False)
             if new_user.username == 'default':
                 raise DefaultUserException(
                                 _("You can't Edit this user since it's"
                                   " crucial for entire application"))
             for k, v in form_data.items():
                 if k == 'new_password' and v != '':
                     new_user.password = v
                 else:
                     setattr(new_user, k, v)
             self.sa.add(new_user)
             self.sa.commit()
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise
     def update_my_account(self, user_id, form_data):
         try:
             new_user = self.get(user_id, cache=False)
             if new_user.username == 'default':
                 raise DefaultUserException(
                                 _("You can't Edit this user since it's"
                                   " crucial for entire application"))
             for k, v in form_data.items():
                 if k == 'new_password' and v != '':
                     new_user.password = v
                 else:
                     if k not in ['admin', 'active']:
                         setattr(new_user, k, v)
             self.sa.add(new_user)
             self.sa.commit()
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise
     def delete(self, user_id):
         try:
             user = self.get(user_id, cache=False)
             if user.username == 'default':
                 raise DefaultUserException(
                                 _("You can't remove this user since it's"
                                   " crucial for entire application"))
             if user.repositories:
                 raise UserOwnsReposException(_('This user still owns %s '
                                                'repositories and cannot be '
                                                'removed. Switch owners or '
                                                'remove those repositories') \
                                                % user.repositories)
             self.sa.delete(user)
             self.sa.commit()
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise
     def reset_password(self, data):
         from rhodecode.lib.celerylib import tasks, run_task
         run_task(tasks.reset_user_password, data['email'])
     def fill_data(self, user):
         """
         Fills user data with those from database and log out user if not
         present in database
         :param user:
         """
         if not hasattr(user, 'user_id') or user.user_id is None:
             raise Exception('passed in user has to have the user_id attribute')
         log.debug('filling auth user data')
         try:
             dbuser = self.get(user.user_id)
             user.username = dbuser.username
             user.is_admin = dbuser.admin
             user.name = dbuser.name
             user.lastname = dbuser.lastname
             user.email = dbuser.email
         except:
             log.error(traceback.format_exc())
             user.is_authenticated = False
         return user

rhodecode/templates/admin/ldap/ldap.html

➞

Show inline comments

 ## -*- coding: utf-8 -*-
 <%inherit file="/base/base.html"/>
 <%def name="title()">
     ${_('LDAP administration')} - ${c.rhodecode_name}
 </%def>
 <%def name="breadcrumbs_links()">
     ${h.link_to(_('Admin'),h.url('admin_home'))}
     &raquo;
     ${_('Ldap')}
 </%def>
 <%def name="page_nav()">
     ${self.menu('admin')}
 </%def>
 <%def name="main()">
 <div class="box">
     <!-- box / title -->
     <div class="title">
         ${self.breadcrumbs()}
     </div>
     <h3>${_('LDAP administration')}</h3>
     ${h.form(url('ldap_settings'))}
     <div class="form">
         <div class="fields">
 	  <h3>${_('Connection settings')}</h3>
             <div class="field">
-                <div class="label label-checkbox"><label for="ldap_active">${_('Enable ldap')}</label></div>
+                <div class="label label-checkbox"><label for="ldap_active">${_('Enable LDAP')}</label></div>
                 <div class="checkboxes"><div class="checkbox">${h.checkbox('ldap_active',True,class_='small')}</div></div>
             </div>
             <div class="field">
                 <div class="label"><label for="ldap_host">${_('Host')}</label></div>
                 <div class="input">${h.text('ldap_host',class_='small')}</div>
             </div>
             <div class="field">
                 <div class="label"><label for="ldap_port">${_('Port')}</label></div>
                 <div class="input">${h.text('ldap_port',class_='small')}</div>
             </div>
             <div class="field">
                 <div class="label label-checkbox"><label for="ldap_ldaps">${_('Enable LDAPS')}</label></div>
                 <div class="checkboxes"><div class="checkbox">${h.checkbox('ldap_ldaps',True,class_='small')}</div></div>
             </div>
             <div class="field">
                 <div class="label"><label for="ldap_dn_user">${_('Account')}</label></div>
                 <div class="input">${h.text('ldap_dn_user',class_='small')}</div>
             </div>
             <div class="field">
                 <div class="label"><label for="ldap_dn_pass">${_('Password')}</label></div>
                 <div class="input">${h.password('ldap_dn_pass',class_='small')}</div>
             </div>
             <div class="field">
                 <div class="label label-checkbox"><label for="ldap_ldaps">${_('Enable LDAPS')}</label></div>
                 <div class="checkboxes"><div class="checkbox">${h.checkbox('ldap_ldaps',True,class_='small')}</div></div>
             </div>
             <div class="field">
                 <div class="label"><label for="ldap_tls_reqcert">${_('Certificate Checks')}</label></div>
                 <div class="select">${h.select('ldap_tls_reqcert',c.tls_reqcert_cur,c.tls_reqcert_choices,class_='small')}</div>
             </div>
 	  <h3>${_('Search settings')}</h3>
             <div class="field">
                 <div class="label"><label for="ldap_base_dn">${_('Base DN')}</label></div>
                 <div class="input">${h.text('ldap_base_dn',class_='small')}</div>
             </div>
             <div class="field">
                 <div class="label"><label for="ldap_filter">${_('LDAP Filter')}</label></div>
                 <div class="input">${h.text('ldap_filter',class_='small')}</div>
             </div>
             <div class="field">
                 <div class="label"><label for="ldap_search_scope">${_('LDAP Search Scope')}</label></div>
                 <div class="select">${h.select('ldap_search_scope',c.search_scope_cur,c.search_scope_choices,class_='small')}</div>
             </div>
 	  <h3>${_('Attribute mappings')}</h3>
             <div class="field">
                 <div class="label"><label for="ldap_attr_login">${_('Login Attribute')}</label></div>
                 <div class="input">${h.text('ldap_attr_login',class_='small')}</div>
             </div>
             <div class="field">
                 <div class="label"><label for="ldap_attr_firstname">${_('First Name Attribute')}</label></div>
                 <div class="input">${h.text('ldap_attr_firstname',class_='small')}</div>
             </div>
             <div class="field">
                 <div class="label"><label for="ldap_attr_lastname">${_('Last Name Attribute')}</label></div>
                 <div class="input">${h.text('ldap_attr_lastname',class_='small')}</div>
             </div>
             <div class="field">
                 <div class="label"><label for="ldap_attr_email">${_('E-mail Attribute')}</label></div>
                 <div class="input">${h.text('ldap_attr_email',class_='small')}</div>
             </div>
             <div class="buttons">
             ${h.submit('save','Save',class_="ui-button")}
             </div>
         </div>
     </div>
     ${h.end_form()}
 </div>
 </%def>

