Flaschengeist/flaschengeist
Flaschengeist
/
flaschengeist
7
0
Fork 0
Code Issues 20 Pull Requests Packages Projects Releases 2 Wiki Activity

added flask ldapconn, fixed bug in login

This commit is contained in:
Tim Gröger 2020-01-21 06:54:35 +01:00
parent f7d3b17680
commit 59a6440c31
4 changed files with 72 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
geruecht/__init__.py
View File

@ -7,6 +7,7 @@
from .logger import getLogger from .logger import getLogger
from geruecht.controller import dbConfig from geruecht.controller import dbConfig
from flask_mysqldb import MySQL from flask_mysqldb import MySQL
from flask_ldapconn import LDAPConn
LOGGER = getLogger(__name__) LOGGER = getLogger(__name__)
LOGGER.info("Initialize App") LOGGER.info("Initialize App")
@ -23,6 +24,13 @@ app.config['MYSQL_USER'] = dbConfig['user']
app.config['MYSQL_PASSWORD'] = dbConfig['passwd'] app.config['MYSQL_PASSWORD'] = dbConfig['passwd']
app.config['MYSQL_DB'] = dbConfig['database'] app.config['MYSQL_DB'] = dbConfig['database']
app.config['MYSQL_CURSORCLASS'] = 'DictCursor' app.config['MYSQL_CURSORCLASS'] = 'DictCursor'
app.config['LDAP_SERVER'] = '192.168.5.128'
app.config['LDAP_PORT'] = 389
app.config['LDAP_BINDDN'] = 'dc=ldap,dc=example,dc=local'
app.config['LDAP_USE_TLS'] = False
app.config['FORCE_ATTRIBUTE_VALUE_AS_LIST'] = True
ldap = LDAPConn(app)
db = MySQL(app) db = MySQL(app)
from geruecht import routes from geruecht import routes

