def get_ldap_settings(cls, cache=False): ret = Session.query(cls)\ .filter(cls.app_settings_name.startswith('ldap_'))\ .all() fd = {} for row in ret: fd.update({row.app_settings_name:row.app_settings_value}) fd.update({'ldap_active':str2bool(fd.get('ldap_active'))}) return fd
def __before__(self): c.rhodecode_version = __version__ c.rhodecode_name = config.get('rhodecode_title') c.use_gravatar = str2bool(config.get('use_gravatar')) c.ga_code = config.get('rhodecode_ga_code') c.repo_name = get_repo_slug(request) c.backends = BACKENDS.keys() self.cut_off_limit = int(config.get('cut_off_limit')) self.sa = meta.Session() self.scm_model = ScmModel(self.sa)
def __fixup(self, environ): """ Function to fixup the environ as needed. In order to use this middleware you should set this header inside your proxy ie. nginx, apache etc. """ proto = environ.get('HTTP_X_URL_SCHEME') if str2bool(self.config.get('force_https')): proto = 'https' if proto == 'https': environ['wsgi.url_scheme'] = proto else: environ['wsgi.url_scheme'] = 'http' return None
def gravatar_url(email_address, size=30): if (not str2bool(config['app_conf'].get('use_gravatar')) or not email_address or email_address == '*****@*****.**'): return url("/images/user%s.png" % size) ssl_enabled = 'https' == request.environ.get('wsgi.url_scheme') default = 'identicon' baseurl_nossl = "http://www.gravatar.com/avatar/" baseurl_ssl = "https://secure.gravatar.com/avatar/" baseurl = baseurl_ssl if ssl_enabled else baseurl_nossl if isinstance(email_address, unicode): #hashlib crashes on unicode items email_address = safe_str(email_address) # construct the url gravatar_url = baseurl + hashlib.md5(email_address.lower()).hexdigest() + "?" gravatar_url += urllib.urlencode({'d':default, 's':str(size)}) return gravatar_url
def test_str2bool(self): from rhodecode.lib import str2bool test_cases = [ ('t', True), ('true', True), ('y', True), ('yes', True), ('on', True), ('1', True), ('Y', True), ('yeS', True), ('Y', True), ('TRUE', True), ('T', True), ('False', False), ('F', False), ('FALSE', False), ('0', False), ('-1', False), ('', False), ] for case in test_cases: self.assertEqual(str2bool(case[0]), case[1])
from hashlib import md5 from decorator import decorator from pylons import config from vcs.utils.lazy import LazyProperty from rhodecode.lib import str2bool from rhodecode.lib.pidlock import DaemonLock, LockHeld from celery.messaging import establish_connection log = logging.getLogger(__name__) try: CELERY_ON = str2bool(config['app_conf'].get('use_celery')) except KeyError: CELERY_ON = False class ResultWrapper(object): def __init__(self, task): self.task = task @LazyProperty def result(self): return self.task def run_task(task, *args, **kwargs): if CELERY_ON:
def authenticate(username, password): """Authentication function used for access control, firstly checks for db authentication then if ldap is enabled for ldap authentication, also creates ldap user if not in database :param username: username :param password: password """ user_model = UserModel() user = User.get_by_username(username) log.debug('Authenticating user using RhodeCode account') if user is not None and not user.ldap_dn: if user.active: if user.username == 'default' and user.active: log.info('user %s authenticated correctly as anonymous user', username) return True elif user.username == username and check_password(password, user.password): log.info('user %s authenticated correctly', username) return True else: log.warning('user %s is disabled', username) else: log.debug('Regular authentication failed') user_obj = User.get_by_username(username, case_insensitive=True) if user_obj is not None and not user_obj.ldap_dn: log.debug('this user already exists as non ldap') return False ldap_settings = RhodeCodeSettings.get_ldap_settings() #====================================================================== # FALLBACK TO LDAP AUTH IF ENABLE #====================================================================== if