[Bps-public-commit] r17833 - in RT-Authen-ExternalAuth/trunk: html/Callbacks/ExternalAuth/autohandler lib/RT/Authen lib/RT/Authen/ExternalAuth

zordrak at bestpractical.com zordrak at bestpractical.com
Mon Jan 19 06:38:18 EST 2009


Author: zordrak
Date: Mon Jan 19 06:38:15 2009
New Revision: 17833

Modified:
   RT-Authen-ExternalAuth/trunk/html/Callbacks/ExternalAuth/autohandler/Auth
   RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth.pm
   RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI.pm
   RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm
   RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/LDAP.pm

Log:
RT::Authen::ExternalAuth v0.08_01-alpha3 -- Seemingly Complete

Modified: RT-Authen-ExternalAuth/trunk/html/Callbacks/ExternalAuth/autohandler/Auth
==============================================================================
--- RT-Authen-ExternalAuth/trunk/html/Callbacks/ExternalAuth/autohandler/Auth	(original)
+++ RT-Authen-ExternalAuth/trunk/html/Callbacks/ExternalAuth/autohandler/Auth	Mon Jan 19 06:38:15 2009
@@ -1,6 +1,5 @@
 <%init>
 use RT::Authen::ExternalAuth;
-use Data::Dumper;
 
 my ($val,$msg);
 unless($session{'CurrentUser'} && $session{'CurrentUser'}->Id) {

Modified: RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth.pm
==============================================================================
--- RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth.pm	(original)
+++ RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth.pm	Mon Jan 19 06:38:15 2009
@@ -27,14 +27,14 @@
 use RT::Authen::ExternalAuth::DBI;
 
 use strict;
-use warnings;
 
 sub DoAuth {
     my ($session,$given_user,$given_pass) = @_;
 
     # This may be used by single sign-on (SSO) authentication mechanisms for bypassing a password check.
     my $pass_bypass = 0;
-    
+    my $success = 0;
+
     # Should have checked if user is already logged in before calling this function,
     # but just in case, we'll check too.
     return (0, "User already logged in!") if ($session->{'CurrentUser'} && $session->{'CurrentUser'}->Id);
@@ -47,6 +47,8 @@
     # For each of those services..
     foreach my $service (@auth_services) {
 
+	$pass_bypass = 0;
+
         # Get the full configuration for that service as a hashref
         my $config = $RT::ExternalSettings->{$service};
         $RT::Logger->debug( "Attempting to use external auth service:",
@@ -68,7 +70,8 @@
         # If $username is defined, we have a good SSO $username and can
         # safely bypass the password checking later on; primarily because
         # it's VERY unlikely we even have a password to check if an SSO succeeded.
-        if(defined($username)) {
+        $pass_bypass = 0;
+	if(defined($username)) {
 	    $RT::Logger->debug("Pass not going to be checked, attempting SSO");
             $pass_bypass = 1;
         } else {
@@ -77,6 +80,7 @@
 	    # We only don't return here because the next iteration could be an SSO attempt
 	    unless(defined($given_user)) {
 	    	$RT::Logger->debug("SSO Failed and no user to test with. Nexting");
+		next;
 	    }
 
             # We don't have an SSO login, so we will be using the credentials given
@@ -88,8 +92,8 @@
 
             # Don't continue unless the $username exists in the external service
 
-            my $user_exists = RT::Authen::ExternalAuth::UserExists($username,$service);
-	    next unless $user_exists;
+	    $RT::Logger->debug("Calling UserExists with \$username ($username) and \$service ($service)");
+            next unless RT::Authen::ExternalAuth::UserExists($username, $service);
         }
 
         ####################################################################
@@ -133,13 +137,17 @@
         # If we successfully used an SSO service, then authentication
         # succeeded. If we didn't then, success is determined by a password
         # test.
-        my $success;
-        if($pass_bypass) {
+        $success = 0;
+	if($pass_bypass) {
+            $RT::Logger->debug("Password check bypassed due to SSO method being in use");
             $success = 1;
         } else {
+            $RT::Logger->debug("Password validation required for service - Executing...");
             $success = RT::Authen::ExternalAuth::GetAuth($service,$username,$given_pass);
         }
-        
+       
+        $RT::Logger->debug("Password Validation Check Result: ",$success);
+
         # If the password check succeeded then this is our authoritative service
         # and we proceed to user information update and login.
         last if $success;
@@ -149,7 +157,12 @@
     # get a full, valid user from an authoritative external source.
     unless ($session->{'CurrentUser'} && $session->{'CurrentUser'}->Id) {
         delete $session->{'CurrentUser'};
-        return (0, "Failed to authenticate externally");
+        return (0, "No User");
+    }
+
+    unless($success) {
+        delete $session->{'CurrentUser'};
+	return (0, "Password Invalid");
     }
     
     # Otherwise we succeeded.
@@ -299,8 +312,10 @@
     # Right now, there is only code for DBI and LDAP non-SSO services
     if ($config->{'type'} eq 'db') {    
         $success = RT::Authen::ExternalAuth::DBI::GetAuth($service,$username,$password);
+	$RT::Logger->debug("DBI password validation result:",$success);
     } elsif ($config->{'type'} eq 'ldap') {
         $success = RT::Authen::ExternalAuth::LDAP::GetAuth($service,$username,$password);
+	$RT::Logger->debug("LDAP password validation result:",$success);
     } else {
         $RT::Logger->error("Invalid service type for GetAuth:",$service);
     }
@@ -442,7 +457,7 @@
             unless(defined($args->{$rt_attr})) {
                 $RT::Logger->debug("This attribute (",
                                     $rt_attr,
-                                    ") is not defined in the attr_match_list for this service, or is null (",
+                                    ") is null or incorrectly defined in the attr_map for this service (",
                                     $service,
                                     ")");
                 next;

Modified: RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI.pm
==============================================================================
--- RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI.pm	(original)
+++ RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI.pm	Mon Jan 19 06:38:15 2009
@@ -4,7 +4,6 @@
 use RT::Authen::ExternalAuth::DBI::Cookie;
 
 use strict;
-use warnings;
 
 sub GetAuth {
 
@@ -325,6 +324,7 @@
     my $cookie_name = $config->{'name'};
 
     my $cookie_value = RT::Authen::ExternalAuth::DBI::Cookie::GetCookieVal($cookie_name);
+
     unless($cookie_value){
         return $username;
     }

Modified: RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm
==============================================================================
--- RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm	(original)
+++ RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm	Mon Jan 19 06:38:15 2009
@@ -3,7 +3,6 @@
 use CGI::Cookie;
 
 use strict;
-use warnings;
 
 # {{{ sub GetCookieVal
 sub GetCookieVal {

Modified: RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/LDAP.pm
==============================================================================
--- RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/LDAP.pm	(original)
+++ RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/LDAP.pm	Mon Jan 19 06:38:15 2009
@@ -5,7 +5,6 @@
 use Net::LDAP::Filter;
 
 use strict;
-use warnings;
 
 require Net::SSLeay if $RT::ExternalServiceUsesSSLorTLS;
 
@@ -178,7 +177,7 @@
         $RT::Logger->debug( "LDAP Filter invalid or not present.");
     }
 
-    unless (defined($base)) {
+    unless ($base) {
         $RT::Logger->critical(  (caller(0))[3],
                                 "No base given");
         # Drop out to the next external information service



More information about the Bps-public-commit mailing list