@@ -27,12 +27,13 @@ from formencode import htmlfill
from pylons import request, session, tmpl_context as c, url
from pylons.controllers.util import abort, redirect
from pylons.i18n.translation import _
from rhodecode.lib.exceptions import *
from rhodecode.lib import helpers as h
from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator
from rhodecode.lib.base import BaseController, render
from rhodecode.model.db import User, UserLog
from rhodecode.model.db import User
from rhodecode.model.forms import UserForm
from rhodecode.model.user import UserModel, DefaultUserException
from rhodecode.model.user import UserModel
import formencode
import logging
import traceback
@@ -135,7 +136,7 @@ class UsersController(BaseController):
try:
user_model.delete(id)
h.flash(_('sucessfully deleted user'), category='success')
except DefaultUserException, e:
except (UserOwnsReposException, DefaultUserException), e:
h.flash(str(e), category='warning')
except Exception:
h.flash(_('An error occured during deletion of user'),
@@ -24,8 +24,9 @@ Created on April 4, 2010
"""
from pylons import config, session, url, request
from rhodecode.lib.utils import get_repo_slug
from rhodecode.lib.auth_ldap import AuthLdap, UsernameError, PasswordError
from rhodecode.lib.auth_ldap import AuthLdap
from rhodecode.model import meta
from rhodecode.model.caching_query import FromCache
@@ -129,7 +130,7 @@ def authfunc(environ, username, password
log.info('created new ldap user')
return authenticated
except (UsernameError, PasswordError):
except (LdapUsernameError, LdapPasswordError):
return False
except:
log.error(traceback.format_exc())
#==============================================================================
# LDAP
#Name = Just a description for the auth modes page
#Host = DepartmentName.OrganizationName.local/ IP
#Port = 389 default for ldap
#LDAPS = no set True if You need to use ldaps
#Account = DepartmentName\UserName (or UserName@MyDomain depending on AD server)
#Password = <password>
#Base DN = DC=DepartmentName,DC=OrganizationName,DC=local
#!/usr/bin/env python
# encoding: utf-8
# ldap authentication lib
# Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; version 2
# of the License or (at your opinion) any later version of the license.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
# MA 02110-1301, USA.
Created on Nov 17, 2010
@author: marcink
from rhodecode.lib.exceptions import LdapImportError, UsernameError, \
PasswordError, ConnectionError
log = logging.getLogger(__name__)
@@ -61,7 +73,7 @@ class AuthLdap(object):
dn = self.AUTH_DN % (uid, self.BASE_DN)
log.debug("Authenticating %r at %s", dn, self.LDAP_SERVER)
if "," in username:
raise UsernameError("invalid character in username: ,")
raise LdapUsernameError("invalid character in username: ,")
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/etc/openldap/cacerts')
ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 10)
@@ -82,12 +94,12 @@ class AuthLdap(object):
raise ldap.NO_SUCH_OBJECT()
except ldap.NO_SUCH_OBJECT, e:
log.debug("LDAP says no such user '%s' (%s)", uid, username)
raise UsernameError()
raise LdapUsernameError()
except ldap.INVALID_CREDENTIALS, e:
log.debug("LDAP rejected password for user '%s' (%s)", uid, username)
raise PasswordError()
raise LdapPasswordError()
except ldap.SERVER_DOWN, e:
raise ConnectionError("LDAP can't access authentication server")
raise LdapConnectionError("LDAP can't access authentication server")
return properties[0]
@@ -23,7 +23,10 @@ Custom Exceptions modules
class UsernameError(Exception):pass
class PasswordError(Exception):pass
class ConnectionError(Exception):pass
class LdapUsernameError(Exception):pass
class LdapPasswordError(Exception):pass
class LdapConnectionError(Exception):pass
class LdapImportError(Exception):pass
class DefaultUserException(Exception):pass
class UserOwnsReposException(Exception):pass
@@ -48,6 +48,8 @@ class User(Base):
user_log = relation('UserLog', cascade='all')
user_perms = relation('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')
repositories = relation('Repository')
@LazyProperty
def full_contact(self):
return '%s %s <%s>' % (self.name, self.lastname, self.email)
@@ -27,12 +27,13 @@ from pylons.i18n.translation import _
from rhodecode.model.meta import Session
class UserModel(object):
@@ -128,6 +129,7 @@ class UserModel(object):
raise DefaultUserException(
_("You can't Edit this user since it's"
" crucial for entire application"))
for k, v in form_data.items():
if k == 'new_password' and v != '':
new_user.password = v
@@ -169,6 +171,12 @@ class UserModel(object):
_("You can't remove this user since it's"
if user.repositories:
raise UserOwnsReposException(_('This user still owns %s '
'repositories and cannot be '
'removed. Switch owners or '
'remove those repositories') \
% user.repositories)
self.sa.delete(user)
self.sa.commit()
Status change: