New feature: Atlassian Crowd authentication

#40 Declined
  1. Andrew Kesterson

Hey marcin, hope you find these features useful. We use an Atlassian Crowd database for our directory at my enterprise, so I found this feature essential to add. Works for me at current. Let me know if there are problems with it.

This patch adds a number of new features:

- Authenticate users against an Atlassian Crowd DB via libatlassian
- Crowd settings page, to turn crowd on/off and change settings
- Check the incoming user's crowd groups to set Admin or not, based
    on "crowd admin groups" in the settings page
- New user model elements, "extern_name" and "extern_type". These
    serve the same purpose that ldap_dn used to, but they are more
    generic, and should replace ldap_dn as soon as possible to allow
    yet more extensible authentication methods. ldap_dn is still
    populated and checked as normal, extern_name/extern_type are just
    used alongside it for now.
- Changed the admin users view to remove the "ldap" boolean column
    and replace it with an "external" column that says the type of
    external DB the user comes from (crowd users appear as "crowd",
    ldap users appear as "ldap")

Comments (18)

    1. Andrew Kesterson author

      I just realized libatlassian isn't on pypi yet, so this can't get pulled in yet. (It's on bitbucket, the guys are just lazy about putting it on pypi).

      Will get w/ the teamshinobi guys and update this once libatlassian hits pypi.

  1. Andrew Kesterson author

    Sorry for my lack of attention on this... Upon further thought, this idea of embedding crowd/libatlassian into rhodecode is terrible. Marcin, if you think expanding rhodecode's authentication options is a good idea for merge, then I should provide a different patch that allows for the use of pluggable authentication modules, so the users can write (and share) their own auth modules, without you guys having to maintain anything besides the core LDAP plugin.

    Still interested?

  2. Andrew Kesterson author

    libatlassian is my code, I was on Team Shinobi when it was written, so no worries about licensing. I just got lazy and basically forgot about this.

    I have time off from work coming up this week. I'll re-apply the patch towards the current beta branch, make sure everything still works, and send an updated patch. The updated patch will focus less on Crowd specifically, it will instead implement the pluggable authentication, and include Crowd as one of the auth modules.

    Sorry for dragging my feet, will update next week!

  3. Andrew Kesterson author

    I've got the feature updated against the latest beta head revision, and am breaking out the existing ldap and rhodecode auth code into modular bits, as well as the new crowd stuff. I've also got the libatlassian external dependency solved, it's all in the auth_crowd module now. I've also got ldap_dn stripped out, and converted everything over to extern_* variables. Everything is quite promising so far. Expect an updated pull request by sometime Saturday or Sunday, depending on how fast I can spin up an ldap server to regression test that code against....

  4. Andrew Kesterson author

    I didn't get all the features I wanted (deadlines suck), but it's done. I'll document all the changes/functionality/API etc, and send this over tomorrow. ETA ~12 hours.

    Thanks for being patient!