示例#1
0
def authenticate(username, password):
    """
    Authentication function used for access control,
    firstly checks for db authentication then if ldap is enabled for ldap
    authentication, also creates ldap user if not in database

    :param username: username
    :param password: password
    """

    user_model = UserModel()
    user = User.get_by_username(username)

    log.debug('Authenticating user using RhodeCode account')
    if user is not None and not user.ldap_dn:
        if user.active:
            if user.username == 'default' and user.active:
                log.info('user %s authenticated correctly as anonymous user' %
                         username)
                return True

            elif user.username == username and check_password(
                    password, user.password):
                log.info('user %s authenticated correctly' % username)
                return True
        else:
            log.warning('user %s tried auth but is disabled' % username)

    else:
        log.debug('Regular authentication failed')
        user_obj = User.get_by_username(username, case_insensitive=True)

        if user_obj is not None and not user_obj.ldap_dn:
            log.debug('this user already exists as non ldap')
            return False

        ldap_settings = RhodeCodeSetting.get_ldap_settings()
        #======================================================================
        # FALLBACK TO LDAP AUTH IF ENABLE
        #======================================================================
        if str2bool(ldap_settings.get('ldap_active')):
            log.debug("Authenticating user using ldap")
            kwargs = {
                'server': ldap_settings.get('ldap_host', ''),
                'base_dn': ldap_settings.get('ldap_base_dn', ''),
                'port': ldap_settings.get('ldap_port'),
                'bind_dn': ldap_settings.get('ldap_dn_user'),
                'bind_pass': ldap_settings.get('ldap_dn_pass'),
                'tls_kind': ldap_settings.get('ldap_tls_kind'),
                'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),
                'ldap_filter': ldap_settings.get('ldap_filter'),
                'search_scope': ldap_settings.get('ldap_search_scope'),
                'attr_login': ldap_settings.get('ldap_attr_login'),
                'ldap_version': 3,
            }
            log.debug('Checking for ldap authentication')
            try:
                aldap = AuthLdap(**kwargs)
                (user_dn,
                 ldap_attrs) = aldap.authenticate_ldap(username, password)
                log.debug('Got ldap DN response %s' % user_dn)

                get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\
                                                           .get(k), [''])[0]

                user_attrs = {
                 'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),
                 'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),
                 'email': get_ldap_attr('ldap_attr_email'),
                 'active': 'hg.extern_activate.auto' in User.get_default_user()\
                                                .AuthUser.permissions['global']
                }

                # don't store LDAP password since we don't need it. Override
                # with some random generated password
                _password = PasswordGenerator().gen_password(length=8)
                # create this user on the fly if it doesn't exist in rhodecode
                # database
                if user_model.create_ldap(username, _password, user_dn,
                                          user_attrs):
                    log.info('created new ldap user %s' % username)

                Session().commit()
                return True
            except (LdapUsernameError, LdapPasswordError, LdapImportError):
                pass
            except (Exception, ):
                log.error(traceback.format_exc())
                pass
    return False
示例#2
0
def authenticate(username, password):
    """
    Authentication function used for access control,
    firstly checks for db authentication then if ldap is enabled for ldap
    authentication, also creates ldap user if not in database

    :param username: username
    :param password: password
    """

    user_model = UserModel()
    user = User.get_by_username(username)

    log.debug('Authenticating user using RhodeCode account')
    if user is not None and not user.ldap_dn:
        if user.active:
            if user.username == 'default' and user.active:
                log.info('user %s authenticated correctly as anonymous user' %
                         username)
                return True

            elif user.username == username and check_password(password,
                                                              user.password):
                log.info('user %s authenticated correctly' % username)
                return True
        else:
            log.warning('user %s tried auth but is disabled' % username)

    else:
        log.debug('Regular authentication failed')
        user_obj = User.get_by_username(username, case_insensitive=True)

        if user_obj is not None and not user_obj.ldap_dn:
            log.debug('this user already exists as non ldap')
            return False

        ldap_settings = RhodeCodeSetting.get_ldap_settings()
        #======================================================================
        # FALLBACK TO LDAP AUTH IF ENABLE
        #======================================================================
        if str2bool(ldap_settings.get('ldap_active')):
            log.debug("Authenticating user using ldap")
            kwargs = {
                  'server': ldap_settings.get('ldap_host', ''),
                  'base_dn': ldap_settings.get('ldap_base_dn', ''),
                  'port': ldap_settings.get('ldap_port'),
                  'bind_dn': ldap_settings.get('ldap_dn_user'),
                  'bind_pass': ldap_settings.get('ldap_dn_pass'),
                  'tls_kind': ldap_settings.get('ldap_tls_kind'),
                  'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),
                  'ldap_filter': ldap_settings.get('ldap_filter'),
                  'search_scope': ldap_settings.get('ldap_search_scope'),
                  'attr_login': ldap_settings.get('ldap_attr_login'),
                  'ldap_version': 3,
                  }
            log.debug('Checking for ldap authentication')
            try:
                aldap = AuthLdap(**kwargs)
                (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,
                                                                password)
                log.debug('Got ldap DN response %s' % user_dn)

                get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\
                                                           .get(k), [''])[0]

                user_attrs = {
                 'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),
                 'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),
                 'email': get_ldap_attr('ldap_attr_email'),
                 'active': 'hg.extern_activate.auto' in User.get_default_user()\
                                                .AuthUser.permissions['global']
                }

                # don't store LDAP password since we don't need it. Override
                # with some random generated password
                _password = PasswordGenerator().gen_password(length=8)
                # create this user on the fly if it doesn't exist in rhodecode
                # database
                if user_model.create_ldap(username, _password, user_dn,
                                          user_attrs):
                    log.info('created new ldap user %s' % username)

                Session().commit()
                return True
            except (LdapUsernameError, LdapPasswordError, LdapImportError):
                pass
            except (Exception,):
                log.error(traceback.format_exc())
                pass
    return False
示例#3
0
文件: auth.py 项目: lmamsen/rhodecode
def authenticate(username, password):
    """Authentication function used for access control,
    firstly checks for db authentication then if ldap is enabled for ldap
    authentication, also creates ldap user if not in database

    :param username: username
    :param password: password
    """

    user_model = UserModel()
    user = User.get_by_username(username)

    log.debug('Authenticating user using RhodeCode account')
    if user is not None and not user.ldap_dn:
        if user.active:
            if user.username == 'default' and user.active:
                log.info('user %s authenticated correctly as anonymous user',
                         username)
                return True

            elif user.username == username and check_password(password,
                                                              user.password):
                log.info('user %s authenticated correctly', username)
                return True
        else:
            log.warning('user %s is disabled', username)

    else:
        log.debug('Regular authentication failed')
        user_obj = User.get_by_username(username, case_insensitive=True)

        if user_obj is not None and not user_obj.ldap_dn:
            log.debug('this user already exists as non ldap')
            return False

        ldap_settings = RhodeCodeSettings.get_ldap_settings()
        #======================================================================
        # FALLBACK TO LDAP AUTH IF ENABLE
        #======================================================================
        if str2bool(ldap_settings.get('ldap_active')):
            log.debug("Authenticating user using ldap")
            kwargs = {
                  'server': ldap_settings.get('ldap_host', ''),
                  'base_dn': ldap_settings.get('ldap_base_dn', ''),
                  'port': ldap_settings.get('ldap_port'),
                  'bind_dn': ldap_settings.get('ldap_dn_user'),
                  'bind_pass': ldap_settings.get('ldap_dn_pass'),
                  'tls_kind': ldap_settings.get('ldap_tls_kind'),
                  'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),
                  'ldap_filter': ldap_settings.get('ldap_filter'),
                  'search_scope': ldap_settings.get('ldap_search_scope'),
                  'attr_login': ldap_settings.get('ldap_attr_login'),
                  'ldap_version': 3,
                  }
            log.debug('Checking for ldap authentication')
            try:
                aldap = AuthLdap(**kwargs)
                (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,
                                                                password)
                log.debug('Got ldap DN response %s', user_dn)

                get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\
                                                           .get(k), [''])[0]

                user_attrs = {
                 'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),
                 'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),
                 'email': get_ldap_attr('ldap_attr_email'),
                }

                if user_model.create_ldap(username, password, user_dn,
                                          user_attrs):
                    log.info('created new ldap user %s', username)

                return True
            except (LdapUsernameError, LdapPasswordError,):
                pass
            except (Exception,):
                log.error(traceback.format_exc())
                pass
    return False
示例#4
0
def authenticate(username, password):
    """Authentication function used for access control,
    firstly checks for db authentication then if ldap is enabled for ldap
    authentication, also creates ldap user if not in database

    :param username: username
    :param password: password
    """

    user_model = UserModel()
    user = user_model.get_by_username(username, cache=False)

    log.debug("Authenticating user using RhodeCode account")
    if user is not None and not user.ldap_dn:
        if user.active:
            if user.username == "default" and user.active:
                log.info("user %s authenticated correctly as anonymous user", username)
                return True

            elif user.username == username and check_password(password, user.password):
                log.info("user %s authenticated correctly", username)
                return True
        else:
            log.warning("user %s is disabled", username)

    else:
        log.debug("Regular authentication failed")
        user_obj = user_model.get_by_username(username, cache=False, case_insensitive=True)

        if user_obj is not None and not user_obj.ldap_dn:
            log.debug("this user already exists as non ldap")
            return False

        ldap_settings = RhodeCodeSettings.get_ldap_settings()
        # ======================================================================
        # FALLBACK TO LDAP AUTH IF ENABLE
        # ======================================================================
        if str2bool(ldap_settings.get("ldap_active")):
            log.debug("Authenticating user using ldap")
            kwargs = {
                "server": ldap_settings.get("ldap_host", ""),
                "base_dn": ldap_settings.get("ldap_base_dn", ""),
                "port": ldap_settings.get("ldap_port"),
                "bind_dn": ldap_settings.get("ldap_dn_user"),
                "bind_pass": ldap_settings.get("ldap_dn_pass"),
                "tls_kind": ldap_settings.get("ldap_tls_kind"),
                "tls_reqcert": ldap_settings.get("ldap_tls_reqcert"),
                "ldap_filter": ldap_settings.get("ldap_filter"),
                "search_scope": ldap_settings.get("ldap_search_scope"),
                "attr_login": ldap_settings.get("ldap_attr_login"),
                "ldap_version": 3,
            }
            log.debug("Checking for ldap authentication")
            try:
                aldap = AuthLdap(**kwargs)
                (user_dn, ldap_attrs) = aldap.authenticate_ldap(username, password)
                log.debug("Got ldap DN response %s", user_dn)

                get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings.get(k), [""])[0]

                user_attrs = {
                    "name": safe_unicode(get_ldap_attr("ldap_attr_firstname")),
                    "lastname": safe_unicode(get_ldap_attr("ldap_attr_lastname")),
                    "email": get_ldap_attr("ldap_attr_email"),
                }

                if user_model.create_ldap(username, password, user_dn, user_attrs):
                    log.info("created new ldap user %s", username)

                return True
            except (LdapUsernameError, LdapPasswordError):
                pass
            except (Exception,):
                log.error(traceback.format_exc())
                pass
    return False