Stage 2 pour le changement de config (#38)
This commit is contained in:
parent
d480a95e43
commit
cdbecac166
|
@ -109,7 +109,7 @@ class Member(User):
|
|||
self.name = name
|
||||
self.norm = unicode_names.normalize(name)
|
||||
self.email = email
|
||||
if not app.config.USE_LDAP:
|
||||
if not V5Config.USE_LDAP:
|
||||
self.set_password(password)
|
||||
# Workflow with LDAP enabled is User → Postgresql → LDAP → set password
|
||||
self.xp = 0
|
||||
|
@ -169,7 +169,7 @@ class Member(User):
|
|||
# Beware of LDAP injections
|
||||
if "email" in data:
|
||||
self.email = data["email"]
|
||||
if app.config.USE_LDAP:
|
||||
if V5Config.USE_LDAP:
|
||||
ldap.set_email(self.norm, self.email)
|
||||
if "password" in data:
|
||||
self.set_password(data["password"])
|
||||
|
@ -209,7 +209,7 @@ class Member(User):
|
|||
Set the user's password. Check whether the request sender has the right
|
||||
to do this!
|
||||
"""
|
||||
if app.config.USE_LDAP:
|
||||
if V5Config.USE_LDAP:
|
||||
ldap.set_password(self, password)
|
||||
else:
|
||||
self.password_hash = werkzeug.security.generate_password_hash(
|
||||
|
@ -217,7 +217,7 @@ class Member(User):
|
|||
|
||||
def check_password(self, password):
|
||||
"""Compares password against member hash."""
|
||||
if app.config.USE_LDAP:
|
||||
if V5Config.USE_LDAP:
|
||||
return ldap.check_password(self, password)
|
||||
else:
|
||||
return werkzeug.security.check_password_hash(self.password_hash,
|
||||
|
|
|
@ -5,6 +5,7 @@ from app.forms.account import UpdateAccountForm, RegistrationForm, DeleteAccount
|
|||
from app.models.users import Member
|
||||
from app.utils.render import render
|
||||
import app.utils.ldap as ldap
|
||||
from config import V5Config
|
||||
|
||||
|
||||
@app.route('/account', methods=['GET', 'POST'])
|
||||
|
@ -62,7 +63,7 @@ def register():
|
|||
db.session.add(member)
|
||||
db.session.commit()
|
||||
# Workflow with LDAP is User → Postgresql → LDAP → Change password
|
||||
if app.config.USE_LDAP:
|
||||
if V5Config.USE_LDAP:
|
||||
ldap.add_member(member)
|
||||
ldap.set_password(member, form.password.data)
|
||||
flash('Inscription réussie', 'ok')
|
||||
|
|
|
@ -1,13 +1,12 @@
|
|||
import ldap
|
||||
from app import app
|
||||
from ldap.modlist import addModlist, modifyModlist
|
||||
|
||||
from config import V5Config
|
||||
|
||||
def get_member(username):
|
||||
""" Get informations about member. Username must be normalized! """
|
||||
conn = ldap.initialize("ldap://localhost")
|
||||
# Search for user
|
||||
r = conn.search_s(app.config.LDAP_ORGANIZATION, ldap.SCOPE_SUBTREE,
|
||||
r = conn.search_s(V5Config.LDAP_ORGANIZATION, ldap.SCOPE_SUBTREE,
|
||||
f'(cn={username})')
|
||||
if len(r) > 0:
|
||||
return r[0]
|
||||
|
@ -35,9 +34,9 @@ def set_password(user, password):
|
|||
""" Set password for a user. """
|
||||
conn = ldap.initialize("ldap://localhost")
|
||||
# Connect as root
|
||||
conn.simple_bind_s(f'cn=ldap-root,{app.config.LDAP_ORGANIZATION}',
|
||||
app.config.LDAP_PASSWORD)
|
||||
conn.passwd_s(f"cn={user.norm},{app.config.LDAP_ORGANIZATION}",
|
||||
conn.simple_bind_s(f'cn=ldap-root,{V5Config.LDAP_ORGANIZATION}',
