From 7f6ff3f001451f71c95bb85e15743144b236156c Mon Sep 17 00:00:00 2001
From: Ferdinand Thiessen <rpm@fthiessen.de>
Date: Fri, 4 Sep 2020 01:01:00 +0200
Subject: [PATCH] Added first version of 'users' module, fixed LDAP

---
 flaschengeist/modules/auth_ldap/__init__.py   | 19 +++---
 flaschengeist/modules/registration_route.py   | 15 -----
 flaschengeist/modules/users/__init__.py       | 66 +++++++++++++++++++
 flaschengeist/system/config.py                | 11 ++--
 .../system/controller/userController.py       |  9 ++-
 setup.py                                      |  1 +
 6 files changed, 92 insertions(+), 29 deletions(-)
 delete mode 100644 flaschengeist/modules/registration_route.py
 create mode 100644 flaschengeist/modules/users/__init__.py

diff --git a/flaschengeist/modules/auth_ldap/__init__.py b/flaschengeist/modules/auth_ldap/__init__.py
index cc3aa4a..8668975 100644
--- a/flaschengeist/modules/auth_ldap/__init__.py
+++ b/flaschengeist/modules/auth_ldap/__init__.py
@@ -9,6 +9,7 @@ from ldap3 import SUBTREE, MODIFY_REPLACE, HASHED_SALTED_SHA512
 import ssl
 
 from flaschengeist.system.models.user import User
+from flaschengeist import logger
 
 
 class AuthLDAP(modules.Auth):
@@ -81,16 +82,18 @@ class AuthLDAP(modules.Auth):
 
     def modify_user(self, user: User, password, new_password=None):
         try:
-            ldap_conn = self.ldap.connect(user.uid, password)
-            modifier = {'givenName': [(MODIFY_REPLACE, [user.firstname])],
-                        'sn': [(MODIFY_REPLACE, [user.lastname])],
-                        'mail': [(MODIFY_REPLACE, [user.mail])],
-                        'displayName': [(MODIFY_REPLACE, [user.display_name])],
-                        }
+            dn = user.attributes['DN'].value
+            ldap_conn = self.ldap.connect(dn, password)
+            modifier = {}
+            for name, ldap_name in [("firstname", "givenName"),
+                                    ("lastname", "sn"),
+                                    ("mail", "mail"),
+                                    ("display_name", "displayName")]:
+                if getattr(user, name):
+                    modifier[ldap_name] = [(MODIFY_REPLACE, [getattr(user, name)])]
             if new_password:
                 salted_password = hashed(HASHED_SALTED_SHA512, new_password)
                 modifier['userPassword'] = [(MODIFY_REPLACE, [salted_password])]
-            ldap_conn.modify(user.dn, modifier)
-
+            ldap_conn.modify(dn, modifier)
         except (LDAPPasswordIsMandatoryError, LDAPBindError):
             raise BadRequest
diff --git a/flaschengeist/modules/registration_route.py b/flaschengeist/modules/registration_route.py
deleted file mode 100644
index 8a4bed1..0000000
--- a/flaschengeist/modules/registration_route.py
+++ /dev/null
@@ -1,15 +0,0 @@
-from flask import Blueprint, request, jsonify
-import geruecht.controller.mainController as mc
-from geruecht.logger import getDebugLogger
-
-registration = Blueprint("registration", __name__)
-
-mainController = mc.MainController()
-
-debug = getDebugLogger()
-
-@registration.route("/registration", methods=['PUT'])
-def __registration():
-    data = request.get_json()
-    mainController.setNewRegistration(data)
-    return jsonify({"ok":"ok"})
\ No newline at end of file
diff --git a/flaschengeist/modules/users/__init__.py b/flaschengeist/modules/users/__init__.py
new file mode 100644
index 0000000..9cf2863
--- /dev/null
+++ b/flaschengeist/modules/users/__init__.py
@@ -0,0 +1,66 @@
+from flask import Blueprint, request, jsonify
+from werkzeug.exceptions import NotFound, BadRequest
+
+from flaschengeist import logger
+from flaschengeist.system.decorator import login_required
+from flaschengeist.system.controller import userController
+
+users_bp = Blueprint("users", __name__)
+
+
+def register():
+    return users_bp
+
+#################################################
+#                     Routes                    #
+#                                               #
+# /users          POST: register new            #
+#                  GET: get all users           #
+# /users/<uid>     GET: get user with uid       #
+#                  PUT: modify user             #
+#               DELETE: remove user             #
+#################################################
+
+
+@users_bp.route("/users", methods=['POST'])
+def __registration():
+    logger.debug("Register new User...")
+    return jsonify({"ok": "ok... well not implemented"})
+
+
+@users_bp.route("/users", methods=['GET'])
+@login_required()
+def __list_users(**kwargs):
+    logger.debug("Retrieve list of all users")
+    users = userController.get_users()
+    return jsonify(users)
+
+
+@users_bp.route("/users/<uid>", methods=['GET'])
+@login_required()
+def __get_user(uid, **kwargs):
+    logger.debug("Get information of user {{ {} }}".format(uid))
+    user = userController.get_user(uid)
+    if user:
+        return jsonify(user)
+    raise NotFound
+
+
+@users_bp.route("/users/<uid>", methods=['PUT'])
+@login_required()#roles=['edit_users'])
+def __edit_user(uid, **kwargs):
+    logger.debug("Modify information of user {{ {} }}".format(uid))
+    user = userController.get_user(uid)
+    if not user:
+        raise NotFound
+
+    data = request.get_json()
+    if 'password' not in data:
+        raise BadRequest("Password is missing")
+    for key in ["firstname", "lastname", "display_name", "mail"]:
+        if key in data:
+            setattr(user, key, data[key])
+    new_password = data['new_password'] if 'new_password' in data else None
+    userController.modify_user(user, data['password'], new_password)
+    userController.update_user(user)
+    return jsonify({"ok": "ok"})
diff --git a/flaschengeist/system/config.py b/flaschengeist/system/config.py
index b9833ae..658e051 100644
--- a/flaschengeist/system/config.py
+++ b/flaschengeist/system/config.py
@@ -26,6 +26,9 @@ for loc in paths:
 config.read_dict({
     'auth': {
         'enabled': True
+    },
+    'users': {
+        'enabled': True
     }
 })
 
