diff options
| author | Evgeny Fadeev <evgeny.fadeev@gmail.com> | 2010-10-03 19:33:13 -0400 |
|---|---|---|
| committer | Evgeny Fadeev <evgeny.fadeev@gmail.com> | 2010-10-03 19:34:17 -0400 |
| commit | 4a1904ac3c20eb8a30e51789485c6f5c3cb7e6e9 (patch) | |
| tree | c358d3b0b4ae6eb6e1820d8691c17cec22fd590c | |
| parent | 2af5e53c64c23b8b49238f4db597726119c9edd2 (diff) | |
| download | askbot-4a1904ac3c20eb8a30e51789485c6f5c3cb7e6e9.tar.gz askbot-4a1904ac3c20eb8a30e51789485c6f5c3cb7e6e9.tar.bz2 askbot-4a1904ac3c20eb8a30e51789485c6f5c3cb7e6e9.zip | |
added experimental ldap authentication support and cut some time from page loads
| -rw-r--r-- | askbot/conf/external_keys.py | 33 | ||||
| -rw-r--r-- | askbot/conf/settings_wrapper.py | 21 | ||||
| -rw-r--r-- | askbot/context.py | 2 | ||||
| -rw-r--r-- | askbot/deps/django_authopenid/backends.py | 14 | ||||
| -rw-r--r-- | askbot/deps/django_authopenid/util.py | 11 | ||||
| -rw-r--r-- | askbot/deps/django_authopenid/views.py | 80 | ||||
| -rwxr-xr-x | askbot/skins/default/media/jquery-openid/jquery.openid.js | 19 | ||||
| -rwxr-xr-x | askbot/skins/default/templates/authopenid/signin.html | 63 |
8 files changed, 178 insertions, 65 deletions
diff --git a/askbot/conf/external_keys.py b/askbot/conf/external_keys.py index 657155e8..81f17818 100644 --- a/askbot/conf/external_keys.py +++ b/askbot/conf/external_keys.py @@ -137,3 +137,36 @@ settings.register( description=_('LinkedIn consumer secret'), ) ) + +settings.register( + livesettings.BooleanValue( + EXTERNAL_KEYS, + 'USE_LDAP_FOR_PASSWORD_LOGIN', + description=_('User LDAP authentication for the password login'), + defaut=False + ) +) + +settings.register( + livesettings.StringValue( + EXTERNAL_KEYS, + 'LDAP_PROVIDER_NAME', + description=_('LDAP service provider name') + ) +) + +settings.register( + livesettings.StringValue( + EXTERNAL_KEYS, + 'LDAP_URL', + description=_('URL for the LDAP service') + ) +) + +settings.register( + livesettings.LongStringValue( + EXTERNAL_KEYS, + 'HOW_TO_CHANGE_LDAP_PASSWORD', + description=_('Explain how to change LDAP password') + ) +) diff --git a/askbot/conf/settings_wrapper.py b/askbot/conf/settings_wrapper.py index a567d007..aac8f071 100644 --- a/askbot/conf/settings_wrapper.py +++ b/askbot/conf/settings_wrapper.py @@ -20,8 +20,10 @@ at run time askbot.deps.livesettings is a module developed for satchmo project """ +from django.core.cache import cache from askbot.deps.livesettings import SortedDotDict, config_register from askbot.deps.livesettings.functions import config_get +from askbot.deps.livesettings import signals class ConfigSettings(object): """A very simple Singleton wrapper for settings @@ -74,11 +76,24 @@ class ConfigSettings(object): self.__group_map[key] = group_key def as_dict(self): + settings = cache.get('askbot-livesettings') + if settings: + return settings + else: + self.prime_cache() + return cache.get('askbot-livesettings') + + @classmethod + def prime_cache(cls, **kwargs): + """reload all settings into cache as dictionary + """ out = dict() - for key in self.__instance.keys(): + for key in cls.__instance.keys(): #todo: this is odd that I could not use self.__instance.items() mapping here - out[key] = self.__instance[key].value - return out + out[key] = cls.__instance[key].value + cache.set('askbot-livesettings', out) + +signals.configuration_value_changed.connect(ConfigSettings.prime_cache) #settings instance to be used elsewhere in the project settings = ConfigSettings() diff --git a/askbot/context.py b/askbot/context.py index 447f46dc..73f6018a 100644 --- a/askbot/context.py +++ b/askbot/context.py @@ -1,5 +1,7 @@ from django.conf import settings from askbot.conf import settings as askbot_settings +import datetime + def application_settings(context): my_settings = askbot_settings.as_dict() my_settings['LANGUAGE_CODE'] = settings.LANGUAGE_CODE diff --git a/askbot/deps/django_authopenid/backends.py b/askbot/deps/django_authopenid/backends.py index 554afda5..75e40252 100644 --- a/askbot/deps/django_authopenid/backends.py +++ b/askbot/deps/django_authopenid/backends.py @@ -29,6 +29,7 @@ class AuthBackend(object): email_key = None, oauth_user_id = None,#used with oauth facebook_user_id = None,#user with facebook + ldap_user_id = None,#for ldap method = None,#requried parameter ): """this authentication function supports many