Ldap working
This commit is contained in:
parent
37007dafee
commit
a0be02e687
22
cps/admin.py
22
cps/admin.py
|
@ -39,7 +39,6 @@ from sqlalchemy.exc import IntegrityError
|
|||
from gdriveutils import is_gdrive_ready, gdrive_support, downloadFile, deleteDatabaseOnChange, listRootFolders
|
||||
import helper
|
||||
from werkzeug.security import generate_password_hash
|
||||
from oauth_bb import oauth_check
|
||||
try:
|
||||
from urllib.parse import quote
|
||||
from imp import reload
|
||||
|
@ -59,6 +58,19 @@ try:
|
|||
except ImportError:
|
||||
feature_support['rar'] = False
|
||||
|
||||
try:
|
||||
import ldap
|
||||
feature_support['ldap'] = True
|
||||
except ImportError:
|
||||
feature_support['ldap'] = False
|
||||
|
||||
try:
|
||||
from oauth_bb import oauth_check
|
||||
feature_support['oauth'] = True
|
||||
except ImportError:
|
||||
feature_support['oauth'] = False
|
||||
oauth_check = {}
|
||||
|
||||
feature_support['gdrive'] = gdrive_support
|
||||
admi = Blueprint('admin', __name__)
|
||||
|
||||
|
@ -335,7 +347,7 @@ def configuration_helper(origin):
|
|||
flash(_(u'client_secrets.json is not configured for web application'), category="error")
|
||||
return render_title_template("config_edit.html", content=config, origin=origin,
|
||||
gdriveError=gdriveError,
|
||||
goodreads=goodreads_support, title=_(u"Basic Configuration"),
|
||||
gfeature_support=feature_support, title=_(u"Basic Configuration"),
|
||||
page="config")
|
||||
# always show google drive settings, but in case of error deny support
|
||||
if "config_use_google_drive" in to_save and not gdriveError:
|
||||
|
@ -361,7 +373,7 @@ def configuration_helper(origin):
|
|||
flash(_(u'Keyfile location is not valid, please enter correct path'), category="error")
|
||||
return render_title_template("config_edit.html", content=config, origin=origin,
|
||||
gdriveError=gdriveError,
|
||||
goodreads=goodreads_support, title=_(u"Basic Configuration"),
|
||||
feature_support=feature_support, title=_(u"Basic Configuration"),
|
||||
page="config")
|
||||
if "config_certfile" in to_save:
|
||||
if content.config_certfile != to_save["config_certfile"]:
|
||||
|
@ -392,7 +404,7 @@ def configuration_helper(origin):
|
|||
content.config_ebookconverter = int(to_save["config_ebookconverter"])
|
||||
|
||||
#LDAP configurator,
|
||||
if "config_use_ldap" in to_save and to_save["config_use_ldap"] == "on":
|
||||
if "config_login_type" in to_save and to_save["config_login_type"] == "1":
|
||||
if "config_ldap_provider_url" not in to_save or "config_ldap_dn" not in to_save:
|
||||
ub.session.commit()
|
||||
flash(_(u'Please enter a LDAP provider and a DN'), category="error")
|
||||
|
@ -400,7 +412,7 @@ def configuration_helper(origin):
|
|||
gdriveError=gdriveError, feature_support=feature_support,
|
||||
title=_(u"Basic Configuration"), page="config")
|
||||
else:
|
||||
content.config_use_ldap = 1
|
||||
content.config_login_type = ub.LOGIN_LDAP
|
||||
content.config_ldap_provider_url = to_save["config_ldap_provider_url"]
|
||||
content.config_ldap_dn = to_save["config_ldap_dn"]
|
||||
db_change = True
|
||||
|
|
39
cps/ldap.py
39
cps/ldap.py
|
@ -1,39 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
# This file is part of the Calibre-Web (https://github.com/janeczku/calibre-web)
|
||||
# Copyright (C) 2018-2019 Krakinou
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
import ldap
|
||||
from cps import ub, app, request
|
||||
from flask import flash, url_for
|
||||
from redirect import redirect_back
|
||||
from flask_login import login_user
|
||||
from flask_babel import gettext as _
|
||||
|
||||
def login(form, user):
|
||||
try:
|
||||
ub.User.try_login(form['username'], form['password'])
|
||||
login_user(user, remember=True)
|
||||
flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success")
|
||||
return redirect_back(url_for("web.index"))
