From 6ccaee6c2a47a5a73172609e223d2919a255c508 Mon Sep 17 00:00:00 2001
From: Daniel Muckerman <danielmuckerman@me.com>
Date: Sat, 12 Dec 2020 03:00:40 -0500
Subject: [PATCH] Update to match the big login overhaul

---
 .gitignore         |   4 +-
 app.py             | 178 +++++++++++++++++++++++++++++++++++----------
 links/links.db     | Bin 16384 -> 16384 bytes
 requirements.txt   |   4 +-
 templates/login.j2 |   9 +--
 5 files changed, 147 insertions(+), 48 deletions(-)

diff --git a/.gitignore b/.gitignore
index 9b235d9..d467373 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,4 +15,6 @@ venv.bak/
 
 .envrc
 .DS_Store
-.vscode/
\ No newline at end of file
+.vscode/
+
+users.db
\ No newline at end of file
diff --git a/app.py b/app.py
index 8eaa594..a105145 100644
--- a/app.py
+++ b/app.py
@@ -1,7 +1,13 @@
 import ldap as l
-from ldap3 import Server, Connection, ALL, MODIFY_REPLACE
-from flask import Flask, g, request, session, redirect, url_for, render_template
-from flask_simpleldap import LDAP
+from ldap3 import Server, Connection
+from ldap3.core.exceptions import LDAPBindError
+from flask import Flask, g, request, redirect, url_for, render_template, flash
+from flask_sqlalchemy import SQLAlchemy
+from flask_login import LoginManager, login_manager, current_user, login_user, \
+    logout_user, login_required
+from flask_wtf import FlaskForm
+from wtforms import StringField, PasswordField, BooleanField, SubmitField
+from wtforms.validators import DataRequired
 from flask_bootstrap import Bootstrap
 import short_url
 import os
@@ -12,6 +18,10 @@ Bootstrap(app)
 app.secret_key = 'asdf'
 app.debug = True
 
+app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///users.db'
+app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
+app.config['WTF_CSRF_SECRET_KEY'] = 'asdf'
+
 # Base
 app.config['LDAP_REALM_NAME'] = 'OpenLDAP Authentication'
 app.config['LDAP_HOST'] = os.environ.get('LDAP_HOST')
@@ -24,57 +34,142 @@ app.config['LDAP_OBJECTS_DN'] = 'dn'
 app.config['LDAP_OPENLDAP'] = True
 app.config['LDAP_USER_OBJECT_FILTER'] = '(&(objectclass=posixAccount)(uid=%s))'
 
+# Login cookies
+app.config['SESSION_COOKIE_DOMAIN'] = os.environ.get('COOKIE_DOMAIN')
+app.config['REMEMBER_COOKIE_DOMAIN'] = os.environ.get('COOKIE_DOMAIN')
+
 short_domain = os.environ.get('SHORT_DOMAIN')
 
-ldap = LDAP(app)
+db = SQLAlchemy(app)
+
+login_manager = LoginManager(app)
+login_manager.init_app(app)
+login_manager.login_view = 'login'
+
+db.create_all()
 
 server = Server(app.config['LDAP_HOST'])
 conn = Connection(server, app.config['LDAP_USERNAME'], app.config['LDAP_PASSWORD'], auto_bind=True)
 
+class User(db.Model):
+
+    __tablename__ = 'user'
+
+    id = db.Column(db.Integer, primary_key=True)
+    username = db.Column(db.String(100))
+    password = db.Column(db.String(128))
+    authenticated = db.Column(db.Boolean, default=False)
+ 
+    def __init__(self, username, password):
+        self.username = username
+        self.password = password
+ 
+    @staticmethod
+    def try_login(username, password):
+        conn.search(app.config['LDAP_BASE_DN'], app.config['LDAP_USER_OBJECT_FILTER'] % username, attributes=['*'])
+        if len(conn.entries) > 0:
+            Connection(app.config['LDAP_HOST'], conn.entries[0].entry_dn, password, auto_bind=True)
+            return
+        raise LDAPBindError
+ 
+    def is_authenticated(self):
+        return self.authenticated
+ 
+    def is_active(self):
+        return True
+ 
+    def is_anonymous(self):
+        return False
+ 
+    def get_id(self):
+        return self.id
+
+    def get_user_dict(self):
+        user = {'dn': '',
+                'firstName': '',
+                'lastName': '',
+                'email': '',
+                'userName': self.username,
+        }
+
+        conn.search(app.config['LDAP_BASE_DN'], app.config['LDAP_USER_OBJECT_FILTER'] % self.username, attributes=['*'])
+
+        user['dn'] = conn.entries[0].entry_dn
+        user['firstName'] = conn.entries[0].givenName.value
+        user['lastName'] = conn.entries[0].sn.value
+        user['email'] = conn.entries[0].mail.value
+
+        return user
+ 
+ 
+class LoginForm(FlaskForm):
+    username = StringField('Username', validators=[DataRequired()])
+    password = PasswordField('Password', validators=[DataRequired()])
+    remember_me = BooleanField('Remember Me')
+    submit = SubmitField('Sign In')
+
+
+@login_manager.user_loader
+def load_user(id):
+    return User.query.get(int(id))
+ 
+ 
 @app.before_request
-def before_request():
-    g.user = None
-    if 'user_id' in session:
-        # This is where you'd query your database to get the user info.
-        g.user = {}
+def get_current_user():
+    g.user = current_user
 
