From 1a64deeb894dc95e2645a75771732c6cc53a79ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Wed, 4 Oct 2023 01:35:06 +0200 Subject: Squash changes containing private information There were a lot of changes since the previous commit, but a lot of them contained personnal information about users. All thos changes got stashed into a single commit (history is kept in a different place) and private information was moved in a separate private repository --- flakes/mediagoblin/bower-packages.nix | 8 + flakes/mediagoblin/default.nix | 213 ++++++++++++++++ flakes/mediagoblin/flake.lock | 78 ++++++ flakes/mediagoblin/flake.nix | 271 +++++++++++++++++++++ flakes/mediagoblin/ldap_fix.py | 93 +++++++ flakes/mediagoblin/plugins/basicsearch/default.nix | 18 ++ 6 files changed, 681 insertions(+) create mode 100644 flakes/mediagoblin/bower-packages.nix create mode 100644 flakes/mediagoblin/default.nix create mode 100644 flakes/mediagoblin/flake.lock create mode 100644 flakes/mediagoblin/flake.nix create mode 100644 flakes/mediagoblin/ldap_fix.py create mode 100644 flakes/mediagoblin/plugins/basicsearch/default.nix (limited to 'flakes/mediagoblin') diff --git a/flakes/mediagoblin/bower-packages.nix b/flakes/mediagoblin/bower-packages.nix new file mode 100644 index 0000000..03af849 --- /dev/null +++ b/flakes/mediagoblin/bower-packages.nix @@ -0,0 +1,8 @@ +# Generated by bower2nix v3.2.0 (https://github.com/rvl/bower2nix) +{ fetchbower, buildEnv }: +buildEnv { name = "bower-env"; ignoreCollisions = true; paths = [ + (fetchbower "jquery" "2.1.4" "~2.1.3" "1ywrpk2xsr6ghkm3j9gfnl9r3jn6xarfamp99b0bcm57kq9fm2k0") + (fetchbower "video.js" "4.11.4" "~4.11.4" "05prdvyk0rxbkh7sdd0d9ns5l5crwvc68wzkyqmrdjw367pcv8sn") + (fetchbower "leaflet" "0.7.7" "~0.7.3" "0jim285bljmxxngpm3yx6bnnd10n2whwkgmmhzpcd1rdksnr5nca") + (fetchbower "tinymce" "4.1.10" "~4.1.7" "16jyvdb9bq8gjwhs69q8p88vdixalajrz81nsmbrzzxhkih57dyx") +]; } diff --git a/flakes/mediagoblin/default.nix b/flakes/mediagoblin/default.nix new file mode 100644 index 0000000..47cc628 --- /dev/null +++ b/flakes/mediagoblin/default.nix @@ -0,0 +1,213 @@ +{ src, makeWrapper, stdenv, writeScript, fetchurl, buildBowerComponents, which, python36, gst_all_1, automake, autoconf, nodejs, nodePackages, lib, callPackage, fetchgit, fetchFromGitHub }: +let + overridePython = let + packageOverrides = self: super: { + pybcrypt = super.buildPythonPackage rec { + pname = "pybcrypt"; + version = "0.4"; + + src = self.fetchPypi { + inherit pname version; + sha256 = "5fa13bce551468350d66c4883694850570f3da28d6866bb638ba44fe5eabda78"; + }; + }; + celery = super.celery.overridePythonAttrs(old: rec { + version = "3.1.26.post2"; + src = self.fetchPypi { + inherit version; + inherit (old) pname; + sha256 = "5493e172ae817b81ba7d09443ada114886765a8ce02f16a56e6fac68d953a9b2"; + }; + patches = []; + doCheck = false; + }); + billiard = super.billiard.overridePythonAttrs(old: rec { + version = "3.3.0.23"; + src = self.fetchPypi { + inherit version; + inherit (old) pname; + sha256 = "02wxsc6bhqvzh8j6w758kvgqbnj14l796mvmrcms8fgfamd2lak9"; + }; + doCheck = false; + doInstallCheck = false; + }); + amqp = super.amqp.overridePythonAttrs(old: rec { + version = "1.4.9"; + src = self.fetchPypi { + inherit version; + inherit (old) pname; + sha256 = "2dea4d16d073c902c3b89d9b96620fb6729ac0f7a923bbc777cb4ad827c0c61a"; + }; + doCheck = false; + }); + kombu = super.kombu.overridePythonAttrs(old: rec { + version = "3.0.37"; + src = self.fetchPypi { + inherit version; + inherit (old) pname; + sha256 = "e064a00c66b4d1058cd2b0523fb8d98c82c18450244177b6c0f7913016642650"; + }; + propagatedBuildInputs = old.propagatedBuildInputs ++ [ self.anyjson ]; + doCheck = false; + }); + markdown = super.markdown.overridePythonAttrs(old: rec { + version = "3.1.1"; + src = self.fetchPypi { + inherit version; + inherit (old) pname; + sha256 = "2e50876bcdd74517e7b71f3e7a76102050edec255b3983403f1a63e7c8a41e7a"; + }; + }); + sqlalchemy = super.sqlalchemy.overridePythonAttrs(old: rec { + version = "1.1.18"; + src = self.fetchPypi { + inherit version; + inherit (old) pname; + sha256 = "8b0ec71af9291191ba83a91c03d157b19ab3e7119e27da97932a4773a3f664a9"; + }; + doCheck = false; + }); + tempita_5_3_dev = super.buildPythonPackage rec { + version = "47414a7-master"; + pname = "tempita"; + name = "${pname}-${version}"; + src = fetchFromGitHub { + owner = "gjhiggins"; + repo = "tempita"; + rev = "47414a7c6e46a9a9afe78f0bce2ea299fa84d10d"; + sha256 = "0f33jjjs5rvp7ar2j6ggyfykcrsrn04jaqcq71qfvycf6b7nw3rn"; + fetchSubmodules = true; + }; + buildInputs = with self; [ nose ]; + disabled = false; + }; + sqlalchemy_migrate = super.sqlalchemy_migrate.overridePythonAttrs(old: rec { + propagatedBuildInputs = with self; [ pbr tempita_5_3_dev decorator sqlalchemy six sqlparse ]; + }); + pasteScript = super.pasteScript.overridePythonAttrs(old: rec { + version = "2.0.2"; + name = "PasteScript-${version}"; + src = fetchurl { + url = "mirror://pypi/P/PasteScript/${name}.tar.gz"; + sha256 = "1h3nnhn45kf4pbcv669ik4faw04j58k8vbj1hwrc532k0nc28gy0"; + }; + propagatedBuildInputs = with self; [ six paste PasteDeploy ]; + }); + werkzeug = super.werkzeug.overridePythonAttrs(old: rec { + version = "0.16.1"; + src = self.fetchPypi { + inherit version; + inherit (old) pname; + sha256 = "b353856d37dec59d6511359f97f6a4b2468442e454bd1c98298ddce53cac1f04"; + }; + }); + }; + in + python36.override { inherit packageOverrides; }; + pythonEnv = python-pkgs: with python-pkgs; [ + waitress alembic dateutil wtforms pybcrypt + pytest pytest_xdist werkzeug celery + kombu jinja2 Babel webtest configobj markdown + sqlalchemy itsdangerous pytz sphinx six + oauthlib unidecode jsonschema PasteDeploy + requests PyLD exifread + typing pasteScript lxml + # For images plugin + pillow + # For video plugin + gst-python + # migrations + sqlalchemy_migrate + # authentication + ldap3 + redis + psycopg2 + ]; + python = overridePython.withPackages pythonEnv; + gmg = writeScript "gmg" '' + #!${python}/bin/python + __requires__ = 'mediagoblin' + import sys + from pkg_resources import load_entry_point + + if __name__ == '__main__': + sys.exit( + load_entry_point('mediagoblin', 'console_scripts', 'gmg')() + ) + ''; + bowerComponents = buildBowerComponents { + name = "mediagoblin-bower-components"; + generated = ./bower-packages.nix; + inherit src; + }; + pluginNames = [ "basicsearch" ]; + allPlugins = lib.attrsets.genAttrs pluginNames + (name: callPackage (./plugins + "/${name}") {}); + toPassthru = pkg: plugins: { + inherit allPlugins plugins; + withPlugins = withPlugins pkg; + }; + withPlugins = pkg: toPlugins: + let + plugins = toPlugins allPlugins; + toBuildPlugin = n: "ln -s ${n} mediagoblin/plugins/${n.pluginName}"; + newMediagoblin = pkg.overrideAttrs(old: { + postBuild = old.postBuild + "\n" + builtins.concatStringsSep "\n" (map toBuildPlugin plugins); + passthru = toPassthru newMediagoblin plugins; + }); + in newMediagoblin; + package = stdenv.mkDerivation rec { + pname = "mediagoblin"; + name = "${pname}-${version}"; + version = "cd465eb-stable"; + inherit src; + preConfigure = '' + # ./bootstrap.sh + aclocal -I m4 --install + autoreconf -fvi + # end + export HOME=$PWD + ''; + configureFlags = [ "--with-python3" "--without-virtualenv" ]; + postBuild = '' + cp -a ${bowerComponents}/bower_components/* extlib + chmod -R u+w extlib + make extlib + ''; + installPhase = let + libpaths = with gst_all_1; [ + python + gstreamer + gst-plugins-base + gst-libav + gst-plugins-good + gst-plugins-bad + gst-plugins-ugly + ]; + plugin_paths = builtins.concatStringsSep ":" (map (x: "${x}/lib") libpaths); + typelib_paths = with gst_all_1; "${gstreamer}/lib/girepository-1.0:${gst-plugins-base}/lib/girepository-1.0"; + in '' + sed -i "s/registry.has_key(current_theme_name)/current_theme_name in registry/" mediagoblin/tools/theme.py + sed -i -e "s@\[DEFAULT\]@[DEFAULT]\nhere = $out@" mediagoblin/config_spec.ini + sed -i -e "/from gi.repository import GstPbutils/s/^/gi.require_version('GstPbutils', '1.0')\n/" mediagoblin/media_types/video/transcoders.py + cp ${./ldap_fix.py} mediagoblin/plugins/ldap/tools.py + find . -name '*.pyc' -delete + find . -type f -exec sed -i "s|$PWD|$out|g" {} \; + python setup.py build + cp -a . $out + mkdir $out/bin + makeWrapper ${gmg} $out/bin/gmg --prefix PYTHONPATH : "$out:$PYTHONPATH" \ + --prefix GST_PLUGIN_SYSTEM_PATH : ${plugin_paths} \ + --prefix GI_TYPELIB_PATH : ${typelib_paths} + makeWrapper ${python}/bin/paster $out/bin/paster --prefix PYTHONPATH : "$out:$PYTHONPATH" \ + --prefix GST_PLUGIN_SYSTEM_PATH : ${plugin_paths} \ + --prefix GI_TYPELIB_PATH : ${typelib_paths} + makeWrapper ${python}/bin/celery $out/bin/celery --prefix PYTHONPATH : "$out:$PYTHONPATH" \ + --prefix GST_PLUGIN_SYSTEM_PATH : ${plugin_paths} \ + --prefix GI_TYPELIB_PATH : ${typelib_paths} + ''; + buildInputs = [ makeWrapper automake autoconf which nodePackages.bower nodejs python ]; + propagatedBuildInputs = with gst_all_1; [ python gst-libav gst-plugins-good gst-plugins-bad gst-plugins-ugly gstreamer ]; + passthru = toPassthru package []; + }; +in package diff --git a/flakes/mediagoblin/flake.lock b/flakes/mediagoblin/flake.lock new file mode 100644 index 0000000..bba6479 --- /dev/null +++ b/flakes/mediagoblin/flake.lock @@ -0,0 +1,78 @@ +{ + "nodes": { + "flake-utils": { + "locked": { + "lastModified": 1649676176, + "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "mediagoblin": { + "flake": false, + "locked": { + "lastModified": 1531090939, + "narHash": "sha256-vSajRbuE/bu2HVsUZm25fkm/vNLXKDIK7Xn8kyKJ5Ps=", + "ref": "stable", + "rev": "cd465ebfec837a75a44c4ebd727dffe2fff6d850", + "revCount": 4805, + "submodules": true, + "type": "git", + "url": "https://git.savannah.gnu.org/git/mediagoblin.git" + }, + "original": { + "ref": "stable", + "rev": "cd465ebfec837a75a44c4ebd727dffe2fff6d850", + "submodules": true, + "type": "git", + "url": "https://git.savannah.gnu.org/git/mediagoblin.git" + } + }, + "myuids": { + "locked": { + "lastModified": 1, + "narHash": "sha256-HkW9YCLQCNBX3Em7J7MjraVEZO3I3PizkVV2QrUdULQ=", + "path": "../myuids", + "type": "path" + }, + "original": { + "path": "../myuids", + "type": "path" + } + }, + "nixpkgs": { + "flake": false, + "locked": { + "lastModified": 