From 91f0908059d56f80a2cce4d326fcd3ce34c9ca78 Mon Sep 17 00:00:00 2001 From: Krakinou Date: Sat, 12 Jan 2019 18:07:03 +0100 Subject: [PATCH] insert into db connect via LDAP config --- cps/ub.py | 8 +++++--- cps/web.py | 34 ++++++++++++++++++++++++---------- 2 files changed, 29 insertions(+), 13 deletions(-) diff --git a/cps/ub.py b/cps/ub.py index 325b5132..6de9059c 100644 --- a/cps/ub.py +++ b/cps/ub.py @@ -47,8 +47,6 @@ SIDEBAR_PUBLISHER = 4096 DEFAULT_PASS = "admin123" DEFAULT_PORT = int(os.environ.get("CALIBRE_PORT", 8083)) -LDAP_PROVIDER_URL = 'ldap://localhost:389/' -LDAP_PROTOCOL_VERSION = 3 class UserBase: @@ -155,9 +153,12 @@ class UserBase: def __repr__(self): return '' % self.nickname + #Login via LDAP method @staticmethod def try_login(username, password): conn = get_ldap_connection() + print "bind : {}".format(config.config_ldap_dn) + print "replace :{}".format(config.config_ldap_dn.replace("%s", username)) conn.simple_bind_s( 'uid={},ou=users,dc=yunohost,dc=org'.format(username), password @@ -803,7 +804,8 @@ else: #get LDAP connection def get_ldap_connection(): - conn = ldap.initialize(LDAP_PROVIDER_URL) + print "login to LDAP server ldap://{}".format(config.config_ldap_provider_url) + conn = ldap.initialize('ldap://{}'.format(config.config_ldap_provider_url)) return conn # Generate global Settings Object accessible from every file diff --git a/cps/web.py b/cps/web.py index c78ae132..aaf3e02b 100644 --- a/cps/web.py +++ b/cps/web.py @@ -2343,16 +2343,15 @@ def login(): if request.method == "POST": form = request.form.to_dict() user = ub.session.query(ub.User).filter(func.lower(ub.User.nickname) == form['username'].strip().lower()).first() - try: - app.logger.info("Tryong LDAP connexion") - ub.User.try_login(form['username'], form['password']) - login_user(user, remember=True) - flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success") - return redirect_back(url_for("index")) - except ldap.INVALID_CREDENTIALS: - ipAdress = request.headers.get('X-Forwarded-For', request.remote_addr) - app.logger.info('LDAP Login failed for user "' + form['username'] + '" IP-adress: ' + ipAdress) - if user and check_password_hash(user.password, form['password']) and user.nickname is not "Guest" and not user.is_authenticated: + if config.config_use_ldap and ub.User.try_login(form['username'], form['password']): + try: + login_user(user, remember=True) + flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success") + return redirect_back(url_for("index")) + except ldap.INVALID_CREDENTIALS: + ipAdress = request.headers.get('X-Forwarded-For', request.remote_addr) + app.logger.info('LDAP Login failed for user "' + form['username'] + '" IP-adress: ' + ipAdress) + elif user and check_password_hash(user.password, form['password']) and user.nickname is not "Guest" and not user.is_authenticated: login_user(user, remember=True) flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success") return redirect_back(url_for("index")) @@ -3075,6 +3074,21 @@ def configuration_helper(origin): if "config_ebookconverter" in to_save: content.config_ebookconverter = int(to_save["config_ebookconverter"]) + #LDAP configuratop, + if "config_use_ldap" in to_save and to_save["config_use_ldap"] == "on": + if not "config_ldap_provider_url" in to_save or not "content.config_ldap_dn" in to_save: + ub.session.commit() + flash(_(u'Please enter a LDAP provider and a DN'), category="error") + return render_title_template("config_edit.html", content=config, origin=origin, + gdrive=gdriveutils.gdrive_support, gdriveError=gdriveError, + goodreads=goodreads_support, title=_(u"Basic Configuration"), + page="config") + else: + content.config_use_ldap = 1 + content.config_ldap_provider_url = to_save["config_ldap_provider_url"] + content.config_ldap_dn = to_save["config_ldap_dn"] + db_change = True + # Remote login configuration content.config_remote_login = ("config_remote_login" in to_save and to_save["config_remote_login"] == "on") if not content.config_remote_login: