reviewboard.accounts.backends¶

class AuthBackend[source]¶

Bases: object

The base class for Review Board authentication backends.

backend_id = None[source]¶

name = None[source]¶

settings_form = None[source]¶

supports_anonymous_user = True[source]¶

supports_object_permissions = True[source]¶

supports_registration = False[source]¶

supports_change_name = False[source]¶

supports_change_email = False[source]¶

supports_change_password = False[source]¶

login_instructions = None[source]¶

authenticate(username, password)[source]¶

Authenticate the user.

This will authenticate the username and return the appropriate User object, or None.

get_or_create_user(username, request)[source]¶

Get an existing user, or create one if it does not exist.

get_user(user_id)[source]¶

Get an existing user, or None if it does not exist.

update_password(user, password)[source]¶

Update the user’s password on the backend.

Authentication backends can override this to update the password on the backend. This will only be called if supports_change_password is True.

By default, this will raise NotImplementedError.

update_name(user)[source]¶

Update the user’s name on the backend.

The first name and last name will already be stored in the provided user object.

Authentication backends can override this to update the name on the backend based on the values in user. This will only be called if supports_change_name is True.

By default, this will do nothing.

update_email(user)[source]¶

Update the user’s e-mail address on the backend.

The e-mail address will already be stored in the provided user object.

Authentication backends can override this to update the e-mail address on the backend based on the values in user. This will only be called if supports_change_email is True.

By default, this will do nothing.

query_users(query, request)[source]¶

Search for users on the back end.

This call is executed when the User List web API resource is called, before the database is queried.

Authentication backends can override this to perform an external query. Results should be written to the database as standard Review Board users, which will be matched and returned by the web API call.

The query parameter contains the value of the q search parameter of the web API call (e.g. /users/?q=foo), if any.

Errors can be passed up to the web API layer by raising a reviewboard.accounts.errors.UserQueryError exception.

By default, this will do nothing.

search_users(query, request)[source]¶

Custom user-database search.

This call is executed when the User List web API resource is called and the q search parameter is provided, indicating a search query.

It must return either a django.db.models.Q object or None. All enabled backends are called until a Q object is returned. If one isn’t returned, a default search is executed.

class StandardAuthBackend[source]¶

Bases: reviewboard.accounts.backends.AuthBackend, django.contrib.auth.backends.ModelBackend

Authenticate users against the local database.

This will authenticate a user against their entry in the database, if the user has a local password stored. This is the default form of authentication in Review Board.

This backend also handles permission checking for users on LocalSites. In Django, this is the responsibility of at least one auth backend in the list of configured backends.

Regardless of the specific type of authentication chosen for the installation, StandardAuthBackend will always be provided in the list of configured backends. Because of this, it will always be able to handle authentication against locally added users and handle LocalSite-based permissions for all configurations.

backend_id = u’builtin’[source]¶

name = _(u’Standard Registration’)[source]¶

settings_form[source]¶

alias of StandardAuthSettingsForm

supports_registration = True[source]¶

supports_change_name = True[source]¶

supports_change_email = True[source]¶

supports_change_password = True[source]¶

authenticate(username, password)[source]¶

Authenticate the user.

This will authenticate the username and return the appropriate User object, or None.

get_or_create_user(username, request)[source]¶

Get an existing user, or create one if it does not exist.

update_password(user, password)[source]¶

Update the given user’s password.

get_all_permissions(user, obj=None)[source]¶

Get a list of all permissions for a user.

If a LocalSite instance is passed as obj, then the permissions returned will be those that the user has on that LocalSite. Otherwise, they will be their global permissions.

It is not legal to pass any other object.

has_perm(user, perm, obj=None)[source]¶

Get whether or not a user has the given permission.

If a LocalSite instance is passed as obj, then the permissions checked will be those that the user has on that LocalSite. Otherwise, they will be their global permissions.