1596265691, + "narHash": "sha256-9ofCzFqttTsGrvTaS4RrDSTNQO9PFOz5uyn8V+2eA5M=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "840c782d507d60aaa49aa9e3f6d0b0e780912742", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "840c782d507d60aaa49aa9e3f6d0b0e780912742", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-utils": "flake-utils", + "mediagoblin": "mediagoblin", + "myuids": "myuids", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flakes/mediagoblin/flake.nix b/flakes/mediagoblin/flake.nix new file mode 100644 index 0000000..2e821d5 --- /dev/null +++ b/flakes/mediagoblin/flake.nix @@ -0,0 +1,271 @@ +{ + description = "a free software media publishing platform that anyone can run."; + inputs.myuids = { + url = "path:../myuids"; + }; + inputs.flake-utils.url = "github:numtide/flake-utils"; + inputs.nixpkgs = { + url = "github:NixOS/nixpkgs/840c782d507d60aaa49aa9e3f6d0b0e780912742"; + flake = false; + }; + inputs.mediagoblin = { + url = "git+https://git.savannah.gnu.org/git/mediagoblin.git?submodules=1&ref=stable&rev=cd465ebfec837a75a44c4ebd727dffe2fff6d850"; + flake = false; + }; + + outputs = { self, myuids, nixpkgs, mediagoblin, flake-utils }: flake-utils.lib.eachSystem ["x86_64-linux"] (system: + let + pkgs = import nixpkgs { inherit system; overlays = []; }; + version = (builtins.fromJSON (builtins.readFile ./flake.lock)).nodes.mediagoblin.original.ref; + inherit (pkgs) callPackage; + in rec { + packages.mediagoblin = callPackage ./. { src = mediagoblin // { inherit version; }; }; + defaultPackage = packages.mediagoblin; + legacyPackages.mediagoblin = packages.mediagoblin; + checks = { + build = defaultPackage; + }; + } + ) // rec { + overlays = { + mediagoblin = final: prev: { + mediagoblin = self.defaultPackage."${final.system}"; + }; + }; + overlay = overlays.mediagoblin; + nixosModule = { lib, pkgs, config, ... }: + let + name = "mediagoblin"; + cfg = config.services.mediagoblin; + + uid = config.ids.uids.mediagoblin; + gid = config.ids.gids.mediagoblin; + + paste_local = pkgs.writeText "paste_local.ini" '' + [DEFAULT] + debug = false + + [pipeline:main] + pipeline = mediagoblin + + [app:mediagoblin] + use = egg:mediagoblin#app + config = ${cfg.configFile} ${cfg.package}/mediagoblin.ini + /mgoblin_static = ${cfg.package}/mediagoblin/static + + [loggers] + keys = root + + [handlers] + keys = console + + [formatters] + keys = generic + + [logger_root] + level = INFO + handlers = console + + [handler_console] + class = StreamHandler + args = (sys.stderr,) + level = NOTSET + formatter = generic + + [formatter_generic] + format = %(levelname)-7.7s [%(name)s] %(message)s + + [filter:errors] + use = egg:mediagoblin#errors + debug = false + + [server:main] + use = egg:waitress#main + unix_socket = ${cfg.sockets.paster} + unix_socket_perms = 777 + url_scheme = https + ''; + in + { + options.services.mediagoblin = { + enable = lib.mkEnableOption "Enable Mediagoblin’s service"; + user = lib.mkOption { + type = lib.types.str; + default = name; + description = "User account under which Mediagoblin runs"; + }; + group = lib.mkOption { + type = lib.types.str; + default = name; + description = "Group under which Mediagoblin runs"; + }; + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/${name}"; + description = '' + The directory where Mediagoblin stores its data. + ''; + }; + socketsDir = lib.mkOption { + type = lib.types.path; + default = "/run/${name}"; + description = '' + The directory where Mediagoblin puts runtime files and sockets. + ''; + }; + configFile = lib.mkOption { + type = lib.types.path; + description = '' + The configuration file path