def authenticate(username, password):
"""
Authentication function used for access control,
firstly checks for db authentication then if ldap is enabled for ldap
authentication, also creates ldap user if not in database
:param username: username
:param password: password
"""
user_model = UserModel()
user = User.get_by_username(username)
log.debug('Authenticating user using RhodeCode account')
if user is not None and not user.ldap_dn:
if user.active:
if user.username == 'default' and user.active:
log.info('user %s authenticated correctly as anonymous user' %
username)
return True
elif user.username == username and check_password(
password, user.password):
log.info('user %s authenticated correctly' % username)
return True
else:
log.warning('user %s tried auth but is disabled' % username)
else:
log.debug('Regular authentication failed')
user_obj = User.get_by_username(username, case_insensitive=True)
if user_obj is not None and not user_obj.ldap_dn:
log.debug('this user already exists as non ldap')
return False
ldap_settings = RhodeCodeSetting.get_ldap_settings()
#======================================================================
# FALLBACK TO LDAP AUTH IF ENABLE
#======================================================================
if str2bool(ldap_settings.get('ldap_active')):
log.debug("Authenticating user using ldap")
kwargs = {
'server': ldap_settings.get('ldap_host', ''),
'base_dn': ldap_settings.get('ldap_base_dn', ''),
'port': ldap_settings.get('ldap_port'),
'bind_dn': ldap_settings.get('ldap_dn_user'),
'bind_pass': ldap_settings.get('ldap_dn_pass'),
'tls_kind': ldap_settings.get('ldap_tls_kind'),
'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),
'ldap_filter': ldap_settings.get('ldap_filter'),
'search_scope': ldap_settings.get('ldap_search_scope'),
'attr_login': ldap_settings.get('ldap_attr_login'),
'ldap_version': 3,
}
log.debug('Checking for ldap authentication')
try:
aldap = AuthLdap(**kwargs)
(user_dn,
ldap_attrs) = aldap.authenticate_ldap(username, password)
log.debug('Got ldap DN response %s' % user_dn)
get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\
.get(k), [''])[0]
user_attrs = {
'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),
'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),
'email': get_ldap_attr('ldap_attr_email'),
'active': 'hg.extern_activate.auto' in User.get_default_user()\
.AuthUser.permissions['global']
}
# don't store LDAP password since we don't need it. Override
# with some random generated password
_password = PasswordGenerator().gen_password(length=8)
# create this user on the fly if it doesn't exist in rhodecode
# database
if user_model.create_ldap(username, _password, user_dn,
user_attrs):
log.info('created new ldap user %s' % username)
Session().commit()
return True
except (LdapUsernameError, LdapPasswordError, LdapImportError):
pass
except (Exception, ):
log.error(traceback.format_exc())
pass
return False
def authenticate(username, password):
"""
Authentication function used for access control,
firstly checks for db authentication then if ldap is enabled for ldap
authentication, also creates ldap user if not in database
:param username: username
:param password: password
"""
user_model = UserModel()
user = User.get_by_username(username)
log.debug('Authenticating user using RhodeCode account')
if user is not None and not user.ldap_dn:
if user.active:
if user.username == 'default' and user.active:
log.info('user %s authenticated correctly as anonymous user' %
username)
return True
elif user.username == username and check_password(password,
user.password):
log.info('user %s authenticated correctly' % username)
return True
else:
log.warning('user %s tried auth but is disabled' % username)
else:
log.debug('Regular authentication failed')
user_obj = User.get_by_username(username, case_insensitive=True)
if user_obj is not None and not user_obj.ldap_dn:
log.debug('this user already exists as non ldap')
return False
ldap_settings = RhodeCodeSetting.get_ldap_settings()
#======================================================================
# FALLBACK TO LDAP AUTH IF ENABLE
#======================================================================
if str2bool(ldap_settings.get('ldap_active')):
log.debug("Authenticating user using ldap")
kwargs = {
'server': ldap_settings.get('ldap_host', ''),
'base_dn': ldap_settings.get('ldap_base_dn', ''),
'port': ldap_settings.get('ldap_port'),
'bind_dn': ldap_settings.get('ldap_dn_user'),
'bind_pass': ldap_settings.get('ldap_dn_pass'),
'tls_kind': ldap_settings.get('ldap_tls_kind'),
'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),
'ldap_filter': ldap_settings.get('ldap_filter'),
'search_scope': ldap_settings.get('ldap_search_scope'),
'attr_login': ldap_settings.get('ldap_attr_login'),
'ldap_version': 3,
}
log.debug('Checking for ldap authentication')
try:
aldap = AuthLdap(**kwargs)
(user_dn, ldap_attrs) = aldap.authenticate_ldap(username,
password)
log.debug('Got ldap DN response %s' % user_dn)
get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\
.get(k), [''])[0]
user_attrs = {
'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),
'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),
'email': get_ldap_attr('ldap_attr_email'),
'active': 'hg.extern_activate.auto' in User.get_default_user()\
.AuthUser.permissions['global']
}
# don't store LDAP password since we don't need it. Override
# with some random generated password
_password = PasswordGenerator().gen_password(length=8)
