You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2014/05/28 00:00:04 UTC
[7/8] git commit: [#7372] implement validate_password for LDAP auth
provider
[#7372] implement validate_password for LDAP auth provider
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/30458109
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/30458109
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/30458109
Branch: refs/heads/master
Commit: 30458109b408d0af670c4560db6d3009492b4281
Parents: e439871
Author: Dave Brondsema <db...@slashdotmedia.com>
Authored: Tue May 27 21:44:12 2014 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Tue May 27 21:51:48 2014 +0000
----------------------------------------------------------------------
Allura/allura/lib/plugin.py | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/30458109/Allura/allura/lib/plugin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index e1a14bd..2d3039c 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -417,17 +417,22 @@ class LdapAuthenticationProvider(AuthenticationProvider):
if user is None:
log.debug('LdapAuth: no active user {} found in local mongo, not checking LDAP'.format(self.request.params['username']))
raise exc.HTTPUnauthorized()
+ if not self.validate_password(user, self.request.params['password']):
+ raise exc.HTTPUnauthorized()
+ return user
+
+ def validate_password(self, user, password):
try:
dn = 'uid=%s,%s' % (
- ldap.dn.escape_dn_chars(user.username),
- config['auth.ldap.suffix'])
+ ldap.dn.escape_dn_chars(user.username),
+ config['auth.ldap.suffix'])
con = ldap.initialize(config['auth.ldap.server'])
- con.bind_s(dn, self.request.params['password'])
+ con.bind_s(dn, password)
con.unbind_s()
+ return True
except (ldap.INVALID_CREDENTIALS, ldap.UNWILLING_TO_PERFORM):
log.debug('LdapAuth: could not authenticate {}'.format(user.username), exc_info=True)
- raise exc.HTTPUnauthorized()
- return user
+ return False
def user_project_shortname(self, user):
return 'u/' + user.username.replace('_', '-')