[Plugin] auth_ldap: Implemented find_user

* Search for user inside of auth backend

flaschengeist/plugins/__init__.py

@@ -72,6 +72,16 @@ class AuthPlugin(Plugin):
         """
         pass
 
+    def find_user(self, userid, mail=None):
+        """Find an user by userid or mail
+        Args:
+            userid: Userid to search
+            mail: If set, mail to search
+        Returns:
+            None or User
+        """
+        return None
+
     def modify_user(self, user, password, new_password=None):
         """If backend is using (writeable) external data, then update the external database with the user provided.
         User might have roles not existing on the external database, so you might have to create those.

flaschengeist/plugins/auth_ldap/__init__.py

@@ -52,23 +52,16 @@ class AuthLDAP(AuthPlugin):
             return False
         return self.ldap.authenticate(user.userid, password, "uid", self.dn)
 
+    def find_user(self, userid, mail=None):
+        attr = self.__find(userid, mail)
+        if attr:
+            user = User(userid=attr["uid"][0])
+            self.__update(user, attr)
+            return user
+
     def update_user(self, user):
-        self.ldap.connection.search(
-            "ou=user,{}".format(self.dn),
-            "(uid={})".format(user.userid),
-            SUBTREE,
-            attributes=["uid", "givenName", "sn", "mail"],
-        )
-        r = self.ldap.connection.response[0]["attributes"]
-        if r["uid"][0] == user.userid:
-            user.set_attribute("DN", self.ldap.connection.response[0]["dn"])
-            user.firstname = r["givenName"][0]
-            user.lastname = r["sn"][0]
-            if r["mail"]:
-                user.mail = r["mail"][0]
-            if "displayName" in r:
-                user.display_name = r["displayName"][0]
-            userController.set_roles(user, self._get_groups(user.userid), create=True)
+        attr = self.__find(user.userid)
+        self.__update(user, attr)
 
     def create_user(self, user, password):
         if self.admin_dn is None:
@@ -182,6 +175,31 @@ class AuthLDAP(AuthPlugin):
         ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
         ldap_conn.modify(dn, {"jpegPhoto": [(MODIFY_REPLACE, [avatar.binary])]})
 
+    def __find(self, userid, mail=None):
+        """Find attributes of an user by uid or mail in LDAP"""
+        con = self.ldap.connection
+        if not con:
+            con = self.ldap.connect(self.admin_dn, self.admin_secret)
+        con.search(
+            f"ou=user,{self.dn}",
+            f"(| (uid={userid})(mail={mail}))" if mail else f"(uid={userid})",
+            SUBTREE,
+            attributes=["uid", "givenName", "sn", "mail"],
+        )
+        return con.response[0]["attributes"]
+
+    def __update(self, user, attr):
+        """Update an User object with LDAP attributes"""
+        if attr["uid"][0] == user.userid:
+            user.set_attribute("DN", self.ldap.connection.response[0]["dn"])
+            user.firstname = attr["givenName"][0]
+            user.lastname = attr["sn"][0]
+            if attr["mail"]:
+                user.mail = attr["mail"][0]
+            if "displayName" in attr:
+                user.display_name = attr["displayName"][0]
+            userController.set_roles(user, self._get_groups(user.userid), create=True)
+
     def __modify_role(
         self,
         role: Role,