# create this user on the fly if it doesn't exist in rhodecode
# database
if user_model.create_ldap(username, _password, user_dn,
user_attrs):
log.info('created new ldap user %s' % username)
Session().commit()
return True
except (LdapUsernameError, LdapPasswordError, LdapImportError):
pass
except (Exception,):
log.error(traceback.format_exc())
pass
return False
def authenticate(username, password):
"""Authentication function used for access control,
firstly checks for db authentication then if ldap is enabled for ldap
authentication, also creates ldap user if not in database
:param username: username
:param password: password
"""
user_model = UserModel()
user = User.get_by_username(username)
log.debug('Authenticating user using RhodeCode account')
if user is not None and not user.ldap_dn:
if user.active:
if user.username == 'default' and user.active:
log.info('user %s authenticated correctly as anonymous user',
username)
return True
elif user.username == username and check_password(password,
user.password):
log.info('user %s authenticated correctly', username)
return True
else:
log.warning('user %s is disabled', username)
else:
log.debug('Regular authentication failed')
user_obj = User.get_by_username(username, case_insensitive=True)
if user_obj is not None and not user_obj.ldap_dn:
log.debug('this user already exists as non ldap')
return False
ldap_settings = RhodeCodeSettings.get_ldap_settings()
#======================================================================
# FALLBACK TO LDAP AUTH IF ENABLE
#======================================================================
if str2bool(ldap_settings.get('ldap_active')):
log.debug("Authenticating user using ldap")
kwargs = {
'server': ldap_settings.get('ldap_host', ''),
'base_dn': ldap_settings.get('ldap_base_dn', ''),
'port': ldap_settings.get('ldap_port'),
'bind_dn': ldap_settings.get('ldap_dn_user'),
'bind_pass': ldap_settings.get('ldap_dn_pass'),
'tls_kind': ldap_settings.get('ldap_tls_kind'),
'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),
'ldap_filter': ldap_settings.get('ldap_filter'),
'search_scope': ldap_settings.get('ldap_search_scope'),
'attr_login': ldap_settings.get('ldap_attr_login'),
'ldap_version': 3,
}
log.debug('Checking for ldap authentication')
try:
aldap = AuthLdap(**kwargs)
(user_dn, ldap_attrs) = aldap.authenticate_ldap(username,
password)
log.debug('Got ldap DN response %s', user_dn)
get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\
.get(k), [''])[0]
user_attrs = {
'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),
'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),
'email': get_ldap_attr('ldap_attr_email'),
}
if user_model.create_ldap(username, password, user_dn,
user_attrs):
log.info('created new ldap user %s', username)
return True
except (LdapUsernameError, LdapPasswordError,):
pass
except (Exception,):
log.error(traceback.format_exc())
pass
return False
def authenticate(username, password):
"""Authentication function used for access control,
firstly checks for db authentication then if ldap is enabled for ldap
authentication, also creates ldap user if not in database
:param username: username
:param password: password
"""
user_model = UserModel()
user = user_model.get_by_username(username, cache=False)
log.debug("Authenticating user using RhodeCode account")
if user is not None and not user.ldap_dn:
if user.active:
if user.username == "default" and user.active:
log.info("user %s authenticated correctly as anonymous user", username)
return True
elif user.username == username and check_password(password, user.password):
log.info("user %s authenticated correctly", username)
return True
else:
log.warning("user %s is disabled", username)
else:
log.debug("Regular authentication failed")
user_obj = user_model.get_by_username(username, cache=False, case_insensitive=True)
if user_obj is not None and not user_obj.ldap_dn:
log.debug("this user already exists as non ldap")
return False
ldap_settings = RhodeCodeSettings.get_ldap_settings()
# ======================================================================
# FALLBACK TO LDAP AUTH IF ENABLE
# ======================================================================
if str2bool(ldap_settings.get("ldap_active")):
log.debug("Authenticating user using ldap")
kwargs = {
"server": ldap_settings.get("ldap_host", ""),
"base_dn": ldap_settings.get("ldap_base_dn", ""),
"port": ldap_settings.get("ldap_port"),
"bind_dn": ldap_settings.get("ldap_dn_user"),
"bind_pass": ldap_settings.get("ldap_dn_pass"),
"tls_kind": ldap_settings.get("ldap_tls_kind"),
"tls_reqcert": ldap_settings.get("ldap_tls_reqcert"),
"ldap_filter": ldap_settings.get("ldap_filter"),
"search_scope": ldap_settings.get("ldap_search_scope"),
"attr_login": ldap_settings.get("ldap_attr_login"),
"ldap_version": 3,
}
log.debug("Checking for ldap authentication")
try:
aldap = AuthLdap(**kwargs)
(user_dn, ldap_attrs) = aldap.authenticate_ldap(username, password)
log.debug("Got ldap DN response %s", user_dn)
get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings.get(k), [""])[0]
user_attrs = {
"name": safe_unicode(get_ldap_attr("ldap_attr_firstname")),
"lastname": safe_unicode(get_ldap_attr("ldap_attr_lastname")),
"email": get_ldap_attr("ldap_attr_email"),
}
if user_model.create_ldap(username, password, user_dn, user_attrs):
log.info("created new ldap user %s", username)
return True
except (LdapUsernameError, LdapPasswordError):
pass
except (Exception,):
log.error(traceback.format_exc())
pass
return False