for Mediagoblin. + ''; + }; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.mediagoblin; + example = lib.literalExample '' + pkgs.webapps.mediagoblin.withPlugins (p: [p.basicsearch]) + ''; + description = '' + Mediagoblin package to use. + ''; + }; + systemdStateDirectory = lib.mkOption { + type = lib.types.str; + # Use ReadWritePaths= instead if varDir is outside of /var/lib + default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir; + lib.strings.removePrefix "/var/lib/" cfg.dataDir; + description = '' + Adjusted Mediagoblin data directory for systemd + ''; + readOnly = true; + }; + systemdRuntimeDirectory = lib.mkOption { + type = lib.types.str; + # Use ReadWritePaths= instead if socketsDir is outside of /run + default = assert lib.strings.hasPrefix "/run/" cfg.socketsDir; + lib.strings.removePrefix "/run/" cfg.socketsDir; + description = '' + Adjusted Mediagoblin sockets directory for systemd + ''; + readOnly = true; + }; + sockets = lib.mkOption { + type = lib.types.attrsOf lib.types.path; + default = { + paster = "${cfg.socketsDir}/mediagoblin.sock"; + }; + readOnly = true; + description = '' + Mediagoblin sockets + ''; + }; + pids = lib.mkOption { + type = lib.types.attrsOf lib.types.path; + default = { + paster = "${cfg.socketsDir}/mediagoblin.pid"; + celery = "${cfg.socketsDir}/mediagoblin-celeryd.pid"; + }; + readOnly = true; + description = '' + Mediagoblin pid files + ''; + }; + }; + + config = lib.mkIf cfg.enable { + nixpkgs.overlays = [ self.overlay ]; + users.users = lib.optionalAttrs (cfg.user == name) { + "${name}" = { + inherit uid; + group = cfg.group; + description = "Mediagoblin user"; + home = cfg.dataDir; + useDefaultShell = true; + }; + }; + users.groups = lib.optionalAttrs (cfg.group == name) { + "${name}" = { + inherit gid; + }; + }; + + systemd.slices.mediagoblin = { + description = "Mediagoblin slice"; + }; + systemd.services.mediagoblin-web = { + description = "Mediagoblin service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + wants = [ "postgresql.service" "redis.service" ]; + + environment.SCRIPT_NAME = "/mediagoblin/"; + + script = '' + exec ./bin/paster serve \ + ${paste_local} \ + --pid-file=${cfg.pids.paster} + ''; + preStop = '' + exec ./bin/paster serve \ + --pid-file=${cfg.pids.paster} \ + ${paste_local} stop + ''; + preStart = '' + if [ -d ${cfg.dataDir}/plugin_static/ ]; then + rm ${cfg.dataDir}/plugin_static/coreplugin_basic_auth + ln -sf ${cfg.package}/mediagoblin/plugins/basic_auth/static ${cfg.dataDir}/plugin_static/coreplugin_basic_auth + fi + ./bin/gmg -cf ${cfg.configFile} dbupdate + ''; + + serviceConfig = { + Slice = "mediagoblin.slice"; + User = cfg.user; + PrivateTmp = true; + Restart = "always"; + TimeoutSec = 15; + Type = "simple"; + WorkingDirectory = cfg.package; + RuntimeDirectory = cfg.systemdRuntimeDirectory; + StateDirectory= cfg.systemdStateDirectory; + PIDFile = cfg.pids.paster; + }; + + unitConfig.RequiresMountsFor = cfg.dataDir; + }; + + systemd.services.mediagoblin-celeryd = { + description = "Mediagoblin service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "mediagoblin-web.service" ]; + + environment.MEDIAGOBLIN_CONFIG = cfg.configFile; + environment.CELERY_CONFIG_MODULE = "mediagoblin.init.celery.from_celery"; + + script = '' + exec ./bin/celery worker \ + --logfile=${cfg.dataDir}/celery.log \ + --loglevel=INFO + ''; + + serviceConfig = { + Slice = "mediagoblin.slice"; + User = cfg.user; + PrivateTmp = true; + Restart = "always"; + TimeoutSec = 60; + Type = "simple"; + WorkingDirectory = cfg.package; + RuntimeDirectory = cfg.systemdRuntimeDirectory; + StateDirectory= cfg.systemdStateDirectory; + PIDFile = cfg.pids.celery; + }; + + unitConfig.RequiresMountsFor = cfg.dataDir; + }; + }; + }; + }; +} + + diff --git a/flakes/mediagoblin/ldap_fix.py b/flakes/mediagoblin/ldap_fix.py new file mode 100644 index 0000000..10cc375 --- /dev/null +++ b/flakes/mediagoblin/ldap_fix.py @@ -0,0 +1,93 @@ +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +from ldap3 import Server, Connection, SUBTREE +from ldap3.core.exceptions import LDAPException +import logging + +import six + +from mediagoblin.tools import pluginapi + +_log = logging.getLogger(__name__) + + +class LDAP(object): + def __init__(self): + self.ldap_settings = pluginapi.get_config('mediagoblin.plugins.ldap') + + def _connect(self, server): + _log.info('Connecting to {0}.'.format(server['LDAP_SERVER_URI'])) + self.server = Server(server['LDAP_SERVER_URI']) + + if 'LDAP_START_TLS' in server and server['LDAP_START_TLS'] == 'true': + _log.info('Initiating TLS') + self.server.start_tls() + + def _manager_auth(self, settings, username, password): + conn = Connection(self.server, + settings['LDAP_BIND_DN'], + settings['LDAP_BIND_PW'], + auto_bind=True) + found = conn.search( + search_base=settings['LDAP_SEARCH_BASE'], + search_filter=settings['LDAP_SEARCH_FILTER'].format(username=username), + search_scope=SUBTREE, + attributes=[settings['EMAIL_SEARCH_FIELD']]) + if (not found) or len(conn.entries) > 1: + return False, None + + user = conn.entries[0] + user_dn = user.entry_dn + try: + email = user.entry_attributes_as_dict[settings['EMAIL_SEARCH_FIELD']][0] + except KeyError: + email = None + + Connection(self.server, user_dn, password, auto_bind=True) + + return username, email + + def _direct_auth(self, settings, username, password): + user_dn = settings['LDAP_USER_DN_TEMPLATE'].format(username=username) + conn = Connection(self.server, user_dn, password, auto_bind=True) + email_found = conn.search( + search_base=settings['LDAP_SEARCH_BASE'], + search_filter='uid={0}'.format(username), + search_scope=SUBTREE, + attributes=[settings['EMAIL_SEARCH_FIELD']]) + + if email_found: + try: + email = conn.entries[0].entry_attributes_as_dict[settings['EMAIL_SEARCH_FIELD']][0] + except KeyError: + email = None + + return username, email + + def login(self, username, password): + for k, v in six.iteritems(self.ldap_settings): + try: + self._connect(v) + + if 'LDAP_BIND_DN' in v: + return self._manager_auth(v, username, password) + else: + return self._direct_auth(v, username, password) + + except LDAPException as e: + _log.info(e) + + return False, None diff --git a/flakes/mediagoblin/plugins/basicsearch/default.nix b/flakes/mediagoblin/plugins/basicsearch/default.nix new file mode 100644 index 0000000..16be613 --- /dev/null +++ b/flakes/mediagoblin/plugins/basicsearch/default.nix @@ -0,0 +1,18 @@ +{ stdenv, fetchFromGitHub }: +stdenv.mkDerivation rec { + name = "mediagoblin-plugin-basicsearch-${version}"; + version = "ba0a154-master"; + src = fetchFromGitHub { + owner = "ayleph"; + repo = "mediagoblin-basicsearch"; + rev = "ba0a1547bd24ebaf363227fe17644d38c6ce8a6b"; + sha256 = "0d4r7xkf4gxmgaxlb264l44xbanis77g49frwfhfzsflxmdwgncy"; + }; + phases = "unpackPhase installPhase"; + installPhase = '' + cp -R ./basicsearch $out + ''; + passthru = { + pluginName = "basicsearch"; + }; +} -- cgit v1.2.3