Premier passage à la configuration unifiée (#38)
This commit is contained in:
parent
16bcfe9e30
commit
d480a95e43
|
@ -1,5 +1,5 @@
|
|||
from datetime import date
|
||||
from app import db
|
||||
from app import app, db
|
||||
from flask import flash
|
||||
from flask_login import UserMixin
|
||||
from app.models.privs import SpecialPrivilege, Group, GroupMember, \
|
||||
|
@ -9,7 +9,6 @@ from app.models.notification import Notification
|
|||
import app.utils.unicode_names as unicode_names
|
||||
from app.utils.notify import notify
|
||||
from config import V5Config
|
||||
from local_config import USE_LDAP
|
||||
import app.utils.ldap as ldap
|
||||
|
||||
import werkzeug.security
|
||||
|
@ -110,7 +109,7 @@ class Member(User):
|
|||
self.name = name
|
||||
self.norm = unicode_names.normalize(name)
|
||||
self.email = email
|
||||
if not USE_LDAP:
|
||||
if not app.config.USE_LDAP:
|
||||
self.set_password(password)
|
||||
# Workflow with LDAP enabled is User → Postgresql → LDAP → set password
|
||||
self.xp = 0
|
||||
|
@ -170,7 +169,7 @@ class Member(User):
|
|||
# Beware of LDAP injections
|
||||
if "email" in data:
|
||||
self.email = data["email"]
|
||||
if USE_LDAP:
|
||||
if app.config.USE_LDAP:
|
||||
ldap.set_email(self.norm, self.email)
|
||||
if "password" in data:
|
||||
self.set_password(data["password"])
|
||||
|
@ -210,7 +209,7 @@ class Member(User):
|
|||
Set the user's password. Check whether the request sender has the right
|
||||
to do this!
|
||||
"""
|
||||
if USE_LDAP:
|
||||
if app.config.USE_LDAP:
|
||||
ldap.set_password(self, password)
|
||||
else:
|
||||
self.password_hash = werkzeug.security.generate_password_hash(
|
||||
|
@ -218,7 +217,7 @@ class Member(User):
|
|||
|
||||
def check_password(self, password):
|
||||
"""Compares password against member hash."""
|
||||
if USE_LDAP:
|
||||
if app.config.USE_LDAP:
|
||||
return ldap.check_password(self, password)
|
||||
else:
|
||||
return werkzeug.security.check_password_hash(self.password_hash,
|
||||
|
|
|
@ -5,7 +5,6 @@ from app.forms.account import UpdateAccountForm, RegistrationForm, DeleteAccount
|
|||
from app.models.users import Member
|
||||
from app.utils.render import render
|
||||
import app.utils.ldap as ldap
|
||||
from local_config import USE_LDAP
|
||||
|
||||
|
||||
@app.route('/account', methods=['GET', 'POST'])
|
||||
|
@ -63,7 +62,7 @@ def register():
|
|||
db.session.add(member)
|
||||
db.session.commit()
|
||||
# Workflow with LDAP is User → Postgresql → LDAP → Change password
|
||||
if USE_LDAP:
|
||||
if app.config.USE_LDAP:
|
||||
ldap.add_member(member)
|
||||
ldap.set_password(member, form.password.data)
|
||||
flash('Inscription réussie', 'ok')
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
import ldap
|
||||
from app import app
|
||||
from ldap.modlist import addModlist, modifyModlist
|
||||
from local_config import LDAP_PASSWORD, LDAP_ORGANIZATION
|
||||
|
||||
|
||||
def get_member(username):
|
||||
""" Get informations about member. Username must be normalized! """
|
||||
conn = ldap.initialize("ldap://localhost")
|
||||
# Search for user
|
||||
r = conn.search_s(LDAP_ORGANIZATION, ldap.SCOPE_SUBTREE, f'(cn={username})')
|
||||
r = conn.search_s(app.config.LDAP_ORGANIZATION, ldap.SCOPE_SUBTREE,
|
||||
f'(cn={username})')
|
||||
if len(r) > 0:
|
||||
return r[0]
|
||||
else:
|
||||
|
@ -34,16 +35,18 @@ def set_password(user, password):
|
|||
""" Set password for a user. """
|
||||
