auto dispatch auth config

tracim/development.ini.base

@@ -38,6 +38,9 @@ cache_dir = %(here)s/data
 beaker.session.key = tracim
 beaker.session.secret = 3283411b-1904-4554-b0e1-883863b53080
 
+# Auth type
+auth_type = internal
+
 #By default session is store in cookies to avoid the overhead
 #of having to manage a session storage. On production you might
 #want to switch to a better session storage.

tracim/test.ini

@@ -25,11 +25,14 @@ skip_authentication = True
 
 [app:ldap]
 sqlalchemy.url = postgresql://postgres:dummy@127.0.0.1:5432/tracim_test?client_encoding=utf8
-auth_type = 'ldap'
-ldap_url = 'ldaps://ad.my-company.org'
-ldap_base_dn = 'ou=users,dc=ad,dc=my-company,dc=com'
-ldap_bind_dn = 'cn=bind,cn=users,dc=ad,dc=my-company,dc=com'
-ldap_bind_pass = 'toor2'
+auth_type = ldap
+ldap_url = ldap://localhost:3333
+ldap_base_dn = dc=directory,dc=fsf,dc=org
+ldap_bind_dn = cn=admin,dc=directory,dc=fsf,dc=org
+ldap_bind_pass = toor
+ldap_ldap_naming_attribute = uid
+ldap_user_attributes = mail=email
+ldap_tls = False
 use = config:development.ini
 
 # Add additional test specific configuration options as necessary.

tracim/tracim/config/__init__.py

@@ -1,2 +1,19 @@
 # -*- coding: utf-8 -*-
+from tg import AppConfig, config
 
+from tracim.lib.auth.wrapper import AuthConfigWrapper
+
+
+class TracimAppConfig(AppConfig):
+    """
+    Tracim specific config processes.
+    """
+
+    def after_init_config(self, conf):
+        self._set_up_auth()
+        # Fix an tg2 strange thing: auth_backend is set in config, but instance
+        #  of AppConfig has None in auth_backend attr
+        self.auth_backend = config.auth_backend
+
+    def _set_up_auth(self, ):
+        AuthConfigWrapper.wrap(config)

tracim/tracim/config/app_cfg.py

@@ -16,7 +16,6 @@ convert them into boolean, for example, you should use the
 import tg
 from paste.deploy.converters import asbool
 
-from tg.configuration import AppConfig
 from tgext.pluggable import plug
 from tgext.pluggable import replace_template
 
@@ -24,13 +23,14 @@ from tg.i18n import lazy_ugettext as l_
 
 import tracim
 from tracim import model
+from tracim.config import TracimAppConfig
 from tracim.lib import app_globals, helpers
 from tracim.lib.auth.wrapper import AuthConfigWrapper
 from tracim.lib.base import logger
 from tracim.model.data import ActionDescription
 from tracim.model.data import ContentType
 
-base_config = AppConfig()
+base_config = TracimAppConfig()
 base_config.renderers = []
 base_config.use_toscawidgets = False
 base_config.use_toscawidgets2 = True
@@ -73,21 +73,6 @@ base_config['flash.template'] = '''
 # YOU MUST CHANGE THIS VALUE IN PRODUCTION TO SECURE YOUR APP 
 base_config.sa_auth.cookie_secret = "3283411b-1904-4554-b0e1-883863b53080"
 
-base_config.auth_type = 'ldap'
-
-# ldap_base_dn = 'ou=users,dc=ad,dc=snake-oil-company,dc=com'
-# ldap_bind_dn = 'cn=bind,cn=users,dc=ad,dc=snake-oil-company,dc=com'
-
-base_config.ldap_url = 'ldap://localhost:3333'
-base_config.ldap_base_dn = 'dc=directory,dc=fsf,dc=org'
-base_config.ldap_bind_dn = 'cn=admin,dc=directory,dc=fsf,dc=org'
-base_config.ldap_bind_pass = 'toor'
-base_config.ldap_ldap_naming_attribute = 'uid'
-base_config.ldap_user_attributes = 'mail=email'
-base_config.ldap_tls = False
-
-AuthConfigWrapper.wrap(base_config)
-
 # INFO - This is the way to specialize the resetpassword email properties
 # plug(base_config, 'resetpassword', None, mail_subject=reset_password_email_subject)
 plug(base_config, 'resetpassword', 'reset_password')

tracim/tracim/config/deployment.ini_tmpl

@@ -27,6 +27,7 @@ cache_dir = %(here)s/data
 beaker.session.key = pod
 beaker.session.secret = ${app_instance_secret}
 app_instance_uuid = ${app_instance_uuid}
+auth_type = internal
 
 # If you'd like to fine-tune the individual locations of the cache data dirs
 # for the Cache data, or the Session saves, un-comment the desired settings

tracim/tracim/lib/auth/ldap.py

@@ -4,6 +4,7 @@ from who_ldap import LDAPAttributesPlugin, LDAPGroupsPlugin
 from who_ldap import LDAPSearchAuthenticatorPlugin as BaseLDAPSearchAuthenticatorPlugin
 
 from tracim.lib.auth.base import Auth
+from tracim.lib.helpers import ini_conf_to_bool
 from tracim.lib.user import UserApi
 from tracim.model import auth, DBSession, User
 
@@ -44,7 +45,7 @@ class LDAPAuth(Auth):
             returned_id='login',
             # the LDAP attribute that holds the user name:
             naming_attribute=self._config.get('ldap_naming_attribute'),
-            start_tls=self._config.get('ldap_tls', False),
+            start_tls=ini_conf_to_bool(self._config.get('ldap_tls', False)),
         )
         auth_plug.set_auth(self)
         return auth_plug
@@ -58,7 +59,7 @@ class LDAPAuth(Auth):
             # map from LDAP attributes to TurboGears user attributes:
             attributes=self._config.get('ldap_user_attributes', 'mail=email'),
             flatten=True,
-            start_tls=self._config.get('ldap_tls', False)
+            start_tls=ini_conf_to_bool(self._config.get('ldap_tls', False)),
         )
 
     def _get_ldap_groups_provider(self):
@@ -69,7 +70,7 @@ class LDAPAuth(Auth):
             bind_pass=self._config.get('ldap_bind_pass'),
             filterstr=self._config.get('ldap_group_filter', '(&(objectClass=group)(member=%(dn)s))'),
             name='groups',
-            start_tls=self._config.get('ldap_tls', False)
+            start_tls=ini_conf_to_bool(self._config.get('ldap_tls', False)),
         )
 
 

tracim/tracim/lib/helpers.py

@@ -198,3 +198,15 @@ def shorten(text: str, maxlength: int, add_three_points=True) -> str:
             result += '…'
 
     return result
+
+
+def ini_conf_to_bool(value):
+    """
+    Depending INI file interpreter, False values are simple parsed as string,
+    so use this function to consider them as boolean
+    :param value: value of ini parameter
+    :return: bollean value
+    """
+    if value in ('False', 'false', '0', 'off', 'no'):
+        return False
+    return bool(value)