[Bps-public-commit] r17833 - in RT-Authen-ExternalAuth/trunk: html/Callbacks/ExternalAuth/autohandler lib/RT/Authen lib/RT/Authen/ExternalAuth
zordrak at bestpractical.com
zordrak at bestpractical.com
Mon Jan 19 06:38:18 EST 2009
Author: zordrak
Date: Mon Jan 19 06:38:15 2009
New Revision: 17833
Modified:
RT-Authen-ExternalAuth/trunk/html/Callbacks/ExternalAuth/autohandler/Auth
RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth.pm
RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI.pm
RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm
RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/LDAP.pm
Log:
RT::Authen::ExternalAuth v0.08_01-alpha3 -- Seemingly Complete
Modified: RT-Authen-ExternalAuth/trunk/html/Callbacks/ExternalAuth/autohandler/Auth
==============================================================================
--- RT-Authen-ExternalAuth/trunk/html/Callbacks/ExternalAuth/autohandler/Auth (original)
+++ RT-Authen-ExternalAuth/trunk/html/Callbacks/ExternalAuth/autohandler/Auth Mon Jan 19 06:38:15 2009
@@ -1,6 +1,5 @@
<%init>
use RT::Authen::ExternalAuth;
-use Data::Dumper;
my ($val,$msg);
unless($session{'CurrentUser'} && $session{'CurrentUser'}->Id) {
Modified: RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth.pm
==============================================================================
--- RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth.pm (original)
+++ RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth.pm Mon Jan 19 06:38:15 2009
@@ -27,14 +27,14 @@
use RT::Authen::ExternalAuth::DBI;
use strict;
-use warnings;
sub DoAuth {
my ($session,$given_user,$given_pass) = @_;
# This may be used by single sign-on (SSO) authentication mechanisms for bypassing a password check.
my $pass_bypass = 0;
-
+ my $success = 0;
+
# Should have checked if user is already logged in before calling this function,
# but just in case, we'll check too.
return (0, "User already logged in!") if ($session->{'CurrentUser'} && $session->{'CurrentUser'}->Id);
@@ -47,6 +47,8 @@
# For each of those services..
foreach my $service (@auth_services) {
+ $pass_bypass = 0;
+
# Get the full configuration for that service as a hashref
my $config = $RT::ExternalSettings->{$service};
$RT::Logger->debug( "Attempting to use external auth service:",
@@ -68,7 +70,8 @@
# If $username is defined, we have a good SSO $username and can
# safely bypass the password checking later on; primarily because
# it's VERY unlikely we even have a password to check if an SSO succeeded.
- if(defined($username)) {
+ $pass_bypass = 0;
+ if(defined($username)) {
$RT::Logger->debug("Pass not going to be checked, attempting SSO");
$pass_bypass = 1;
} else {
@@ -77,6 +80,7 @@
# We only don't return here because the next iteration could be an SSO attempt
unless(defined($given_user)) {
$RT::Logger->debug("SSO Failed and no user to test with. Nexting");
+ next;
}
# We don't have an SSO login, so we will be using the credentials given
@@ -88,8 +92,8 @@
# Don't continue unless the $username exists in the external service
- my $user_exists = RT::Authen::ExternalAuth::UserExists($username,$service);
- next unless $user_exists;
+ $RT::Logger->debug("Calling UserExists with \$username ($username) and \$service ($service)");
+ next unless RT::Authen::ExternalAuth::UserExists($username, $service);
}
####################################################################
@@ -133,13 +137,17 @@
# If we successfully used an SSO service, then authentication
# succeeded. If we didn't then, success is determined by a password
# test.
- my $success;
- if($pass_bypass) {
+ $success = 0;
+ if($pass_bypass) {
+ $RT::Logger->debug("Password check bypassed due to SSO method being in use");
$success = 1;
} else {
+ $RT::Logger->debug("Password validation required for service - Executing...");
$success = RT::Authen::ExternalAuth::GetAuth($service,$username,$given_pass);
}
-
+
+ $RT::Logger->debug("Password Validation Check Result: ",$success);
+
# If the password check succeeded then this is our authoritative service
# and we proceed to user information update and login.
last if $success;
@@ -149,7 +157,12 @@
# get a full, valid user from an authoritative external source.
unless ($session->{'CurrentUser'} && $session->{'CurrentUser'}->Id) {
delete $session->{'CurrentUser'};
- return (0, "Failed to authenticate externally");
+ return (0, "No User");
+ }
+
+ unless($success) {
+ delete $session->{'CurrentUser'};
+ return (0, "Password Invalid");
}
# Otherwise we succeeded.
@@ -299,8 +312,10 @@
# Right now, there is only code for DBI and LDAP non-SSO services
if ($config->{'type'} eq 'db') {
$success = RT::Authen::ExternalAuth::DBI::GetAuth($service,$username,$password);
+ $RT::Logger->debug("DBI password validation result:",$success);
} elsif ($config->{'type'} eq 'ldap') {
$success = RT::Authen::ExternalAuth::LDAP::GetAuth($service,$username,$password);
+ $RT::Logger->debug("LDAP password validation result:",$success);
} else {
$RT::Logger->error("Invalid service type for GetAuth:",$service);
}
@@ -442,7 +457,7 @@
unless(defined($args->{$rt_attr})) {
$RT::Logger->debug("This attribute (",
$rt_attr,
- ") is not defined in the attr_match_list for this service, or is null (",
+ ") is null or incorrectly defined in the attr_map for this service (",
$service,
")");
next;
Modified: RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI.pm
==============================================================================
--- RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI.pm (original)
+++ RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI.pm Mon Jan 19 06:38:15 2009
@@ -4,7 +4,6 @@
use RT::Authen::ExternalAuth::DBI::Cookie;
use strict;
-use warnings;
sub GetAuth {
@@ -325,6 +324,7 @@
my $cookie_name = $config->{'name'};
my $cookie_value = RT::Authen::ExternalAuth::DBI::Cookie::GetCookieVal($cookie_name);
+
unless($cookie_value){
return $username;
}
Modified: RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm
==============================================================================
--- RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm (original)
+++ RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm Mon Jan 19 06:38:15 2009
@@ -3,7 +3,6 @@
use CGI::Cookie;
use strict;
-use warnings;
# {{{ sub GetCookieVal
sub GetCookieVal {
Modified: RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/LDAP.pm
==============================================================================
--- RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/LDAP.pm (original)
+++ RT-Authen-ExternalAuth/trunk/lib/RT/Authen/ExternalAuth/LDAP.pm Mon Jan 19 06:38:15 2009
@@ -5,7 +5,6 @@
use Net::LDAP::Filter;
use strict;
-use warnings;
require Net::SSLeay if $RT::ExternalServiceUsesSSLorTLS;
@@ -178,7 +177,7 @@
$RT::Logger->debug( "LDAP Filter invalid or not present.");
}
- unless (defined($base)) {
+ unless ($base) {
$RT::Logger->critical( (caller(0))[3],
"No base given");
# Drop out to the next external information service
More information about the Bps-public-commit
mailing list