Initial LDAP support
This commit is contained in:
parent
e1205b75cd
commit
30954cc27f
15
cps/ub.py
15
cps/ub.py
|
@ -14,6 +14,7 @@ import json
|
||||||
import datetime
|
import datetime
|
||||||
from binascii import hexlify
|
from binascii import hexlify
|
||||||
import cli
|
import cli
|
||||||
|
import ldap
|
||||||
|
|
||||||
engine = create_engine('sqlite:///{0}'.format(cli.settingspath), echo=False)
|
engine = create_engine('sqlite:///{0}'.format(cli.settingspath), echo=False)
|
||||||
Base = declarative_base()
|
Base = declarative_base()
|
||||||
|
@ -46,6 +47,8 @@ SIDEBAR_PUBLISHER = 4096
|
||||||
DEFAULT_PASS = "admin123"
|
DEFAULT_PASS = "admin123"
|
||||||
DEFAULT_PORT = int(os.environ.get("CALIBRE_PORT", 8083))
|
DEFAULT_PORT = int(os.environ.get("CALIBRE_PORT", 8083))
|
||||||
|
|
||||||
|
LDAP_PROVIDER_URL = 'ldap://localhost:389/'
|
||||||
|
LDAP_PROTOCOL_VERSION = 3
|
||||||
|
|
||||||
class UserBase:
|
class UserBase:
|
||||||
|
|
||||||
|
@ -152,6 +155,13 @@ class UserBase:
|
||||||
def __repr__(self):
|
def __repr__(self):
|
||||||
return '<User %r>' % self.nickname
|
return '<User %r>' % self.nickname
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def try_login(username, password):
|
||||||
|
conn = get_ldap_connection()
|
||||||
|
conn.simple_bind_s(
|
||||||
|
'uid={},ou=users,dc=yunohost,dc=org'.format(username),
|
||||||
|
password
|
||||||
|
)
|
||||||
|
|
||||||
# Baseclass for Users in Calibre-Web, settings which are depending on certain users are stored here. It is derived from
|
# Baseclass for Users in Calibre-Web, settings which are depending on certain users are stored here. It is derived from
|
||||||
# User Base (all access methods are declared there)
|
# User Base (all access methods are declared there)
|
||||||
|
@ -778,6 +788,11 @@ else:
|
||||||
migrate_Database()
|
migrate_Database()
|
||||||
clean_database()
|
clean_database()
|
||||||
|
|
||||||
|
#get LDAP connection
|
||||||
|
def get_ldap_connection():
|
||||||
|
conn = ldap.initialize(LDAP_PROVIDER_URL)
|
||||||
|
return conn
|
||||||
|
|
||||||
# Generate global Settings Object accessible from every file
|
# Generate global Settings Object accessible from every file
|
||||||
config = Config()
|
config = Config()
|
||||||
searched_ids = {}
|
searched_ids = {}
|
||||||
|
|
12
cps/web.py
12
cps/web.py
|
@ -57,6 +57,7 @@ from redirect import redirect_back
|
||||||
import time
|
import time
|
||||||
import server
|
import server
|
||||||
from reverseproxy import ReverseProxied
|
from reverseproxy import ReverseProxied
|
||||||
|
import ldap
|
||||||
|
|
||||||
try:
|
try:
|
||||||
from googleapiclient.errors import HttpError
|
from googleapiclient.errors import HttpError
|
||||||
|
@ -2342,7 +2343,16 @@ def login():
|
||||||
if request.method == "POST":
|
if request.method == "POST":
|
||||||
form = request.form.to_dict()
|
form = request.form.to_dict()
|
||||||
user = ub.session.query(ub.User).filter(func.lower(ub.User.nickname) == form['username'].strip().lower()).first()
|
user = ub.session.query(ub.User).filter(func.lower(ub.User.nickname) == form['username'].strip().lower()).first()
|
||||||
if user and check_password_hash(user.password, form['password']) and user.nickname is not "Guest":
|
try:
|
||||||
|
app.logger.info("Tryong LDAP connexion")
|
||||||
|
ub.User.try_login(form['username'], form['password'])
|
||||||
|
login_user(user, remember=True)
|
||||||
|
flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success")
|
||||||
|
return redirect_back(url_for("index"))
|
||||||
|
except ldap.INVALID_CREDENTIALS:
|
||||||
|
ipAdress = request.headers.get('X-Forwarded-For', request.remote_addr)
|
||||||
|
app.logger.info('LDAP Login failed for user "' + form['username'] + '" IP-adress: ' + ipAdress)
|
||||||
|
if user and check_password_hash(user.password, form['password']) and user.nickname is not "Guest" and not user.is_authenticated:
|
||||||
login_user(user, remember=True)
|
login_user(user, remember=True)
|
||||||
flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success")
|
flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success")
|
||||||
return redirect_back(url_for("index"))
|
return redirect_back(url_for("index"))
|
||||||
|
|
Loading…
Reference in New Issue
Block a user