ldap first pass

This commit is contained in:
Matthew Scragg 2015-10-14 17:36:22 -05:00
parent 3c2f4a0445
commit 2eaf09dc78
13 changed files with 148 additions and 25 deletions

View file

@ -17,15 +17,15 @@ if ! type "add-apt-repository" > /dev/null; then
fi
# Elastic Search
wget -qO - http://packages.elasticsearch.org/GPG-KEY-elasticsearch | sudo apt-key add -
echo 'deb http://packages.elasticsearch.org/elasticsearch/1.4/debian stable main' | sudo tee /etc/apt/sources.list.d/elastic.list
# wget -qO - http://packages.elasticsearch.org/GPG-KEY-elasticsearch | sudo apt-key add -
# echo 'deb http://packages.elasticsearch.org/elasticsearch/1.4/debian stable main' | sudo tee /etc/apt/sources.list.d/elastic.list
sudo add-apt-repository -y ppa:chris-lea/node.js
sudo apt-get update
sudo apt-get install -y python build-essential pkg-config git \
python-pip python-virtualenv python-dev zlib1g-dev \
libffi-dev libyaml-dev libssl-dev nodejs openjdk-7-jre-headless elasticsearch
python-pip python-virtualenv python-dev zlib1g-dev libldap2-dev libsasl2-dev \
libffi-dev libyaml-dev libssl-dev nodejs
# Create swap file because ES eats up RAM and 14.04 doesn't have swap by default
sudo fallocate -l 1G /swapfile

View file

@ -15,6 +15,7 @@ from flask.ext.cache import Cache
from flask.ext.login import LoginManager, current_user
from flask.ext.sqlalchemy import SQLAlchemy
from flask.ext.assets import Environment, Bundle
from flask_ldap_login import LDAPLoginManager
from werkzeug.routing import BaseConverter
from werkzeug.exceptions import HTTPException
from sqlalchemy.ext.declarative import declarative_base
@ -163,6 +164,7 @@ def create_app(config=None):
cache.init_app(app)
assets.init_app(app)
search.init_app(app)
ldap.init_app(app)
db.Model = declarative_base(metaclass=HookModelMeta, cls=HookMixin)
@ -202,6 +204,7 @@ db = SQLAlchemy()
cache = Cache()
assets = Assets()
search = Search()
ldap = LDAPLoginManager()
assets.register('main.js',
'vendor/jquery/dist/jquery.js',

View file

@ -83,6 +83,38 @@ DB_URI = 'sqlite:////tmp/wiki.db'
# DB_URI = 'oracle://scott:tiger@127.0.0.1:1521/sidname'
# DB_URI = 'crate://'
LDAP = {
'URI': 'ldap://localhost:8389',
# This BIND_DN/BIND_PASSORD default to '', this is shown here for demonstrative purposes
# The values '' perform an anonymous bind so we may use search/bind method
'BIND_DN': '',
'BIND_AUTH': '',
# Adding the USER_SEARCH field tells the flask-ldap-login that we are using
# the search/bind method
'USER_SEARCH': {'base': 'dc=example,dc=com', 'filter': 'uid=%(username)s'},
# Map ldap keys into application specific keys
'KEY_MAP': {
'name': 'cn',
'company': 'o',
'location': 'l',
'email': 'mail',
}
}
OAUTH = {
'twitter': {
'key': '',
'secret': ''
},
'github': {
'key': '',
'secret': ''
}
}
CACHE_TYPE = 'simple'
# Redis
@ -161,4 +193,4 @@ if ENV != "DEV":
ASSETS_DEBUG = False
SQLALCHEMY_ECHO = False
MODULES = ['wiki', 'search', 'auth', 'auth.local', 'auth.oauth']
MODULES = ['wiki', 'search', 'auth', 'auth.local', 'auth.oauth', 'auth.ldap']

View file

@ -0,0 +1,4 @@
from flask_ldap_login import LDAPLoginManager
ldap_mgr = LDAPLoginManager()

View file

@ -0,0 +1,7 @@
from flask_wtf import Form
from wtforms import StringField, PasswordField, validators
class LoginForm(Form):
email = StringField('Email', [validators.DataRequired()])
password = PasswordField('Password', [validators.DataRequired()])

View file

@ -0,0 +1,31 @@
from flask import current_app, render_template
from flask.ext.login import login_user
from realms import ldap
from flask_ldap_login import LDAPLoginForm
from ..models import BaseUser
import bcrypt
users = {}
@ldap.save_user
def save_user(username, userdata):
users[username] = User(username, userdata)
return users[username]
class User(BaseUser):
type = 'ldap'
def __init__(self, username, data):
self.id = username
self.username = username
self.data = data
@staticmethod
def login_form():
form = LDAPLoginForm()
return render_template('auth/ldap/login.html', form=form)
@staticmethod
def auth(*args):
login_user(args[0].user, remember=True)
return True

