def get_ldap_settings(cls, cache=False):
ret = Session.query(cls)\
.filter(cls.app_settings_name.startswith('ldap_'))\
.all()
fd = {}
for row in ret:
fd.update({row.app_settings_name:row.app_settings_value})
fd.update({'ldap_active':str2bool(fd.get('ldap_active'))})
return fd
def __before__(self):
c.rhodecode_version = __version__
c.rhodecode_name = config.get('rhodecode_title')
c.use_gravatar = str2bool(config.get('use_gravatar'))
c.ga_code = config.get('rhodecode_ga_code')
c.repo_name = get_repo_slug(request)
c.backends = BACKENDS.keys()
self.cut_off_limit = int(config.get('cut_off_limit'))
self.sa = meta.Session()
self.scm_model = ScmModel(self.sa)
def __fixup(self, environ):
"""
Function to fixup the environ as needed. In order to use this
middleware you should set this header inside your
proxy ie. nginx, apache etc.
"""
proto = environ.get('HTTP_X_URL_SCHEME')
if str2bool(self.config.get('force_https')):
proto = 'https'
if proto == 'https':
environ['wsgi.url_scheme'] = proto
else:
environ['wsgi.url_scheme'] = 'http'
return None
def gravatar_url(email_address, size=30):
if (not str2bool(config['app_conf'].get('use_gravatar')) or
not email_address or email_address == '*****@*****.**'):
return url("/images/user%s.png" % size)
ssl_enabled = 'https' == request.environ.get('wsgi.url_scheme')
default = 'identicon'
baseurl_nossl = "http://www.gravatar.com/avatar/"
baseurl_ssl = "https://secure.gravatar.com/avatar/"
baseurl = baseurl_ssl if ssl_enabled else baseurl_nossl
if isinstance(email_address, unicode):
#hashlib crashes on unicode items
email_address = safe_str(email_address)
# construct the url
gravatar_url = baseurl + hashlib.md5(email_address.lower()).hexdigest() + "?"
gravatar_url += urllib.urlencode({'d':default, 's':str(size)})
return gravatar_url
def test_str2bool(self):
from rhodecode.lib import str2bool
test_cases = [
('t', True),
('true', True),
('y', True),
('yes', True),
('on', True),
('1', True),
('Y', True),
('yeS', True),
('Y', True),
('TRUE', True),
('T', True),
('False', False),
('F', False),
('FALSE', False),
('0', False),
('-1', False),
('', False), ]
for case in test_cases:
self.assertEqual(str2bool(case[0]), case[1])
from hashlib import md5
from decorator import decorator
from pylons import config
from vcs.utils.lazy import LazyProperty
from rhodecode.lib import str2bool
from rhodecode.lib.pidlock import DaemonLock, LockHeld
from celery.messaging import establish_connection
log = logging.getLogger(__name__)
try:
CELERY_ON = str2bool(config['app_conf'].get('use_celery'))
except KeyError:
CELERY_ON = False
class ResultWrapper(object):
def __init__(self, task):
self.task = task
@LazyProperty
def result(self):
return self.task
def run_task(task, *args, **kwargs):
if CELERY_ON:
def authenticate(username, password):
"""Authentication function used for access control,
firstly checks for db authentication then if ldap is enabled for ldap
authentication, also creates ldap user if not in database
:param username: username
:param password: password
"""
user_model = UserModel()
user = User.get_by_username(username)
log.debug('Authenticating user using RhodeCode account')
if user is not None and not user.ldap_dn:
if user.active:
if user.username == 'default' and user.active:
log.info('user %s authenticated correctly as anonymous user',
username)
return True
elif user.username == username and check_password(password,
user.password):
log.info('user %s authenticated correctly', username)
return True
else:
log.warning('user %s is disabled', username)
else:
log.debug('Regular authentication failed')
user_obj = User.get_by_username(username, case_insensitive=True)
if user_obj is not None and not user_obj.ldap_dn:
log.debug('this user already exists as non ldap')
return False
ldap_settings = RhodeCodeSettings.get_ldap_settings()
#======================================================================
# FALLBACK TO LDAP AUTH IF ENABLE
#======================================================================
