Esempio n. 1
0
    def _create_user(self, username):
        """
        Create new user using data available in LDAP service

        This method is used in two cases:
        - when the user is authenticated for the first time (by self.authenticate)
        - when the user, which doesn't yet exist in the local DB, is added to project group
          (by self.store_user_if_necessary)

        :param str username: Name of the user in LDAP
        :returns: username on success, otherwise None
        """
        users = get_userstore()
        ldap_store = get_authstore()

        # If user does not exists in LDAP, do not continue
        if not ldap_store.userExists(username):
            conf.log.debug('Cannot find user %s from LDAP' % username)
            return None

        # Create user using LDAP store
        user = ldap_store.getUser(username)
        user.authentication_key = self.ldap_authentication_key
        user.organization_keys = self.org_store.get_organization_keys(user, self.LDAP) or None

        # Store user in user store
        conf.log.info('Created new user from LDAP: %s' % user.username)
        users.storeUser(user)
        users.invalidate_user_password(user)

        return user.username
Esempio n. 2
0
    def _create_user(self, username):
        """
        Create new user using data available in LDAP service

        This method is used in two cases:
        - when the user is authenticated for the first time (by self.authenticate)
        - when the user, which doesn't yet exist in the local DB, is added to project group
          (by self.store_user_if_necessary)

        :param str username: Name of the user in LDAP
        :returns: username on success, otherwise None
        """
        users = get_userstore()
        ldap_store = get_authstore()

        # If user does not exists in LDAP, do not continue
        if not ldap_store.userExists(username):
            conf.log.debug('Cannot find user %s from LDAP' % username)
            return None

        # Create user using LDAP store
        user = ldap_store.getUser(username)
        user.authentication_key = self.ldap_authentication_key
        user.organization_keys = self.org_store.get_organization_keys(
            user, self.LDAP) or None

        # Store user in user store
        conf.log.info('Created new user from LDAP: %s' % user.username)
        users.storeUser(user)
        users.invalidate_user_password(user)

        return user.username
Esempio n. 3
0
    def authenticate(self, username, password):
        """
        Authenticates user against the LDAP server

        :param str username: Name of the user
        :param str password: Password of the user
        :returns:
            - SUCCESS: Name of the user
            - FAILURE: None
        """
        # NOTE: get_authstore returns the LDAP authentication store
        conf.log.debug('Trying LDAP authentication for %s' % username)
        ldap_store = get_authstore()

        orig_username = username
        trac_user = self._get_trac_user(username)
        trac_user_used_instead = False

        if trac_user and trac_user.username != orig_username:
            username = trac_user.username
            trac_user_used_instead = True

        if not ldap_store.userExists(username, password):
            if trac_user_used_instead:
                # trac_user and trac_user.username != orig_username
                username = orig_username
                if ldap_store.userExists(username):
                    # Should not happen, since LDAP userExists is case-insensitive
                    conf.log.warning(
                        "Case-sensitiveness mismatch in LDAP search: "
                        "DB username '%s', LDAP username '%s'" %
                        (trac_user.username, username))
            conf.log.debug(
                'Failed to authenticate or find the user %s from LDAP' %
                username)
            return None

        ldap_store.reset_cache(username)

        # Existing user: check authentication_key
        if trac_user:
            if self.ldap_authentication_key != trac_user.authentication_key:
                # The user is authenticated by other authentication
                return None

        else:
            # there is always ldap_user, since it exists, unless it is removed at the same time
            # Thus, this will almost always success
            username = self._create_user(username)

        conf.log.info('Authenticated successfully against the LDAP: %s' %
                      username)
        return username
Esempio n. 4
0
    def authenticate(self, username, password):
        """
        Authenticates user against the LDAP server

        :param str username: Name of the user
        :param str password: Password of the user
        :returns:
            - SUCCESS: Name of the user
            - FAILURE: None
        """
        # NOTE: get_authstore returns the LDAP authentication store
        conf.log.debug('Trying LDAP authentication for %s' % username)
        ldap_store = get_authstore()

        orig_username = username
        trac_user = self._get_trac_user(username)
        trac_user_used_instead = False

        if trac_user and trac_user.username != orig_username:
            username = trac_user.username
            trac_user_used_instead = True

        if not ldap_store.userExists(username, password):
            if trac_user_used_instead:
                # trac_user and trac_user.username != orig_username
                username = orig_username
                if ldap_store.userExists(username):
                    # Should not happen, since LDAP userExists is case-insensitive
                    conf.log.warning("Case-sensitiveness mismatch in LDAP search: "
                                     "DB username '%s', LDAP username '%s'" % (trac_user.username, username))
            conf.log.debug('Failed to authenticate or find the user %s from LDAP' % username)
            return None

        ldap_store.reset_cache(username)

        # Existing user: check authentication_key
        if trac_user:
            if self.ldap_authentication_key != trac_user.authentication_key:
                # The user is authenticated by other authentication
                return None

        else:
            # there is always ldap_user, since it exists, unless it is removed at the same time
            # Thus, this will almost always success
            username = self._create_user(username)

        conf.log.info('Authenticated successfully against the LDAP: %s' % username)
        return username