feature/migrations, closes #19 #20

Merged
crimsen merged 28 commits from feature/migrations into develop 2023-03-02 05:37:11 +00:00
1 changed files with 19 additions and 15 deletions
Showing only changes of commit c5436f22fa - Show all commits

View File

@ -20,34 +20,38 @@ from flaschengeist.plugins import AuthPlugin, before_role_updated
class AuthLDAP(AuthPlugin): class AuthLDAP(AuthPlugin):
def load(self): def load(self):
self.config = config.get("auth_ldap", None)
if self.config is None:
logger.error("auth_ldap was not configured in flaschengeist.toml", exc_info=True)
raise InternalServerError
app.config.update( app.config.update(
LDAP_SERVER=config.get("host", "localhost"), LDAP_SERVER=self.config.get("host", "localhost"),
LDAP_PORT=config.get("port", 389), LDAP_PORT=self.config.get("port", 389),
LDAP_BINDDN=config.get("bind_dn", None), LDAP_BINDDN=self.config.get("bind_dn", None),
LDAP_SECRET=config.get("secret", None), LDAP_SECRET=self.config.get("secret", None),
LDAP_USE_SSL=config.get("use_ssl", False), LDAP_USE_SSL=self.config.get("use_ssl", False),
# That's not TLS, its dirty StartTLS on unencrypted LDAP # That's not TLS, its dirty StartTLS on unencrypted LDAP
LDAP_USE_TLS=False, LDAP_USE_TLS=False,
LDAP_TLS_VERSION=ssl.PROTOCOL_TLS, LDAP_TLS_VERSION=ssl.PROTOCOL_TLS,
FORCE_ATTRIBUTE_VALUE_AS_LIST=True, FORCE_ATTRIBUTE_VALUE_AS_LIST=True,
) )
if "ca_cert" in config: if "ca_cert" in config:
app.config["LDAP_CA_CERTS_FILE"] = config["ca_cert"] app.config["LDAP_CA_CERTS_FILE"] = self.config["ca_cert"]
else: else:
# Default is CERT_REQUIRED # Default is CERT_REQUIRED
app.config["LDAP_REQUIRE_CERT"] = ssl.CERT_OPTIONAL app.config["LDAP_REQUIRE_CERT"] = ssl.CERT_OPTIONAL
self.ldap = LDAPConn(app) self.ldap = LDAPConn(app)
self.base_dn = config["base_dn"] self.base_dn = self.config["base_dn"]
self.search_dn = config.get("search_dn", "ou=people,{base_dn}").format(base_dn=self.base_dn) self.search_dn = self.config.get("search_dn", "ou=people,{base_dn}").format(base_dn=self.base_dn)
self.group_dn = config.get("group_dn", "ou=group,{base_dn}").format(base_dn=self.base_dn) self.group_dn = self.config.get("group_dn", "ou=group,{base_dn}").format(base_dn=self.base_dn)
self.password_hash = config.get("password_hash", "SSHA").upper() self.password_hash = self.config.get("password_hash", "SSHA").upper()
self.object_classes = config.get("object_classes", ["inetOrgPerson"]) self.object_classes = self.config.get("object_classes", ["inetOrgPerson"])
self.user_attributes: dict = config.get("user_attributes", {}) self.user_attributes: dict = self.config.get("user_attributes", {})
self.dn_template = config.get("dn_template") self.dn_template = self.config.get("dn_template")
# TODO: might not be set if modify is called # TODO: might not be set if modify is called
self.root_dn = config.get("root_dn", None) self.root_dn = self.config.get("root_dn", None)
self.root_secret = config.get("root_secret", None) self.root_secret = self.config.get("root_secret", None)
@before_role_updated @before_role_updated
def _role_updated(role, new_name): def _role_updated(role, new_name):