Initial LDAP support
This commit is contained in:
parent
e1205b75cd
commit
30954cc27f
15
cps/ub.py
15
cps/ub.py
|
@ -14,6 +14,7 @@ import json
|
|||
import datetime
|
||||
from binascii import hexlify
|
||||
import cli
|
||||
import ldap
|
||||
|
||||
engine = create_engine('sqlite:///{0}'.format(cli.settingspath), echo=False)
|
||||
Base = declarative_base()
|
||||
|
@ -46,6 +47,8 @@ SIDEBAR_PUBLISHER = 4096
|
|||
DEFAULT_PASS = "admin123"
|
||||
DEFAULT_PORT = int(os.environ.get("CALIBRE_PORT", 8083))
|
||||
|
||||
LDAP_PROVIDER_URL = 'ldap://localhost:389/'
|
||||
LDAP_PROTOCOL_VERSION = 3
|
||||
|
||||
class UserBase:
|
||||
|
||||
|
@ -152,6 +155,13 @@ class UserBase:
|
|||
def __repr__(self):
|
||||
return '<User %r>' % self.nickname
|
||||
|
||||
@staticmethod
|
||||
def try_login(username, password):
|
||||
conn = get_ldap_connection()
|
||||
conn.simple_bind_s(
|
||||
'uid={},ou=users,dc=yunohost,dc=org'.format(username),
|
||||
password
|
||||
)
|
||||
|
||||
# Baseclass for Users in Calibre-Web, settings which are depending on certain users are stored here. It is derived from
|
||||
# User Base (all access methods are declared there)
|
||||
|
@ -778,6 +788,11 @@ else:
|
|||
migrate_Database()
|
||||
clean_database()
|
||||
|
||||
#get LDAP connection
|
||||
def get_ldap_connection():
|
||||
conn = ldap.initialize(LDAP_PROVIDER_URL)
|
||||
return conn
|
||||
|
||||
# Generate global Settings Object accessible from every file
|
||||
config = Config()
|
||||
searched_ids = {}
|
||||
|
|
12
cps/web.py
12
cps/web.py
|
@ -57,6 +57,7 @@ from redirect import redirect_back
|
|||
import time
|
||||
import server
|
||||
from reverseproxy import ReverseProxied
|
||||
import ldap
|
||||
|
||||
try:
|
||||
from googleapiclient.errors import HttpError
|
||||
|
@ -2342,7 +2343,16 @@ def login():
|
|||
if request.method == "POST":
|
||||
form = request.form.to_dict()
|
||||
user = ub.session.query(ub.User).filter(func.lower(ub.User.nickname) == form['username'].strip().lower()).first()
|
||||
if user and check_password_hash(user.password, form['password']) and user.nickname is not "Guest":
|
||||
try:
|
||||
app.logger.info("Tryong LDAP connexion")
|
||||
ub.User.try_login(form['username'], form['password'])
|
||||
login_user(user, remember=True)
|
||||
flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success")
|
||||
return redirect_back(url_for("index"))
|
||||
except ldap.INVALID_CREDENTIALS:
|
||||
ipAdress = request.headers.get('X-Forwarded-For', request.remote_addr)
|
||||
app.logger.info('LDAP Login failed for user "' + form['username'] + '" IP-adress: ' + ipAdress)
|
||||
if user and check_password_hash(user.password, form['password']) and user.nickname is not "Guest" and not user.is_authenticated:
|
||||
login_user(user, remember=True)
|
||||
flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success")
|
||||
return redirect_back(url_for("index"))
|
||||
|
|
Loading…
Reference in New Issue
Block a user