It is not legal to pass any other object.

class HTTPDigestBackend[source]¶

Bases: reviewboard.accounts.backends.AuthBackend

Authenticate against a user in a digest password file.

backend_id = u’digest’[source]¶

name = _(u’HTTP Digest Authentication’)[source]¶

settings_form[source]¶

alias of HTTPBasicSettingsForm

login_instructions = _(u’Use your standard username and password.’)[source]¶

authenticate(username, password)[source]¶

Authenticate the user.

This will authenticate the username and return the appropriate User object, or None.

get_or_create_user(username, request)[source]¶

Get an existing user, or create one if it does not exist.

class NISBackend[source]¶

Bases: reviewboard.accounts.backends.AuthBackend

Authenticate against a user on an NIS server.

backend_id = u’nis’[source]¶

name = _(u’NIS’)[source]¶

settings_form[source]¶

alias of NISSettingsForm

login_instructions = _(u’Use your standard NIS username and password.’)[source]¶

authenticate(username, password)[source]¶

Authenticate the user.

This will authenticate the username and return the appropriate User object, or None.

get_or_create_user(username, request, passwd=None)[source]¶

Get an existing user, or create one if it does not exist.

class LDAPBackend[source]¶

Bases: reviewboard.accounts.backends.AuthBackend

Authentication backend for LDAP servers.

This allows the use of LDAP servers for authenticating users in Review Board, and for importing individual users on-demand. It allows for a lot of customization in terms of how the LDAP server is queried, providing compatibility with most open source and commercial LDAP servers.

The following Django settings are supported:

LDAP_ANON_BIND_UID:

The full DN (distinguished name) of a user account with sufficient access to perform lookups of users and groups in the LDAP server. This is treated as a general or “anonymous” user for servers requiring authentication, and will not be otherwise imported into the Review Board server (unless attempting to log in with the same name).

This can be unset if the LDAP server supports actual anonymous binds without a DN.

LDAP_ANON_BIND_PASSWD:

The password used for the account specified in LDAP_ANON_BIND_UID.

LDAP_ANON_BIND_UID:

The full distinguished name of a user account with sufficient access to perform lookups of users and groups in the LDAP server. This can be unset if the LDAP server supports anonymous binds.

LDAP_BASE_DN:

The base DN (distinguished name) used to perform LDAP searches.

LDAP_EMAIL_ATTRIBUTE:

The attribute designating the e-mail address of a user in the directory. E-mail attributes are only used if this is set and if LDAP_EMAIL_DOMAIN is not set.

LDAP_EMAIL_DOMAIN:

The domain name to use for e-mail addresses. If set, users imported from LDAP will have an e-mail address in the form of username@LDAP_EMAIL_DOMAIN. This takes priority over LDAP_EMAIL_ATTRIBUTE.

LDAP_GIVEN_NAME_ATTRIBUTE:

The attribute designating the given name (or first name) of a user in the directory. This defaults to givenName if not provided.

LDAP_SURNAME_ATTRIBUTE:

The attribute designating the surname (or last name) of a user in the directory. This defaults to sn if not provided.

LDAP_TLS:

Whether to use TLS to communicate with the LDAP server.

LDAP_UID:

The attribute indicating a user’s unique ID in the directory. This is used to compute a user lookup filter in the format of (LDAP_UID=username).

LDAP_UID_MASK:

A mask defining a filter for looking up users. This must contain %s somewhere in the string, representing the username. For example: (something_special=%s).

LDAP_URI:

The URI to the LDAP server to connect to for all communication.

backend_id = u’ldap’[source]¶

name = _(u’LDAP’)[source]¶

settings_form[source]¶

alias of LDAPSettingsForm

login_instructions = _(u’Use your standard LDAP username and password.’)[source]¶

authenticate(username, password)[source]¶

Authenticate a user.

This will attempt to authenticate the user against the LDAP server. If the username and password are valid, a User will be returned, and added to the database if it doesn’t already exist.