123
geruecht/controller/ldapController.py
View File

@ -1,72 +1,68 @@
import ldap from geruecht import ldap
from ldap3 import SUBTREE, Connection
from geruecht.model import MONEY, USER, GASTRO, BAR from geruecht.model import MONEY, USER, GASTRO, BAR
from geruecht.exceptions import PermissionDenied from geruecht.exceptions import PermissionDenied
from . import Singleton from . import Singleton
import traceback
class LDAPController(metaclass=Singleton): class LDAPController(metaclass=Singleton):
''' '''
Authentification over LDAP. Create Account on-the-fly Authentification over LDAP. Create Account on-the-fly
''' '''
def __init__(self, url="ldap://192.168.5.108", dn='dc=ldap,dc=example,dc=local'): def __init__(self, dn='dc=ldap,dc=example,dc=local'):
self.url = url
self.dn = dn self.dn = dn
self.connect() self.ldap = ldap
def connect(self):
try:
self.client = ldap.initialize(self.url, bytes_mode=False)
except Exception as err:
raise err
def login(self, username, password): def login(self, username, password):
self.connect()
try: try:
cn = self.client.search_s("ou=user,{}".format(self.dn), ldap.SCOPE_SUBTREE, 'uid={}'.format(username),['cn'])[0][1]['cn'][0].decode('utf-8') retVal = self.ldap.authenticate(username, password, 'uid', self.dn)
self.client.bind_s("cn={},ou=user,{}".format(cn, self.dn), password) if not retVal:
self.client.unbind_s() raise PermissionDenied("Invalid Password or Username")
except: except Exception as err:
self.client.unbind_s() traceback.print_exception(err)
raise PermissionDenied("Invalid Password or Username") raise PermissionDenied("Wrong username or password.")
def getUserData(self, username): def getUserData(self, username):
try: try:
self.connect() self.ldap.connection.search('ou=user,{}'.format(self.dn), '(uid={})'.format(username), SUBTREE, attributes=['uid', 'givenName', 'sn', 'mail'])
search_data = self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'uid={}'.format(username), ['uid', 'givenName', 'sn', 'mail']) user = self.ldap.connection.response[0]['attributes']
retVal = search_data[0][1] retVal = {
for k,v in retVal.items(): 'dn': self.ldap.connection.response[0]['dn'],
retVal[k] = v[0].decode('utf-8') 'firstname': user['givenName'][0],
retVal['dn'] = self.dn 'lastname': user['sn'][0],
retVal['firstname'] = retVal['givenName'] 'uid': username
retVal['lastname'] = retVal['sn'] }
return retVal return retVal
except: except:
raise PermissionDenied("No User exists with this uid.") raise PermissionDenied("No User exists with this uid.")
def getGroup(self, username): def getGroup(self, username):
retVal = [] try:
self.connect() retVal = []
main_group_data = self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'uid={}'.format(username), ['gidNumber']) self.ldap.connection.search('ou=user,{}'.format(self.dn), '(uid={})'.format(username), SUBTREE, attributes=['gidNumber'])
if main_group_data: main_group_number = self.ldap.connection.response[0]['attributes']['gidNumber']
main_group_number = main_group_data[0][1]['gidNumber'][0].decode('utf-8') if main_group_number:
group_data = self.client.search_s('ou=group,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'gidNumber={}'.format(main_group_number), ['cn']) group_data = self.ldap.connection.search('ou=group,{}'.format(self.dn), '(gidNumber={})'.format(main_group_number), attributes=['cn'])
if group_data: group_name = self.ldap.connection.response[0]['attributes']['cn'][0]
group_name = group_data[0][1]['cn'][0].decode('utf-8')
if group_name == 'ldap-user': if group_name == 'ldap-user':
retVal.append(USER) retVal.append(USER)
groups_data = self.client.search_s('ou=group,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'memberUID={}'.format(username), ['cn']) self.ldap.connection.search('ou=group,{}'.format(self.dn), '(memberUID={})'.format(username), SUBTREE, attributes=['cn'])
for data in groups_data: groups_data = self.ldap.connection.response
print(data[1]['cn'][0].decode('utf-8')) for data in groups_data:
group_name = data[1]['cn'][0].decode('utf-8') group_name = data['attributes']['cn'][0]
if group_name == 'finanzer': if group_name == 'finanzer':
retVal.append(MONEY) retVal.append(MONEY)
elif group_name == 'gastro': elif group_name == 'gastro':
retVal.append(GASTRO) retVal.append(GASTRO)
elif group_name == 'bar': elif group_name == 'bar':
retVal.append(BAR) retVal.append(BAR)
return retVal return retVal
except Exception as err:
traceback.print_exception(err)
def __isUserInList(self, list, username): def __isUserInList(self, list, username):
help_list = [] help_list = []
@ -77,19 +73,19 @@ class LDAPController(metaclass=Singleton):
return False return False
def getAllUser(self): def getAllUser(self):
self.connect()
retVal = [] retVal = []
data = self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, attrlist=['uid', 'givenName', 'sn', 'mail']) self.ldap.connection.search()
self.ldap.connection.search('ou=user,{}'.format(self.dn), '(uid=*)', SUBTREE, attributes=['uid', 'givenName', 'sn', 'mail'])
data = self.ldap.connection.response
for user in data: for user in data:
if 'uid' in user[1]: if 'uid' in user['attributes']:
username = user[1]['uid'][0].decode('utf-8') username = user['attributes']['uid'][0]
firstname = user[1]['givenName'][0].decode('utf-8') firstname = user['attributes']['givenName'][0]
lastname = user[1]['sn'][0].decode('utf-8') lastname = user['attributes']['sn'][0]
retVal.append({'username': username, 'firstname': firstname, 'lastname': lastname}) retVal.append({'username': username, 'firstname': firstname, 'lastname': lastname})
return retVal return retVal
def searchUser(self, searchString): def searchUser(self, searchString):
self.connect()
name = searchString.split(" ") name = searchString.split(" ")
@ -103,25 +99,28 @@ class LDAPController(metaclass=Singleton):
if len(name) == 1: if len(name) == 1:
if name[0] == "**": if name[0] == "**":
name_result.append(self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, self.ldap.connection.search('ou=user,{}'.format(self.dn), '(uid=*)', SUBTREE,
attrlist=['uid', 'givenName', 'sn'])) attributes=['uid', 'givenName', 'sn'])
name_result.append(self.ldap.connection.response)
else: else:
name_result.append(self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'givenName={}'.format(name[0]), ['uid', 'givenName', 'sn', 'mail'])) self.ldap.connection.search('ou=user,{}'.format(self.dn), '(givenName={})'.format(name[0]), SUBTREE, attributes=['uid', 'givenName', 'sn', 'mail'])
name_result.append(self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'sn={}'.format(name[0]),['uid', 'givenName', 'sn'], 'mail')) name_result.append(self.ldap.connection.response)
self.ldap.connection.search('ou=user,{}'.format(self.dn), '(sn={})'.format(name[0]), SUBTREE, attributes=['uid', 'givenName', 'sn', 'mail'])
name_result.append(self.ldap.connection.response)
else: else:
name_result.append(self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, self.ldap.connection.search('ou=user,{}'.format(self.dn), '(givenName={})'.format(name[1]), SUBTREE, attributes=['uid', 'givenName', 'sn'])
'givenName={}'.format(name[1]), ['uid', 'givenName', 'sn'])) name_result.append(self.ldap.connection.response)
name_result.append(self.client.search_s('ou=user,{}'.format(self.dn), ldap.SCOPE_SUBTREE, 'sn={}'.format(name[1]), self.ldap.connection.search('ou=user,{}'.format(self.dn), '(sn={})'.format(name[1]), SUBTREE, attributes=['uid', 'givenName', 'sn', 'mail'])
['uid', 'givenName', 'sn', 'mail'])) name_result.append(self.ldap.connection.response)
retVal = [] retVal = []
for names in name_result: for names in name_result:
for user in names: for user in names:
if 'uid' in user[1]: if 'uid' in user['attributes']:
username = user[1]['uid'][0].decode('utf-8') username = user['attributes']['uid'][0]
if not self.__isUserInList(retVal, username): if not self.__isUserInList(retVal, username):
firstname = user[1]['givenName'][0].decode('utf-8') firstname = user['attributes']['givenName'][0]
lastname = user[1]['sn'][0].decode('utf-8') lastname = user['attributes']['sn'][0]
retVal.append({'username': username, 'firstname': firstname, 'lastname': lastname}) retVal.append({'username': username, 'firstname': firstname, 'lastname': lastname})
return retVal return retVal

