Update LDAP

This commit is contained in:
Ozzieisaacs 2019-06-16 08:59:25 +02:00
parent 9b74d51f21
commit f40fc5aa75
6 changed files with 96 additions and 81 deletions

View File

@ -26,8 +26,6 @@ import os
import json import json
import time import time
from datetime import datetime, timedelta from datetime import datetime, timedelta
# import uuid
import random
try: try:
from imp import reload from imp import reload
except ImportError: except ImportError:
@ -42,7 +40,7 @@ from sqlalchemy import and_
from sqlalchemy.exc import IntegrityError from sqlalchemy.exc import IntegrityError
from werkzeug.security import generate_password_hash from werkzeug.security import generate_password_hash
from . import constants, logger from . import constants, logger, ldap
from . import db, ub, Server, get_locale, config, updater_thread, babel, gdriveutils from . import db, ub, Server, get_locale, config, updater_thread, babel, gdriveutils
from .helper import speaking_language, check_valid_domain, check_unrar, send_test_mail, generate_random_password, \ from .helper import speaking_language, check_valid_domain, check_unrar, send_test_mail, generate_random_password, \
send_registration_mail send_registration_mail
@ -50,6 +48,8 @@ from .gdriveutils import is_gdrive_ready, gdrive_support, downloadFile, deleteDa
from .web import admin_required, render_title_template, before_request, unconfigured, login_required_if_no_ano from .web import admin_required, render_title_template, before_request, unconfigured, login_required_if_no_ano
feature_support = dict() feature_support = dict()
feature_support['ldap'] = ldap.ldap_supported()
try: try:
from goodreads.client import GoodreadsClient from goodreads.client import GoodreadsClient
feature_support['goodreads'] = True feature_support['goodreads'] = True
@ -62,11 +62,11 @@ except ImportError:
# except ImportError: # except ImportError:
# feature_support['rar'] = False # feature_support['rar'] = False
try: '''try:
import ldap import ldap
feature_support['ldap'] = True feature_support['ldap'] = True
except ImportError: except ImportError:
feature_support['ldap'] = False feature_support['ldap'] = False'''
try: try:
from oauth_bb import oauth_check from oauth_bb import oauth_check

View File

@ -31,6 +31,7 @@ log = logger.create()
class Ldap(): class Ldap():
def __init__(self): def __init__(self):
self.ldap = None
return return
def init_app(self, app): def init_app(self, app):
@ -55,7 +56,11 @@ class Ldap():
# app.config['LDAP_BASE_DN'] = 'ou=users,dc=yunohost,dc=org' # app.config['LDAP_BASE_DN'] = 'ou=users,dc=yunohost,dc=org'
# app.config['LDAP_USER_OBJECT_FILTER'] = '(uid=%s)' # app.config['LDAP_USER_OBJECT_FILTER'] = '(uid=%s)'
# ldap = LDAP(app) self.ldap = LDAP(app)
elif config.config_login_type == 1 and not ldap_support: elif config.config_login_type == 1 and not ldap_support:
log.error('Cannot activate ldap support, did you run \'pip install --target vendor -r optional-requirements.txt\'?') log.error('Cannot activate ldap support, did you run \'pip install --target vendor -r optional-requirements.txt\'?')
