From d480a95e4324165f7fa1e6913d3da425b7037ac5 Mon Sep 17 00:00:00 2001 From: Darks Date: Thu, 5 Dec 2019 22:49:18 +0100 Subject: [PATCH] =?UTF-8?q?Premier=20passage=20=C3=A0=20la=20configuration?= =?UTF-8?q?=20unifi=C3=A9e=20(#38)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/models/users.py | 11 +++++------ app/routes/account/account.py | 3 +-- app/utils/ldap.py | 25 +++++++++++++++---------- app/utils/validators.py | 4 ++-- config.py | 10 +++++----- 5 files changed, 28 insertions(+), 25 deletions(-) diff --git a/app/models/users.py b/app/models/users.py index fa3e00e..3bf51c3 100644 --- a/app/models/users.py +++ b/app/models/users.py @@ -1,5 +1,5 @@ from datetime import date -from app import db +from app import app, db from flask import flash from flask_login import UserMixin from app.models.privs import SpecialPrivilege, Group, GroupMember, \ @@ -9,7 +9,6 @@ from app.models.notification import Notification import app.utils.unicode_names as unicode_names from app.utils.notify import notify from config import V5Config -from local_config import USE_LDAP import app.utils.ldap as ldap import werkzeug.security @@ -110,7 +109,7 @@ class Member(User): self.name = name self.norm = unicode_names.normalize(name) self.email = email - if not USE_LDAP: + if not app.config.USE_LDAP: self.set_password(password) # Workflow with LDAP enabled is User → Postgresql → LDAP → set password self.xp = 0 @@ -170,7 +169,7 @@ class Member(User): # Beware of LDAP injections if "email" in data: self.email = data["email"] - if USE_LDAP: + if app.config.USE_LDAP: ldap.set_email(self.norm, self.email) if "password" in data: self.set_password(data["password"]) @@ -210,7 +209,7 @@ class Member(User): Set the user's password. Check whether the request sender has the right to do this! """ - if USE_LDAP: + if app.config.USE_LDAP: ldap.set_password(self, password) else: self.password_hash = werkzeug.security.generate_password_hash( @@ -218,7 +217,7 @@ class Member(User): def check_password(self, password): """Compares password against member hash.""" - if USE_LDAP: + if app.config.USE_LDAP: return ldap.check_password(self, password) else: return werkzeug.security.check_password_hash(self.password_hash, diff --git a/app/routes/account/account.py b/app/routes/account/account.py index db5d3e9..ea67f50 100644 --- a/app/routes/account/account.py +++ b/app/routes/account/account.py @@ -5,7 +5,6 @@ from app.forms.account import UpdateAccountForm, RegistrationForm, DeleteAccount from app.models.users import Member from app.utils.render import render import app.utils.ldap as ldap -from local_config import USE_LDAP @app.route('/account', methods=['GET', 'POST']) @@ -63,7 +62,7 @@ def register(): db.session.add(member) db.session.commit() # Workflow with LDAP is User → Postgresql → LDAP → Change password - if USE_LDAP: + if app.config.USE_LDAP: ldap.add_member(member) ldap.set_password(member, form.password.data) flash('Inscription réussie', 'ok') diff --git a/app/utils/ldap.py b/app/utils/ldap.py index 1b67474..85547da 100644 --- a/app/utils/ldap.py +++ b/app/utils/ldap.py @@ -1,13 +1,14 @@ import ldap +from app import app from ldap.modlist import addModlist, modifyModlist -from local_config import LDAP_PASSWORD, LDAP_ORGANIZATION def get_member(username): """ Get informations about member. Username must be normalized! """ conn = ldap.initialize("ldap://localhost") # Search for user - r = conn.search_s(LDAP_ORGANIZATION, ldap.SCOPE_SUBTREE, f'(cn={username})') + r = conn.search_s(app.config.LDAP_ORGANIZATION, ldap.SCOPE_SUBTREE, + f'(cn={username})') if len(r) > 0: return r[0] else: @@ -34,16 +35,18 @@ def set_password(user, password): """ Set password for a user. """ conn = ldap.initialize("ldap://localhost") # Connect as root - conn.simple_bind_s(f'cn=ldap-root,{LDAP_ORGANIZATION}', - LDAP_PASSWORD) - conn.passwd_s(f"cn={user.norm},{LDAP_ORGANIZATION}", None, password) + conn.simple_bind_s(f'cn=ldap-root,{app.config.LDAP_ORGANIZATION}', + app.config.LDAP_PASSWORD) + conn.passwd_s(f"cn={user.norm},{app.config.LDAP_ORGANIZATION}", + None, password) def check_password(user, password): """ Try to login a user through LDAP register. """ conn = ldap.initialize("ldap://localhost") try: - conn.simple_bind_s(f"cn={user.norm},{LDAP_ORGANIZATION}", password) + conn.simple_bind_s(f"cn={user.norm},{app.config.LDAP_ORGANIZATION}", + password) except ldap.INVALID_CREDENTIALS: return False return True @@ -56,9 +59,10 @@ def add_member(member): return conn = ldap.initialize("ldap://localhost") # Connect as root - conn.simple_bind_s(f'cn=ldap-root,{LDAP_ORGANIZATION}', LDAP_PASSWORD) + conn.simple_bind_s(f'cn=ldap-root,{app.config.LDAP_ORGANIZATION}', + app.config.LDAP_PASSWORD) # Create fields - dn = f'cn={member.norm},{LDAP_ORGANIZATION}' + dn = f'cn={member.norm},{app.config.LDAP_ORGANIZATION}' modlist = addModlist({ 'objectClass': [bytes('inetOrgPerson', 'UTF8')], 'cn': [bytes(member.norm, 'UTF8')], @@ -76,8 +80,9 @@ def delete_member(member): """ Remove a member from LDAP register """ conn = ldap.initialize("ldap://localhost") # Connect as root - conn.simple_bind_s(f'cn=ldap-root,{LDAP_ORGANIZATION}', LDAP_PASSWORD) + conn.simple_bind_s(f'cn=ldap-root,{app.config.LDAP_ORGANIZATION}', + app.config.LDAP_PASSWORD) # Create fields - dn = f'cn={member.norm},{LDAP_ORGANIZATION}' + dn = f'cn={member.norm},{app.config.LDAP_ORGANIZATION}' # Delete the user conn.delete_s(dn) diff --git a/app/utils/validators.py b/app/utils/validators.py index 9cc7056..351c5a9 100644 --- a/app/utils/validators.py +++ b/app/utils/validators.py @@ -5,7 +5,7 @@ from app.utils.valid_name import valid_name from app.utils.unicode_names import normalize import app.utils.ldap as ldap from config import V5Config -from local_config import USE_LDAP +from app import app def name_valid(form, name): @@ -45,7 +45,7 @@ def name_available(form, name): raise ValidationError("Ce nom d'utilisateur est indisponible.") # Double check with LDAP if needed - if USE_LDAP: + if app.config.USE_LDAP: member = ldap.get_member(norm) if member is not None: raise ValidationError("Ce nom d'utilisateur est indisponible.") diff --git a/config.py b/config.py index 40486d2..037334c 100644 --- a/config.py +++ b/config.py @@ -1,12 +1,12 @@ import os import datetime -from local_config import DB_NAME, SECRET_KEY +from local_config import LocalConfig - -class Config(object): - SECRET_KEY = os.environ.get('SECRET_KEY') or SECRET_KEY +class Config(LocalConfig): + SECRET_KEY = os.environ.get('SECRET_KEY') or LocalConfig.SECRET_KEY SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL') or \ - 'postgresql+psycopg2://' + os.environ.get('USER') + ':@/' + DB_NAME + 'postgresql+psycopg2://' + os.environ.get('USER') + ':@/' \ + + LocalConfig.DB_NAME SQLALCHEMY_TRACK_MODIFICATIONS = False UPLOAD_FOLDER = './app/static/avatars'