rhodecode/templates/admin/users/user_edit.html

➞

Show inline comments

 ## -*- coding: utf-8 -*-
 <%inherit file="/base/base.html"/>
 <%def name="title()">
     ${_('Edit user')} ${c.user.username} - ${c.rhodecode_name}
 </%def>
 <%def name="breadcrumbs_links()">
     ${h.link_to(_('Admin'),h.url('admin_home'))}
     &raquo;
     ${h.link_to(_('Users'),h.url('users'))}
     &raquo;
     ${_('edit')} "${c.user.username}"
 </%def>
 <%def name="page_nav()">
 	${self.menu('admin')}
 </%def>
 <%def name="main()">
 <div class="box box-left">
     <!-- box / title -->
     <div class="title">
         ${self.breadcrumbs()}
     </div>
     <!-- end box / title -->
     ${h.form(url('user', id=c.user.user_id),method='put')}
     <div class="form">
         <!-- fields -->
         <div class="fields">
              <div class="field">
                 <div class="gravatar_box">
               		<div class="gravatar"><img alt="gravatar" src="${h.gravatar_url(c.user.email)}"/></div>
               		<p>
               		<strong>Change your avatar at <a href="http://gravatar.com">gravatar.com</a></strong><br/>
               		${_('Using')} ${c.user.email}
               		</p>
             	</div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="username">${_('Username')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('username',class_='medium')}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="ldap_dn">${_('LDAP DN')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('ldap_dn',class_='small')}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="new_password">${_('New password')}:</label>
                 </div>
                 <div class="input">
                     ${h.password('new_password',class_='medium')}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="name">${_('First Name')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('name',class_='medium')}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="lastname">${_('Last Name')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('lastname',class_='medium')}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="email">${_('Email')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('email',class_='medium')}
                 </div>
              </div>
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="active">${_('Active')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('active',value=True)}
                 </div>
              </div>
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="admin">${_('Admin')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('admin',value=True)}
                 </div>
              </div>
             <div class="buttons">
               ${h.submit('save','Save',class_="ui-button")}
               ${h.reset('reset','Reset',class_="ui-button")}
             </div>
     	</div>
     </div>
     ${h.end_form()}
 </div>
 <div class="box box-right">
     <!-- box / title -->
     <div class="title">
         <h5>${_('Permissions')}</h5>
     </div>
 	<form id="map_form" method="post" action="{%url update_permissions %}">
 	<div class="form">
 	  <div class="fields">
 		<table>
 		        <tr>
 		            <td class="label">${_('Permissions')}:</td>
 		            <td>
 		                <div>
 		                    <div style="float:left">
 		                    <div class="text">${_('Granted permissions')}</div>
 		                        ${h.select('granted_permissions',[],c.granted_permissions,multiple=True,size=8,style="min-width:210px")}
 		                    </div>
 		                    <div style="float:left;width:20px;padding-top:50px">
 		                        <img alt="add" id="add_element"
 		                            style="padding:2px;cursor:pointer"
 		                            src="/images/icons/arrow_left.png">
 		                        <br />
 		                        <img alt="remove" id="remove_element"
 		                            style="padding:2px;cursor:pointer"
 		                            src="/images/icons/arrow_right.png">
 		                    </div>
 		                    <div style="float:left">
 		                        <div class="text">${_('Available permissions')}</div>
 		                         ${h.select('available_permissions',[],c.available_permissions,multiple=True,size=8,style="min-width:210px")}
 		                    </div>
 		                </div>
 		            </td>
 		        </tr>
 		</table>
         <div class="buttons">
          ${h.submit('Save','Save',class_="ui-button")}
         </div>
 	  </div>
 	</div>
 	</form>
 <script type="text/javascript">
     YAHOO.util.Event.onDOMReady(function(){
             var D = YAHOO.util.Dom;
             var E = YAHOO.util.Event;
             //temp container for storage.
             var cache = new Array();
             var c =  D.get('id_granted_permissions');
             //get only selected options for further fullfilment
             for(var i = 0;node =c.options[i];i++){
                 if(node.selected){
                     //push selected to my temp storage left overs :)
                     cache.push(node);
+                }
+            }
             //clear select
             c.options.length = 0;
             //fill it with remembered options
             for(var i = 0;node = cache[i];i++){
                 c.options[i]=new Option(node.text, node.value, false, false);
+            }
             function target_callback(e){
                 window.location='/admin/t4?g='+e.target.value;
+            }
             function prompts_action_callback(e){
                 var choosen = D.get('id_granted_permissions');
                 var availible = D.get('id_available_permissions');
                 if (this.id=='add_element'){
                     for(var i=0; node = availible.options[i];i++){
                         if(node.selected){
                             choosen.appendChild(new Option(node.text, node.value, false, false));
+                        }
+                    }
+                }
                 else if (this.id=='remove_element'){
                     //temp container for storage.
                     cache = new Array();
                     for(var i = 0;node = choosen.options[i];i++){
                         if(!node.selected){
                             //push left overs :)
                             cache.push(node);
+                        }
+                    }
                     //clear select
                     choosen.options.length = 0;
                     for(var i = 0;node = cache[i];i++){
                         choosen.options[i]=new Option(node.text, node.value, false, false);
+                    }
+                }
                 else{
+                }
+            }
             E.addListener('id_groups','change',target_callback);
             E.addListener(['add_element','remove_element'],'click',prompts_action_callback)
             E.addListener('map_form','submit',function(){
                 var choosen = D.get('id_granted_permissions');
                 for (var i = 0; i < choosen.options.length; i++) {
                     choosen.options[i].selected = 'selected';
+                }
             })
         });
 </script>
 </div>
 </%def>
@@ \ No newline at end of file @@
 </%def>