|
||||
except ldap.INVALID_CREDENTIALS:
|
||||
ipAdress = request.headers.get('X-Forwarded-For', request.remote_addr)
|
||||
app.logger.info('LDAP Login failed for user "' + form['username'] + '" IP-adress: ' + ipAdress)
|
||||
flash(_(u"Wrong Username or Password"), category="error")
|
||||
|
||||
def logout():
|
||||
pass
|
|
@ -20,13 +20,11 @@
|
|||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||
try:
|
||||
from flask_dance.contrib.github import make_github_blueprint, github
|
||||
from flask_dance.contrib.google import make_google_blueprint, google
|
||||
from flask_dance.consumer import oauth_authorized, oauth_error
|
||||
from oauth import OAuthBackend
|
||||
except ImportError:
|
||||
pass
|
||||
|
||||
from flask_dance.contrib.github import make_github_blueprint, github
|
||||
from flask_dance.contrib.google import make_google_blueprint, google
|
||||
from flask_dance.consumer import oauth_authorized, oauth_error
|
||||
from oauth import OAuthBackend
|
||||
from sqlalchemy.orm.exc import NoResultFound
|
||||
from flask import flash, session, redirect, url_for, request, make_response, abort
|
||||
import json
|
||||
|
|
|
@ -29,6 +29,23 @@ $(document).on("change", "input[type=\"checkbox\"][data-control]", function () {
|
|||
});
|
||||
});
|
||||
|
||||
|
||||
// Generic control/related handler to show/hide fields based on a select' value
|
||||
$(document).on("change","select[data-control]", function(){
|
||||
var $this = $(this);
|
||||
var name = $this.data("control");
|
||||
var showOrHide = $this.val();
|
||||
var showOrHideLast = $("#"+name + " option:last").val()
|
||||
for (i = 0; i < $(this)[0].length; i++){
|
||||
if (parseInt($(this)[0][i].value) == showOrHide){
|
||||
$("[data-related=\"" + name + "-" + i + "\"]").show();
|
||||
} else {
|
||||
$("[data-related=\"" + name + "-" + i + "\"]").hide();
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
$(function() {
|
||||
var updateTimerID;
|
||||
var updateText;
|
||||
|
@ -179,7 +196,9 @@ $(function() {
|
|||
});
|
||||
});
|
||||
|
||||
// Init all data control handlers to default
|
||||
$("input[data-control]").trigger("change");
|
||||
$("select[data-control]").trigger("change");
|
||||
|
||||
$("#bookDetailsModal")
|
||||
.on("show.bs.modal", function(e) {
|
||||
|
|
|
@ -176,29 +176,34 @@
|
|||
</div>
|
||||
</div>
|
||||
{% endif %}
|
||||
{% if feature_support['ldap'] %}
|
||||
{% if feature_support['ldap'] or feature_support['oauth'] %}
|
||||
<div class="form-group">
|
||||
<input type="checkbox" id="config_use_ldap" name="config_use_ldap" data-control="ldap-settings" {% if content.config_use_ldap %}checked{% endif %}>
|
||||
<label for="config_use_ldap">{{_('Use')}} LDAP Authentication</label>
|
||||
<label for="config_login_type">{{_('Login type')}}</label>
|
||||
<select name="config_login_type" id="config_login_type" class="form-control" data-control="login-settings">
|
||||
<option value="0" {% if content.config_login_type == 0 %}selected{% endif %}>{{_('Use standard Authentication')}}</option>
|
||||
{% if feature_support['ldap'] %}
|
||||
<option value="1" {% if content.config_login_type == 1 %}selected{% endif %}>{{_('Use')}} LDAP Authentication</option>
|
||||
{% endif %}
|
||||
{% if feature_support['oauth'] %}
|
||||
<option value="2" {% if content.config_login_type == 2 %}selected{% endif %}>{{_('Use')}} GitHub OAuth</option>
|
||||
<option value="3" {% if content.config_login_type == 3 %}selected{% endif %}>{{_('Use')}} GitHub OAuth</option>
|
||||
{% endif %}
|
||||
</select>
|
||||
</div>
|
||||
<div data-related="ldap-settings">
|
||||
{% if feature_support['ldap'] %}
|
||||
<div data-related="login-settings-1">
|
||||
<div class="form-group">
|
||||
<label for="config_ldap_provider_url">{{_('LDAP Provider URL')}}</label>
|
||||
<input type="text" class="form-control" id="config_ldap_provider_url" name="config_ldap_provider_url" value="{% if content.config_use_ldap != None %}{{ content.config_ldap_provider_url }}{% endif %}" autocomplete="off">
|
||||
<input type="text" class="form-control" id="config_ldap_provider_url" name="config_ldap_provider_url" value="{{ content.config_ldap_provider_url }}" autocomplete="off">
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="config_ldap_dn">{{_('LDAP Distinguished Name (DN)')}}</label>
|
||||
<input type="text" class="form-control" id="config_ldap_dn" name="config_ldap_dn" value="{% if content.config_use_ldap != None %}{{ content.config_ldap_dn }}{% endif %}" autocomplete="off">
|
||||
<input type="text" class="form-control" id="config_ldap_dn" name="config_ldap_dn" value="{{ content.config_ldap_dn }}" autocomplete="off">
|
||||
</div>
|
||||
</div>
|
||||
{% endif %}
|
||||
{% if feature_support['oauth'] %}
|
||||
<div class="form-group">
|
||||
<input type="checkbox" id="config_use_github_oauth" name="config_use_github_oauth" data-control="github-oauth-settings" {% if content.config_use_github_oauth %}checked{% endif %}>
|
||||
<label for="config_use_github_oauth">{{_('Use')}} GitHub OAuth</label>
|
||||
<a href="https://github.com/settings/developers" target="_blank" style="margin-left: 5px">{{_('Obtain GitHub OAuth Credentail')}}</a>
|
||||
</div>
|
||||
<div data-related="github-oauth-settings">
|
||||
<div data-related="login-settings-2">
|
||||
<div class="form-group">
|
||||
<label for="config_github_oauth_client_id">{{_('GitHub OAuth Client Id')}}</label>
|
||||
<input type="text" class="form-control" id="config_github_oauth_client_id" name="config_github_oauth_client_id" value="{% if content.config_github_oauth_client_id != None %}{{ content.config_github_oauth_client_id }}{% endif %}" autocomplete="off">
|
||||
|
@ -208,12 +213,7 @@
|
|||
<input type="text" class="form-control" id="config_github_oauth_client_secret" name="config_github_oauth_client_secret" value="{% if content.config_github_oauth_client_secret != None %}{{ content.config_github_oauth_client_secret }}{% endif %}" autocomplete="off">
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<input type="checkbox" id="config_use_google_oauth" name="config_use_google_oauth" data-control="google-oauth-settings" {% if content.config_use_google_oauth %}checked{% endif %}>
|
||||
<label for="config_use_google_oauth">{{_('Use')}} Google OAuth</label>
|
||||
<a href="https://console.developers.google.com/apis/credentials" target="_blank" style="margin-left: 5px">{{_('Obtain Google OAuth Credentail')}}</a>
|
||||
</div>
|
||||
<div data-related="google-oauth-settings">
|
||||
<div data-related="login-settings-3">
|
||||
<div class="form-group">
|
||||
<label for="config_google_oauth_client_id">{{_('Google OAuth Client Id')}}</label>
|
||||
<input type="text" class="form-control" id="config_google_oauth_client_id" name="config_google_oauth_client_id" value="{% if content.config_google_oauth_client_id != None %}{{ content.config_google_oauth_client_id }}{% endif %}" autocomplete="off">
|
||||
|
@ -224,6 +224,7 @@
|
|||
</div>
|
||||
</div>
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
73
cps/ub.py
73
cps/ub.py
|
@ -34,16 +34,15 @@ import cli
|
|||
|
||||
try:
|
||||
from flask_dance.consumer.backend.sqla import OAuthConsumerMixin
|
||||
import ldap
|
||||
oauth_support = True
|
||||
except ImportError:
|
||||
oauth_support = False
|
||||
pass
|
||||
|
||||
engine = create_engine('sqlite:///{0}'.format(cli.settingspath), echo=False)
|
||||
Base = declarative_base()
|
||||
|
||||
session = None
|
||||
try:
|
||||
import ldap
|
||||
except ImportError:
|
||||
pass
|
||||
|
||||
ROLE_USER = 0
|
||||
ROLE_ADMIN = 1
|
||||
|
@ -70,6 +69,16 @@ SIDEBAR_SORTED = 1024
|
|||
MATURE_CONTENT = 2048
|
||||
SIDEBAR_PUBLISHER = 4096
|
||||
|
||||
UPDATE_STABLE = 0
|
||||
AUTO_UPDATE_STABLE = 1
