You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2014/06/19 17:53:13 UTC

[5/9] git commit: [#7406] factor out some ldap helper functions

[#7406] factor out some ldap helper functions


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/30b43bbd
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/30b43bbd
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/30b43bbd

Branch: refs/heads/master
Commit: 30b43bbd7046f35105a0c076c28fd841ed5c57c0
Parents: ae304f0
Author: Dave Brondsema <db...@slashdotmedia.com>
Authored: Thu Jun 12 14:09:55 2014 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Thu Jun 19 15:52:50 2014 +0000

----------------------------------------------------------------------
 Allura/allura/lib/plugin.py | 43 ++++++++++++++++++++++------------------
 1 file changed, 24 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/30b43bbd/Allura/allura/lib/plugin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index a1cc7e8..396da93 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -305,6 +305,24 @@ class LocalAuthenticationProvider(AuthenticationProvider):
         return datetime.utcnow()
 
 
+def ldap_conn(who=None, cred=None):
+    '''
+    Init & bind a connection with the given creds, or the admin creds if not
+    specified. Remember to unbind the connection when done.
+    '''
+    con = ldap.initialize(config['auth.ldap.server'])
+    con.bind_s(who or config['auth.ldap.admin_dn'],
+               cred or config['auth.ldap.admin_password'])
+    return con
+
+
+def ldap_user_dn(username):
+    'return a Distinguished Name for a given username'
+    return 'uid=%s,%s' % (
+        ldap.dn.escape_dn_chars(username),
+        config['auth.ldap.suffix'])
+
+
 class LdapAuthenticationProvider(AuthenticationProvider):
 
     forgotten_password_process = True
@@ -321,14 +339,9 @@ class LdapAuthenticationProvider(AuthenticationProvider):
                 return result
 
         # full registration into LDAP
-        dn_u = 'uid=%s,%s' % (
-            ldap.dn.escape_dn_chars(user_doc['username']),
-            config['auth.ldap.suffix'])
         uid = str(M.AuthGlobals.get_next_uid())
         try:
-            con = ldap.initialize(config['auth.ldap.server'])
-            con.bind_s(config['auth.ldap.admin_dn'],
-                       config['auth.ldap.admin_password'])
+            con = ldap_conn()
             uname = user_doc['username'].encode('utf-8')
             display_name = user_doc['display_name'].encode('utf-8')
             ldif_u = modlist.addModlist(dict(
@@ -343,7 +356,7 @@ class LdapAuthenticationProvider(AuthenticationProvider):
                 gecos=uname,
                 description='SCM user account'))
             try:
-                con.add_s(dn_u, ldif_u)
+                con.add_s(ldap_user_dn(user_doc['username']), ldif_u)
             except ldap.ALREADY_EXISTS:
                 log.exception('Trying to create existing user %s', uname)
                 raise
@@ -398,18 +411,14 @@ class LdapAuthenticationProvider(AuthenticationProvider):
         return M.User.query.get(username=username, disabled=False)
 
     def set_password(self, user, old_password, new_password):
-        dn = 'uid=%s,%s' % (
-                ldap.dn.escape_dn_chars(user.username),
-                config['auth.ldap.suffix'])
+        dn = ldap_user_dn(user.username)
         if old_password:
             ldap_ident = dn
             ldap_pass = old_password.encode('utf-8')
         else:
-            ldap_ident = config['auth.ldap.admin_dn']
-            ldap_pass = config['auth.ldap.admin_password']
+            ldap_ident = ldap_pass = None
         try:
-            con = ldap.initialize(config['auth.ldap.server'])
-            con.bind_s(ldap_ident, ldap_pass)
+            con = ldap_conn(ldap_ident, ldap_pass)
             new_password = self._encode_password(new_password)
             con.modify_s(
                 dn, [(ldap.MOD_REPLACE, 'userPassword', new_password)])
@@ -444,11 +453,7 @@ class LdapAuthenticationProvider(AuthenticationProvider):
     def _validate_password(self, username, password):
         '''by username'''
         try:
-            dn = 'uid=%s,%s' % (
-                ldap.dn.escape_dn_chars(username),
-                config['auth.ldap.suffix'])
-            con = ldap.initialize(config['auth.ldap.server'])
-            con.bind_s(dn, password)
+            con = ldap_conn(ldap_user_dn(username), password)
             con.unbind_s()
             return True
         except (ldap.INVALID_CREDENTIALS, ldap.UNWILLING_TO_PERFORM, ldap.NO_SUCH_OBJECT):