str2bool(ldap_settings.get('ldap_active')): log.debug("Authenticating user using ldap") kwargs = { 'server': ldap_settings.get('ldap_host', ''), 'base_dn': ldap_settings.get('ldap_base_dn', ''), 'port': ldap_settings.get('ldap_port'), 'bind_dn': ldap_settings.get('ldap_dn_user'), 'bind_pass': ldap_settings.get('ldap_dn_pass'), 'tls_kind': ldap_settings.get('ldap_tls_kind'), 'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'), 'ldap_filter': ldap_settings.get('ldap_filter'), 'search_scope': ldap_settings.get('ldap_search_scope'), 'attr_login': ldap_settings.get('ldap_attr_login'), 'ldap_version': 3, } log.debug('Checking for ldap authentication') try: aldap = AuthLdap(**kwargs) (user_dn, ldap_attrs) = aldap.authenticate_ldap(username, password) log.debug('Got ldap DN response %s', user_dn) get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\ .get(k), [''])[0] user_attrs = { 'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')), 'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')), 'email': get_ldap_attr('ldap_attr_email'), } if user_model.create_ldap(username, password, user_dn, user_attrs): log.info('created new ldap user %s', username) return True except (LdapUsernameError, LdapPasswordError,): pass except (Exception,): log.error(traceback.format_exc()) pass return False
def authenticate(username, password): """Authentication function used for access control, firstly checks for db authentication then if ldap is enabled for ldap authentication, also creates ldap user if not in database :param username: username :param password: password """ user_model = UserModel() user = user_model.get_by_username(username, cache=False) log.debug("Authenticating user using RhodeCode account") if user is not None and not user.ldap_dn: if user.active: if user.username == "default" and user.active: log.info("user %s authenticated correctly as anonymous user", username) return True elif user.username == username and check_password(password, user.password): log.info("user %s authenticated correctly", username) return True else: log.warning("user %s is disabled", username) else: log.debug("Regular authentication failed") user_obj = user_model.get_by_username(username, cache=False, case_insensitive=True) if user_obj is not None and not user_obj.ldap_dn: log.debug("this user already exists as non ldap") return False ldap_settings = RhodeCodeSettings.get_ldap_settings() # ====================================================================== # FALLBACK TO LDAP AUTH IF ENABLE # ====================================================================== if str2bool(ldap_settings.get("ldap_active")): log.debug("Authenticating user using ldap") kwargs = { "server": ldap_settings.get("ldap_host", ""), "base_dn": ldap_settings.get("ldap_base_dn", ""), "port": ldap_settings.get("ldap_port"), "bind_dn": ldap_settings.get("ldap_dn_user"), "bind_pass": ldap_settings.get("ldap_dn_pass"), "tls_kind": ldap_settings.get("ldap_tls_kind"), "tls_reqcert": ldap_settings.get("ldap_tls_reqcert"), "ldap_filter": ldap_settings.get("ldap_filter"), "search_scope": ldap_settings.get("ldap_search_scope"), "attr_login": ldap_settings.get("ldap_attr_login"), "ldap_version": 3, } log.debug("Checking for ldap authentication") try: aldap = AuthLdap(**kwargs) (user_dn, ldap_attrs) = aldap.authenticate_ldap(username, password) log.debug("Got ldap DN response %s", user_dn) get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings.get(k), [""])[0] user_attrs = { "name": safe_unicode(get_ldap_attr("ldap_attr_firstname")), "lastname": safe_unicode(get_ldap_attr("ldap_attr_lastname")), "email": get_ldap_attr("ldap_attr_email"), } if user_model.create_ldap(username, password, user_dn, user_attrs): log.info("created new ldap user %s", username) return True except (LdapUsernameError, LdapPasswordError): pass except (Exception,): log.error(traceback.format_exc()) pass return False
def app_settings_value(self): v = self._app_settings_value if v == 'ldap_active': v = str2bool(v) return v