From 2d64cf300052a5b310f3f84a454ce3dce1303d8d Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Thu, 9 Feb 2017 15:51:28 -0800 Subject: [PATCH] Rename config validation source files --- util/config/validator.py | 8 +-- ..._database.py => test_validate_database.py} | 0 ...uildlogredis.py => test_validate_redis.py} | 0 ...trystorage.py => test_validate_storage.py} | 0 .../{database.py => validate_database.py} | 0 .../{email.py => validate_email.py} | 0 util/config/validators/validate_ldap.py | 59 +++++++++++++++++++ .../{buildlogredis.py => validate_redis.py} | 0 ...registrystorage.py => validate_storage.py} | 0 9 files changed, 63 insertions(+), 4 deletions(-) rename util/config/validators/test/{test_database.py => test_validate_database.py} (100%) rename util/config/validators/test/{test_buildlogredis.py => test_validate_redis.py} (100%) rename util/config/validators/test/{test_registrystorage.py => test_validate_storage.py} (100%) rename util/config/validators/{database.py => validate_database.py} (100%) rename util/config/validators/{email.py => validate_email.py} (100%) create mode 100644 util/config/validators/validate_ldap.py rename util/config/validators/{buildlogredis.py => validate_redis.py} (100%) rename util/config/validators/{registrystorage.py => validate_storage.py} (100%) diff --git a/util/config/validator.py b/util/config/validator.py index b727bbbd3..5656fcef7 100644 --- a/util/config/validator.py +++ b/util/config/validator.py @@ -28,10 +28,10 @@ from util.registry.torrent import torrent_jwt from util.security.signing import SIGNING_ENGINES from util.security.ssl import load_certificate, CertInvalidException, KeyInvalidException -from util.config.validators.database import DatabaseValidator -from util.config.validators.buildlogredis import RedisValidator -from util.config.validators.registrystorage import StorageValidator -from util.config.validators.email import EmailValidator +from util.config.validators.validate_database import DatabaseValidator +from util.config.validators.validate_redis import RedisValidator +from util.config.validators.validate_storage import StorageValidator +from util.config.validators.validate_email import EmailValidator logger = logging.getLogger(__name__) diff --git a/util/config/validators/test/test_database.py b/util/config/validators/test/test_validate_database.py similarity index 100% rename from util/config/validators/test/test_database.py rename to util/config/validators/test/test_validate_database.py diff --git a/util/config/validators/test/test_buildlogredis.py b/util/config/validators/test/test_validate_redis.py similarity index 100% rename from util/config/validators/test/test_buildlogredis.py rename to util/config/validators/test/test_validate_redis.py diff --git a/util/config/validators/test/test_registrystorage.py b/util/config/validators/test/test_validate_storage.py similarity index 100% rename from util/config/validators/test/test_registrystorage.py rename to util/config/validators/test/test_validate_storage.py diff --git a/util/config/validators/database.py b/util/config/validators/validate_database.py similarity index 100% rename from util/config/validators/database.py rename to util/config/validators/validate_database.py diff --git a/util/config/validators/email.py b/util/config/validators/validate_email.py similarity index 100% rename from util/config/validators/email.py rename to util/config/validators/validate_email.py diff --git a/util/config/validators/validate_ldap.py b/util/config/validators/validate_ldap.py new file mode 100644 index 000000000..b80d5827f --- /dev/null +++ b/util/config/validators/validate_ldap.py @@ -0,0 +1,59 @@ +from app import app +from util.config.validators import BaseValidator + +class LDAPValidator(BaseValidator): + name = "ldap" + + @classmethod + def validate(cls, config, user, user_password): + """ Validates the LDAP connection. """ + if config.get('AUTHENTICATION_TYPE', 'Database') != 'LDAP': + return + + # If there is a custom LDAP certificate, then reinstall the certificates for the container. + if config_provider.volume_file_exists(LDAP_CERT_FILENAME): + subprocess.check_call(['/conf/init/certs_install.sh']) + + # Note: raises ldap.INVALID_CREDENTIALS on failure + admin_dn = config.get('LDAP_ADMIN_DN') + admin_passwd = config.get('LDAP_ADMIN_PASSWD') + + if not admin_dn: + raise ConfigValidationException('Missing Admin DN for LDAP configuration') + + if not admin_passwd: + raise ConfigValidationException('Missing Admin Password for LDAP configuration') + + ldap_uri = config.get('LDAP_URI', 'ldap://localhost') + if not ldap_uri.startswith('ldap://') and not ldap_uri.startswith('ldaps://'): + raise ConfigValidationException('LDAP URI must start with ldap:// or ldaps://') + + allow_tls_fallback = config.get('LDAP_ALLOW_INSECURE_FALLBACK', False) + + try: + with LDAPConnection(ldap_uri, admin_dn, admin_passwd, allow_tls_fallback): + pass + except ldap.LDAPError as ex: + values = ex.args[0] if ex.args else {} + if not isinstance(values, dict): + raise ConfigValidationException(str(ex.args)) + + raise ConfigValidationException(values.get('desc', 'Unknown error')) + + # Verify that the superuser exists. If not, raise an exception. + base_dn = config.get('LDAP_BASE_DN') + user_rdn = config.get('LDAP_USER_RDN', []) + uid_attr = config.get('LDAP_UID_ATTR', 'uid') + email_attr = config.get('LDAP_EMAIL_ATTR', 'mail') + requires_email = config.get('FEATURE_MAILING', True) + + users = LDAPUsers(ldap_uri, base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr, + allow_tls_fallback, requires_email=requires_email) + + username = user_obj.username + (result, err_msg) = users.verify_credentials(username, password) + if not result: + msg = ('Verification of superuser %s failed: %s. \n\nThe user either does not exist ' + + 'in the remote authentication system ' + + 'OR LDAP auth is misconfigured.') % (username, err_msg) + raise ConfigValidationException(msg) diff --git a/util/config/validators/buildlogredis.py b/util/config/validators/validate_redis.py similarity index 100% rename from util/config/validators/buildlogredis.py rename to util/config/validators/validate_redis.py diff --git a/util/config/validators/registrystorage.py b/util/config/validators/validate_storage.py similarity index 100% rename from util/config/validators/registrystorage.py rename to util/config/validators/validate_storage.py