@classmethod
def ldap_supported(cls):
return ldap_support

View File

@ -31,24 +31,23 @@ from flask_login import current_user
from sqlalchemy.sql.expression import func, text, or_, and_ from sqlalchemy.sql.expression import func, text, or_, and_
from werkzeug.security import check_password_hash from werkzeug.security import check_password_hash
from . import logger, config, db, ub from . import logger, config, db, ub, ldap
from .helper import fill_indexpage, get_download_link, get_book_cover from .helper import fill_indexpage, get_download_link, get_book_cover
from .pagination import Pagination from .pagination import Pagination
from .web import common_filters, get_search_results, render_read_books, download_required from .web import common_filters, get_search_results, render_read_books, download_required
try:
import ldap
ldap_support = True
except ImportError:
ldap_support = False
opds = Blueprint('opds', __name__) opds = Blueprint('opds', __name__)
log = logger.create() log = logger.create()
ldap_support = ldap.ldap_supported()
def requires_basic_auth_if_no_ano(f): def requires_basic_auth_if_no_ano(f):
@wraps(f) @wraps(f)
def decorated(*args, **kwargs): def decorated(*args, **kwargs):
if config.config_login_type == 1 and ldap_support:
return ldap.ldap.basic_auth_required(*args, **kwargs)
auth = request.authorization auth = request.authorization
if config.config_anonbrowse != 1: if config.config_anonbrowse != 1:
if not auth or not check_auth(auth.username, auth.password): if not auth or not check_auth(auth.username, auth.password):
@ -57,39 +56,43 @@ def requires_basic_auth_if_no_ano(f):
return decorated return decorated
def basic_auth_required_check(condition):
'''def basic_auth_required_check(condition):
print("susi")
def decorator(f): def decorator(f):
if condition and ldap_support: if condition and ldap_support:
return ldap.basic_auth_required(f) return ldap.ldap.basic_auth_required(f)
return requires_basic_auth_if_no_ano(f) return requires_basic_auth_if_no_ano(f)
return decorator return decorator'''
@opds.route("/opds/") @opds.route("/opds/")
@basic_auth_required_check(config.config_login_type) @requires_basic_auth_if_no_ano
def feed_index(): def feed_index():
return render_xml_template('index.xml') return render_xml_template('index.xml')
@opds.route("/opds/osd") @opds.route("/opds/osd")
@basic_auth_required_check(config.config_login_type) @requires_basic_auth_if_no_ano
def feed_osd(): def feed_osd():
return render_xml_template('osd.xml', lang='en-EN') return render_xml_template('osd.xml', lang='en-EN')
@opds.route("/opds/search", defaults={'query': ""}) @opds.route("/opds/search", defaults={'query': ""})
@opds.route("/opds/search/<query>") @opds.route("/opds/search/<query>")
@basic_auth_required_check(config.config_login_type) @requires_basic_auth_if_no_ano
def feed_cc_search(query): def feed_cc_search(query):
return feed_search(query.strip()) return feed_search(query.strip())
@opds.route("/opds/search", methods=["GET"]) @opds.route("/opds/search", methods=["GET"])
@basic_auth_required_check(config.config_login_type) @requires_basic_auth_if_no_ano
def feed_normal_search(): def feed_normal_search():
return feed_search(request.args.get("query").strip()) return feed_search(request.args.get("query").strip())
@opds.route("/opds/new") @opds.route("/opds/new")
@basic_auth_required_check(config.config_login_type) @requires_basic_auth_if_no_ano
def feed_new(): def feed_new():
off = request.args.get("offset") or 0 off = request.args.get("offset") or 0
entries, __, pagination = fill_indexpage((int(off) / (int(config.config_books_per_page)) + 1), entries, __, pagination = fill_indexpage((int(off) / (int(config.config_books_per_page)) + 1),
@ -98,7 +101,7 @@ def feed_new():
@opds.route("/opds/discover") @opds.route("/opds/discover")
@basic_auth_required_check(config.config_login_type) @requires_basic_auth_if_no_ano
def feed_discover(): def feed_discover():
entries = db.session.query(db.Books).filter(common_filters()).order_by(func.random())\ entries = db.session.query(db.Books).filter(common_filters()).order_by(func.random())\
.limit(config.config_books_per_page) .limit(config.config_books_per_page)
@ -107,7 +110,7 @@ def feed_discover():
@opds.route("/opds/rated") @opds.route("/opds/rated")
@basic_auth_required_check(config.config_login_type) @requires_basic_auth_if_no_ano
def feed_best_rated(): def feed_best_rated():
off = request.args.get("offset") or 0 off = request.args.get("offset") or 0
