From e9709b6c8f927cf03ddc9b0d231812dea8d69a14 Mon Sep 17 00:00:00 2001 From: Matthew Scragg Date: Thu, 15 Oct 2015 15:55:38 -0500 Subject: [PATCH] ldap second pass, working state --- realms/__init__.py | 6 ++++- realms/modules/auth/ldap/__init__.py | 3 --- realms/modules/auth/ldap/models.py | 39 +++++++++++++++++++++------- realms/modules/auth/ldap/views.py | 2 +- realms/modules/auth/local/models.py | 9 ------- realms/modules/auth/models.py | 6 +---- 6 files changed, 37 insertions(+), 28 deletions(-) diff --git a/realms/__init__.py b/realms/__init__.py index 4b51853..808bf41 100644 --- a/realms/__init__.py +++ b/realms/__init__.py @@ -110,6 +110,10 @@ class Assets(Environment): return super(Assets, self).register(name, Bundle(*args, filters=filters, output=output)) +class MyLDAPLoginManager(LDAPLoginManager): + @property + def attrlist(self): + return None class RegexConverter(BaseConverter): """ Enables Regex matching on endpoints @@ -204,7 +208,7 @@ db = SQLAlchemy() cache = Cache() assets = Assets() search = Search() -ldap = LDAPLoginManager() +ldap = MyLDAPLoginManager() assets.register('main.js', 'vendor/jquery/dist/jquery.js', diff --git a/realms/modules/auth/ldap/__init__.py b/realms/modules/auth/ldap/__init__.py index cb45955..8b13789 100644 --- a/realms/modules/auth/ldap/__init__.py +++ b/realms/modules/auth/ldap/__init__.py @@ -1,4 +1 @@ -from flask_ldap_login import LDAPLoginManager - -ldap_mgr = LDAPLoginManager() diff --git a/realms/modules/auth/ldap/models.py b/realms/modules/auth/ldap/models.py index 3cd8767..269512d 100644 --- a/realms/modules/auth/ldap/models.py +++ b/realms/modules/auth/ldap/models.py @@ -1,24 +1,38 @@ -from flask import current_app, render_template +from flask import render_template from flask.ext.login import login_user from realms import ldap from flask_ldap_login import LDAPLoginForm from ..models import BaseUser -import bcrypt + users = {} @ldap.save_user def save_user(username, userdata): - users[username] = User(username, userdata) - return users[username] + user = User(userdata.get('username'), userdata.get('email')) + users[user.id] = user + return user class User(BaseUser): type = 'ldap' - def __init__(self, username, data): + def __init__(self, username, email='null@localhost.local', password=None): self.id = username self.username = username - self.data = data + self.email = email + self.password = password + + @property + def auth_token_id(self): + return self.password + + @staticmethod + def load_user(*args, **kwargs): + return User.get_by_id(args[0]) + + @staticmethod + def get_by_id(user_id): + return users.get(user_id) @staticmethod def login_form(): @@ -26,6 +40,13 @@ class User(BaseUser): return render_template('auth/ldap/login.html', form=form) @staticmethod - def auth(*args): - login_user(args[0].user, remember=True) - return True + def auth(user, password): + password = User.hash_password(password) + user.password = password + users[user.id] = user + if user: + login_user(user, remember=True) + return True + else: + return False + diff --git a/realms/modules/auth/ldap/views.py b/realms/modules/auth/ldap/views.py index 5d2a32f..ccb0414 100644 --- a/realms/modules/auth/ldap/views.py +++ b/realms/modules/auth/ldap/views.py @@ -12,7 +12,7 @@ def login(): flash('Form invalid', 'warning') return redirect(url_for('auth.login')) - if User.auth(form.user): + if User.auth(form.user, request.form['password']): return redirect(request.args.get("next") or url_for(current_app.config['ROOT_ENDPOINT'])) else: return redirect(url_for('auth.login')) diff --git a/realms/modules/auth/local/models.py b/realms/modules/auth/local/models.py index d758e82..695ce63 100644 --- a/realms/modules/auth/local/models.py +++ b/realms/modules/auth/local/models.py @@ -6,7 +6,6 @@ from ..models import BaseUser from .forms import LoginForm from itsdangerous import URLSafeSerializer, BadSignature from hashlib import sha256 -import bcrypt @login_manager.token_loader @@ -88,14 +87,6 @@ class User(Model, BaseUser): # Password check failed return False - @staticmethod - def hash_password(password): - return bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt(12)) - - @staticmethod - def check_password(password, hashed): - return bcrypt.hashpw(password.encode('utf-8'), hashed.encode('utf-8')) == hashed - @classmethod def logout(cls): logout_user() diff --git a/realms/modules/auth/models.py b/realms/modules/auth/models.py index 9b4c40f..a8fa888 100644 --- a/realms/modules/auth/models.py +++ b/realms/modules/auth/models.py @@ -1,5 +1,5 @@ from flask import current_app -from flask.ext.login import UserMixin, logout_user, login_user, AnonymousUserMixin +from flask.ext.login import UserMixin, logout_user, AnonymousUserMixin from realms import login_manager from realms.lib.util import gravatar_url from itsdangerous import URLSafeSerializer, BadSignature @@ -83,10 +83,6 @@ class BaseUser(UserMixin): def signer(salt): return URLSafeSerializer(current_app.config['SECRET_KEY'] + salt) - @staticmethod - def auth(email, password): - raise NotImplementedError - @staticmethod def hash_password(password): return bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt(12))