|
||||
V5Config.LDAP_PASSWORD)
|
||||
conn.passwd_s(f"cn={user.norm},{V5Config.LDAP_ORGANIZATION}",
|
||||
None, password)
|
||||
|
||||
|
||||
|
@ -45,7 +44,7 @@ def check_password(user, password):
|
|||
""" Try to login a user through LDAP register. """
|
||||
conn = ldap.initialize("ldap://localhost")
|
||||
try:
|
||||
conn.simple_bind_s(f"cn={user.norm},{app.config.LDAP_ORGANIZATION}",
|
||||
conn.simple_bind_s(f"cn={user.norm},{V5Config.LDAP_ORGANIZATION}",
|
||||
password)
|
||||
except ldap.INVALID_CREDENTIALS:
|
||||
return False
|
||||
|
@ -59,10 +58,10 @@ def add_member(member):
|
|||
return
|
||||
conn = ldap.initialize("ldap://localhost")
|
||||
# Connect as root
|
||||
conn.simple_bind_s(f'cn=ldap-root,{app.config.LDAP_ORGANIZATION}',
|
||||
app.config.LDAP_PASSWORD)
|
||||
conn.simple_bind_s(f'cn=ldap-root,{V5Config.LDAP_ORGANIZATION}',
|
||||
V5Config.LDAP_PASSWORD)
|
||||
# Create fields
|
||||
dn = f'cn={member.norm},{app.config.LDAP_ORGANIZATION}'
|
||||
dn = f'cn={member.norm},{V5Config.LDAP_ORGANIZATION}'
|
||||
modlist = addModlist({
|
||||
'objectClass': [bytes('inetOrgPerson', 'UTF8')],
|
||||
'cn': [bytes(member.norm, 'UTF8')],
|
||||
|
@ -80,9 +79,9 @@ def delete_member(member):
|
|||
""" Remove a member from LDAP register """
|
||||
conn = ldap.initialize("ldap://localhost")
|
||||
# Connect as root
|
||||
conn.simple_bind_s(f'cn=ldap-root,{app.config.LDAP_ORGANIZATION}',
|
||||
app.config.LDAP_PASSWORD)
|
||||
conn.simple_bind_s(f'cn=ldap-root,{V5Config.LDAP_ORGANIZATION}',
|
||||
V5Config.LDAP_PASSWORD)
|
||||
# Create fields
|
||||
dn = f'cn={member.norm},{app.config.LDAP_ORGANIZATION}'
|
||||
dn = f'cn={member.norm},{V5Config.LDAP_ORGANIZATION}'
|
||||
# Delete the user
|
||||
conn.delete_s(dn)
|
||||
|
|
|
@ -5,7 +5,6 @@ from app.utils.valid_name import valid_name
|
|||
from app.utils.unicode_names import normalize
|
||||
import app.utils.ldap as ldap
|
||||
from config import V5Config
|
||||
from app import app
|
||||
|
||||
|
||||
def name_valid(form, name):
|
||||
|
@ -45,7 +44,7 @@ def name_available(form, name):
|
|||
raise ValidationError("Ce nom d'utilisateur est indisponible.")
|
||||
|
||||
# Double check with LDAP if needed
|
||||
if app.config.USE_LDAP:
|
||||
if V5Config.USE_LDAP:
|
||||
member = ldap.get_member(norm)
|
||||
if member is not None:
|
||||
raise ValidationError("Ce nom d'utilisateur est indisponible.")
|
||||
|
|
|
@ -2,7 +2,7 @@ import os
|
|||
import datetime
|
||||
from local_config import LocalConfig
|
||||
|
||||
class Config(LocalConfig):
|
||||
class Config(object):
|
||||
SECRET_KEY = os.environ.get('SECRET_KEY') or LocalConfig.SECRET_KEY
|
||||
SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL') or \
|
||||
'postgresql+psycopg2://' + os.environ.get('USER') + ':@/' \
|
||||
|
@ -11,7 +11,7 @@ class Config(LocalConfig):
|
|||
UPLOAD_FOLDER = './app/static/avatars'
|
||||
|
||||
|
||||
class V5Config(object):
|
||||
class V5Config(LocalConfig):
|
||||
# Length allocated to privilege names (slugs)
|
||||
PRIVS_MAXLEN = 64
|
||||
# Forbidden user names
|
||||
|
|
Loading…
Reference in New Issue