entries, __, pagination = fill_indexpage((int(off) / (int(config.config_books_per_page)) + 1), entries, __, pagination = fill_indexpage((int(off) / (int(config.config_books_per_page)) + 1),
@ -116,7 +119,7 @@ def feed_best_rated():
@opds.route("/opds/hot") @opds.route("/opds/hot")
@basic_auth_required_check(config.config_login_type) @requires_basic_auth_if_no_ano
def feed_hot(): def feed_hot():
off = request.args.get("offset") or 0 off = request.args.get("offset") or 0
all_books = ub.session.query(ub.Downloads, func.count(ub.Downloads.book_id)).order_by( all_books = ub.session.query(ub.Downloads, func.count(ub.Downloads.book_id)).order_by(
@ -141,7 +144,7 @@ def feed_hot():
@opds.route("/opds/author") @opds.route("/opds/author")
@basic_auth_required_check(config.config_login_type) @requires_basic_auth_if_no_ano
def feed_authorindex(): def feed_authorindex():
off = request.args.get("offset") or 0 off = request.args.get("offset") or 0
entries = db.session.query(db.Authors).join(db.books_authors_link).join(db.Books).filter(common_filters())\ entries = db.session.query(db.Authors).join(db.books_authors_link).join(db.Books).filter(common_filters())\
@ -152,7 +155,7 @@ def feed_authorindex():
@opds.route("/opds/author/<int:book_id>") @opds.route("/opds/author/<int:book_id>")
@basic_auth_required_check(config.config_login_type) @requires_basic_auth_if_no_ano
def feed_author(book_id): def feed_author(book_id):
off = request.args.get("offset") or 0 off = request.args.get("offset") or 0
entries, __, pagination = fill_indexpage((int(off) / (int(config.config_books_per_page)) + 1), entries, __, pagination = fill_indexpage((int(off) / (int(config.config_books_per_page)) + 1),
@ -161,7 +164,7 @@ def feed_author(book_id):
@opds.route("/opds/publisher") @opds.route("/opds/publisher")
@basic_auth_required_check(config.config_login_type) @requires_basic_auth_if_no_ano
def feed_publisherindex(): def feed_publisherindex():
off = request.args.get("offset") or 0 off = request.args.get("offset") or 0
entries = db.session.query(db.Publishers).join(db.books_publishers_link).join(db.Books).filter(common_filters())\ entries = db.session.query(db.Publishers).join(db.books_publishers_link).join(db.Books).filter(common_filters())\
@ -172,7 +175,7 @@ def feed_publisherindex():
@opds.route("/opds/publisher/<int:book_id>") @opds.route("/opds/publisher/<int:book_id>")
@basic_auth_required_check(config.config_login_type) @requires_basic_auth_if_no_ano
def feed_publisher(book_id): def feed_publisher(book_id):
off = request.args.get("offset") or 0 off = request.args.get("offset") or 0
entries, __, pagination = fill_indexpage((int(off) / (int(config.config_books_per_page)) + 1), entries, __, pagination = fill_indexpage((int(off) / (int(config.config_books_per_page)) + 1),
@ -182,7 +185,7 @@ def feed_publisher(book_id):
@opds.route("/opds/category") @opds.route("/opds/category")
@basic_auth_required_check(config.config_login_type) @requires_basic_auth_if_no_ano
def feed_categoryindex(): def feed_categoryindex():
off = request.args.get("offset") or 0 off = request.args.get("offset") or 0
entries = db.session.query(db.Tags).join(db.books_tags_link).join(db.Books).filter(common_filters())\ entries = db.session.query(db.Tags).join(db.books_tags_link).join(db.Books).filter(common_filters())\
@ -193,7 +196,7 @@ def feed_categoryindex():
@opds.route("/opds/category/<int:book_id>") @opds.route("/opds/category/<int:book_id>")
@basic_auth_required_check(config.config_login_type) @requires_basic_auth_if_no_ano
def feed_category(book_id): def feed_category(book_id):
off = request.args.get("offset") or 0 off = request.args.get("offset") or 0
entries, __, pagination = fill_indexpage((int(off) / (int(config.config_books_per_page)) + 1), entries, __, pagination = fill_indexpage((int(off) / (int(config.config_books_per_page)) + 1),
@ -202,7 +205,7 @@ def feed_category(book_id):
@opds.route("/opds/series") @opds.route("/opds/series")
@basic_auth_required_check(config.config_login_type) @requires_basic_auth_if_no_ano
def feed_seriesindex(): def feed_seriesindex():
off = request.args.get("offset") or 0 off = request.args.get("offset") or 0
entries = db.session.query(db.Series).join(db.books_series_link).join(db.Books).filter(common_filters())\ entries = db.session.query(db.Series).join(db.books_series_link).join(db.Books).filter(common_filters())\
@ -213,7 +216,7 @@ def feed_seriesindex():
@opds.route("/opds/series/<int:book_id>") @opds.route("/opds/series/<int:book_id>")
@basic_auth_required_check(config.config_login_type) @requires_basic_auth_if_no_ano
