Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
C
common-web
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Iterations
Wiki
Requirements
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Test cases
Artifacts
Deploy
Releases
Container registry
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Issue analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
protokollsystem
common-web
Commits
d2c68041
Commit
d2c68041
authored
7 years ago
by
Robin Sonnabend
Browse files
Options
Downloads
Patches
Plain Diff
Improve *.py code quality
Also fixes some latent, rather unimportant bugs
parent
47fd859c
No related branches found
No related tags found
No related merge requests found
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
auth.py
+30
-26
30 additions, 26 deletions
auth.py
with
30 additions
and
26 deletions
auth.py
+
30
−
26
View file @
d2c68041
import
hmac
,
hashlib
import
hmac
import
hashlib
import
ssl
from
datetime
import
datetime
...
...
@@ -16,8 +17,9 @@ class User:
self
.
permanent
=
permanent
def
summarize
(
self
):
return
"
{}:{}:{}:{}:{}
"
.
format
(
self
.
username
,
"
,
"
.
join
(
self
.
groups
),
str
(
self
.
timestamp
.
timestamp
()),
self
.
obsolete
,
self
.
permanent
)
return
"
:
"
.
join
((
self
.
username
,
"
,
"
.
join
(
self
.
groups
),
str
(
self
.
timestamp
.
timestamp
()),
self
.
obsolete
,
self
.
permanent
))
@staticmethod
def
from_summary
(
summary
):
...
...
@@ -45,7 +47,8 @@ class UserManager:
for
backend
in
self
.
backends
:
if
backend
.
authenticate
(
username
,
password
):
groups
=
sorted
(
list
(
set
(
backend
.
groups
(
username
,
password
))))
return
User
(
username
,
groups
,
obsolete
=
backend
.
obsolete
,
return
User
(
username
,
groups
,
obsolete
=
backend
.
obsolete
,
permanent
=
permanent
)
return
None
...
...
@@ -77,8 +80,8 @@ class SecurityManager:
if
user
is
None
:
return
False
session_duration
=
datetime
.
now
()
-
user
.
timestamp
macs_equal
=
hmac
.
compare_digest
(
maccer
.
hexdigest
().
encode
(
"
utf-8
"
),
hash
)
macs_equal
=
hmac
.
compare_digest
(
maccer
.
hexdigest
().
encode
(
"
utf-8
"
),
hash
)
time_short
=
int
(
session_duration
.
total_seconds
())
<
self
.
max_duration
return
macs_equal
and
(
time_short
or
user
.
permanent
)
...
...
@@ -104,12 +107,11 @@ class StaticUserManager:
yield
from
self
.
group_map
[
username
]
def
all_groups
(
self
):
yield
from
list
(
set
(
group
for
group
in
group
s
.
values
()))
yield
from
list
(
set
(
group
for
group
in
self
.
group
_map
.
values
()))
try
:
import
ldap3
from
ldap3.utils.dn
import
parse_dn
class
LdapManager
:
def
__init__
(
self
,
host
,
user_dn
,
group_dn
,
port
=
636
,
use_ssl
=
True
,
...
...
@@ -121,8 +123,8 @@ try:
def
authenticate
(
self
,
username
,
password
):
try
:
connection
=
ldap3
.
Connection
(
self
.
server
,
self
.
user_dn
.
format
(
username
),
password
)
connection
=
ldap3
.
Connection
(
self
.
server
,
self
.
user_dn
.
format
(
username
),
password
)
return
connection
.
bind
()
except
ldap3
.
core
.
exceptions
.
LDAPSocketOpenError
:
return
False
...
...
@@ -144,16 +146,15 @@ try:
for
group
in
group_reader
.
search
():
yield
group
.
cn
.
value
class
ADManager
:
def
__init__
(
self
,
host
,
domain
,
user_dn
,
group_dn
,
port
=
636
,
use_ssl
=
True
,
ca_cert
=
None
,
obsolete
=
False
):
tls_config
=
ldap3
.
Tls
(
validate
=
ssl
.
CERT_REQUIRED
)
if
ca_cert
is
not
None
:
tls_config
=
ldap3
.
Tls
(
validate
=
ssl
.
CERT_REQUIRED
,
ca_certs_file
=
ca_cert
)
self
.
server
=
ldap3
.
Server
(
host
,
port
=
port
,
use_ssl
=
use_ssl
,
tls
=
tls_config
)
tls_config
=
ldap3
.
Tls
(
validate
=
ssl
.
CERT_REQUIRED
,
ca_certs_file
=
ca_cert
)
self
.
server
=
ldap3
.
Server
(
host
,
port
=
port
,
use_ssl
=
use_ssl
,
tls
=
tls_config
)
self
.
domain
=
domain
self
.
user_dn
=
user_dn
self
.
group_dn
=
group_dn
...
...
@@ -176,11 +177,13 @@ try:
connection
.
bind
()
obj_def
=
ldap3
.
ObjectDef
(
"
user
"
,
connection
)
name_filter
=
"
cn:={}
"
.
format
(
username
)
user_reader
=
ldap3
.
Reader
(
connection
,
obj_def
,
self
.
user_dn
,
name_filter
)
user_reader
=
ldap3
.
Reader
(
connection
,
obj_def
,
self
.
user_dn
,
name_filter
)
group_def
=
ldap3
.
ObjectDef
(
"
group
"
,
connection
)
def
_yield_recursive_groups
(
group_dn
):
group_reader
=
ldap3
.
Reader
(
connection
,
group_def
,
group_dn
,
None
)
group_reader
=
ldap3
.
Reader
(
connection
,
group_def
,
group_dn
,
None
)
for
entry
in
group_reader
.
search
():
yield
entry
.
name
.
value
for
child
in
entry
.
memberOf
:
...
...
@@ -189,20 +192,22 @@ try:
for
group_dn
in
result
.
memberOf
:
yield
from
_yield_recursive_groups
(
group_dn
)
def
all_groups
(
self
):
connection
=
self
.
prepare_connection
()
connection
.
bind
()
obj_def
=
ldap3
.
ObjectDef
(
"
group
"
,
connection
)
group_reader
=
ldap3
.
Reader
(
connection
,
obj_def
,
self
.
group_dn
)
for
result
in
reader
.
search
():
for
result
in
group_
reader
.
search
():
yield
result
.
name
.
value
except
ModuleNotFoundError
:
pass
try
:
import
grp
,
pwd
,
pam
import
grp
import
pwd
import
pam
class
PAMManager
:
def
__init__
(
self
,
obsolete
=
False
):
...
...
@@ -224,4 +229,3 @@ try:
yield
group
.
gr_name
except
ModuleNotFoundError
:
pass
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
