From 68512a9851226c2bd70db47a04f9470b92478056 Mon Sep 17 00:00:00 2001 From: Ferdinand Thiessen Date: Tue, 19 Jan 2021 03:29:26 +0100 Subject: [PATCH] [Plugin] auth_ldap: Implemented find_user * Search for user inside of auth backend --- flaschengeist/plugins/__init__.py | 10 +++++ flaschengeist/plugins/auth_ldap/__init__.py | 50 ++++++++++++++------- 2 files changed, 44 insertions(+), 16 deletions(-) diff --git a/flaschengeist/plugins/__init__.py b/flaschengeist/plugins/__init__.py index a61e7f3..2aa8234 100644 --- a/flaschengeist/plugins/__init__.py +++ b/flaschengeist/plugins/__init__.py @@ -72,6 +72,16 @@ class AuthPlugin(Plugin): """ pass + def find_user(self, userid, mail=None): + """Find an user by userid or mail + Args: + userid: Userid to search + mail: If set, mail to search + Returns: + None or User + """ + return None + def modify_user(self, user, password, new_password=None): """If backend is using (writeable) external data, then update the external database with the user provided. User might have roles not existing on the external database, so you might have to create those. diff --git a/flaschengeist/plugins/auth_ldap/__init__.py b/flaschengeist/plugins/auth_ldap/__init__.py index 541bac9..f666397 100644 --- a/flaschengeist/plugins/auth_ldap/__init__.py +++ b/flaschengeist/plugins/auth_ldap/__init__.py @@ -52,23 +52,16 @@ class AuthLDAP(AuthPlugin): return False return self.ldap.authenticate(user.userid, password, "uid", self.dn) + def find_user(self, userid, mail=None): + attr = self.__find(userid, mail) + if attr: + user = User(userid=attr["uid"][0]) + self.__update(user, attr) + return user + def update_user(self, user): - self.ldap.connection.search( - "ou=user,{}".format(self.dn), - "(uid={})".format(user.userid), - SUBTREE, - attributes=["uid", "givenName", "sn", "mail"], - ) - r = self.ldap.connection.response[0]["attributes"] - if r["uid"][0] == user.userid: - user.set_attribute("DN", self.ldap.connection.response[0]["dn"]) - user.firstname = r["givenName"][0] - user.lastname = r["sn"][0] - if r["mail"]: - user.mail = r["mail"][0] - if "displayName" in r: - user.display_name = r["displayName"][0] - userController.set_roles(user, self._get_groups(user.userid), create=True) + attr = self.__find(user.userid) + self.__update(user, attr) def create_user(self, user, password): if self.admin_dn is None: @@ -182,6 +175,31 @@ class AuthLDAP(AuthPlugin): ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret) ldap_conn.modify(dn, {"jpegPhoto": [(MODIFY_REPLACE, [avatar.binary])]}) + def __find(self, userid, mail=None): + """Find attributes of an user by uid or mail in LDAP""" + con = self.ldap.connection + if not con: + con = self.ldap.connect(self.admin_dn, self.admin_secret) + con.search( + f"ou=user,{self.dn}", + f"(| (uid={userid})(mail={mail}))" if mail else f"(uid={userid})", + SUBTREE, + attributes=["uid", "givenName", "sn", "mail"], + ) + return con.response[0]["attributes"] + + def __update(self, user, attr): + """Update an User object with LDAP attributes""" + if attr["uid"][0] == user.userid: + user.set_attribute("DN", self.ldap.connection.response[0]["dn"]) + user.firstname = attr["givenName"][0] + user.lastname = attr["sn"][0] + if attr["mail"]: + user.mail = attr["mail"][0] + if "displayName" in attr: + user.display_name = attr["displayName"][0] + userController.set_roles(user, self._get_groups(user.userid), create=True) + def __modify_role( self, role: Role,