conn = ldap.initialize("ldap://localhost")
|
||||
# Connect as root
|
||||
conn.simple_bind_s(f'cn=ldap-root,{LDAP_ORGANIZATION}',
|
||||
LDAP_PASSWORD)
|
||||
conn.passwd_s(f"cn={user.norm},{LDAP_ORGANIZATION}", None, password)
|
||||
conn.simple_bind_s(f'cn=ldap-root,{app.config.LDAP_ORGANIZATION}',
|
||||
app.config.LDAP_PASSWORD)
|
||||
conn.passwd_s(f"cn={user.norm},{app.config.LDAP_ORGANIZATION}",
|
||||
None, password)
|
||||
|
||||
|
||||
def check_password(user, password):
|
||||
""" Try to login a user through LDAP register. """
|
||||
conn = ldap.initialize("ldap://localhost")
|
||||
try:
|
||||
conn.simple_bind_s(f"cn={user.norm},{LDAP_ORGANIZATION}", password)
|
||||
conn.simple_bind_s(f"cn={user.norm},{app.config.LDAP_ORGANIZATION}",
|
||||
password)
|
||||
except ldap.INVALID_CREDENTIALS:
|
||||
return False
|
||||
return True
|
||||
|
@ -56,9 +59,10 @@ def add_member(member):
|
|||
return
|
||||
conn = ldap.initialize("ldap://localhost")
|
||||
# Connect as root
|
||||
conn.simple_bind_s(f'cn=ldap-root,{LDAP_ORGANIZATION}', LDAP_PASSWORD)
|
||||
conn.simple_bind_s(f'cn=ldap-root,{app.config.LDAP_ORGANIZATION}',
|
||||
app.config.LDAP_PASSWORD)
|
||||
# Create fields
|
||||
dn = f'cn={member.norm},{LDAP_ORGANIZATION}'
|
||||
dn = f'cn={member.norm},{app.config.LDAP_ORGANIZATION}'
|
||||
modlist = addModlist({
|
||||
'objectClass': [bytes('inetOrgPerson', 'UTF8')],
|
||||
'cn': [bytes(member.norm, 'UTF8')],
|
||||
|
@ -76,8 +80,9 @@ def delete_member(member):
|
|||
""" Remove a member from LDAP register """
|
||||
conn = ldap.initialize("ldap://localhost")
|
||||
# Connect as root
|
||||
conn.simple_bind_s(f'cn=ldap-root,{LDAP_ORGANIZATION}', LDAP_PASSWORD)
|
||||
conn.simple_bind_s(f'cn=ldap-root,{app.config.LDAP_ORGANIZATION}',
|
||||
app.config.LDAP_PASSWORD)
|
||||
# Create fields
|
||||
dn = f'cn={member.norm},{LDAP_ORGANIZATION}'
|
||||
dn = f'cn={member.norm},{app.config.LDAP_ORGANIZATION}'
|
||||
# Delete the user
|
||||
conn.delete_s(dn)
|
||||
|
|
|
@ -5,7 +5,7 @@ from app.utils.valid_name import valid_name
|
|||
from app.utils.unicode_names import normalize
|
||||
import app.utils.ldap as ldap
|
||||
from config import V5Config
|
||||
from local_config import USE_LDAP
|
||||
from app import app
|
||||
|
||||
|
||||
def name_valid(form, name):
|
||||
|
@ -45,7 +45,7 @@ def name_available(form, name):
|
|||
raise ValidationError("Ce nom d'utilisateur est indisponible.")
|
||||
|
||||
# Double check with LDAP if needed
|
||||
if USE_LDAP:
|
||||
if app.config.USE_LDAP:
|
||||
member = ldap.get_member(norm)
|
||||
if member is not None:
|
||||
raise ValidationError("Ce nom d'utilisateur est indisponible.")
|
||||
|
|
10
config.py
10
config.py
|
@ -1,12 +1,12 @@
|
|||
import os
|
||||
import datetime
|
||||
from local_config import DB_NAME, SECRET_KEY
|
||||
from local_config import LocalConfig
|
||||
|
||||
|
||||
class Config(object):
|
||||
SECRET_KEY = os.environ.get('SECRET_KEY') or SECRET_KEY
|
||||
class Config(LocalConfig):
|
||||
SECRET_KEY = os.environ.get('SECRET_KEY') or LocalConfig.SECRET_KEY
|
||||
SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL') or \
|
||||
'postgresql+psycopg2://' + os.environ.get('USER') + ':@/' + DB_NAME
|
||||
'postgresql+psycopg2://' + os.environ.get('USER') + ':@/' \
|
||||
+ LocalConfig.DB_NAME
|
||||
SQLALCHEMY_TRACK_MODIFICATIONS = False
|
||||
UPLOAD_FOLDER = './app/static/avatars'
|
||||
|
||||
|
|
Loading…
Reference in New Issue