ldap second pass, working state

This commit is contained in:
Matthew Scragg 2015-10-15 15:55:38 -05:00
parent 838eb3cb06
commit e9709b6c8f
6 changed files with 37 additions and 28 deletions

View file

@ -110,6 +110,10 @@ class Assets(Environment):
return super(Assets, self).register(name, Bundle(*args, filters=filters, output=output))
class MyLDAPLoginManager(LDAPLoginManager):
@property
def attrlist(self):
return None
class RegexConverter(BaseConverter):
""" Enables Regex matching on endpoints
@ -204,7 +208,7 @@ db = SQLAlchemy()
cache = Cache()
assets = Assets()
search = Search()
ldap = LDAPLoginManager()
ldap = MyLDAPLoginManager()
assets.register('main.js',
'vendor/jquery/dist/jquery.js',

View file

@ -1,4 +1 @@
from flask_ldap_login import LDAPLoginManager
ldap_mgr = LDAPLoginManager()

View file

@ -1,24 +1,38 @@
from flask import current_app, render_template
from flask import render_template
from flask.ext.login import login_user
from realms import ldap
from flask_ldap_login import LDAPLoginForm
from ..models import BaseUser
import bcrypt
users = {}
@ldap.save_user
def save_user(username, userdata):
users[username] = User(username, userdata)
return users[username]
user = User(userdata.get('username'), userdata.get('email'))
users[user.id] = user
return user
class User(BaseUser):
type = 'ldap'
def __init__(self, username, data):
def __init__(self, username, email='null@localhost.local', password=None):
self.id = username
self.username = username
self.data = data
self.email = email
self.password = password
@property
def auth_token_id(self):
return self.password
@staticmethod
def load_user(*args, **kwargs):
return User.get_by_id(args[0])
@staticmethod
def get_by_id(user_id):
return users.get(user_id)
@staticmethod
def login_form():
@ -26,6 +40,13 @@ class User(BaseUser):
return render_template('auth/ldap/login.html', form=form)
@staticmethod
def auth(*args):
login_user(args[0].user, remember=True)
return True
def auth(user, password):
password = User.hash_password(password)
user.password = password
users[user.id] = user
if user:
login_user(user, remember=True)
return True
else:
return False

View file

@ -12,7 +12,7 @@ def login():
flash('Form invalid', 'warning')
return redirect(url_for('auth.login'))
if User.auth(form.user):
if User.auth(form.user, request.form['password']):
return redirect(request.args.get("next") or url_for(current_app.config['ROOT_ENDPOINT']))
else:
return redirect(url_for('auth.login'))

View file

@ -6,7 +6,6 @@ from ..models import BaseUser
from .forms import LoginForm
from itsdangerous import URLSafeSerializer, BadSignature
from hashlib import sha256
import bcrypt
@login_manager.token_loader
@ -88,14 +87,6 @@ class User(Model, BaseUser):
# Password check failed
return False
@staticmethod
def hash_password(password):
return bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt(12))
@staticmethod
def check_password(password, hashed):
return bcrypt.hashpw(password.encode('utf-8'), hashed.encode('utf-8')) == hashed
@classmethod
def logout(cls):
logout_user()

View file

@ -1,5 +1,5 @@
from flask import current_app
from flask.ext.login import UserMixin, logout_user, login_user, AnonymousUserMixin
from flask.ext.login import UserMixin, logout_user, AnonymousUserMixin
from realms import login_manager
from realms.lib.util import gravatar_url
from itsdangerous import URLSafeSerializer, BadSignature
@ -83,10 +83,6 @@ class BaseUser(UserMixin):
def signer(salt):
return URLSafeSerializer(current_app.config['SECRET_KEY'] + salt)
@staticmethod
def auth(email, password):
raise NotImplementedError
@staticmethod
def hash_password(password):
return bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt(12))