From 04b5e045938da92c8d11dfd46c352c99b3d3aa30 Mon Sep 17 00:00:00 2001 From: Matthew Scragg Date: Sun, 22 Nov 2015 17:12:26 -0600 Subject: [PATCH] Dynamically enable modules based on config values --- README.md | 68 ++++++++++++++-------------- realms/config/__init__.py | 72 +++++++++++++++++------------- realms/modules/auth/ldap/models.py | 3 +- 3 files changed, 75 insertions(+), 68 deletions(-) diff --git a/README.md b/README.md index 4fb4e8e..c8df786 100644 --- a/README.md +++ b/README.md @@ -278,6 +278,10 @@ If your language is not supported, Realms will fall back to a simple text analyz ### Local Local default will be done using a backend database as defined in the config. +To disable local authentication, put the following your config. + + "AUTH_LOCAL_ENABLE": false + ### LDAP (beta) @@ -290,53 +294,47 @@ Use these examples as a guide and place it in your realms-wiki.json config. In this example, BIND_DN and BIND_AUTH are used to search and authenticate. Leaving them blank implies anonymous authentication. -``` -"LDAP": { - "URI": "ldap://localhost:8389", - "BIND_DN": "", - "BIND_AUTH": "", - "USER_SEARCH": {"base": "dc=realms,dc=io", "filter": "uid=%(username)s"}, - "KEY_MAP": { - "username":"cn", - "email": "mail" + "LDAP": { + "URI": "ldap://localhost:8389", + "BIND_DN": "", + "BIND_AUTH": "", + "USER_SEARCH": {"base": "dc=realms,dc=io", "filter": "uid=%(username)s"}, + "KEY_MAP": { + "username":"cn", + "email": "mail" + } } -} -``` #### Direct Bind Example -``` -"LDAP": { - "URI": "ldap://localhost:8389", - "BIND_DN": "uid=%(username)s,ou=People,dc=realms,dc=io", - "KEY_MAP": { - "username":"cn", - "email": "mail", - }, - "OPTIONS": { - "OPT_PROTOCOL_VERSION": 3, + "LDAP": { + "URI": "ldap://localhost:8389", + "BIND_DN": "uid=%(username)s,ou=People,dc=realms,dc=io", + "KEY_MAP": { + "username":"cn", + "email": "mail", + }, + "OPTIONS": { + "OPT_PROTOCOL_VERSION": 3, + } } -} -``` + ### OAuth (beta) Realms currently supports Github, Twitter, Facebook and Google. Each provider requires a key and secret. Put them in your `realms-wiki.json` config file. Use the example below. -``` -"OAUTH": { - "twitter": { - "key": "", - "secret": "" - }, - "github": { - "key": "", - "secret": "" + "OAUTH": { + "twitter": { + "key": "", + "secret": "" + }, + "github": { + "key": "", + "secret": "" + } } -} -``` - ## Running diff --git a/realms/config/__init__.py b/realms/config/__init__.py index 72e4a4d..1d06cde 100644 --- a/realms/config/__init__.py +++ b/realms/config/__init__.py @@ -83,37 +83,37 @@ DB_URI = 'sqlite:////tmp/wiki.db' # DB_URI = 'oracle://scott:tiger@127.0.0.1:1521/sidname' # DB_URI = 'crate://' -LDAP = { - 'URI': '', +# LDAP = { +# 'URI': '', +# +# # This BIND_DN/BIND_PASSWORD default to '', this is shown here for demonstrative purposes +# # The values '' perform an anonymous bind so we may use search/bind method +# 'BIND_DN': '', +# 'BIND_AUTH': '', +# +# # Adding the USER_SEARCH field tells the flask-ldap-login that we are using +# # the search/bind method +# 'USER_SEARCH': {'base': 'dc=example,dc=com', 'filter': 'uid=%(username)s'}, +# +# # Map ldap keys into application specific keys +# 'KEY_MAP': { +# 'name': 'cn', +# 'company': 'o', +# 'location': 'l', +# 'email': 'mail', +# } +# } - # This BIND_DN/BIND_PASSWORD default to '', this is shown here for demonstrative purposes - # The values '' perform an anonymous bind so we may use search/bind method - 'BIND_DN': '', - 'BIND_AUTH': '', - - # Adding the USER_SEARCH field tells the flask-ldap-login that we are using - # the search/bind method - 'USER_SEARCH': {'base': 'dc=example,dc=com', 'filter': 'uid=%(username)s'}, - - # Map ldap keys into application specific keys - 'KEY_MAP': { - 'name': 'cn', - 'company': 'o', - 'location': 'l', - 'email': 'mail', - } -} - -OAUTH = { - 'twitter': { - 'key': '', - 'secret': '' - }, - 'github': { - 'key': '', - 'secret': '' - } -} +# OAUTH = { +# 'twitter': { +# 'key': '', +# 'secret': '' +# }, +# 'github': { +# 'key': '', +# 'secret': '' +# } +# } CACHE_TYPE = 'simple' @@ -153,6 +153,7 @@ WIKI_PATH = '/tmp/wiki' # Name of page that will act as home WIKI_HOME = 'home' +AUTH_LOCAL_ENABLE = True ALLOW_ANON = True REGISTRATION_ENABLED = True PRIVATE_WIKI = False @@ -193,4 +194,13 @@ if ENV != "DEV": ASSETS_DEBUG = False SQLALCHEMY_ECHO = False -MODULES = ['wiki', 'search', 'auth', 'auth.local', 'auth.oauth', 'auth.ldap', 'auth.oauth'] +MODULES = ['wiki', 'search', 'auth'] + +if globals().get('AUTH_LOCAL_ENABLE'): + MODULES.append('auth.local') + +if globals().get('OAUTH'): + MODULES.append('auth.oauth') + +if globals().get('LDAP'): + MODULES.append('auth.ldap') diff --git a/realms/modules/auth/ldap/models.py b/realms/modules/auth/ldap/models.py index 0d97ef2..cd605c2 100644 --- a/realms/modules/auth/ldap/models.py +++ b/realms/modules/auth/ldap/models.py @@ -38,8 +38,7 @@ class User(BaseUser): @staticmethod def login_form(): - form = LDAPLoginForm() - return render_template('auth/ldap/login.html', form=form) + return render_template('auth/ldap/login.html', form=LDAPLoginForm()) @staticmethod def auth(user, password):