def feed_series(book_id): def feed_series(book_id):
off = request.args.get("offset") or 0 off = request.args.get("offset") or 0
entries, __, pagination = fill_indexpage((int(off) / (int(config.config_books_per_page)) + 1), entries, __, pagination = fill_indexpage((int(off) / (int(config.config_books_per_page)) + 1),
@ -223,7 +226,7 @@ def feed_series(book_id):
@opds.route("/opds/shelfindex/", defaults={'public': 0}) @opds.route("/opds/shelfindex/", defaults={'public': 0})
@opds.route("/opds/shelfindex/<string:public>") @opds.route("/opds/shelfindex/<string:public>")
@basic_auth_required_check(config.config_login_type) @requires_basic_auth_if_no_ano
def feed_shelfindex(public): def feed_shelfindex(public):
off = request.args.get("offset") or 0 off = request.args.get("offset") or 0
if public is not 0: if public is not 0:
@ -238,7 +241,7 @@ def feed_shelfindex(public):
@opds.route("/opds/shelf/<int:book_id>") @opds.route("/opds/shelf/<int:book_id>")
@basic_auth_required_check(config.config_login_type) @requires_basic_auth_if_no_ano
def feed_shelf(book_id): def feed_shelf(book_id):
off = request.args.get("offset") or 0 off = request.args.get("offset") or 0
if current_user.is_anonymous: if current_user.is_anonymous:
@ -262,14 +265,14 @@ def feed_shelf(book_id):
@opds.route("/opds/download/<book_id>/<book_format>/") @opds.route("/opds/download/<book_id>/<book_format>/")
@basic_auth_required_check(config.config_login_type) @requires_basic_auth_if_no_ano
@download_required @download_required
def opds_download_link(book_id, book_format): def opds_download_link(book_id, book_format):
return get_download_link(book_id,book_format) return get_download_link(book_id,book_format)
@opds.route("/ajax/book/<string:uuid>") @opds.route("/ajax/book/<string:uuid>")
@basic_auth_required_check(config.config_login_type) @requires_basic_auth_if_no_ano
def get_metadata_calibre_companion(uuid): def get_metadata_calibre_companion(uuid):
entry = db.session.query(db.Books).filter(db.Books.uuid.like("%" + uuid + "%")).first() entry = db.session.query(db.Books).filter(db.Books.uuid.like("%" + uuid + "%")).first()
if entry is not None: if entry is not None:
@ -318,19 +321,19 @@ def render_xml_template(*args, **kwargs):
@opds.route("/opds/cover_240_240/<book_id>") @opds.route("/opds/cover_240_240/<book_id>")
@opds.route("/opds/cover_90_90/<book_id>") @opds.route("/opds/cover_90_90/<book_id>")
@opds.route("/opds/cover/<book_id>") @opds.route("/opds/cover/<book_id>")
@basic_auth_required_check(config.config_login_type) @requires_basic_auth_if_no_ano
def feed_get_cover(book_id): def feed_get_cover(book_id):
return get_book_cover(book_id) return get_book_cover(book_id)
@opds.route("/opds/readbooks/") @opds.route("/opds/readbooks/")
@basic_auth_required_check(config.config_login_type) @requires_basic_auth_if_no_ano
def feed_read_books(): def feed_read_books():
off = request.args.get("offset") or 0 off = request.args.get("offset") or 0
return render_read_books(int(off) / (int(config.config_books_per_page)) + 1, True, True) return render_read_books(int(off) / (int(config.config_books_per_page)) + 1, True, True)
@opds.route("/opds/unreadbooks/") @opds.route("/opds/unreadbooks/")
@basic_auth_required_check(config.config_login_type) @requires_basic_auth_if_no_ano
def feed_unread_books(): def feed_unread_books():
off = request.args.get("offset") or 0 off = request.args.get("offset") or 0
return render_read_books(int(off) / (int(config.config_books_per_page)) + 1, False, True) return render_read_books(int(off) / (int(config.config_books_per_page)) + 1, False, True)

View File

@ -186,67 +186,68 @@
{% endif %} {% endif %}
{% if feature_support['ldap'] or feature_support['oauth'] %} {% if feature_support['ldap'] or feature_support['oauth'] %}
<div class="form-group"> <div class="form-group">
<label for="config_login_type">{{_('Login type')}}</label> <label for="config_login_type">{{_('Login type')}}</label>
<select name="config_login_type" id="config_login_type" class="form-control" data-control="login-settings"> <select name="config_login_type" id="config_login_type" class="form-control" data-control="login-settings">
<option value="0" {% if config.config_login_type == 0 %}selected{% endif %}>{{_('Use standard Authentication')}}</option> <option value="0" {% if config.config_login_type == 0 %}selected{% endif %}>{{_('Use standard Authentication')}}</option>
{% if feature_support['ldap'] %} {% if feature_support['ldap'] %}
