allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From brond...@apache.org
Subject [7/8] git commit: [#7372] implement validate_password for LDAP auth provider
Date Tue, 27 May 2014 22:00:04 GMT
[#7372] implement validate_password for LDAP auth provider


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/30458109
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/30458109
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/30458109

Branch: refs/heads/master
Commit: 30458109b408d0af670c4560db6d3009492b4281
Parents: e439871
Author: Dave Brondsema <dbrondsema@slashdotmedia.com>
Authored: Tue May 27 21:44:12 2014 +0000
Committer: Dave Brondsema <dbrondsema@slashdotmedia.com>
Committed: Tue May 27 21:51:48 2014 +0000

----------------------------------------------------------------------
 Allura/allura/lib/plugin.py | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/30458109/Allura/allura/lib/plugin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index e1a14bd..2d3039c 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -417,17 +417,22 @@ class LdapAuthenticationProvider(AuthenticationProvider):
         if user is None:
             log.debug('LdapAuth: no active user {} found in local mongo, not checking LDAP'.format(self.request.params['username']))
             raise exc.HTTPUnauthorized()
+        if not self.validate_password(user, self.request.params['password']):
+            raise exc.HTTPUnauthorized()
+        return user
+
+    def validate_password(self, user, password):
         try:
             dn = 'uid=%s,%s' % (
-                    ldap.dn.escape_dn_chars(user.username),
-                    config['auth.ldap.suffix'])
+                ldap.dn.escape_dn_chars(user.username),
+                config['auth.ldap.suffix'])
             con = ldap.initialize(config['auth.ldap.server'])
-            con.bind_s(dn, self.request.params['password'])
+            con.bind_s(dn, password)
             con.unbind_s()
+            return True
         except (ldap.INVALID_CREDENTIALS, ldap.UNWILLING_TO_PERFORM):
             log.debug('LdapAuth: could not authenticate {}'.format(user.username), exc_info=True)
-            raise exc.HTTPUnauthorized()
-        return user
+        return False
 
     def user_project_shortname(self, user):
         return 'u/' + user.username.replace('_', '-')


Mime
View raw message