Stage 2 pour le changement de config (#38)

pull/47/head
Darks 3 years ago
parent d480a95e43
commit cdbecac166
Signed by: Darks
GPG Key ID: F61F10FA138E797C
  1. 8
      app/models/users.py
  2. 3
      app/routes/account/account.py
  3. 25
      app/utils/ldap.py
  4. 3
      app/utils/validators.py
  5. 4
      config.py

@ -109,7 +109,7 @@ class Member(User):
self.name = name
self.norm = unicode_names.normalize(name)
self.email = email
if not app.config.USE_LDAP:
if not V5Config.USE_LDAP:
self.set_password(password)
# Workflow with LDAP enabled is User → Postgresql → LDAP → set password
self.xp = 0
@ -169,7 +169,7 @@ class Member(User):
# Beware of LDAP injections
if "email" in data:
self.email = data["email"]
if app.config.USE_LDAP:
if V5Config.USE_LDAP:
ldap.set_email(self.norm, self.email)
if "password" in data:
self.set_password(data["password"])
@ -209,7 +209,7 @@ class Member(User):
Set the user's password. Check whether the request sender has the right
to do this!
"""
if app.config.USE_LDAP:
if V5Config.USE_LDAP:
ldap.set_password(self, password)
else:
self.password_hash = werkzeug.security.generate_password_hash(
@ -217,7 +217,7 @@ class Member(User):
def check_password(self, password):
"""Compares password against member hash."""
if app.config.USE_LDAP:
if V5Config.USE_LDAP:
return ldap.check_password(self, password)
else:
return werkzeug.security.check_password_hash(self.password_hash,

@ -5,6 +5,7 @@ from app.forms.account import UpdateAccountForm, RegistrationForm, DeleteAccount
from app.models.users import Member
from app.utils.render import render
import app.utils.ldap as ldap
from config import V5Config
@app.route('/account', methods=['GET', 'POST'])
@ -62,7 +63,7 @@ def register():
db.session.add(member)
db.session.commit()
# Workflow with LDAP is User → Postgresql → LDAP → Change password
if app.config.USE_LDAP:
if V5Config.USE_LDAP:
ldap.add_member(member)
ldap.set_password(member, form.password.data)
flash('Inscription réussie', 'ok')

@ -1,13 +1,12 @@
import ldap
from app import app
from ldap.modlist import addModlist, modifyModlist
from config import V5Config
def get_member(username):
""" Get informations about member. Username must be normalized! """
conn = ldap.initialize("ldap://localhost")
# Search for user
r = conn.search_s(app.config.LDAP_ORGANIZATION, ldap.SCOPE_SUBTREE,
r = conn.search_s(V5Config.LDAP_ORGANIZATION, ldap.SCOPE_SUBTREE,
f'(cn={username})')
if len(r) > 0:
return r[0]
@ -35,9 +34,9 @@ def set_password(user, password):
""" Set password for a user. """
conn = ldap.initialize("ldap://localhost")
# Connect as root
conn.simple_bind_s(f'cn=ldap-root,{app.config.LDAP_ORGANIZATION}',
app.config.LDAP_PASSWORD)
conn.passwd_s(f"cn={user.norm},{app.config.LDAP_ORGANIZATION}",
conn.simple_bind_s(f'cn=ldap-root,{V5Config.LDAP_ORGANIZATION}',
V5Config.LDAP_PASSWORD)
conn.passwd_s(f"cn={user.norm},{V5Config.LDAP_ORGANIZATION}",
None, password)
@ -45,7 +44,7 @@ def check_password(user, password):
""" Try to login a user through LDAP register. """
conn = ldap.initialize("ldap://localhost")
try:
conn.simple_bind_s(f"cn={user.norm},{app.config.LDAP_ORGANIZATION}",
conn.simple_bind_s(f"cn={user.norm},{V5Config.LDAP_ORGANIZATION}",
password)
except ldap.INVALID_CREDENTIALS:
return False
@ -59,10 +58,10 @@ def add_member(member):
return
conn = ldap.initialize("ldap://localhost")
# Connect as root
conn.simple_bind_s(f'cn=ldap-root,{app.config.LDAP_ORGANIZATION}',
app.config.LDAP_PASSWORD)
conn.simple_bind_s(f'cn=ldap-root,{V5Config.LDAP_ORGANIZATION}',
V5Config.LDAP_PASSWORD)
# Create fields
dn = f'cn={member.norm},{app.config.LDAP_ORGANIZATION}'
dn = f'cn={member.norm},{V5Config.LDAP_ORGANIZATION}'
modlist = addModlist({
'objectClass': [bytes('inetOrgPerson', 'UTF8')],
'cn': [bytes(member.norm, 'UTF8')],
@ -80,9 +79,9 @@ def delete_member(member):
""" Remove a member from LDAP register """
conn = ldap.initialize("ldap://localhost")
# Connect as root
conn.simple_bind_s(f'cn=ldap-root,{app.config.LDAP_ORGANIZATION}',
app.config.LDAP_PASSWORD)
conn.simple_bind_s(f'cn=ldap-root,{V5Config.LDAP_ORGANIZATION}',
V5Config.LDAP_PASSWORD)
# Create fields
dn = f'cn={member.norm},{app.config.LDAP_ORGANIZATION}'
dn = f'cn={member.norm},{V5Config.LDAP_ORGANIZATION}'
# Delete the user
conn.delete_s(dn)

@ -5,7 +5,6 @@ from app.utils.valid_name import valid_name
from app.utils.unicode_names import normalize
import app.utils.ldap as ldap
from config import V5Config
from app import app
def name_valid(form, name):
@ -45,7 +44,7 @@ def name_available(form, name):
raise ValidationError("Ce nom d'utilisateur est indisponible.")
# Double check with LDAP if needed
if app.config.USE_LDAP:
if V5Config.USE_LDAP:
member = ldap.get_member(norm)
if member is not None:
raise ValidationError("Ce nom d'utilisateur est indisponible.")

@ -2,7 +2,7 @@ import os
import datetime
from local_config import LocalConfig
class Config(LocalConfig):
class Config(object):
SECRET_KEY = os.environ.get('SECRET_KEY') or LocalConfig.SECRET_KEY
SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL') or \
'postgresql+psycopg2://' + os.environ.get('USER') + ':@/' \
@ -11,7 +11,7 @@ class Config(LocalConfig):
UPLOAD_FOLDER = './app/static/avatars'
class V5Config(object):
class V5Config(LocalConfig):
# Length allocated to privilege names (slugs)
PRIVS_MAXLEN = 64
# Forbidden user names

Loading…
Cancel
Save