View file

@ -0,0 +1,18 @@
from flask import current_app, request, redirect, Blueprint, flash, url_for
from ..ldap.models import User
from flask_ldap_login import LDAPLoginForm
blueprint = Blueprint('auth.ldap', __name__)
@blueprint.route("/login/ldap", methods=['POST'])
def login():
form = LDAPLoginForm()
if not form.validate():
flash('Form invalid', 'warning')
return redirect(url_for('auth.login'))
if User.auth(form.user):
return redirect(request.args.get("next") or url_for(current_app.config['ROOT_ENDPOINT']))
else:
return redirect(url_for('auth.login'))

View file

@ -19,13 +19,11 @@ class Auth(object):
@staticmethod
def get_auth_user(auth_type):
print auth_type
mod = importlib.import_module('realms.modules.auth.%s.models' % auth_type)
return mod.User
@staticmethod
def load_user(auth_id):
print auth_id
auth_type, user_id = auth_id.split("/")
return Auth.get_auth_user(auth_type).load_user(user_id)
@ -33,7 +31,7 @@ class Auth(object):
def login_forms():
forms = []
# TODO be dynamic
for t in ['local']:
for t in ['local', 'ldap']:
forms.append(Auth.get_auth_user(t).login_form())
return forms
@ -87,7 +85,7 @@ class BaseUser(UserMixin):
@staticmethod
def auth(email, password):
raise NotImplementedError()
raise NotImplementedError
@staticmethod
def hash_password(password):

View file

@ -8,25 +8,31 @@ oauth = OAuth()
class OAuthUser(BaseUser):
# OAuth remote app
app = None
remote_app = None
class TwitterUser(OAuthUser):
app = oauth.remote_app(
'twitter',
base_url='https://api.twitter.com/1/',
request_token_url='https://api.twitter.com/oauth/request_token',
access_token_url='https://api.twitter.com/oauth/access_token',
authorize_url='https://api.twitter.com/oauth/authenticate',
consumer_key=config.TWITTER_KEY,
consumer_secret=config.TWITTER_SECRET)
def __init__(self, id_, username, email=None):
self.id = id_
self.username = username
self.email = email
@classmethod
def app(cls):
if cls.remote_app:
return cls.remote_app
cls.remote_app = oauth.remote_app(
'twitter',
base_url='https://api.twitter.com/1/',
request_token_url='https://api.twitter.com/oauth/request_token',
access_token_url='https://api.twitter.com/oauth/access_token',
authorize_url='https://api.twitter.com/oauth/authenticate',
consumer_key=config.OAUTH['twitter']['key'],
consumer_secret=config.OAUTH['twitter']['secret'])
return cls.remote_app
@staticmethod
def load_user(*args, **kwargs):
return TwitterUser(args[0])

View file

@ -1,22 +1,22 @@
from flask import Blueprint, url_for, request, flash, redirect
from flask import Blueprint, url_for, request, flash, redirect, session
from .models import TwitterUser
blueprint = Blueprint('auth.oauth', __name__)
def oauth_failed(next_url):
flash(u'You denied the request to sign in.')
flash('You denied the request to sign in.')
return redirect(next_url)
@blueprint.route("/login/twitter")
def login_twitter():
return TwitterUser.app.authorize(callback=url_for('twitter_callback',
next=request.args.get('next') or request.referrer or None))
return TwitterUser.app().authorize(callback=url_for('twitter_callback',
next=request.args.get('next') or request.referrer or None))
@blueprint.route('/login/twitter/callback')
def twitter_callback():
next_url = request.args.get('next') or url_for('index')
resp = TwitterUser.app.authorized_response()
resp = TwitterUser.app().authorized_response()
if resp is None:
return oauth_failed(next_url)

View file

@ -0,0 +1,21 @@
{% from 'macros.html' import render_form, render_field %}
<button type="button" class="btn btn-info" data-toggle="modal" data-target="#ldap-modal">
<i class="fa fa-folder-open-o"></i>&nbsp; Login with LDAP
</button>
<div class="modal fade" id="ldap-modal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<h4 class="modal-title" id="myModalLabel">LDAP Login</h4>
</div>
<div class="modal-body">
{% call render_form(form, action_url=url_for('auth.ldap.login'), action_text='Login', btn_class='btn btn-primary') %}
{{ render_field(form.username, placeholder='Username', type='text', required=1) }}
{{ render_field(form.password, placeholder='Password', type='password', required=1) }}
{% endcall %}
</div>
</div>
</div>
</div>

View file

@ -2,5 +2,6 @@
{% block body %}
{% for form in forms %}
{{ form|safe }}
<hr />
{% endfor %}
{% endblock %}

View file

@ -28,12 +28,14 @@ setup(name='realms-wiki',
'Flask-Cache==0.13.1',
'Flask-Elastic==0.2',
'Flask-Login==0.2.11',
'Flask-OAuthlib==0.9.1',
'Flask-SQLAlchemy==2.0',
'Flask-WTF==0.10.2',
'PyYAML==3.11',
'bcrypt==1.0.2',
'beautifulsoup4==4.3.2',
'click==3.3',
'flask-ldap-login==0.3.0',
'gevent==1.0.2',
'ghdiff==0.4',
'gittle==0.4.0',