@@ -105,62 +105,58 @@ class LoginController(BaseController):
(parsed.scheme, parsed))
c.came_from = url('home')
elif server_parsed.netloc != parsed.netloc:
log.error('Suspicious NETLOC detected %s for url %s'
'server url is: %s' %
(parsed.netloc, parsed, server_parsed))
raise HTTPFound(location=c.came_from, headers=headers)
else:
raise HTTPFound(location=url('home'), headers=headers)
except formencode.Invalid, errors:
return htmlfill.render(
render('/login.html'),
defaults=errors.value,
errors=errors.error_dict or {},
prefix_error=False,
encoding="UTF-8")
return render('/login.html')
@HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate',
'hg.register.manual_activate')
def register(self):
c.auto_active = False
for perm in User.get_by_username('default').user_perms:
if perm.permission.permission_name == 'hg.register.auto_activate':
c.auto_active = True
break
c.auto_active = 'hg.register.auto_activate' in User.get_by_username('default')\
.AuthUser.permissions['global']
if request.POST:
register_form = RegisterForm()()
try:
form_result = register_form.to_python(dict(request.POST))
form_result['active'] = c.auto_active
UserModel().create_registration(form_result)
h.flash(_('You have successfully registered into rhodecode'),
h.flash(_('You have successfully registered into RhodeCode'),
category='success')
Session().commit()
return redirect(url('login_home'))
render('/register.html'),
return render('/register.html')
def password_reset(self):
password_reset_form = PasswordResetForm()()
form_result = password_reset_form.to_python(dict(request.POST))
UserModel().reset_password_link(form_result)
h.flash(_('Your password reset link was sent'),
@@ -205,76 +205,80 @@ def authenticate(username, password):
'port': ldap_settings.get('ldap_port'),
'bind_dn': ldap_settings.get('ldap_dn_user'),
'bind_pass': ldap_settings.get('ldap_dn_pass'),
'tls_kind': ldap_settings.get('ldap_tls_kind'),
'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),
'ldap_filter': ldap_settings.get('ldap_filter'),
'search_scope': ldap_settings.get('ldap_search_scope'),
'attr_login': ldap_settings.get('ldap_attr_login'),
'ldap_version': 3,
}
log.debug('Checking for ldap authentication')
aldap = AuthLdap(**kwargs)
(user_dn, ldap_attrs) = aldap.authenticate_ldap(username,
password)
log.debug('Got ldap DN response %s' % user_dn)
get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\
.get(k), [''])[0]
user_attrs = {
'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),
'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),
'email': get_ldap_attr('ldap_attr_email'),
'active': 'hg.register.auto_activate' in User\
.get_by_username('default').AuthUser.permissions['global']
# don't store LDAP password since we don't need it. Override
# with some random generated password
_password = PasswordGenerator().gen_password(length=8)
# create this user on the fly if it doesn't exist in rhodecode
# database
if user_model.create_ldap(username, _password, user_dn,
user_attrs):
log.info('created new ldap user %s' % username)
return True
except (LdapUsernameError, LdapPasswordError,):
pass
except (Exception,):
log.error(traceback.format_exc())
return False
def login_container_auth(username):
user = User.get_by_username(username)
if user is None:
'name': username,
'lastname': None,
'email': None,
user = UserModel().create_for_container_auth(username, user_attrs)
if not user:
return None
log.info('User %s was created by container authentication' % username)
if not user.active:
user.update_lastlogin()
log.debug('User %s is now logged in by container authentication',
user.username)
return user
def get_container_username(environ, config, clean_username=False):
"""
Get's the container_auth username (or email). It tries to get username
from REMOTE_USER if container_auth_enabled is enabled, if that fails
it tries to get username from HTTP_X_FORWARDED_USER if proxypass_auth_enabled
is enabled. clean_username extracts the username from this data if it's
having @ in it.
@@ -378,48 +378,57 @@ class User(Base, BaseModel):
def username_and_name(self):
return '%s (%s %s)' % (self.username, self.firstname, self.lastname)
@property
def full_name(self):
return '%s %s' % (self.firstname, self.lastname)
def full_name_or_username(self):
return ('%s %s' % (self.firstname, self.lastname)
if (self.firstname and self.lastname) else self.username)
def full_contact(self):
return '%s %s <%s>' % (self.firstname, self.lastname, self.email)
def short_contact(self):
def is_admin(self):
return self.admin
def AuthUser(self):
Returns instance of AuthUser for this user
from rhodecode.lib.auth import AuthUser
return AuthUser(user_id=self.user_id, api_key=self.api_key,
username=self.username)
def __unicode__(self):
return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
self.user_id, self.username)
@classmethod
def get_by_username(cls, username, case_insensitive=False, cache=False):
if case_insensitive:
q = cls.query().filter(cls.username.ilike(username))
q = cls.query().filter(cls.username == username)
if cache:
q = q.options(FromCache(
"sql_cache_short",
"get_user_%s" % _hash_key(username)
)
return q.scalar()
def get_by_api_key(cls, api_key, cache=False):
q = cls.query().filter(cls.api_key == api_key)
Status change: