Prefix userdata hives with _ to avoid conflicts

The main userdata dict contains common attributes, but we add a sepcial groups list and unmapped extras, as well as indicators like auth_type. All these additional attributes are now prefixed by a _ character so that conflicts with legitimate attributes are improbable. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
author: Simo Sorce <simo@redhat.com> 2015-02-16 14:04:49 -0500
committer: Patrick Uiterwijk <puiterwijk@redhat.com> 2015-02-24 16:37:38 +0100
commit: 771b8fd095f3bcb922f761d297c62f1a56a997d5 (patch)
tree: a0b588a1135f97abf6ddff141cb461b1fd389685 /ipsilon/login
parent: dd8a2ecf15a7f74e2fe3d8c5ea0ff5e2fed20927 (diff)
download: ipsilon.git-771b8fd095f3bcb922f761d297c62f1a56a997d5.tar.gz
ipsilon.git-771b8fd095f3bcb922f761d297c62f1a56a997d5.tar.xz
ipsilon.git-771b8fd095f3bcb922f761d297c62f1a56a997d5.zip
3 files changed, 27 insertions, 27 deletions
diff --git a/ipsilon/login/authfas.py b/ipsilon/login/authfas.py
index 33d1ac5..3697c1a 100644
--- a/ipsilon/login/authfas.py
+++ b/ipsilon/login/authfas.py
@@ -82,18 +82,19 @@ class FAS(LoginFormBase):
         userdata, fas_extra = self.mapper.map_attrs(fas_data)
 
         # compute and store groups and cla groups
-        userdata['groups'] = []
-        userdata['extras'] = {'fas': fas_extra, 'cla': []}
+        userdata['_groups'] = []
+        userdata['_extras'] = {'fas': fas_extra, 'cla': []}
         for group in fas_data.get('approved_memberships', {}):
             if 'name' not in group:
                 continue
             if group.get('group_type') == 'cla':
                 if group['name'] in CLA_GROUPS:
-                    userdata['extras']['cla'].append(CLA_GROUPS[group['name']])
+                    group_name = CLA_GROUPS[group['name']]
                 else:
-                    userdata['extras']['cla'].append(group['name'])
+                    group_name = group['name']
+                userdata['_extras']['cla'].append(group_name)
             else:
-                userdata['groups'].append(group['name'])
+                userdata['_groups'].append(group['name'])
 
         return userdata
 
diff --git a/ipsilon/login/authldap.py b/ipsilon/login/authldap.py
index 5899ed2..8958410 100644
--- a/ipsilon/login/authldap.py
+++ b/ipsilon/login/authldap.py
@@ -62,15 +62,7 @@ class LDAP(LoginFormBase, Log):
 
         if username and password:
             try:
-                userdata = self._authenticate(username, password)
-                if userdata:
-                    userattrs = dict()
-                    for d, v in userdata.get('userdata', {}).items():
-                        userattrs[d] = v
-                    if 'groups' in userdata:
-                        userattrs['groups'] = userdata['groups']
-                    if 'extras' in userdata:
-                        userattrs['extras'] = userdata['extras']
+                userattrs = self._authenticate(username, password)
                 authed = True
             except Exception, e:  # pylint: disable=broad-except
                 errmsg = "Authentication failed"
diff --git a/ipsilon/login/common.py b/ipsilon/login/common.py
index 2dcdb67..3002d78 100644
--- a/ipsilon/login/common.py
+++ b/ipsilon/login/common.py
@@ -44,27 +44,34 @@ class LoginManagerBase(PluginConfig, PluginObject):
     def auth_successful(self, trans, username, auth_type=None, userdata=None):
         session = UserSession()
 
+        # merge attributes from login plugin and info plugin
         if self.info:
-            userattrs = self.info.get_user_attrs(username)
-            if userdata:
-                userdata.update(userattrs.get('userdata', {}))
-            else:
-                userdata = userattrs.get('userdata', {})
+            infoattrs = self.info.get_user_attrs(username)
+        else:
+            infoattrs = dict()
+
+        if userdata is None:
+            userdata = dict()
+
+        if '_groups' in infoattrs:
+            userdata['_groups'] = list(set(userdata.get('_groups', []) +
+                                           infoattrs['_groups']))
+            del infoattrs['_groups']
 
-            # merge groups and extras from login plugin and info plugin
-            userdata['groups'] = list(set(userdata.get('groups', []) +
-                                          userattrs.get('groups', [])))
+        if '_extras' in infoattrs:
+            userdata['_extras'] = userdata.get('_extras', {})
+            userdata['_extras'].update(infoattrs['_extras'])
+            del infoattrs['_extras']
 
-            userdata['extras'] = userdata.get('extras', {})
-            userdata['extras'].update(userattrs.get('extras', {}))
+        userdata.update(infoattrs)
 
-            self.debug("User %s attributes: %s" % (username, repr(userdata)))
+        self.debug("User %s attributes: %s" % (username, repr(userdata)))
 
         if auth_type:
             if userdata:
-                userdata.update({'auth_type': auth_type})
+                userdata.update({'_auth_type': auth_type})
             else:
-                userdata = {'auth_type': auth_type}
+                userdata = {'_auth_type': auth_type}
 
         # create session login including all the userdata just gathered
         session.login(username, userdata)
author	Simo Sorce <simo@redhat.com>	2015-02-16 14:04:49 -0500
committer	Patrick Uiterwijk <puiterwijk@redhat.com>	2015-02-24 16:37:38 +0100
commit	771b8fd095f3bcb922f761d297c62f1a56a997d5 (patch)
tree	a0b588a1135f97abf6ddff141cb461b1fd389685 /ipsilon/login
parent	dd8a2ecf15a7f74e2fe3d8c5ea0ff5e2fed20927 (diff)
download	ipsilon.git-771b8fd095f3bcb922f761d297c62f1a56a997d5.tar.gz ipsilon.git-771b8fd095f3bcb922f761d297c62f1a56a997d5.tar.xz ipsilon.git-771b8fd095f3bcb922f761d297c62f1a56a997d5.zip