Parameters:	username (unicode) – The username used to authenticate. password (unicode) – The password used to authenticate.
Returns:	The resulting user, if authentication was successful. If unsuccessful, None is returned.
Return type:	django.contrib.auth.models.User

get_or_create_user(username, request=None, ldapo=None, userdn=None)[source]¶

Return a user account, importing from LDAP if necessary.

If the user already exists in the database, it will be returned directly. Otherwise, this will attempt to look up the user in LDAP and create a local user account representing that user.

Parameters:	username (unicode) – The username to look up. request (django.http.HttpRequest, optional) – The optional HTTP request for this operation. ldapo (ldap.LDAPObject, optional) – The existing LDAP connection, if the caller has one. If not provided, a new connection will be created. userdn (unicode, optional) – The DN for the user being looked up, if the caller knows it. If not provided, the DN will be looked up.
Returns:	The resulting user, if it could be found either locally or in LDAP. If the user does not exist, None is returned.
Return type:	django.contrib.auth.models.User

class ActiveDirectoryBackend[source]¶

Bases: reviewboard.accounts.backends.AuthBackend

Authenticate a user against an Active Directory server.

backend_id = u’ad’[source]¶

name = _(u’Active Directory’)[source]¶

settings_form[source]¶

alias of ActiveDirectorySettingsForm

login_instructions = _(u’Use your standard Active Directory username and password.’)[source]¶

get_domain_name()[source]¶

Return the current AD domain name.

get_ldap_search_root(userdomain=None)[source]¶

Return the search root(s) for users in the LDAP server.

search_ad(con, filterstr, userdomain=None)[source]¶

Run a search on the given LDAP server.

find_domain_controllers_from_dns(userdomain=None)[source]¶

Find and return the active domain controllers using DNS.

can_recurse(depth)[source]¶

Return whether the given recursion depth is too big.

get_member_of(con, search_results, seen=None, depth=0)[source]¶

Get the LDAP groups for the given users.

This iterates over the users specified in search_results and returns a set of groups of which those users are members.

get_ldap_connections(userdomain=None)[source]¶

Get a set of connections to LDAP servers.

This returns an iterable of connections to the LDAP servers specified in AD_DOMAIN_CONTROLLER.

authenticate(username, password)[source]¶

Authenticate the user.

This will authenticate the username and return the appropriate User object, or None.

get_or_create_user(username, request, ad_user_data)[source]¶

Get an existing user, or create one if it does not exist.

class X509Backend[source]¶

Bases: reviewboard.accounts.backends.AuthBackend

Authenticate a user from a X.509 client certificate.

The certificate is passed in by the browser. This backend relies on the X509AuthMiddleware to extract a username field from the client certificate.

backend_id = u’x509’[source]¶

name = _(u’X.509 Public Key’)[source]¶

settings_form[source]¶

alias of X509SettingsForm

supports_change_password = True[source]¶

authenticate(x509_field=u”)[source]¶

Authenticate the user.

This will extract the username from the provided certificate and return the appropriate User object.

clean_username(username)[source]¶

Validate the ‘username’ field.

This checks to make sure that the contents of the username field are valid for X509 authentication.

get_or_create_user(username, request)[source]¶

Get an existing user, or create one if it does not exist.

get_registered_auth_backends()[source]¶

Return all registered Review Board authentication backends.

This will return all backends provided both by Review Board and by third parties that have properly registered with the “reviewboard.auth_backends” entry point.

get_registered_auth_backend(backend_id)[source]¶

Return the authentication backends with the specified ID.

If the authentication backend could not be found, this will return None.

register_auth_backend(backend_cls)[source]¶

Register an authentication backend.

This backend will appear in the list of available backends.

The backend class must have a backend_id attribute set, and can only be registerd once. A KeyError will be thrown if attempting to register a second time.

unregister_auth_backend(backend_cls)[source]¶

Unregister a previously registered authentication backend.

get_enabled_auth_backends()[source]¶

Get all authentication backends being used by Review Board.

The returned list contains every authentication backend that Review Board will try, in order.

set_enabled_auth_backend(backend_id)[source]¶

Set the authentication backend to be used.