<option value="1" {% if config.config_login_type == 1 %}selected{% endif %}>{{_('Use LDAP Authentication')}}</option> <option value="1" {% if config.config_login_type == 1 %}selected{% endif %}>{{_('Use LDAP Authentication')}}</option>
{% endif %} {% endif %}
{% if feature_support['oauth'] %} {% if feature_support['oauth'] %}
<option value="2" {% if config.config_login_type == 2 %}selected{% endif %}>{{_('Use GitHub OAuth')}}</option> <option value="2" {% if config.config_login_type == 2 %}selected{% endif %}>{{_('Use GitHub OAuth')}}</option>
<option value="3" {% if config.config_login_type == 3 %}selected{% endif %}>{{_('Use Google OAuth')}}</option> <option value="3" {% if config.config_login_type == 3 %}selected{% endif %}>{{_('Use Google OAuth')}}</option>
{% endif %} {% endif %}
</select> </select>
</div>
{% if feature_support['ldap'] %} {% if feature_support['ldap'] %}
<div data-related="login-settings-1"> <div data-related="login-settings-1">
<div class="form-group"> <div class="form-group">
<label for="config_ldap_provider_url">{{_('LDAP Server Host Name or IP Address')}}</label> <label for="config_ldap_provider_url">{{_('LDAP Server Host Name or IP Address')}}</label>
<input type="text" class="form-control" id="config_ldap_provider_url" name="config_ldap_provider_url" value="{% if content.config_ldap_provider_url != None %}{{ content.config_ldap_provider_url }}{% endif %}" autocomplete="off"> <input type="text" class="form-control" id="config_ldap_provider_url" name="config_ldap_provider_url" value="{% if config.config_ldap_provider_url != None %}{{ config.config_ldap_provider_url }}{% endif %}" autocomplete="off">
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="config_ldap_port">{{_('LDAP Server Port')}}</label> <label for="config_ldap_port">{{_('LDAP Server Port')}}</label>
<input type="text" class="form-control" id="config_ldap_port" name="config_ldap_port" value="{% if content.config_ldap_port != None %}{{ content.config_ldap_port }}{% endif %}" autocomplete="off"> <input type="text" class="form-control" id="config_ldap_port" name="config_ldap_port" value="{% if config.config_ldap_port != None %}{{ config.config_ldap_port }}{% endif %}" autocomplete="off">
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="config_ldap_schema">{{_('LDAP schema (ldap or ldaps)')}}</label> <label for="config_ldap_schema">{{_('LDAP schema (ldap or ldaps)')}}</label>
<input type="text" class="form-control" id="config_ldap_schema" name="config_ldap_schema" value="{% if content.config_ldap_schema != None %}{{ content.config_ldap_schema }}{% endif %}" autocomplete="off"> <input type="text" class="form-control" id="config_ldap_schema" name="config_ldap_schema" value="{% if config.config_ldap_schema != None %}{{ config.config_ldap_schema }}{% endif %}" autocomplete="off">
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="config_ldap_serv_username">{{_('LDAP Admin username')}}</label> <label for="config_ldap_serv_username">{{_('LDAP Admin username')}}</label>
<input type="text" class="form-control" id="config_ldap_serv_username" name="config_ldap_serv_username" value="{% if content.config_ldap_serv_username != None %}{{ content.config_ldap_serv_username }}{% endif %}" autocomplete="off"> <input type="text" class="form-control" id="config_ldap_serv_username" name="config_ldap_serv_username" value="{% if config.config_ldap_serv_username != None %}{{ config.config_ldap_serv_username }}{% endif %}" autocomplete="off">
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="config_ldap_serv_password">{{_('LDAP Admin password')}}</label> <label for="config_ldap_serv_password">{{_('LDAP Admin password')}}</label>
<input type="password" class="form-control" id="config_ldap_serv_password" name="config_ldap_serv_password" value="{% if content.config_ldap_serv_password != None %}{{ content.config_ldap_serv_password }}{% endif %}" autocomplete="off"> <input type="password" class="form-control" id="config_ldap_serv_password" name="config_ldap_serv_password" value="{% if config.config_ldap_serv_password != None %}{{ config.config_ldap_serv_password }}{% endif %}" autocomplete="off">
</div> </div>
<div class="form-group"> <div class="form-group">
<input type="checkbox" id="config_ldap_use_ssl" name="config_ldap_use_ssl" {% if content.config_ldap_use_ssl %}checked{% endif %}> <input type="checkbox" id="config_ldap_use_ssl" name="config_ldap_use_ssl" {% if config.config_ldap_use_ssl %}checked{% endif %}>
<label for="config_ldap_ssl">{{_('LDAP Server use SSL')}}</label> <label for="config_ldap_use_ssl">{{_('LDAP Server use SSL')}}</label>
