You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by jo...@apache.org on 2014/03/20 19:46:44 UTC
[11/17] git commit: [#6701] Changed ApacheAccessHandler.py to use
Allura auth via requests
[#6701] Changed ApacheAccessHandler.py to use Allura auth via requests
Signed-off-by: Cory Johns <cj...@slashdotmedia.com>
Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/c7fe0470
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/c7fe0470
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/c7fe0470
Branch: refs/heads/cj/6701
Commit: c7fe0470fa0f7bf61c1e42de8702842aa2eb3bbc
Parents: 6cffed9
Author: Cory Johns <cj...@slashdotmedia.com>
Authored: Tue Mar 18 20:35:26 2014 +0000
Committer: Cory Johns <cj...@slashdotmedia.com>
Committed: Thu Mar 20 18:43:46 2014 +0000
----------------------------------------------------------------------
scripts/ApacheAccessHandler.py | 34 ++++++++--------------------------
1 file changed, 8 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/c7fe0470/scripts/ApacheAccessHandler.py
----------------------------------------------------------------------
diff --git a/scripts/ApacheAccessHandler.py b/scripts/ApacheAccessHandler.py
index 5f2ffce..19c5207 100644
--- a/scripts/ApacheAccessHandler.py
+++ b/scripts/ApacheAccessHandler.py
@@ -20,8 +20,8 @@ Here is a quick example for your apache settings (assuming ProxyPass)
AuthType Basic
AuthName "Git Access"
AuthBasicAuthoritative off
- PythonOption ALLURA_PERM_URL http://127.0.0.1:8080/auth/repo_permissions
- PythonOption ALLURA_LDAP_BASE ou=people,dc=opensourceprojects,dc=eu
+ PythonOption ALLURA_PERM_URL https://127.0.0.1/auth/repo_permissions
+ PythonOption ALLURA_AUTH_URL https://127.0.0.1/auth/do_login
</Location>
"""
@@ -29,35 +29,14 @@ Here is a quick example for your apache settings (assuming ProxyPass)
from mod_python import apache
import os
-# because urllib is not for humans
import requests
import json
-import ldap
def log(req, message):
req.log_error("Allura Access: %s" % message, apache.APLOG_WARNING)
-def ldap_auth(req, username, password):
- """
- Return True if the user was authenticated via LDAP
- """
-
- l = ldap.initialize('ldap://127.0.0.1')
- l.protocol_version = ldap.VERSION3
- ldap_user = "uid=%s,%s" % (username, req.get_options().get('ALLURA_LDAP_BASE', 'ou=people,dc=example,dc=com'))
-
- try:
- l.simple_bind_s(ldap_user, password)
- except ldap.LDAPError as e:
- log(req, "Unable to authenticate user, %s %s" % (ldap_user, e))
- return False
- log(req, "LDAP user authenticated %s" % ldap_user)
-
- return True
-
-
# This came straight from accessfs.py
def mangle(path):
'''Convert paths from the form /SCM/neighborhood/project/a/b/c to
@@ -99,14 +78,17 @@ def check_repo_path(req):
def check_authentication(req):
- log(req, "USER: "+req.user)
- return ldap_auth(req, req.user, req.get_basic_auth_pw())
+ auth_url = req.get_options().get('ALLURA_AUTH_URL', 'https://127.0.0.1/auth/do_login')
+ r = requests.post(auth_url, allow_redirects=False, params={
+ 'username': req.user,
+ 'password': req.get_basic_auth_pw()})
+ return r.status_code == 302
def check_permissions(req):
req_path = str(req.parsed_uri[apache.URI_PATH])
req_query = str(req.parsed_uri[apache.URI_QUERY])
- perm_url = req.get_options().get('ALLURA_PERM_URL', 'http://127.0.0.1:8080/auth/repo_permissions')
+ perm_url = req.get_options().get('ALLURA_PERM_URL', 'https://127.0.0.1/auth/repo_permissions')
r = requests.get(perm_url, params={'username': req.user, 'repo_path': mangle(req_path)})
if r.status_code != 200:
log(req, "repo_permissions return error (%d)" % r.status_code)