You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2014/05/28 00:00:04 UTC

[7/8] git commit: [#7372] implement validate_password for LDAP auth provider

[#7372] implement validate_password for LDAP auth provider


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/30458109
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/30458109
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/30458109

Branch: refs/heads/master
Commit: 30458109b408d0af670c4560db6d3009492b4281
Parents: e439871
Author: Dave Brondsema <db...@slashdotmedia.com>
Authored: Tue May 27 21:44:12 2014 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Tue May 27 21:51:48 2014 +0000

----------------------------------------------------------------------
 Allura/allura/lib/plugin.py | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/30458109/Allura/allura/lib/plugin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index e1a14bd..2d3039c 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -417,17 +417,22 @@ class LdapAuthenticationProvider(AuthenticationProvider):
         if user is None:
             log.debug('LdapAuth: no active user {} found in local mongo, not checking LDAP'.format(self.request.params['username']))
             raise exc.HTTPUnauthorized()
+        if not self.validate_password(user, self.request.params['password']):
+            raise exc.HTTPUnauthorized()
+        return user
+
+    def validate_password(self, user, password):
         try:
             dn = 'uid=%s,%s' % (
-                    ldap.dn.escape_dn_chars(user.username),
-                    config['auth.ldap.suffix'])
+                ldap.dn.escape_dn_chars(user.username),
+                config['auth.ldap.suffix'])
             con = ldap.initialize(config['auth.ldap.server'])
-            con.bind_s(dn, self.request.params['password'])
+            con.bind_s(dn, password)
             con.unbind_s()
+            return True
         except (ldap.INVALID_CREDENTIALS, ldap.UNWILLING_TO_PERFORM):
             log.debug('LdapAuth: could not authenticate {}'.format(user.username), exc_info=True)
-            raise exc.HTTPUnauthorized()
-        return user
+        return False
 
     def user_project_shortname(self, user):
         return 'u/' + user.username.replace('_', '-')