</div> </div>
<div class="form-group"> <div class="form-group">
<input type="checkbox" id="config_ldap_use_tls" name="config_ldap_use_tls" {% if content.config_ldap_use_tls %}checked{% endif %}> <input type="checkbox" id="config_ldap_use_tls" name="config_ldap_use_tls" {% if config.config_ldap_use_tls %}checked{% endif %}>
<label for="config_ldap_ssl">{{_('LDAP Server use TLS')}}</label> <label for="config_ldap_use_tls">{{_('LDAP Server use TLS')}}</label>
</div> </div>
<div class="form-group"> <div class="form-group">
<input type="checkbox" id="config_ldap_require_cert" name="config_ldap_require_cert" data-control="ldap-cert-settings" {% if content.config_ldap_require_cert %}checked{% endif %}> <input type="checkbox" id="config_ldap_require_cert" name="config_ldap_require_cert" data-control="ldap-cert-settings" {% if config.config_ldap_require_cert %}checked{% endif %}>
<label for="config_ldap_ssl">{{_('LDAP Server Certificate')}}</label> <label for="config_ldap_require_cert">{{_('LDAP Server Certificate')}}</label>
</div> </div>
<div data-related="ldap-cert-settings"> <div data-related="ldap-cert-settings">
<div class="form-group"> <div class="form-group">
<label for="config_ldap_cert_path">{{_('LDAP SSL Certificate Path')}}</label> <label for="config_ldap_cert_path">{{_('LDAP SSL Certificate Path')}}</label>
<input type="text" class="form-control" id="config_ldap_cert_path" name="config_ldap_cert_path" value="{% if content.config_ldap_cert_path != None and content.config_ldap_require_cert !=None %}{{ content.config_ldap_cert_path }}{% endif %}" autocomplete="off"> <input type="text" class="form-control" id="config_ldap_cert_path" name="config_ldap_cert_path" value="{% if config.config_ldap_cert_path != None and config.config_ldap_require_cert !=None %}{{ config.config_ldap_cert_path }}{% endif %}" autocomplete="off">
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="config_ldap_dn">{{_('LDAP Distinguished Name (DN)')}}</label> <label for="config_ldap_dn">{{_('LDAP Distinguished Name (DN)')}}</label>
<input type="text" class="form-control" id="config_ldap_dn" name="config_ldap_dn" value="{% if content.config_ldap_dn != None %}{{ content.config_ldap_dn }}{% endif %}" autocomplete="off"> <input type="text" class="form-control" id="config_ldap_dn" name="config_ldap_dn" value="{% if config.config_ldap_dn != None %}{{ config.config_ldap_dn }}{% endif %}" autocomplete="off">
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="config_ldap_user_object">{{_('LDAP User object filter')}}</label> <label for="config_ldap_user_object">{{_('LDAP User object filter')}}</label>
<input type="text" class="form-control" id="config_ldap_user_object" name="config_ldap_user_object" value="{% if content.config_ldap_user_object != None %}{{ content.config_ldap_user_object }}{% endif %}" autocomplete="off"> <input type="text" class="form-control" id="config_ldap_user_object" name="config_ldap_user_object" value="{% if config.config_ldap_user_object != None %}{{ config.config_ldap_user_object }}{% endif %}" autocomplete="off">
</div> </div>
<div class="form-group"> <div class="form-group">
<input type="checkbox" id="config_ldap_openldap" name="config_ldap_openldap" {% if content.config_ldap_openldap %}checked{% endif %}> <input type="checkbox" id="config_ldap_openldap" name="config_ldap_openldap" {% if config.config_ldap_openldap %}checked{% endif %}>
<label for="config_ldap_openldap">{{_('LDAP Server is OpenLDAP?')}}</label> <label for="config_ldap_openldap">{{_('LDAP Server is OpenLDAP?')}}</label>
</div> </div>
</div> </div>

View File

@ -40,10 +40,10 @@ from sqlalchemy.orm import relationship, sessionmaker
from sqlalchemy.ext.declarative import declarative_base from sqlalchemy.ext.declarative import declarative_base
from werkzeug.security import generate_password_hash from werkzeug.security import generate_password_hash
try: '''try:
import ldap import ldap
except ImportError: except ImportError:
pass pass'''
from . import constants, logger, cli from . import constants, logger, cli
@ -172,12 +172,12 @@ class UserBase:
return '<User %r>' % self.nickname return '<User %r>' % self.nickname
# Login via LDAP method # Login via LDAP method
@staticmethod '''@staticmethod
def try_login(username, password,config_dn, ldap_provider_url): def try_login(username, password,config_dn, ldap_provider_url):
conn = get_ldap_connection(ldap_provider_url) conn = get_ldap_connection(ldap_provider_url)
conn.simple_bind_s( conn.simple_bind_s(
config_dn.replace("%s", username), config_dn.replace("%s", username),
