def _create_user(self, username):
"""
Create new user using data available in LDAP service
This method is used in two cases:
- when the user is authenticated for the first time (by self.authenticate)
- when the user, which doesn't yet exist in the local DB, is added to project group
(by self.store_user_if_necessary)
:param str username: Name of the user in LDAP
:returns: username on success, otherwise None
"""
users = get_userstore()
ldap_store = get_authstore()
# If user does not exists in LDAP, do not continue
if not ldap_store.userExists(username):
conf.log.debug('Cannot find user %s from LDAP' % username)
return None
# Create user using LDAP store
user = ldap_store.getUser(username)
user.authentication_key = self.ldap_authentication_key
user.organization_keys = self.org_store.get_organization_keys(user, self.LDAP) or None
# Store user in user store
conf.log.info('Created new user from LDAP: %s' % user.username)
users.storeUser(user)
users.invalidate_user_password(user)
return user.username
def _create_user(self, username):
"""
Create new user using data available in LDAP service
This method is used in two cases:
- when the user is authenticated for the first time (by self.authenticate)
- when the user, which doesn't yet exist in the local DB, is added to project group
(by self.store_user_if_necessary)
:param str username: Name of the user in LDAP
:returns: username on success, otherwise None
"""
users = get_userstore()
ldap_store = get_authstore()
# If user does not exists in LDAP, do not continue
if not ldap_store.userExists(username):
conf.log.debug('Cannot find user %s from LDAP' % username)
return None
# Create user using LDAP store
user = ldap_store.getUser(username)
user.authentication_key = self.ldap_authentication_key
user.organization_keys = self.org_store.get_organization_keys(
user, self.LDAP) or None
# Store user in user store
conf.log.info('Created new user from LDAP: %s' % user.username)
users.storeUser(user)
users.invalidate_user_password(user)
return user.username
def authenticate(self, username, password):
"""
Authenticates user against the LDAP server
:param str username: Name of the user
:param str password: Password of the user
:returns:
- SUCCESS: Name of the user
- FAILURE: None
"""
# NOTE: get_authstore returns the LDAP authentication store
conf.log.debug('Trying LDAP authentication for %s' % username)
ldap_store = get_authstore()
orig_username = username
trac_user = self._get_trac_user(username)
trac_user_used_instead = False
if trac_user and trac_user.username != orig_username:
username = trac_user.username
trac_user_used_instead = True
if not ldap_store.userExists(username, password):
if trac_user_used_instead:
# trac_user and trac_user.username != orig_username
username = orig_username
if ldap_store.userExists(username):
# Should not happen, since LDAP userExists is case-insensitive
conf.log.warning(
"Case-sensitiveness mismatch in LDAP search: "
"DB username '%s', LDAP username '%s'" %
(trac_user.username, username))
conf.log.debug(
'Failed to authenticate or find the user %s from LDAP' %
username)
return None
ldap_store.reset_cache(username)
# Existing user: check authentication_key
if trac_user:
if self.ldap_authentication_key != trac_user.authentication_key:
# The user is authenticated by other authentication
return None
else:
# there is always ldap_user, since it exists, unless it is removed at the same time
# Thus, this will almost always success
username = self._create_user(username)
conf.log.info('Authenticated successfully against the LDAP: %s' %
username)
return username
def authenticate(self, username, password):
"""
Authenticates user against the LDAP server
:param str username: Name of the user
:param str password: Password of the user
:returns:
- SUCCESS: Name of the user
- FAILURE: None
"""
# NOTE: get_authstore returns the LDAP authentication store
conf.log.debug('Trying LDAP authentication for %s' % username)
ldap_store = get_authstore()
orig_username = username
trac_user = self._get_trac_user(username)
trac_user_used_instead = False
if trac_user and trac_user.username != orig_username:
username = trac_user.username
trac_user_used_instead = True
if not ldap_store.userExists(username, password):
if trac_user_used_instead:
# trac_user and trac_user.username != orig_username
username = orig_username
if ldap_store.userExists(username):
# Should not happen, since LDAP userExists is case-insensitive
conf.log.warning("Case-sensitiveness mismatch in LDAP search: "
"DB username '%s', LDAP username '%s'" % (trac_user.username, username))
conf.log.debug('Failed to authenticate or find the user %s from LDAP' % username)
return None
ldap_store.reset_cache(username)
# Existing user: check authentication_key
if trac_user:
if self.ldap_authentication_key != trac_user.authentication_key:
# The user is authenticated by other authentication
return None
else:
# there is always ldap_user, since it exists, unless it is removed at the same time
# Thus, this will almost always success
username = self._create_user(username)
conf.log.info('Authenticated successfully against the LDAP: %s' % username)
return username
