ldap first pass

realms/modules/auth/ldap/__init__.py

@@ -0,0 +1,4 @@
+from flask_ldap_login import LDAPLoginManager
+
+ldap_mgr = LDAPLoginManager()
+

realms/modules/auth/ldap/forms.py

@@ -0,0 +1,7 @@
+from flask_wtf import Form
+from wtforms import StringField, PasswordField, validators
+
+
+class LoginForm(Form):
+    email = StringField('Email', [validators.DataRequired()])
+    password = PasswordField('Password', [validators.DataRequired()])

realms/modules/auth/ldap/models.py

@@ -0,0 +1,31 @@
+from flask import current_app, render_template
+from flask.ext.login import login_user
+from realms import ldap
+from flask_ldap_login import LDAPLoginForm
+from ..models import BaseUser
+import bcrypt
+
+users = {}
+
+@ldap.save_user
+def save_user(username, userdata):
+    users[username] = User(username, userdata)
+    return users[username]
+
+class User(BaseUser):
+    type = 'ldap'
+
+    def __init__(self, username, data):
+        self.id = username
+        self.username = username
+        self.data = data
+
+    @staticmethod
+    def login_form():
+        form = LDAPLoginForm()
+        return render_template('auth/ldap/login.html', form=form)
+
+    @staticmethod
+    def auth(*args):
+        login_user(args[0].user, remember=True)
+        return True

realms/modules/auth/ldap/views.py

@@ -0,0 +1,18 @@
+from flask import current_app, request, redirect, Blueprint, flash, url_for
+from ..ldap.models import User
+from flask_ldap_login import LDAPLoginForm
+
+blueprint = Blueprint('auth.ldap', __name__)
+
+@blueprint.route("/login/ldap", methods=['POST'])
+def login():
+    form = LDAPLoginForm()
+
+    if not form.validate():
+        flash('Form invalid', 'warning')
+        return redirect(url_for('auth.login'))
+
+    if User.auth(form.user):
+        return redirect(request.args.get("next") or url_for(current_app.config['ROOT_ENDPOINT']))
+    else:
+        return redirect(url_for('auth.login'))

realms/modules/auth/models.py

@@ -19,13 +19,11 @@ class Auth(object):
 
     @staticmethod
     def get_auth_user(auth_type):
-        print auth_type
         mod = importlib.import_module('realms.modules.auth.%s.models' % auth_type)
         return mod.User
 
     @staticmethod
     def load_user(auth_id):
-        print auth_id
         auth_type, user_id = auth_id.split("/")
         return Auth.get_auth_user(auth_type).load_user(user_id)
 
@@ -33,7 +31,7 @@ class Auth(object):
     def login_forms():
         forms = []
         # TODO be dynamic
-        for t in ['local']:
+        for t in ['local', 'ldap']:
             forms.append(Auth.get_auth_user(t).login_form())
         return forms
 
@@ -87,7 +85,7 @@ class BaseUser(UserMixin):
 
     @staticmethod
     def auth(email, password):
-        raise NotImplementedError()
+        raise NotImplementedError
 
     @staticmethod
     def hash_password(password):

realms/modules/auth/oauth/models.py

@@ -8,25 +8,31 @@ oauth = OAuth()
 
 class OAuthUser(BaseUser):
     # OAuth remote app
-    app = None
+    remote_app = None
 
 
 class TwitterUser(OAuthUser):
 
-    app = oauth.remote_app(
-        'twitter',
-        base_url='https://api.twitter.com/1/',
-        request_token_url='https://api.twitter.com/oauth/request_token',
-        access_token_url='https://api.twitter.com/oauth/access_token',
-        authorize_url='https://api.twitter.com/oauth/authenticate',
-        consumer_key=config.TWITTER_KEY,
-        consumer_secret=config.TWITTER_SECRET)
-
     def __init__(self, id_, username, email=None):
         self.id = id_
         self.username = username
         self.email = email
 
+    @classmethod
+    def app(cls):
+        if cls.remote_app:
+            return cls.remote_app
+
+        cls.remote_app = oauth.remote_app(
+            'twitter',
+            base_url='https://api.twitter.com/1/',
+            request_token_url='https://api.twitter.com/oauth/request_token',
+            access_token_url='https://api.twitter.com/oauth/access_token',
+            authorize_url='https://api.twitter.com/oauth/authenticate',
+            consumer_key=config.OAUTH['twitter']['key'],
+            consumer_secret=config.OAUTH['twitter']['secret'])
+        return cls.remote_app
+
     @staticmethod
     def load_user(*args, **kwargs):
         return TwitterUser(args[0])

realms/modules/auth/oauth/views.py

@@ -1,22 +1,22 @@
-from flask import Blueprint, url_for, request, flash, redirect
+from flask import Blueprint, url_for, request, flash, redirect, session
 from .models import TwitterUser
 
 blueprint = Blueprint('auth.oauth', __name__)
 
 
 def oauth_failed(next_url):
-    flash(u'You denied the request to sign in.')
+    flash('You denied the request to sign in.')
     return redirect(next_url)
 
 @blueprint.route("/login/twitter")
 def login_twitter():
-    return TwitterUser.app.authorize(callback=url_for('twitter_callback',
-                                                      next=request.args.get('next') or request.referrer or None))
+    return TwitterUser.app().authorize(callback=url_for('twitter_callback',
+        next=request.args.get('next') or request.referrer or None))
 
 @blueprint.route('/login/twitter/callback')
 def twitter_callback():
     next_url = request.args.get('next') or url_for('index')
-    resp = TwitterUser.app.authorized_response()
+    resp = TwitterUser.app().authorized_response()
     if resp is None:
         return oauth_failed(next_url)
 
@@ -27,4 +27,4 @@ def twitter_callback():
     session['twitter_user'] = resp['screen_name']
 
     flash('You were signed in as %s' % resp['screen_name'])
-    return redirect(next_url)
+    return redirect(next_url)