if str2bool(ldap_settings.get('ldap_active')):
log.debug("Authenticating user using ldap")
kwargs = {
'server': ldap_settings.get('ldap_host', ''),
'base_dn': ldap_settings.get('ldap_base_dn', ''),
'port': ldap_settings.get('ldap_port'),
'bind_dn': ldap_settings.get('ldap_dn_user'),
'bind_pass': ldap_settings.get('ldap_dn_pass'),
'tls_kind': ldap_settings.get('ldap_tls_kind'),
'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),
'ldap_filter': ldap_settings.get('ldap_filter'),
'search_scope': ldap_settings.get('ldap_search_scope'),
'attr_login': ldap_settings.get('ldap_attr_login'),
'ldap_version': 3,
}
log.debug('Checking for ldap authentication')
try:
aldap = AuthLdap(**kwargs)
(user_dn, ldap_attrs) = aldap.authenticate_ldap(username,
password)
log.debug('Got ldap DN response %s', user_dn)
get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\
.get(k), [''])[0]
user_attrs = {
'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),
'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),
'email': get_ldap_attr('ldap_attr_email'),
}
if user_model.create_ldap(username, password, user_dn,
user_attrs):
log.info('created new ldap user %s', username)
return True
except (LdapUsernameError, LdapPasswordError,):
pass
except (Exception,):
log.error(traceback.format_exc())
pass
return False
def authenticate(username, password):
"""Authentication function used for access control,
firstly checks for db authentication then if ldap is enabled for ldap
authentication, also creates ldap user if not in database
:param username: username
:param password: password
"""
user_model = UserModel()
user = user_model.get_by_username(username, cache=False)
log.debug("Authenticating user using RhodeCode account")
if user is not None and not user.ldap_dn:
if user.active:
if user.username == "default" and user.active:
log.info("user %s authenticated correctly as anonymous user", username)
return True
elif user.username == username and check_password(password, user.password):
log.info("user %s authenticated correctly", username)
return True
else:
log.warning("user %s is disabled", username)
else:
log.debug("Regular authentication failed")
user_obj = user_model.get_by_username(username, cache=False, case_insensitive=True)
if user_obj is not None and not user_obj.ldap_dn:
log.debug("this user already exists as non ldap")
return False
ldap_settings = RhodeCodeSettings.get_ldap_settings()
# ======================================================================
# FALLBACK TO LDAP AUTH IF ENABLE
# ======================================================================
if str2bool(ldap_settings.get("ldap_active")):
log.debug("Authenticating user using ldap")
kwargs = {
"server": ldap_settings.get("ldap_host", ""),
"base_dn": ldap_settings.get("ldap_base_dn", ""),
"port": ldap_settings.get("ldap_port"),
"bind_dn": ldap_settings.get("ldap_dn_user"),
"bind_pass": ldap_settings.get("ldap_dn_pass"),
"tls_kind": ldap_settings.get("ldap_tls_kind"),
"tls_reqcert": ldap_settings.get("ldap_tls_reqcert"),
"ldap_filter": ldap_settings.get("ldap_filter"),
"search_scope": ldap_settings.get("ldap_search_scope"),
"attr_login": ldap_settings.get("ldap_attr_login"),
"ldap_version": 3,
}
log.debug("Checking for ldap authentication")
try:
aldap = AuthLdap(**kwargs)
(user_dn, ldap_attrs) = aldap.authenticate_ldap(username, password)
log.debug("Got ldap DN response %s", user_dn)
get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings.get(k), [""])[0]
user_attrs = {
"name": safe_unicode(get_ldap_attr("ldap_attr_firstname")),
"lastname": safe_unicode(get_ldap_attr("ldap_attr_lastname")),
"email": get_ldap_attr("ldap_attr_email"),
}
if user_model.create_ldap(username, password, user_dn, user_attrs):
log.info("created new ldap user %s", username)
return True
except (LdapUsernameError, LdapPasswordError):
pass
except (Exception,):
log.error(traceback.format_exc())
pass
return False
def app_settings_value(self):
v = self._app_settings_value
if v == 'ldap_active':
v = str2bool(v)
return v