rhodecode/templates/admin/users/users.html

➞

Show inline comments

 ## -*- coding: utf-8 -*-
 <%inherit file="/base/base.html"/>
 <%def name="title()">
     ${_('Users administration')} - ${c.rhodecode_name}
 </%def>
 <%def name="breadcrumbs_links()">
     ${h.link_to(_('Admin'),h.url('admin_home'))} &raquo; ${_('Users')}
 </%def>
 <%def name="page_nav()">
 	${self.menu('admin')}
 </%def>
 <%def name="main()">
 <div class="box">
     <!-- box / title -->
     <div class="title">
         ${self.breadcrumbs()}
         <ul class="links">
           <li>
             <span>${h.link_to(u'ADD NEW USER',h.url('new_user'))}</span>
           </li>
         </ul>
     </div>
     <!-- end box / title -->
     <div class="table">
         <table class="table_disp">
         <tr class="header">
         	<th></th>
             <th class="left">${_('username')}</th>
             <th class="left">${_('name')}</th>
             <th class="left">${_('lastname')}</th>
             <th class="left">${_('last login')}</th>
             <th class="left">${_('active')}</th>
             <th class="left">${_('admin')}</th>
             <th class="left">${_('ldap')}</th>
             <th class="left">${_('action')}</th>
         </tr>
             %for cnt,user in enumerate(c.users_list):
              %if user.name !='default':
                 <tr class="parity${cnt%2}">
                 	<td><div class="gravatar"><img alt="gravatar" src="${h.gravatar_url(user.email,24)}"/> </div></td>
                     <td>${h.link_to(user.username,h.url('edit_user', id=user.user_id))}</td>
                     <td>${user.name}</td>
                     <td>${user.lastname}</td>
                     <td>${user.last_login}</td>
                     <td>${h.bool2icon(user.active)}</td>
                     <td>${h.bool2icon(user.admin)}</td>
-                    <td>${h.bool2icon(user.is_ldap)}</td>
+                    <td>${h.bool2icon(bool(user.ldap_dn))}</td>
                     <td>
                         ${h.form(url('user', id=user.user_id),method='delete')}
                             ${h.submit('remove_','delete',id="remove_user_%s" % user.user_id,
                             class_="delete_icon action_button",onclick="return confirm('Confirm to delete this user');")}
                         ${h.end_form()}
                     </td>
                 </tr>
              %endif
             %endfor
         </table>
     </div>
 </div>
 </%def>

0 comments (0 inline, 0 general)