|
||||
UPDATE_NIGHTLY = 2
|
||||
AUTO_UPDATE_NIGHTLY = 4
|
||||
|
||||
LOGIN_STANDARD = 0
|
||||
LOGIN_LDAP = 1
|
||||
LOGIN_OAUTH_GITHUB = 2
|
||||
LOGIN_OAUTH_GOOGLE = 3
|
||||
|
||||
DEFAULT_PASS = "admin123"
|
||||
try:
|
||||
DEFAULT_PORT = int(os.environ.get("CALIBRE_PORT", 8083))
|
||||
|
@ -78,10 +87,8 @@ except ValueError:
|
|||
os.environ.get("CALIBRE_PORT", 8083) + ', faling back to default (8083)')
|
||||
DEFAULT_PORT = 8083
|
||||
|
||||
UPDATE_STABLE = 0
|
||||
AUTO_UPDATE_STABLE = 1
|
||||
UPDATE_NIGHTLY = 2
|
||||
AUTO_UPDATE_NIGHTLY = 4
|
||||
session = None
|
||||
|
||||
|
||||
engine = create_engine('sqlite:///{0}'.format(cli.settingspath), echo=False)
|
||||
Base = declarative_base()
|
||||
|
@ -188,12 +195,12 @@ class UserBase:
|
|||
def __repr__(self):
|
||||
return '<User %r>' % self.nickname
|
||||
|
||||
#Login via LDAP method
|
||||
# Login via LDAP method
|
||||
@staticmethod
|
||||
def try_login(username, password):
|
||||
conn = get_ldap_connection()
|
||||
def try_login(username, password,config_dn, ldap_provider_url):
|
||||
conn = get_ldap_connection(ldap_provider_url)
|
||||
conn.simple_bind_s(
|
||||
config.config_ldap_dn.replace("%s", username),
|
||||
config_dn.replace("%s", username),
|
||||
password)
|
||||
|
||||
# Baseclass for Users in Calibre-Web, settings which are depending on certain users are stored here. It is derived from
|
||||
|
@ -358,13 +365,14 @@ class Settings(Base):
|
|||
config_use_goodreads = Column(Boolean)
|
||||
config_goodreads_api_key = Column(String)
|
||||
config_goodreads_api_secret = Column(String)
|
||||
config_use_ldap = Column(Boolean)
|
||||
config_login_type = Column(Integer, default=0)
|
||||
# config_use_ldap = Column(Boolean)
|
||||
config_ldap_provider_url = Column(String)
|
||||
config_ldap_dn = Column(String)
|
||||
config_use_github_oauth = Column(Boolean)
|
||||
# config_use_github_oauth = Column(Boolean)
|
||||
config_github_oauth_client_id = Column(String)
|
||||
config_github_oauth_client_secret = Column(String)
|
||||
config_use_google_oauth = Column(Boolean)
|
||||
# config_use_google_oauth = Column(Boolean)
|
||||
config_google_oauth_client_id = Column(String)
|
||||
config_google_oauth_client_secret = Column(String)
|
||||
config_mature_content_tags = Column(String)
|
||||
|
@ -441,13 +449,14 @@ class Config:
|
|||
self.config_use_goodreads = data.config_use_goodreads
|
||||
self.config_goodreads_api_key = data.config_goodreads_api_key
|
||||
self.config_goodreads_api_secret = data.config_goodreads_api_secret
|
||||
self.config_use_ldap = data.config_use_ldap
|
||||
self.config_login_type = data.config_login_type
|
||||
# self.config_use_ldap = data.config_use_ldap
|
||||
self.config_ldap_provider_url = data.config_ldap_provider_url
|
||||
self.config_ldap_dn = data.config_ldap_dn
|
||||
self.config_use_github_oauth = data.config_use_github_oauth
|
||||
# self.config_use_github_oauth = data.config_use_github_oauth
|
||||
self.config_github_oauth_client_id = data.config_github_oauth_client_id
|
||||
self.config_github_oauth_client_secret = data.config_github_oauth_client_secret
|
||||
self.config_use_google_oauth = data.config_use_google_oauth
|
||||
# self.config_use_google_oauth = data.config_use_google_oauth
|
||||
self.config_google_oauth_client_id = data.config_google_oauth_client_id
|
||||
self.config_google_oauth_client_secret = data.config_google_oauth_client_secret
|
||||
if data.config_mature_content_tags:
|
||||
|
@ -740,12 +749,14 @@ def migrate_Database():
|
|||
conn.execute("ALTER TABLE Settings ADD column `config_calibre` String DEFAULT ''")
|
||||
session.commit()
|
||||
try:
|
||||
session.query(exists().where(Settings.config_use_ldap)).scalar()
|
||||
session.query(exists().where(Settings.config_login_type)).scalar()
|
||||
except exc.OperationalError:
|
||||
conn = engine.connect()
|
||||