password) password)'''
# Baseclass for Users in Calibre-Web, settings which are depending on certain users are stored here. It is derived from # Baseclass for Users in Calibre-Web, settings which are depending on certain users are stored here. It is derived from
# User Base (all access methods are declared there) # User Base (all access methods are declared there)
@ -795,10 +795,10 @@ def clean_database():
session.query(RemoteAuthToken).filter(now > RemoteAuthToken.expiration).delete() session.query(RemoteAuthToken).filter(now > RemoteAuthToken.expiration).delete()
#get LDAP connection '''#get LDAP connection
def get_ldap_connection(ldap_provider_url): def get_ldap_connection(ldap_provider_url):
conn = ldap.initialize('ldap://{}'.format(ldap_provider_url)) conn = ldap.initialize('ldap://{}'.format(ldap_provider_url))
return conn return conn'''

View File

@ -41,7 +41,7 @@ from werkzeug.exceptions import default_exceptions
from werkzeug.datastructures import Headers from werkzeug.datastructures import Headers
from werkzeug.security import generate_password_hash, check_password_hash from werkzeug.security import generate_password_hash, check_password_hash
from . import constants, logger, isoLanguages from . import constants, logger, isoLanguages, ldap
from . import global_WorkerThread, searched_ids, lm, babel, db, ub, config, get_locale, app, language_table from . import global_WorkerThread, searched_ids, lm, babel, db, ub, config, get_locale, app, language_table
from .gdriveutils import getFileFromEbooksFolder, do_gdrive_download from .gdriveutils import getFileFromEbooksFolder, do_gdrive_download
from .helper import common_filters, get_search_results, fill_indexpage, speaking_language, check_valid_domain, \ from .helper import common_filters, get_search_results, fill_indexpage, speaking_language, check_valid_domain, \
@ -52,6 +52,8 @@ from .pagination import Pagination
from .redirect import redirect_back from .redirect import redirect_back
feature_support = dict() feature_support = dict()
feature_support['ldap'] = ldap.ldap_supported()
try: try:
from .oauth_bb import oauth_check, register_user_with_oauth, logout_oauth_user, get_oauth_status from .oauth_bb import oauth_check, register_user_with_oauth, logout_oauth_user, get_oauth_status
feature_support['oauth'] = True feature_support['oauth'] = True
@ -59,12 +61,6 @@ except ImportError:
feature_support['oauth'] = False feature_support['oauth'] = False
oauth_check = {} oauth_check = {}
try:
import ldap
feature_support['ldap'] = True
except ImportError:
feature_support['ldap'] = False
try: try:
from goodreads.client import GoodreadsClient from goodreads.client import GoodreadsClient
feature_support['goodreads'] = True feature_support['goodreads'] = True
@ -221,6 +217,7 @@ def edit_required(f):
return inner return inner
# ################################### Helper functions ################################################################ # ################################### Helper functions ################################################################
@ -244,6 +241,8 @@ def before_request():
# ################################### data provider functions ######################################################### # ################################### data provider functions #########################################################
@web.route("/ajax/emailstat") @web.route("/ajax/emailstat")
@login_required @login_required
def get_email_status_json(): def get_email_status_json():
@ -308,6 +307,7 @@ def toggle_read(book_id):
log.error(u"Custom Column No.%d is not exisiting in calibre database", config.config_read_column) log.error(u"Custom Column No.%d is not exisiting in calibre database", config.config_read_column)
return "" return ""
''' '''
@web.route("/ajax/getcomic/<int:book_id>/<book_format>/<int:page>") @web.route("/ajax/getcomic/<int:book_id>/<book_format>/<int:page>")
@login_required @login_required
@ -359,6 +359,7 @@ def get_comic_book(book_id, book_format, page):
return "", 204 return "", 204
''' '''
# ################################### Typeahead ################################################################## # ################################### Typeahead ##################################################################
@ -434,6 +435,7 @@ def get_matching_tags():
# ################################### View Books list ################################################################## # ################################### View Books list ##################################################################
@web.route("/", defaults={'page': 1}) @web.route("/", defaults={'page': 1})
