def test_ldap_save_settings(self): self.log_user() if skip_ldap_test: raise SkipTest('skipping due to missing ldap lib') test_url = url(controller='admin/ldap_settings', action='ldap_settings') response = self.app.post(url=test_url, params={'ldap_host' : u'dc.example.com', 'ldap_port' : '999', 'ldap_tls_kind' : 'PLAIN', 'ldap_tls_reqcert' : 'NEVER', 'ldap_dn_user':'******', 'ldap_dn_pass':'******', 'ldap_base_dn':'test_base_dn', 'ldap_filter':'test_filter', 'ldap_search_scope':'BASE', 'ldap_attr_login':'******', 'ldap_attr_firstname':'ima', 'ldap_attr_lastname':'tester', 'ldap_attr_email':'*****@*****.**' }) new_settings = RhodeCodeSetting.get_ldap_settings() self.assertEqual(new_settings['ldap_host'], u'dc.example.com', 'fail db write compare') self.checkSessionFlash(response, 'Ldap settings updated successfully')
def test_ldap_save_settings(self): self.log_user() if skip_ldap_test: raise SkipTest("skipping due to missing ldap lib") test_url = url(controller="admin/ldap_settings", action="ldap_settings") response = self.app.post( url=test_url, params={ "ldap_host": u"dc.example.com", "ldap_port": "999", "ldap_tls_kind": "PLAIN", "ldap_tls_reqcert": "NEVER", "ldap_dn_user": "******", "ldap_dn_pass": "******", "ldap_base_dn": "test_base_dn", "ldap_filter": "test_filter", "ldap_search_scope": "BASE", "ldap_attr_login": "******", "ldap_attr_firstname": "ima", "ldap_attr_lastname": "tester", "ldap_attr_email": "*****@*****.**", }, ) new_settings = RhodeCodeSetting.get_ldap_settings() print new_settings self.assertEqual(new_settings["ldap_host"], u"dc.example.com", "fail db write compare") self.checkSessionFlash(response, "Ldap settings updated successfully")
def test_ldap_save_settings(self): self.log_user() if ldap_lib_installed: raise SkipTest('skipping due to missing ldap lib') test_url = url(controller='admin/ldap_settings', action='ldap_settings') response = self.app.post(url=test_url, params={ 'ldap_host': u'dc.example.com', 'ldap_port': '999', 'ldap_tls_kind': 'PLAIN', 'ldap_tls_reqcert': 'NEVER', 'ldap_dn_user': '******', 'ldap_dn_pass': '******', 'ldap_base_dn': 'test_base_dn', 'ldap_filter': 'test_filter', 'ldap_search_scope': 'BASE', 'ldap_attr_login': '******', 'ldap_attr_firstname': 'ima', 'ldap_attr_lastname': 'tester', 'ldap_attr_email': '*****@*****.**' }) new_settings = RhodeCodeSetting.get_ldap_settings() self.assertEqual(new_settings['ldap_host'], u'dc.example.com', 'fail db write compare') self.checkSessionFlash(response, 'LDAP settings updated successfully')
def index(self): defaults = RhodeCodeSetting.get_ldap_settings() c.search_scope_cur = defaults.get('ldap_search_scope') c.tls_reqcert_cur = defaults.get('ldap_tls_reqcert') c.tls_kind_cur = defaults.get('ldap_tls_kind') return htmlfill.render( render('admin/ldap/ldap.html'), defaults=defaults, encoding="UTF-8", force_defaults=True,)
def index(self): defaults = RhodeCodeSetting.get_ldap_settings() c.search_scope_cur = defaults.get('ldap_search_scope') c.tls_reqcert_cur = defaults.get('ldap_tls_reqcert') c.tls_kind_cur = defaults.get('ldap_tls_kind') return htmlfill.render( render('admin/ldap/ldap.html'), defaults=defaults, encoding="UTF-8", force_defaults=True, )
def authenticate(username, password): """ Authentication function used for access control, firstly checks for db authentication then if ldap is enabled for ldap authentication, also creates ldap user if not in database :param username: username :param password: password """ user_model = UserModel() user = User.get_by_username(username) log.debug('Authenticating user using RhodeCode account') if user is not None and not user.ldap_dn: if user.active: if user.username == 'default' and user.active: log.info('user %s authenticated correctly as anonymous user' % username) return True elif user.username == username and check_password( password, user.password): log.info('user %s authenticated correctly' % username) return True else: log.warning('user %s tried auth but is disabled' % username) else: log.debug('Regular authentication failed') user_obj = User.get_by_username(username, case_insensitive=True) if user_obj is not None and not user_obj.ldap_dn: log.debug('this user already exists as non ldap') return False ldap_settings = RhodeCodeSetting.get_ldap_settings() #====================================================================== # FALLBACK TO LDAP AUTH IF ENABLE #====================================================================== if str2bool(ldap_settings.get('ldap_active')): log.debug("Authenticating user