login methods @@ -105,9 +106,20 @@ class AuthBackend(object): elif method == 'facebook': try: + assert(provider_name == 'facebook') assoc = UserAssociation.objects.get( openid_url = facebook_user_id, - provider_name = 'facebook' + provider_name = provider_name + ) + user = assoc.user + except UserAssociation.DoesNotExist: + return None + + elif method == 'ldap': + try: + assoc = UserAssociation.objects.get( + openid_url = ldap_user_id, + provider_name = provider_name ) user = assoc.user except UserAssociation.DoesNotExist: diff --git a/askbot/deps/django_authopenid/util.py b/askbot/deps/django_authopenid/util.py index 1dc2da74..716cc5dd 100644 --- a/askbot/deps/django_authopenid/util.py +++ b/askbot/deps/django_authopenid/util.py @@ -589,3 +589,14 @@ def get_facebook_user_id(request): return fb_response['uid'] except Exception, e: raise FacebookError(e) + +def ldap_check_password(username, password): + import ldap + try: + ldap_session = ldap.initialize(askbot_settings.LDAP_URL) + ldap_session.simple_bind_s(username, password) + ldap_session.unbind_s() + return True + except ldap.LDAPError, e: + logging.critical(unicode(e)) + return False diff --git a/askbot/deps/django_authopenid/views.py b/askbot/deps/django_authopenid/views.py index 88bea879..3e06788f 100644 --- a/askbot/deps/django_authopenid/views.py +++ b/askbot/deps/django_authopenid/views.py @@ -317,37 +317,67 @@ def signin( if login_form.cleaned_data['login_type'] == 'password': password_action = login_form.cleaned_data['password_action'] - if password_action == 'login': - user = authenticate( + if askbot_settings.USE_LDAP_FOR_PASSWORD_LOGIN: + assert(password_action == 'login') + ldap_provider_name = askbot_settings.LDAP_PROVIDER_NAME + username = login_form.cleaned_data['username'] + if util.ldap_check_password( + username, + login_form.cleaned_data['password'] + ): + user = authenticate( + ldap_user_id = username, + provider_name = ldap_provider_name, + method = 'ldap' + ) + print user + if user is not None: + login(request, user) + return HttpResponseRedirect(next_url) + else: + request.session['login_provider_name'] = ldap_provider_name + request.session['user_identifier'] = username + request.method = 'GET' + return finalize_generic_signin( + request = request, + user = user, + user_identifier = username, + login_provider_name = ldap_provider_name, + redirect_url = next_url + ) + else: + if password_action == 'login': + user = authenticate( username = login_form.cleaned_data['username'], password = login_form.cleaned_data['password'], provider_name = provider_name, method = 'password' ) - if user is None: - login_form.set_password_login_error() - else: - login(request, user) - #todo: here we might need to set cookies - #for external login sites - return HttpResponseRedirect(next_url) - elif password_action == 'change_password': - if request.user.is_authenticated(): - new_password = login_form.cleaned_data['new_password'] - AuthBackend.set_password( - user=request.user, - password=new_password, - provider_name=provider_name - ) - request.user.message_set.create( + if user is None: + login_form.set_password_login_error() + else: + login(request, user) + #todo: here we might need to set cookies + #for external login sites + return HttpResponseRedirect(next_url) + elif password_action == 'change_password': + if request.user.is_authenticated(): + new_password = \ + login_form.cleaned_data['new_password'] + AuthBackend.set_password( + user=request.user, + password=new_password, + provider_name=provider_name + ) + request.user.message_set.create( message = _('Your new password saved') ) - return HttpResponseRedirect(next_url) - else: - logging.critical( - 'unknown password action %s' % password_action - ) - raise Http404 + return HttpResponseRedirect(next_url) + else: + logging.critical( + 'unknown password action %s' % password_action + ) + raise Http404 elif login_form.cleaned_data['login_type'] == 'openid': #initiate communication process @@ -412,7 +442,7 @@ def signin( request = request, user = user, user_identifier = user_id, - login_provider_name = 'facebook', + login_provider_name = provider_name, redirect_url = next_url ) diff --git a/askbot/skins/default/media/jquery-openid/jquery.openid.js b/askbot/skins/default/media/jquery-openid/jquery.openid.js index 3efc8172..7c89958c 100755 --- a/askbot/skins/default/media/jquery-openid/jquery.openid.js +++ b/askbot/skins/default/media/jquery-openid/jquery.openid.js @@ -1,4 +1,3 @@ -//jQuery OpenID Plugin 1.1 Copyright 2009 Jarrett Vance http://jvance.com/pages/jQueryOpenIdPlugin.xhtml $.fn.authenticator = function() { var signin_page = $(this); var signin_form = $('#signin-form'); @@ -302,15 +301,17 @@ $.fn.authenticator = function() { var password_button = $('input[name=login_with_password]'); var submit_action = submit_login_with_password; var create_pw_link = $('a.create-password-account') - create_pw_link.html($.i18n._('Create a password-protected account')); - var url = create_pw_link.attr('href'); - if (url.indexOf('?') !== -1){ - url = url.replace(/\?.*$/,'?login_provider=' + provider_name); - } - else{ - url += '?login_provider=' + provider_name; + if (create_pw_link.length > 0){ + create_pw_link.html($.i18n._('Create a password-protected account')); + var url = create_pw_link.attr('href'); + if (url.indexOf('?') !== -1){ + url = url.replace(/\?.*$/,'?login_provider=' + provider_name); + } + else{ + url += '?login_provider=' + provider_name; + } + create_pw_link.attr('href', url); } - create_pw_link.attr('href', url); password_action_input.val('login'); } password_input_fields.show(); diff --git a/askbot/skins/default/templates/authopenid/signin.html b/askbot/skins/default/templates/authopenid/signin.html index c13d7063..815fcf3e 100755 --- a/askbot/skins/default/templates/authopenid/signin.html +++ b/askbot/skins/default/templates/authopenid/signin.html @@ -88,16 +88,16 @@ <div id="login-icons">
<ul class="login-icons large">
{% for login_provider in major_login_providers %}
- <li>
- <input
- name="{{login_provider.name}}"
- type="image"
- class="{{login_provider.type}}"
- src="{% media login_provider.icon_media_path %}"
- alt="{{login_provider.tooltip_text}}"
- title="{{login_provider.tooltip_text}}"
- />
- </li>
+ <li>
+ <input
+ name="{{login_provider.name}}"
+ type="image"
+ class="{{login_provider.type}}"
+ src="{% media login_provider.icon_media_path %}"
+ alt="{{login_provider.tooltip_text}}"
+ title="{{login_provider.tooltip_text}}"
+ />
+ </li>
{% endfor %}
</ul>
<ul class="login-icons small">
@@ -159,25 +159,34 @@ </p>
<p id="local_login_buttons">
<input class="submit-b" name="login_with_password" type="submit" value="{% trans "Login" %}" />
- <a class="create-password-account" style="vertical-align:middle" href="{% url user_signup_with_password %}">{% trans "Create a password-protected account" %}</a>
+ {% if not settings.USE_LDAP_FOR_PASSWORD_LOGIN %}
+ <a class="create-password-account" style="vertical-align:middle" href="{% url user_signup_with_password %}">{% trans "Create a password-protected account" %}</a>
+ {% endif %}
</p>
{% else %}
- <h2 id="password-heading">
- {% trans "To change your password - please enter the new one twice, then submit" %}
- </h2>
- <p>
- <label for="id_new_password">{% trans "New password" %}</label>
- {{login_form.new_password}}
- <span class="error">{{login_form.new_password.errors.0}}</span>
- </p>
- <p>
- <label for="id_new_password_retyped">{% trans "Please, retype" %}</label>
- {{login_form.new_password_retyped}}
- <span class="error">{{login_form.new_password_retyped.errors.0}}</span>
- </p>
- <p id="local_login_buttons">
- <input class="submit-b" name="change_password" type="submit" value="{% trans "Change password" %}" />
- </p>
+ {% if not settings.USE_LDAP_FOR_PASSWORD_LOGIN %}
+ <h2 id="password-heading">
+ {% trans "To change your password - please enter the new one twice, then submit" %}
+ </h2>
+ <p>
+ <label for="id_new_password">{% trans "New password" %}</label>
+ {{login_form.new_password}}
+ <span class="error">{{login_form.new_password.errors.0}}</span>
+ </p>
+ <p>
+ <label for="id_new_password_retyped">{% trans "Please, retype" %}</label>
+ {{login_form.new_password_retyped}}
+ <span class="error">{{login_form.new_password_retyped.errors.0}}</span>
+ </p>
+ <p id="local_login_buttons">
+ <input class="submit-b" name="change_password" type="submit" value="{% trans "Change password" %}" />
+ </p>
+ {% else %}
+ <h2 id="password-heading">
+ {% blocktrans with settings.LDAP_PROVIDER_NAME as provider%}"How to change {{provider}} password"{% endblocktrans %}
+ </h2>
+ {{settings.HOW_TO_CHANGE_LDAP_PASSWORD}}
+ {% endif %}
{% endif %}
</fieldset>
{% endif %}
|