@web.route('/page/<int:page>') @web.route('/page/<int:page>')
@login_required_if_no_ano @login_required_if_no_ano
@ -757,6 +759,7 @@ def category_list():
# ################################### Task functions ################################################################ # ################################### Task functions ################################################################
@web.route("/tasks") @web.route("/tasks")
@login_required @login_required
def get_tasks_status(): def get_tasks_status():
@ -768,6 +771,7 @@ def get_tasks_status():
# ################################### Search functions ################################################################ # ################################### Search functions ################################################################
@web.route("/search", methods=["GET"]) @web.route("/search", methods=["GET"])
@login_required_if_no_ano @login_required_if_no_ano
def search(): def search():
@ -963,6 +967,7 @@ def render_read_books(page, are_read, as_xml=False, order=None):
# ################################### Download/Send ################################################################## # ################################### Download/Send ##################################################################
@web.route("/cover/<int:book_id>") @web.route("/cover/<int:book_id>")
@login_required_if_no_ano @login_required_if_no_ano
def get_cover(book_id): def get_cover(book_id):
@ -1021,6 +1026,7 @@ def send_to_kindle(book_id, book_format, convert):
# ################################### Login Logout ################################################################## # ################################### Login Logout ##################################################################
@web.route('/register', methods=['GET', 'POST']) @web.route('/register', methods=['GET', 'POST'])
def register(): def register():
if not config.config_public_reg: if not config.config_public_reg:
@ -1087,17 +1093,17 @@ def login():
.first() .first()
if config.config_login_type == 1 and user and feature_support['ldap']: if config.config_login_type == 1 and user and feature_support['ldap']:
try: try:
if ldap.bind_user(form['username'], form['password']) is not None: if ldap.ldap.bind_user(form['username'], form['password']) is not None:
login_user(user, remember=True) login_user(user, remember=True)
flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname),
category="success") category="success")
return redirect_back(url_for("web.index")) return redirect_back(url_for("web.index"))
except ldap.INVALID_CREDENTIALS as e: except ldap.ldap.INVALID_CREDENTIALS as e:
log.error('Login Error: ' + str(e)) log.error('Login Error: ' + str(e))
ipAdress = request.headers.get('X-Forwarded-For', request.remote_addr) ipAdress = request.headers.get('X-Forwarded-For', request.remote_addr)
log.info('LDAP Login failed for user "%s" IP-adress: %s', form['username'], ipAdress) log.info('LDAP Login failed for user "%s" IP-adress: %s', form['username'], ipAdress)
flash(_(u"Wrong Username or Password"), category="error") flash(_(u"Wrong Username or Password"), category="error")
except ldap.SERVER_DOWN: except ldap.ldap.SERVER_DOWN:
log.info('LDAP Login failed, LDAP Server down') log.info('LDAP Login failed, LDAP Server down')
flash(_(u"Could not login. LDAP server down, please contact your administrator"), category="error") flash(_(u"Could not login. LDAP server down, please contact your administrator"), category="error")
'''except LDAPException as exception: '''except LDAPException as exception:
@ -1213,6 +1219,7 @@ def token_verified():
# ################################### Users own configuration ######################################################### # ################################### Users own configuration #########################################################
@web.route("/me", methods=["GET", "POST"]) @web.route("/me", methods=["GET", "POST"])
@login_required @login_required
def profile(): def profile():
@ -1279,7 +1286,6 @@ def profile():
page="me", registered_oauth=oauth_check, oauth_status=oauth_status) page="me", registered_oauth=oauth_check, oauth_status=oauth_status)
# ###################################Show single book ################################################################## # ###################################Show single book ##################################################################