diff --git a/app/models/users.py b/app/models/users.py index 3bf51c3..1809b0b 100644 --- a/app/models/users.py +++ b/app/models/users.py @@ -109,7 +109,7 @@ class Member(User): self.name = name self.norm = unicode_names.normalize(name) self.email = email - if not app.config.USE_LDAP: + if not V5Config.USE_LDAP: self.set_password(password) # Workflow with LDAP enabled is User → Postgresql → LDAP → set password self.xp = 0 @@ -169,7 +169,7 @@ class Member(User): # Beware of LDAP injections if "email" in data: self.email = data["email"] - if app.config.USE_LDAP: + if V5Config.USE_LDAP: ldap.set_email(self.norm, self.email) if "password" in data: self.set_password(data["password"]) @@ -209,7 +209,7 @@ class Member(User): Set the user's password. Check whether the request sender has the right to do this! """ - if app.config.USE_LDAP: + if V5Config.USE_LDAP: ldap.set_password(self, password) else: self.password_hash = werkzeug.security.generate_password_hash( @@ -217,7 +217,7 @@ class Member(User): def check_password(self, password): """Compares password against member hash.""" - if app.config.USE_LDAP: + if V5Config.USE_LDAP: return ldap.check_password(self, password) else: return werkzeug.security.check_password_hash(self.password_hash, diff --git a/app/routes/account/account.py b/app/routes/account/account.py index ea67f50..41fe8d1 100644 --- a/app/routes/account/account.py +++ b/app/routes/account/account.py @@ -5,6 +5,7 @@ from app.forms.account import UpdateAccountForm, RegistrationForm, DeleteAccount from app.models.users import Member from app.utils.render import render import app.utils.ldap as ldap +from config import V5Config @app.route('/account', methods=['GET', 'POST']) @@ -62,7 +63,7 @@ def register(): db.session.add(member) db.session.commit() # Workflow with LDAP is User → Postgresql → LDAP → Change password - if app.config.USE_LDAP: + if V5Config.USE_LDAP: ldap.add_member(member) ldap.set_password(member, form.password.data) flash('Inscription réussie', 'ok') diff --git a/app/utils/ldap.py b/app/utils/ldap.py index 85547da..c3d21fb 100644 --- a/app/utils/ldap.py +++ b/app/utils/ldap.py @@ -1,13 +1,12 @@ import ldap -from app import app from ldap.modlist import addModlist, modifyModlist - +from config import V5Config def get_member(username): """ Get informations about member. Username must be normalized! """ conn = ldap.initialize("ldap://localhost") # Search for user - r = conn.search_s(app.config.LDAP_ORGANIZATION, ldap.SCOPE_SUBTREE, + r = conn.search_s(V5Config.LDAP_ORGANIZATION, ldap.SCOPE_SUBTREE, f'(cn={username})') if len(r) > 0: return r[0] @@ -35,9 +34,9 @@ def set_password(user, password): """ Set password for a user. """ conn = ldap.initialize("ldap://localhost") # Connect as root - conn.simple_bind_s(f'cn=ldap-root,{app.config.LDAP_ORGANIZATION}', - app.config.LDAP_PASSWORD) - conn.passwd_s(f"cn={user.norm},{app.config.LDAP_ORGANIZATION}", + conn.simple_bind_s(f'cn=ldap-root,{V5Config.LDAP_ORGANIZATION}', + V5Config.LDAP_PASSWORD) + conn.passwd_s(f"cn={user.norm},{V5Config.LDAP_ORGANIZATION}", None, password) @@ -45,7 +44,7 @@ def check_password(user, password): """ Try to login a user through LDAP register. """ conn = ldap.initialize("ldap://localhost") try: - conn.simple_bind_s(f"cn={user.norm},{app.config.LDAP_ORGANIZATION}", + conn.simple_bind_s(f"cn={user.norm},{V5Config.LDAP_ORGANIZATION}", password) except ldap.INVALID_CREDENTIALS: return False @@ -59,10 +58,10 @@ def add_member(member): return conn = ldap.initialize("ldap://localhost") # Connect as root - conn.simple_bind_s(f'cn=ldap-root,{app.config.LDAP_ORGANIZATION}', - app.config.LDAP_PASSWORD) + conn.simple_bind_s(f'cn=ldap-root,{V5Config.LDAP_ORGANIZATION}', + V5Config.LDAP_PASSWORD) # Create fields - dn = f'cn={member.norm},{app.config.LDAP_ORGANIZATION}' + dn = f'cn={member.norm},{V5Config.LDAP_ORGANIZATION}' modlist = addModlist({ 'objectClass': [bytes('inetOrgPerson', 'UTF8')], 'cn': [bytes(member.norm, 'UTF8')], @@ -80,9 +79,9 @@ def delete_member(member): """ Remove a member from LDAP register """ conn = ldap.initialize("ldap://localhost") # Connect as root - conn.simple_bind_s(f'cn=ldap-root,{app.config.LDAP_ORGANIZATION}', - app.config.LDAP_PASSWORD) + conn.simple_bind_s(f'cn=ldap-root,{V5Config.LDAP_ORGANIZATION}', + V5Config.LDAP_PASSWORD) # Create fields - dn = f'cn={member.norm},{app.config.LDAP_ORGANIZATION}' + dn = f'cn={member.norm},{V5Config.LDAP_ORGANIZATION}' # Delete the user conn.delete_s(dn) diff --git a/app/utils/validators.py b/app/utils/validators.py index 351c5a9..71c81d3 100644 --- a/app/utils/validators.py +++ b/app/utils/validators.py @@ -5,7 +5,6 @@ from app.utils.valid_name import valid_name from app.utils.unicode_names import normalize import app.utils.ldap as ldap from config import V5Config -from app import app def name_valid(form, name): @@ -45,7 +44,7 @@ def name_available(form, name): raise ValidationError("Ce nom d'utilisateur est indisponible.") # Double check with LDAP if needed - if app.config.USE_LDAP: + if V5Config.USE_LDAP: member = ldap.get_member(norm) if member is not None: raise ValidationError("Ce nom d'utilisateur est indisponible.") diff --git a/config.py b/config.py index 037334c..1b50051 100644 --- a/config.py +++ b/config.py @@ -2,7 +2,7 @@ import os import datetime from local_config import LocalConfig -class Config(LocalConfig): +class Config(object): SECRET_KEY = os.environ.get('SECRET_KEY') or LocalConfig.SECRET_KEY SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL') or \ 'postgresql+psycopg2://' + os.environ.get('USER') + ':@/' \ @@ -11,7 +11,7 @@ class Config(LocalConfig): UPLOAD_FOLDER = './app/static/avatars' -class V5Config(object): +class V5Config(LocalConfig): # Length allocated to privilege names (slugs) PRIVS_MAXLEN = 64 # Forbidden user names