Return-Path: 
 <allura-commits-return-9467-apmail-incubator-allura-commits-archive=incubator.apache.org@incubator.apache.org>
X-Original-To: apmail-incubator-allura-commits-archive@minotaur.apache.org
Delivered-To: apmail-incubator-allura-commits-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 694BF1069F
	for <apmail-incubator-allura-commits-archive@minotaur.apache.org>;
 Thu, 20 Mar 2014 18:47:08 +0000 (UTC)
Received: (qmail 97084 invoked by uid 500); 20 Mar 2014 18:46:58 -0000
Delivered-To: apmail-incubator-allura-commits-archive@incubator.apache.org
Received: (qmail 97016 invoked by uid 500); 20 Mar 2014 18:46:57 -0000
Mailing-List: contact allura-commits-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:allura-commits-help@incubator.apache.org>
List-Unsubscribe: <mailto:allura-commits-unsubscribe@incubator.apache.org>
List-Post: <mailto:allura-commits@incubator.apache.org>
List-Id: <allura-commits.incubator.apache.org>
Reply-To: allura-dev@incubator.apache.org
Delivered-To: mailing list allura-commits@incubator.apache.org
Received: (qmail 96760 invoked by uid 99); 20 Mar 2014 18:46:49 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
 (140.211.11.114)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 20 Mar 2014 18:46:49 +0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
	id 71AAD986A1A; Thu, 20 Mar 2014 18:46:49 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: johnsca@apache.org
To: allura-commits@incubator.apache.org
Date: Thu, 20 Mar 2014 18:46:53 -0000
Message-Id: <e7ea9a4e50ab4892ad420c7a38c54a57@git.apache.org>
In-Reply-To: <a4082c74c126481bb4f434ec94a1aa7b@git.apache.org>
References: <a4082c74c126481bb4f434ec94a1aa7b@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [05/10] git commit: [#6701] Changed ApacheAccessHandler.py to use
 Allura auth via requests

[#6701] Changed ApacheAccessHandler.py to use Allura auth via requests

Signed-off-by: Cory Johns <cjohns@slashdotmedia.com>


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/c7fe0470
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/c7fe0470
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/c7fe0470

Branch: refs/heads/master
Commit: c7fe0470fa0f7bf61c1e42de8702842aa2eb3bbc
Parents: 6cffed9
Author: Cory Johns <cjohns@slashdotmedia.com>
Authored: Tue Mar 18 20:35:26 2014 +0000
Committer: Cory Johns <cjohns@slashdotmedia.com>
Committed: Thu Mar 20 18:43:46 2014 +0000

----------------------------------------------------------------------
 scripts/ApacheAccessHandler.py | 34 ++++++++--------------------------
 1 file changed, 8 insertions(+), 26 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/c7fe0470/scripts/ApacheAccessHandler.py
----------------------------------------------------------------------
diff --git a/scripts/ApacheAccessHandler.py b/scripts/ApacheAccessHandler.py
index 5f2ffce..19c5207 100644
--- a/scripts/ApacheAccessHandler.py
+++ b/scripts/ApacheAccessHandler.py
@@ -20,8 +20,8 @@ Here is a quick example for your apache settings (assuming ProxyPass)
             AuthType Basic
             AuthName "Git Access"
             AuthBasicAuthoritative off
-            PythonOption ALLURA_PERM_URL http://127.0.0.1:8080/auth/repo_permissions
-            PythonOption ALLURA_LDAP_BASE ou=people,dc=opensourceprojects,dc=eu
+            PythonOption ALLURA_PERM_URL https://127.0.0.1/auth/repo_permissions
+            PythonOption ALLURA_AUTH_URL https://127.0.0.1/auth/do_login
     </Location>
 
 """
@@ -29,35 +29,14 @@ Here is a quick example for your apache settings (assuming ProxyPass)
 
 from mod_python import apache
 import os
-# because urllib is not for humans
 import requests
 import json
-import ldap
 
 
 def log(req, message):
     req.log_error("Allura Access: %s" % message, apache.APLOG_WARNING)
 
 
-def ldap_auth(req, username, password):
-    """
-    Return True if the user was authenticated via LDAP
-    """
-
-    l = ldap.initialize('ldap://127.0.0.1')
-    l.protocol_version = ldap.VERSION3
-    ldap_user = "uid=%s,%s" % (username, req.get_options().get('ALLURA_LDAP_BASE', 'ou=people,dc=example,dc=com'))
-
-    try:
-        l.simple_bind_s(ldap_user, password)
-    except ldap.LDAPError as e:
-        log(req, "Unable to authenticate user, %s %s" % (ldap_user, e))
-        return False
-    log(req, "LDAP user authenticated %s" % ldap_user)
-
-    return True
-
-
 # This came straight from accessfs.py
 def mangle(path):
     '''Convert paths from the form /SCM/neighborhood/project/a/b/c to
@@ -99,14 +78,17 @@ def check_repo_path(req):
 
 
 def check_authentication(req):
-    log(req, "USER: "+req.user)
-    return ldap_auth(req, req.user, req.get_basic_auth_pw())
+    auth_url = req.get_options().get('ALLURA_AUTH_URL', 'https://127.0.0.1/auth/do_login')
+    r = requests.post(auth_url, allow_redirects=False, params={
+        'username': req.user,
+        'password': req.get_basic_auth_pw()})
+    return r.status_code == 302
 
 
 def check_permissions(req):
     req_path = str(req.parsed_uri[apache.URI_PATH])
     req_query = str(req.parsed_uri[apache.URI_QUERY])
-    perm_url = req.get_options().get('ALLURA_PERM_URL', 'http://127.0.0.1:8080/auth/repo_permissions')
+    perm_url = req.get_options().get('ALLURA_PERM_URL', 'https://127.0.0.1/auth/repo_permissions')
     r = requests.get(perm_url, params={'username': req.user, 'repo_path': mangle(req_path)})
     if r.status_code != 200:
         log(req, "repo_permissions return error (%d)" % r.status_code)