dan
/
ti-account-app
2
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
67 KiB
Tree: 5bb33b681e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '5bb33b681e'
${ noResults }
ti-account-app/accounts/auth/models.py

72 lines
2.2 KiB
Raw Normal View History

Big login update, combine flask-login with ldap to enable persistent domain-wide cookies
3 years ago
 
  1. from ldap3 import Server, Connection
  2. from flask_wtf import FlaskForm
  3. from flask_login import UserMixin
  4. from ldap3.core.exceptions import LDAPBindError
  5. from wtforms import StringField, PasswordField, BooleanField, SubmitField
  6. from wtforms.validators import DataRequired
  7. from accounts import app, db
  8.  
  9.  
  10. def get_ldap_connection():
  11.     server = Server(app.config['LDAP_HOST'])
  12.     conn = Connection(server, app.config['LDAP_USERNAME'], app.config['LDAP_PASSWORD'], auto_bind=True)
  13.     return conn
  14.  
  15.  
  16. class User(db.Model):
  17. 

  18.     __tablename__ = 'user'
  19. 

  20.     id = db.Column(db.Integer, primary_key=True)
  21.     username = db.Column(db.String(100))
  22.     password = db.Column(db.String(128))
  23.     authenticated = db.Column(db.Boolean, default=False)
  24.  
  25.     def __init__(self, username, password):
  26.         self.username = username
  27.         self.password = password
  28.  
  29.     @staticmethod
  30.     def try_login(username, password):
  31.         conn = get_ldap_connection()
  32.         conn.search(app.config['LDAP_BASE_DN'], app.config['LDAP_USER_OBJECT_FILTER'] % username, attributes=['*'])
  33.         if len(conn.entries) > 0:
  34.             Connection(app.config['LDAP_HOST'], conn.entries[0].entry_dn, password, auto_bind=True)
  35.             return
  36.         raise LDAPBindError
  37.  
  38.     def is_authenticated(self):
  39.         return self.authenticated
  40.  
  41.     def is_active(self):
  42.         return True
  43.  
  44.     def is_anonymous(self):
  45.         return False
  46.  
  47.     def get_id(self):
  48.         return self.id
  49. 

  50.     def get_user_dict(self):
  51.         user = {'dn': '',
  52.                 'firstName': '',
  53.                 'lastName': '',
  54.                 'email': '',
  55.                 'userName': self.username,
  56.         }
  57. 

  58.         conn = get_ldap_connection()
  59.         conn.search(app.config['LDAP_BASE_DN'], app.config['LDAP_USER_OBJECT_FILTER'] % self.username, attributes=['*'])
  60. 

  61.         user['dn'] = conn.entries[0].entry_dn
  62.         user['firstName'] = conn.entries[0].givenName.value
  63.         user['lastName'] = conn.entries[0].sn.value
  64.         user['email'] = conn.entries[0].mail.value
  65. 

  66.         return user
  67.  
  68.  
  69. class LoginForm(FlaskForm):
  70.     username = StringField('Username', validators=[DataRequired()])
  71.     password = PasswordField('Password', validators=[DataRequired()])
  72.     remember_me = BooleanField('Remember Me')
  73.     submit = SubmitField('Sign In')