From 7f6ff3f001451f71c95bb85e15743144b236156c Mon Sep 17 00:00:00 2001 From: Ferdinand Thiessen Date: Fri, 4 Sep 2020 01:01:00 +0200 Subject: [PATCH] Added first version of 'users' module, fixed LDAP --- flaschengeist/modules/auth_ldap/__init__.py | 19 +++--- flaschengeist/modules/registration_route.py | 15 ----- flaschengeist/modules/users/__init__.py | 66 +++++++++++++++++++ flaschengeist/system/config.py | 11 ++-- .../system/controller/userController.py | 9 ++- setup.py | 1 + 6 files changed, 92 insertions(+), 29 deletions(-) delete mode 100644 flaschengeist/modules/registration_route.py create mode 100644 flaschengeist/modules/users/__init__.py diff --git a/flaschengeist/modules/auth_ldap/__init__.py b/flaschengeist/modules/auth_ldap/__init__.py index cc3aa4a..8668975 100644 --- a/flaschengeist/modules/auth_ldap/__init__.py +++ b/flaschengeist/modules/auth_ldap/__init__.py @@ -9,6 +9,7 @@ from ldap3 import SUBTREE, MODIFY_REPLACE, HASHED_SALTED_SHA512 import ssl from flaschengeist.system.models.user import User +from flaschengeist import logger class AuthLDAP(modules.Auth): @@ -81,16 +82,18 @@ class AuthLDAP(modules.Auth): def modify_user(self, user: User, password, new_password=None): try: - ldap_conn = self.ldap.connect(user.uid, password) - modifier = {'givenName': [(MODIFY_REPLACE, [user.firstname])], - 'sn': [(MODIFY_REPLACE, [user.lastname])], - 'mail': [(MODIFY_REPLACE, [user.mail])], - 'displayName': [(MODIFY_REPLACE, [user.display_name])], - } + dn = user.attributes['DN'].value + ldap_conn = self.ldap.connect(dn, password) + modifier = {} + for name, ldap_name in [("firstname", "givenName"), + ("lastname", "sn"), + ("mail", "mail"), + ("display_name", "displayName")]: + if getattr(user, name): + modifier[ldap_name] = [(MODIFY_REPLACE, [getattr(user, name)])] if new_password: salted_password = hashed(HASHED_SALTED_SHA512, new_password) modifier['userPassword'] = [(MODIFY_REPLACE, [salted_password])] - ldap_conn.modify(user.dn, modifier) - + ldap_conn.modify(dn, modifier) except (LDAPPasswordIsMandatoryError, LDAPBindError): raise BadRequest diff --git a/flaschengeist/modules/registration_route.py b/flaschengeist/modules/registration_route.py deleted file mode 100644 index 8a4bed1..0000000 --- a/flaschengeist/modules/registration_route.py +++ /dev/null @@ -1,15 +0,0 @@ -from flask import Blueprint, request, jsonify -import geruecht.controller.mainController as mc -from geruecht.logger import getDebugLogger - -registration = Blueprint("registration", __name__) - -mainController = mc.MainController() - -debug = getDebugLogger() - -@registration.route("/registration", methods=['PUT']) -def __registration(): - data = request.get_json() - mainController.setNewRegistration(data) - return jsonify({"ok":"ok"}) \ No newline at end of file diff --git a/flaschengeist/modules/users/__init__.py b/flaschengeist/modules/users/__init__.py new file mode 100644 index 0000000..9cf2863 --- /dev/null +++ b/flaschengeist/modules/users/__init__.py @@ -0,0 +1,66 @@ +from flask import Blueprint, request, jsonify +from werkzeug.exceptions import NotFound, BadRequest + +from flaschengeist import logger +from flaschengeist.system.decorator import login_required +from flaschengeist.system.controller import userController + +users_bp = Blueprint("users", __name__) + + +def register(): + return users_bp + +################################################# +# Routes # +# # +# /users POST: register new # +# GET: get all users # +# /users/ GET: get user with uid # +# PUT: modify user # +# DELETE: remove user # +################################################# + + +@users_bp.route("/users", methods=['POST']) +def __registration(): + logger.debug("Register new User...") + return jsonify({"ok": "ok... well not implemented"}) + + +@users_bp.route("/users", methods=['GET']) +@login_required() +def __list_users(**kwargs): + logger.debug("Retrieve list of all users") + users = userController.get_users() + return jsonify(users) + + +@users_bp.route("/users/", methods=['GET']) +@login_required() +def __get_user(uid, **kwargs): + logger.debug("Get information of user {{ {} }}".format(uid)) + user = userController.get_user(uid) + if user: + return jsonify(user) + raise NotFound + + +@users_bp.route("/users/", methods=['PUT']) +@login_required()#roles=['edit_users']) +def __edit_user(uid, **kwargs): + logger.debug("Modify information of user {{ {} }}".format(uid)) + user = userController.get_user(uid) + if not user: + raise NotFound + + data = request.get_json() + if 'password' not in data: + raise BadRequest("Password is missing") + for key in ["firstname", "lastname", "display_name", "mail"]: + if key in data: + setattr(user, key, data[key]) + new_password = data['new_password'] if 'new_password' in data else None + userController.modify_user(user, data['password'], new_password) + userController.update_user(user) + return jsonify({"ok": "ok"}) diff --git a/flaschengeist/system/config.py b/flaschengeist/system/config.py index b9833ae..658e051 100644 --- a/flaschengeist/system/config.py +++ b/flaschengeist/system/config.py @@ -26,6 +26,9 @@ for loc in paths: config.read_dict({ 'auth': { 'enabled': True + }, + 'users': { + 'enabled': True } }) @@ -36,10 +39,10 @@ def configure_app(app): app.config['SECRET_KEY'] = config.get('FLASCHENGEIST', 'SECRET_KEY', fallback='0a657b97ef546da90b2db91862ad4e29') app.config['SQLALCHEMY_DATABASE_URI'] = 'mysql://{user}:{passwd}@{host}/{database}'.format( - user=config['DATABASE']['user'], - passwd=config['DATABASE']['passwd'], - host=config['DATABASE']['host'], - database=config['DATABASE']['database'] + user=config['DATABASE']['USER'], + passwd=config['DATABASE']['PASSWORD'], + host=config['DATABASE']['HOST'], + database=config['DATABASE']['DATABASE'] ) app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False diff --git a/flaschengeist/system/controller/userController.py b/flaschengeist/system/controller/userController.py index 79a2e47..d0433bd 100644 --- a/flaschengeist/system/controller/userController.py +++ b/flaschengeist/system/controller/userController.py @@ -12,9 +12,14 @@ def login_user(username, password): user = User(uid=username) db.session.add(user) if current_app.config['FG_AUTH_BACKEND'].login(user, password): - current_app.config['FG_AUTH_BACKEND'].update_user(user) - db.session.commit() + update_user(user) return user + return None + + +def update_user(user): + current_app.config['FG_AUTH_BACKEND'].update_user(user) + db.session.commit() def modify_user(user, password, new_password=None): diff --git a/setup.py b/setup.py index 64094f9..7f2e559 100644 --- a/setup.py +++ b/setup.py @@ -21,6 +21,7 @@ setup( entry_points={ 'flaschengeist.plugin': [ 'auth = flaschengeist.modules.auth:register', + 'users = flaschengeist.modules.users:register', 'schedule = flaschengeist.modules.schedule:register' ], 'flaschengeist.auth': [