Initial LDAP support

This commit is contained in:
Krakinou 2019-01-10 23:51:01 +01:00
parent e1205b75cd
commit 30954cc27f
2 changed files with 26 additions and 1 deletions

View File

@ -14,6 +14,7 @@ import json
import datetime import datetime
from binascii import hexlify from binascii import hexlify
import cli import cli
import ldap
engine = create_engine('sqlite:///{0}'.format(cli.settingspath), echo=False) engine = create_engine('sqlite:///{0}'.format(cli.settingspath), echo=False)
Base = declarative_base() Base = declarative_base()
@ -46,6 +47,8 @@ SIDEBAR_PUBLISHER = 4096
DEFAULT_PASS = "admin123" DEFAULT_PASS = "admin123"
DEFAULT_PORT = int(os.environ.get("CALIBRE_PORT", 8083)) DEFAULT_PORT = int(os.environ.get("CALIBRE_PORT", 8083))
LDAP_PROVIDER_URL = 'ldap://localhost:389/'
LDAP_PROTOCOL_VERSION = 3
class UserBase: class UserBase:
@ -152,6 +155,13 @@ class UserBase:
def __repr__(self): def __repr__(self):
return '<User %r>' % self.nickname return '<User %r>' % self.nickname
@staticmethod
def try_login(username, password):
conn = get_ldap_connection()
conn.simple_bind_s(
'uid={},ou=users,dc=yunohost,dc=org'.format(username),
password
)
# Baseclass for Users in Calibre-Web, settings which are depending on certain users are stored here. It is derived from # Baseclass for Users in Calibre-Web, settings which are depending on certain users are stored here. It is derived from
# User Base (all access methods are declared there) # User Base (all access methods are declared there)
@ -778,6 +788,11 @@ else:
migrate_Database() migrate_Database()
clean_database() clean_database()
#get LDAP connection
def get_ldap_connection():
conn = ldap.initialize(LDAP_PROVIDER_URL)
return conn
# Generate global Settings Object accessible from every file # Generate global Settings Object accessible from every file
config = Config() config = Config()
searched_ids = {} searched_ids = {}

View File

@ -57,6 +57,7 @@ from redirect import redirect_back
import time import time
import server import server
from reverseproxy import ReverseProxied from reverseproxy import ReverseProxied
import ldap
try: try:
from googleapiclient.errors import HttpError from googleapiclient.errors import HttpError
@ -2342,7 +2343,16 @@ def login():
if request.method == "POST": if request.method == "POST":
form = request.form.to_dict() form = request.form.to_dict()
user = ub.session.query(ub.User).filter(func.lower(ub.User.nickname) == form['username'].strip().lower()).first() user = ub.session.query(ub.User).filter(func.lower(ub.User.nickname) == form['username'].strip().lower()).first()
if user and check_password_hash(user.password, form['password']) and user.nickname is not "Guest": try:
app.logger.info("Tryong LDAP connexion")
ub.User.try_login(form['username'], form['password'])
login_user(user, remember=True)
flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success")
return redirect_back(url_for("index"))
except ldap.INVALID_CREDENTIALS:
ipAdress = request.headers.get('X-Forwarded-For', request.remote_addr)
app.logger.info('LDAP Login failed for user "' + form['username'] + '" IP-adress: ' + ipAdress)
if user and check_password_hash(user.password, form['password']) and user.nickname is not "Guest" and not user.is_authenticated:
login_user(user, remember=True) login_user(user, remember=True)
flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success") flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success")
return redirect_back(url_for("index")) return redirect_back(url_for("index"))