@@ -36,10 +39,10 @@ def configure_app(app):
     app.config['SECRET_KEY'] = config.get('FLASCHENGEIST', 'SECRET_KEY', fallback='0a657b97ef546da90b2db91862ad4e29')
 
     app.config['SQLALCHEMY_DATABASE_URI'] = 'mysql://{user}:{passwd}@{host}/{database}'.format(
-        user=config['DATABASE']['user'],
-        passwd=config['DATABASE']['passwd'],
-        host=config['DATABASE']['host'],
-        database=config['DATABASE']['database']
+        user=config['DATABASE']['USER'],
+        passwd=config['DATABASE']['PASSWORD'],
+        host=config['DATABASE']['HOST'],
+        database=config['DATABASE']['DATABASE']
     )
     app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
 
diff --git a/flaschengeist/system/controller/userController.py b/flaschengeist/system/controller/userController.py
index 79a2e47..d0433bd 100644
--- a/flaschengeist/system/controller/userController.py
+++ b/flaschengeist/system/controller/userController.py
@@ -12,9 +12,14 @@ def login_user(username, password):
         user = User(uid=username)
         db.session.add(user)
     if current_app.config['FG_AUTH_BACKEND'].login(user, password):
-        current_app.config['FG_AUTH_BACKEND'].update_user(user)
-        db.session.commit()
+        update_user(user)
         return user
+    return None
+
+
+def update_user(user):
+    current_app.config['FG_AUTH_BACKEND'].update_user(user)
+    db.session.commit()
 
 
 def modify_user(user, password, new_password=None):
diff --git a/setup.py b/setup.py
index 64094f9..7f2e559 100644
--- a/setup.py
+++ b/setup.py
@@ -21,6 +21,7 @@ setup(
     entry_points={
         'flaschengeist.plugin': [
             'auth = flaschengeist.modules.auth:register',
+            'users = flaschengeist.modules.users:register',
             'schedule = flaschengeist.modules.schedule:register'
         ],
         'flaschengeist.auth': [