2
geruecht/controller/userController.py
View File

@ -7,7 +7,7 @@ from geruecht.exceptions import PermissionDenied
from datetime import datetime, timedelta from datetime import datetime, timedelta
db = dc.DatabaseController() db = dc.DatabaseController()
ldap = lc.LDAPController(ldapConfig['URL'], ldapConfig['dn']) ldap = lc.LDAPController(ldapConfig['dn'])
emailController = ec.EmailController(mailConfig['URL'], mailConfig['user'], mailConfig['passwd'], mailConfig['port'], mailConfig['email']) emailController = ec.EmailController(mailConfig['URL'], mailConfig['user'], mailConfig['passwd'], mailConfig['port'], mailConfig['email'])
class UserController(metaclass=Singleton): class UserController(metaclass=Singleton):

2
geruecht/routes.py
View File

@ -58,5 +58,7 @@ def _login():
return jsonify(dic) return jsonify(dic)
except PermissionDenied as err: except PermissionDenied as err:
return jsonify({"error": str(err)}), 401 return jsonify({"error": str(err)}), 401
except Exception:
return jsonify({"error": "permission denied"}), 401
LOGGER.info("User {} does not exist.".format(username)) LOGGER.info("User {} does not exist.".format(username))
return jsonify({"error": "wrong username"}), 401 return jsonify({"error": "wrong username"}), 401