ldap second pass, working state

This commit is contained in:
Matthew Scragg 2015-10-15 15:55:38 -05:00
parent 838eb3cb06
commit e9709b6c8f
6 changed files with 37 additions and 28 deletions

View file

@ -110,6 +110,10 @@ class Assets(Environment):
return super(Assets, self).register(name, Bundle(*args, filters=filters, output=output)) return super(Assets, self).register(name, Bundle(*args, filters=filters, output=output))
class MyLDAPLoginManager(LDAPLoginManager):
@property
def attrlist(self):
return None
class RegexConverter(BaseConverter): class RegexConverter(BaseConverter):
""" Enables Regex matching on endpoints """ Enables Regex matching on endpoints
@ -204,7 +208,7 @@ db = SQLAlchemy()
cache = Cache() cache = Cache()
assets = Assets() assets = Assets()
search = Search() search = Search()
ldap = LDAPLoginManager() ldap = MyLDAPLoginManager()
assets.register('main.js', assets.register('main.js',
'vendor/jquery/dist/jquery.js', 'vendor/jquery/dist/jquery.js',

View file

@ -1,4 +1 @@
from flask_ldap_login import LDAPLoginManager
ldap_mgr = LDAPLoginManager()

View file

@ -1,24 +1,38 @@
from flask import current_app, render_template from flask import render_template
from flask.ext.login import login_user from flask.ext.login import login_user
from realms import ldap from realms import ldap
from flask_ldap_login import LDAPLoginForm from flask_ldap_login import LDAPLoginForm
from ..models import BaseUser from ..models import BaseUser
import bcrypt
users = {} users = {}
@ldap.save_user @ldap.save_user
def save_user(username, userdata): def save_user(username, userdata):
users[username] = User(username, userdata) user = User(userdata.get('username'), userdata.get('email'))
return users[username] users[user.id] = user
return user
class User(BaseUser): class User(BaseUser):
type = 'ldap' type = 'ldap'
def __init__(self, username, data): def __init__(self, username, email='null@localhost.local', password=None):
self.id = username self.id = username
self.username = username self.username = username
self.data = data self.email = email
self.password = password
@property
def auth_token_id(self):
return self.password
@staticmethod
def load_user(*args, **kwargs):
return User.get_by_id(args[0])
@staticmethod
def get_by_id(user_id):
return users.get(user_id)
@staticmethod @staticmethod
def login_form(): def login_form():
@ -26,6 +40,13 @@ class User(BaseUser):
return render_template('auth/ldap/login.html', form=form) return render_template('auth/ldap/login.html', form=form)
@staticmethod @staticmethod
def auth(*args): def auth(user, password):
login_user(args[0].user, remember=True) password = User.hash_password(password)
user.password = password
users[user.id] = user
if user:
login_user(user, remember=True)
return True return True
else:
return False

View file

@ -12,7 +12,7 @@ def login():
flash('Form invalid', 'warning') flash('Form invalid', 'warning')
return redirect(url_for('auth.login')) return redirect(url_for('auth.login'))
if User.auth(form.user): if User.auth(form.user, request.form['password']):
return redirect(request.args.get("next") or url_for(current_app.config['ROOT_ENDPOINT'])) return redirect(request.args.get("next") or url_for(current_app.config['ROOT_ENDPOINT']))
else: else:
return redirect(url_for('auth.login')) return redirect(url_for('auth.login'))

View file

@ -6,7 +6,6 @@ from ..models import BaseUser
from .forms import LoginForm from .forms import LoginForm
from itsdangerous import URLSafeSerializer, BadSignature from itsdangerous import URLSafeSerializer, BadSignature
from hashlib import sha256 from hashlib import sha256
import bcrypt
@login_manager.token_loader @login_manager.token_loader
@ -88,14 +87,6 @@ class User(Model, BaseUser):
# Password check failed # Password check failed
return False return False
@staticmethod
def hash_password(password):
return bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt(12))
@staticmethod
def check_password(password, hashed):
return bcrypt.hashpw(password.encode('utf-8'), hashed.encode('utf-8')) == hashed
@classmethod @classmethod
def logout(cls): def logout(cls):
logout_user() logout_user()

View file

@ -1,5 +1,5 @@
from flask import current_app from flask import current_app
from flask.ext.login import UserMixin, logout_user, login_user, AnonymousUserMixin from flask.ext.login import UserMixin, logout_user, AnonymousUserMixin
from realms import login_manager from realms import login_manager
from realms.lib.util import gravatar_url from realms.lib.util import gravatar_url
from itsdangerous import URLSafeSerializer, BadSignature from itsdangerous import URLSafeSerializer, BadSignature
@ -83,10 +83,6 @@ class BaseUser(UserMixin):
def signer(salt): def signer(salt):
return URLSafeSerializer(current_app.config['SECRET_KEY'] + salt) return URLSafeSerializer(current_app.config['SECRET_KEY'] + salt)
@staticmethod
def auth(email, password):
raise NotImplementedError
@staticmethod @staticmethod
def hash_password(password): def hash_password(password):
return bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt(12)) return bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt(12))