conn.execute("ALTER TABLE Settings ADD column `config_use_ldap` INTEGER DEFAULT 0")
|
||||
conn.execute("ALTER TABLE Settings ADD column `config_login_type` INTEGER DEFAULT 0")
|
||||
conn.execute("ALTER TABLE Settings ADD column `config_ldap_provider_url` String DEFAULT ''")
|
||||
conn.execute("ALTER TABLE Settings ADD column `config_ldap_dn` String DEFAULT ''")
|
||||
conn.execute("ALTER TABLE Settings ADD column `config_github_oauth_client_id` String DEFAULT ''")
|
||||
conn.execute("ALTER TABLE Settings ADD column `config_github_oauth_client_secret` String DEFAULT ''")
|
||||
session.commit()
|
||||
try:
|
||||
session.query(exists().where(Settings.config_theme)).scalar()
|
||||
|
@ -760,22 +771,6 @@ def migrate_Database():
|
|||
conn.execute("ALTER TABLE Settings ADD column `config_updatechannel` INTEGER DEFAULT 0")
|
||||
session.commit()
|
||||
|
||||
try:
|
||||
session.query(exists().where(Settings.config_use_github_oauth)).scalar()
|
||||
except exc.OperationalError:
|
||||
conn = engine.connect()
|
||||
conn.execute("ALTER TABLE Settings ADD column `config_use_github_oauth` INTEGER DEFAULT 0")
|
||||
conn.execute("ALTER TABLE Settings ADD column `config_github_oauth_client_id` String DEFAULT ''")
|
||||
conn.execute("ALTER TABLE Settings ADD column `config_github_oauth_client_secret` String DEFAULT ''")
|
||||
session.commit()
|
||||
try:
|
||||
session.query(exists().where(Settings.config_use_google_oauth)).scalar()
|
||||
except exc.OperationalError:
|
||||
conn = engine.connect()
|
||||
conn.execute("ALTER TABLE Settings ADD column `config_use_google_oauth` INTEGER DEFAULT 0")
|
||||
conn.execute("ALTER TABLE Settings ADD column `config_google_oauth_client_id` String DEFAULT ''")
|
||||
conn.execute("ALTER TABLE Settings ADD column `config_google_oauth_client_secret` String DEFAULT ''")
|
||||
session.commit()
|
||||
# Remove login capability of user Guest
|
||||
conn = engine.connect()
|
||||
conn.execute("UPDATE user SET password='' where nickname = 'Guest' and password !=''")
|
||||
|
@ -789,8 +784,8 @@ def clean_database():
|
|||
|
||||
|
||||
#get LDAP connection
|
||||
def get_ldap_connection():
|
||||
conn = ldap.initialize('ldap://{}'.format(config.config_ldap_provider_url))
|
||||
def get_ldap_connection(ldap_provider_url):
|
||||
conn = ldap.initialize('ldap://{}'.format(ldap_provider_url))
|
||||
return conn
|
||||
|
||||
|
||||
|
|
11
cps/web.py
11
cps/web.py
|
@ -1325,10 +1325,10 @@ def login():
|
|||
form = request.form.to_dict()
|
||||
user = ub.session.query(ub.User).filter(func.lower(ub.User.nickname) == form['username'].strip().lower())\
|
||||
.first()
|
||||
'''if config.config_use_ldap and user:
|
||||
import ldap
|
||||
if config.config_login_type == 1 and user:
|
||||
try:
|
||||
ub.User.try_login(form['username'], form['password'])
|
||||
ub.User.try_login(form['username'], form['password'], config.config_ldap_dn,
|
||||
config.config_ldap_provider_url)
|
||||
login_user(user, remember=True)
|
||||
flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success")
|
||||
return redirect_back(url_for("web.index"))
|
||||
|
@ -1336,7 +1336,10 @@ def login():
|
|||
ipAdress = request.headers.get('X-Forwarded-For', request.remote_addr)
|
||||
app.logger.info('LDAP Login failed for user "' + form['username'] + '" IP-adress: ' + ipAdress)
|
||||
flash(_(u"Wrong Username or Password"), category="error")
|
||||
el'''
|
||||
except ldap.SERVER_DOWN:
|
||||
app.logger.info('LDAP Login failed, LDAP Server down')
|
||||
flash(_(u"Could not login. LDAP server down, please contact your administrator"), category="error")
|
||||
else:
|
||||
if user and check_password_hash(user.password, form['password']) and user.nickname is not "Guest":
|
||||
login_user(user, remember=True)
|
||||
flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success")
|
||||
|
|
Loading…
Reference in New Issue
Block a user