ldap second pass, working state
This commit is contained in:
parent
838eb3cb06
commit
e9709b6c8f
|
@ -110,6 +110,10 @@ class Assets(Environment):
|
||||||
|
|
||||||
return super(Assets, self).register(name, Bundle(*args, filters=filters, output=output))
|
return super(Assets, self).register(name, Bundle(*args, filters=filters, output=output))
|
||||||
|
|
||||||
|
class MyLDAPLoginManager(LDAPLoginManager):
|
||||||
|
@property
|
||||||
|
def attrlist(self):
|
||||||
|
return None
|
||||||
|
|
||||||
class RegexConverter(BaseConverter):
|
class RegexConverter(BaseConverter):
|
||||||
""" Enables Regex matching on endpoints
|
""" Enables Regex matching on endpoints
|
||||||
|
@ -204,7 +208,7 @@ db = SQLAlchemy()
|
||||||
cache = Cache()
|
cache = Cache()
|
||||||
assets = Assets()
|
assets = Assets()
|
||||||
search = Search()
|
search = Search()
|
||||||
ldap = LDAPLoginManager()
|
ldap = MyLDAPLoginManager()
|
||||||
|
|
||||||
assets.register('main.js',
|
assets.register('main.js',
|
||||||
'vendor/jquery/dist/jquery.js',
|
'vendor/jquery/dist/jquery.js',
|
||||||
|
|
|
@ -1,4 +1 @@
|
||||||
from flask_ldap_login import LDAPLoginManager
|
|
||||||
|
|
||||||
ldap_mgr = LDAPLoginManager()
|
|
||||||
|
|
||||||
|
|
|
@ -1,24 +1,38 @@
|
||||||
from flask import current_app, render_template
|
from flask import render_template
|
||||||
from flask.ext.login import login_user
|
from flask.ext.login import login_user
|
||||||
from realms import ldap
|
from realms import ldap
|
||||||
from flask_ldap_login import LDAPLoginForm
|
from flask_ldap_login import LDAPLoginForm
|
||||||
from ..models import BaseUser
|
from ..models import BaseUser
|
||||||
import bcrypt
|
|
||||||
|
|
||||||
users = {}
|
users = {}
|
||||||
|
|
||||||
@ldap.save_user
|
@ldap.save_user
|
||||||
def save_user(username, userdata):
|
def save_user(username, userdata):
|
||||||
users[username] = User(username, userdata)
|
user = User(userdata.get('username'), userdata.get('email'))
|
||||||
return users[username]
|
users[user.id] = user
|
||||||
|
return user
|
||||||
|
|
||||||
class User(BaseUser):
|
class User(BaseUser):
|
||||||
type = 'ldap'
|
type = 'ldap'
|
||||||
|
|
||||||
def __init__(self, username, data):
|
def __init__(self, username, email='null@localhost.local', password=None):
|
||||||
self.id = username
|
self.id = username
|
||||||
self.username = username
|
self.username = username
|
||||||
self.data = data
|
self.email = email
|
||||||
|
self.password = password
|
||||||
|
|
||||||
|
@property
|
||||||
|
def auth_token_id(self):
|
||||||
|
return self.password
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def load_user(*args, **kwargs):
|
||||||
|
return User.get_by_id(args[0])
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def get_by_id(user_id):
|
||||||
|
return users.get(user_id)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def login_form():
|
def login_form():
|
||||||
|
@ -26,6 +40,13 @@ class User(BaseUser):
|
||||||
return render_template('auth/ldap/login.html', form=form)
|
return render_template('auth/ldap/login.html', form=form)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def auth(*args):
|
def auth(user, password):
|
||||||
login_user(args[0].user, remember=True)
|
password = User.hash_password(password)
|
||||||
|
user.password = password
|
||||||
|
users[user.id] = user
|
||||||
|
if user:
|
||||||
|
login_user(user, remember=True)
|
||||||
return True
|
return True
|
||||||
|
else:
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,7 @@ def login():
|
||||||
flash('Form invalid', 'warning')
|
flash('Form invalid', 'warning')
|
||||||
return redirect(url_for('auth.login'))
|
return redirect(url_for('auth.login'))
|
||||||
|
|
||||||
if User.auth(form.user):
|
if User.auth(form.user, request.form['password']):
|
||||||
return redirect(request.args.get("next") or url_for(current_app.config['ROOT_ENDPOINT']))
|
return redirect(request.args.get("next") or url_for(current_app.config['ROOT_ENDPOINT']))
|
||||||
else:
|
else:
|
||||||
return redirect(url_for('auth.login'))
|
return redirect(url_for('auth.login'))
|
||||||
|
|
|
@ -6,7 +6,6 @@ from ..models import BaseUser
|
||||||
from .forms import LoginForm
|
from .forms import LoginForm
|
||||||
from itsdangerous import URLSafeSerializer, BadSignature
|
from itsdangerous import URLSafeSerializer, BadSignature
|
||||||
from hashlib import sha256
|
from hashlib import sha256
|
||||||
import bcrypt
|
|
||||||
|
|
||||||
|
|
||||||
@login_manager.token_loader
|
@login_manager.token_loader
|
||||||
|
@ -88,14 +87,6 @@ class User(Model, BaseUser):
|
||||||
# Password check failed
|
# Password check failed
|
||||||
return False
|
return False
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def hash_password(password):
|
|
||||||
return bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt(12))
|
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def check_password(password, hashed):
|
|
||||||
return bcrypt.hashpw(password.encode('utf-8'), hashed.encode('utf-8')) == hashed
|
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def logout(cls):
|
def logout(cls):
|
||||||
logout_user()
|
logout_user()
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
from flask import current_app
|
from flask import current_app
|
||||||
from flask.ext.login import UserMixin, logout_user, login_user, AnonymousUserMixin
|
from flask.ext.login import UserMixin, logout_user, AnonymousUserMixin
|
||||||
from realms import login_manager
|
from realms import login_manager
|
||||||
from realms.lib.util import gravatar_url
|
from realms.lib.util import gravatar_url
|
||||||
from itsdangerous import URLSafeSerializer, BadSignature
|
from itsdangerous import URLSafeSerializer, BadSignature
|
||||||
|
@ -83,10 +83,6 @@ class BaseUser(UserMixin):
|
||||||
def signer(salt):
|
def signer(salt):
|
||||||
return URLSafeSerializer(current_app.config['SECRET_KEY'] + salt)
|
return URLSafeSerializer(current_app.config['SECRET_KEY'] + salt)
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def auth(email, password):
|
|
||||||
raise NotImplementedError
|
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def hash_password(password):
|
def hash_password(password):
|
||||||
return bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt(12))
|
return bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt(12))
|
||||||
|
|
Loading…
Reference in a new issue