def test_ldap_save_settings(self): self.log_user() test_url = url(controller='admin/ldap_settings', action='ldap_settings') response = self.app.post(url=test_url, params={'ldap_host' : u'dc.example.com', 'ldap_port' : '999', 'ldap_tls_kind' : 'PLAIN', 'ldap_tls_reqcert' : 'NEVER', 'ldap_dn_user':'******', 'ldap_dn_pass':'******', 'ldap_base_dn':'test_base_dn', 'ldap_filter':'test_filter', 'ldap_search_scope':'BASE', 'ldap_attr_login':'******', 'ldap_attr_firstname':'ima', 'ldap_attr_lastname':'tester', 'ldap_attr_email':'*****@*****.**' }) new_settings = RhodeCodeSettings.get_ldap_settings() self.assertEqual(new_settings['ldap_host'], u'dc.example.com', 'fail db write compare') self.checkSessionFlash(response, 'Ldap settings updated successfully')
def index(self): defaults = RhodeCodeSettings.get_ldap_settings() c.search_scope_cur = defaults.get('ldap_search_scope') c.tls_reqcert_cur = defaults.get('ldap_tls_reqcert') c.tls_kind_cur = defaults.get('ldap_tls_kind') return htmlfill.render( render('admin/ldap/ldap.html'), defaults=defaults, encoding="UTF-8", force_defaults=True,)
def authenticate(username, password): """Authentication function used for access control, firstly checks for db authentication then if ldap is enabled for ldap authentication, also creates ldap user if not in database :param username: username :param password: password """ user_model = UserModel() user = User.get_by_username(username) log.debug('Authenticating user using RhodeCode account') if user is not None and not user.ldap_dn: if user.active: if user.username == 'default' and user.active: log.info('user %s authenticated correctly as anonymous user', username) return True elif user.username == username and check_password(password, user.password): log.info('user %s authenticated correctly', username) return True else: log.warning('user %s is disabled', username) else: log.debug('Regular authentication failed') user_obj = User.get_by_username(username, case_insensitive=True) if user_obj is not None and not user_obj.ldap_dn: log.debug('this user already exists as non ldap') return False ldap_settings = RhodeCodeSettings.get_ldap_settings() #====================================================================== # FALLBACK TO LDAP AUTH IF ENABLE #====================================================================== if str2bool(ldap_settings.get('ldap_active')): log.debug("Authenticating user using ldap") kwargs = { 'server': ldap_settings.get('ldap_host', ''), 'base_dn': ldap_settings.get('ldap_base_dn', ''), 'port': ldap_settings.get('ldap_port'), 'bind_dn': ldap_settings.get('ldap_dn_user'), 'bind_pass': ldap_settings.get('ldap_dn_pass'), 'tls_kind': ldap_settings.get('ldap_tls_kind'), 'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'), 'ldap_filter': ldap_settings.get('ldap_filter'), 'search_scope': ldap_settings.get('ldap_search_scope'), 'attr_login': ldap_settings.get('ldap_attr_login'), 'ldap_version': 3, } log.debug('Checking for ldap authentication') try: aldap = AuthLdap(**kwargs) (user_dn, ldap_attrs) = aldap.authenticate_ldap(username, password) log.debug('Got ldap DN response %s', user_dn) get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\ .get(k), [''])[0] user_attrs = { 'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')), 'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')), 'email': get_ldap_attr('ldap_attr_email'), } if user_model.create_ldap(username, password, user_dn, user_attrs): log.info('created new ldap user %s', username) return True except (LdapUsernameError, LdapPasswordError,): pass except (Exception,): log.error(traceback.format_exc()) pass return False
def authenticate(username, password): """Authentication function used for access control, firstly checks for db authentication then if ldap is enabled for ldap authentication, also creates ldap user if not in database :param username: username :param password: password """ user_model = UserModel() user = user_model.get_by_username(username, cache=False) log.debug("Authenticating user using RhodeCode account") if user is not None and not user.ldap_dn: if user.active: if user.username == "default" and user.active: log.info("user %s authenticated correctly as anonymous user", username) return True elif user.username == username and check_password(password, user.password): log.info("user %s authenticated correctly", username) return True else: log.warning("user %s is disabled", username) else: log.debug("Regular authentication failed") user_obj = user_model.get_by_username(username, cache=False, case_insensitive=True) if user_obj is not None and not user_obj.ldap_dn: log.debug("this user already exists as non ldap") return False ldap_settings = RhodeCodeSettings.get_ldap_settings() # ====================================================================== # FALLBACK TO LDAP AUTH IF ENABLE # ====================================================================== if str2bool(ldap_settings.get("ldap_active")): log.debug("Authenticating user using ldap") kwargs = { "server": ldap_settings.get("ldap_host", ""), "base_dn": ldap_settings.get("ldap_base_dn", ""), "port": ldap_settings.get("ldap_port"), "bind_dn": ldap_settings.get("ldap_dn_user"), "bind_pass": ldap_settings.get("ldap_dn_pass"), "tls_kind": ldap_settings.get("ldap_tls_kind"), "tls_reqcert": ldap_settings.get("ldap_tls_reqcert"), "ldap_filter": ldap_settings.get("ldap_filter"), "search_scope": ldap_settings.get("ldap_search_scope"), "attr_login": ldap_settings.get("ldap_attr_login"), "ldap_version": 3, } log.debug("Checking for ldap authentication") try: aldap = AuthLdap(**kwargs) (user_dn, ldap_attrs) = aldap.authenticate_ldap(username, password) log.debug("Got ldap DN response %s", user_dn) get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings.get(k), [""])[0] user_attrs = { "name": safe_unicode(get_ldap_attr("ldap_attr_firstname")), "lastname": safe_unicode(get_ldap_attr("ldap_attr_lastname")), "email": get_ldap_attr("ldap_attr_email"), } if user_model.create_ldap(username, password, user_dn, user_attrs): log.info("created new ldap user %s", username) return True except (LdapUsernameError, LdapPasswordError): pass except (Exception,): log.error(traceback.format_exc()) pass return False