using ldap") kwargs = { 'server': ldap_settings.get('ldap_host', ''), 'base_dn': ldap_settings.get('ldap_base_dn', ''), 'port': ldap_settings.get('ldap_port'), 'bind_dn': ldap_settings.get('ldap_dn_user'), 'bind_pass': ldap_settings.get('ldap_dn_pass'), 'tls_kind': ldap_settings.get('ldap_tls_kind'), 'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'), 'ldap_filter': ldap_settings.get('ldap_filter'), 'search_scope': ldap_settings.get('ldap_search_scope'), 'attr_login': ldap_settings.get('ldap_attr_login'), 'ldap_version': 3, } log.debug('Checking for ldap authentication') try: aldap = AuthLdap(**kwargs) (user_dn, ldap_attrs) = aldap.authenticate_ldap(username, password) log.debug('Got ldap DN response %s' % user_dn) get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\ .get(k), [''])[0] user_attrs = { 'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')), 'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')), 'email': get_ldap_attr('ldap_attr_email'), 'active': 'hg.extern_activate.auto' in User.get_default_user()\ .AuthUser.permissions['global'] } # don't store LDAP password since we don't need it. Override # with some random generated password _password = PasswordGenerator().gen_password(length=8) # create this user on the fly if it doesn't exist in rhodecode # database if user_model.create_ldap(username, _password, user_dn, user_attrs): log.info('created new ldap user %s' % username) Session().commit() return True except (LdapUsernameError, LdapPasswordError, LdapImportError): pass except (Exception, ): log.error(traceback.format_exc()) pass return False
def authenticate(username, password): """ Authentication function used for access control, firstly checks for db authentication then if ldap is enabled for ldap authentication, also creates ldap user if not in database :param username: username :param password: password """ user_model = UserModel() user = User.get_by_username(username) log.debug('Authenticating user using RhodeCode account') if user is not None and not user.ldap_dn: if user.active: if user.username == 'default' and user.active: log.info('user %s authenticated correctly as anonymous user' % username) return True elif user.username == username and check_password(password, user.password): log.info('user %s authenticated correctly' % username) return True else: log.warning('user %s tried auth but is disabled' % username) else: log.debug('Regular authentication failed') user_obj = User.get_by_username(username, case_insensitive=True) if user_obj is not None and not user_obj.ldap_dn: log.debug('this user already exists as non ldap') return False ldap_settings = RhodeCodeSetting.get_ldap_settings() #====================================================================== # FALLBACK TO LDAP AUTH IF ENABLE #====================================================================== if str2bool(ldap_settings.get('ldap_active')): log.debug("Authenticating user using ldap") kwargs = { 'server': ldap_settings.get('ldap_host', ''), 'base_dn': ldap_settings.get('ldap_base_dn', ''), 'port': ldap_settings.get('ldap_port'), 'bind_dn': ldap_settings.get('ldap_dn_user'), 'bind_pass': ldap_settings.get('ldap_dn_pass'), 'tls_kind': ldap_settings.get('ldap_tls_kind'), 'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'), 'ldap_filter': ldap_settings.get('ldap_filter'), 'search_scope': ldap_settings.get('ldap_search_scope'), 'attr_login': ldap_settings.get('ldap_attr_login'), 'ldap_version': 3, } log.debug('Checking for ldap authentication') try: aldap = AuthLdap(**kwargs) (user_dn, ldap_attrs) = aldap.authenticate_ldap(username, password) log.debug('Got ldap DN response %s' % user_dn) get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\ .get(k), [''])[0] user_attrs = { 'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')), 'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')), 'email': get_ldap_attr('ldap_attr_email'), 'active': 'hg.extern_activate.auto' in User.get_default_user()\ .AuthUser.permissions['global'] } # don't store LDAP password since we don't need it. Override # with some random generated password _password = PasswordGenerator().gen_password(length=8) # create this user on the fly if it doesn't exist in rhodecode # database if user_model.create_ldap(username, _password, user_dn, user_attrs): log.info('created new ldap user %s' % username) Session().commit() return True except (LdapUsernameError, LdapPasswordError, LdapImportError): pass except (Exception,): log.error(traceback.format_exc()) pass return False