diff --git a/cps/ub.py b/cps/ub.py index 57dbde6e..14cf0b24 100644 --- a/cps/ub.py +++ b/cps/ub.py @@ -14,6 +14,7 @@ import json import datetime from binascii import hexlify import cli +import ldap engine = create_engine('sqlite:///{0}'.format(cli.settingspath), echo=False) Base = declarative_base() @@ -46,6 +47,8 @@ SIDEBAR_PUBLISHER = 4096 DEFAULT_PASS = "admin123" DEFAULT_PORT = int(os.environ.get("CALIBRE_PORT", 8083)) +LDAP_PROVIDER_URL = 'ldap://localhost:389/' +LDAP_PROTOCOL_VERSION = 3 class UserBase: @@ -152,6 +155,13 @@ class UserBase: def __repr__(self): return '' % self.nickname + @staticmethod + def try_login(username, password): + conn = get_ldap_connection() + conn.simple_bind_s( + 'uid={},ou=users,dc=yunohost,dc=org'.format(username), + password + ) # Baseclass for Users in Calibre-Web, settings which are depending on certain users are stored here. It is derived from # User Base (all access methods are declared there) @@ -778,6 +788,11 @@ else: migrate_Database() clean_database() +#get LDAP connection +def get_ldap_connection(): + conn = ldap.initialize(LDAP_PROVIDER_URL) + return conn + # Generate global Settings Object accessible from every file config = Config() searched_ids = {} diff --git a/cps/web.py b/cps/web.py index da240211..c78ae132 100644 --- a/cps/web.py +++ b/cps/web.py @@ -57,6 +57,7 @@ from redirect import redirect_back import time import server from reverseproxy import ReverseProxied +import ldap try: from googleapiclient.errors import HttpError @@ -2342,7 +2343,16 @@ def login(): if request.method == "POST": form = request.form.to_dict() user = ub.session.query(ub.User).filter(func.lower(ub.User.nickname) == form['username'].strip().lower()).first() - if user and check_password_hash(user.password, form['password']) and user.nickname is not "Guest": + try: + app.logger.info("Tryong LDAP connexion") + ub.User.try_login(form['username'], form['password']) + login_user(user, remember=True) + flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success") + return redirect_back(url_for("index")) + except ldap.INVALID_CREDENTIALS: + ipAdress = request.headers.get('X-Forwarded-For', request.remote_addr) + app.logger.info('LDAP Login failed for user "' + form['username'] + '" IP-adress: ' + ipAdress) + if user and check_password_hash(user.password, form['password']) and user.nickname is not "Guest" and not user.is_authenticated: login_user(user, remember=True) flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success") return redirect_back(url_for("index"))