 
 @app.route('/')
-@ldap.login_required
+@login_required
 def index():
-    user_dict = ldap.get_object_details(session['user_id'])
-
-    if 'user_id' in session:
-        user = {'dn': 'cn={},cn=usergroup,ou=users,dc=technicalincompetence,dc=club'.format(user_dict['cn'][0].decode('ascii')),
-                'firstName': user_dict['givenName'][0].decode('ascii'),
-                'lastName': user_dict['sn'][0].decode('ascii'),
-                'email': user_dict['mail'][0].decode('ascii'),
-                'userName': user_dict['uid'][0].decode('ascii'),
-        }
-
-
-    return render_template('profile.j2', user = user, short_domain = short_domain)
+    return render_template('profile.j2', user = current_user.get_user_dict(), short_domain = short_domain)
 
 
 @app.route('/login', methods=['GET', 'POST'])
 def login():
-    if g.user:
+    if current_user.is_authenticated:
+        flash('You are already logged in.')
         return redirect(url_for('index'))
-    if request.method == 'POST':
-        user = request.form['user']
-        passwd = request.form['passwd']
-        test = ldap.bind_user(user, passwd)
-        if test is None or passwd == '':
-            return render_template('login.j2', error='Invalid credentials')
-        else:
-            session['user_id'] = request.form['user']
-            session['passwd'] = request.form['passwd']
-            return redirect('/')
-    return render_template('login.j2')
-
-
-@ldap.login_required
+ 
+    form = LoginForm(request.form)
+    print(form)
+    print(request.method)
+ 
+    if request.method == 'POST' and form.validate():
+        username = request.form.get('username')
+        password = request.form.get('password')
+        print(username)
+        print(password)
+ 
+        try:
+            User.try_login(username, password)
+        except LDAPBindError:
+            flash(
+                'Invalid username or password. Please try again.',
+                'danger')
+            return render_template('login.j2', form=form)
+
+        user = User.query.filter(User.username == username).first()
+
+        print(user)
+        if user is None:
+            user = User(username, password)
+            db.session.add(user)
+        user.authenticated = True
+        db.session.commit()
+        login_user(user, remember=form.remember_me.data)
+
+        print('You have successfully logged in.')
+        return redirect(url_for('index'))
+ 
+    if form.errors:
+        flash(form.errors, 'danger')
+ 
+    return render_template('login.j2', form=form)
+
+
 @app.route('/shorten', methods=['POST'])
+@login_required
 def shorten_url():
     if request.method == 'POST':
         url = request.form['url']
@@ -108,9 +203,14 @@ def expand_url(url):
 
 
 @app.route('/logout')
+@login_required
 def logout():
-    session.pop('user_id', None)
-    return redirect(url_for('index'))
+    user = current_user
+    user.authenticated = False
+    db.session.add(user)
+    db.session.commit()
+    logout_user()
+    return redirect(url_for('game'))
 
 
 if __name__ == '__main__':
diff --git a/links/links.db b/links/links.db
index 56393c0f5fd666fb14831a531a451a535c836a3e..244b34f5efcf89d06881e839679325ce254e898a 100644
GIT binary patch
delta 114
zcmZo@U~Fh$oFL7}F;T{um4iXg{^rJ%1^j%h{0a>G7x-85$M8GwD{K}N;Nw@2V`XM=
z&L}A<u+rDh$xlwq$;dA*u`)F<Fwjp=%uOwx>>z&xsPPE{{~!Ku{2%yV@juxtsBnp&
Sjg^^^k(G7xD}7M`Mpgju&L86d

delta 70
zcmZo@U~Fh$oFL7}K2gS*m7PJ)`OwCc1^hfL{0<EK7x-85$M8FBR#Y(HpX?xi1StB7
af&UNxH~tU&uQm%B+~VK-N?%lfkp%$18x<x1

diff --git a/requirements.txt b/requirements.txt
index a01aff4..562983f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,5 +3,7 @@ Flask-Bootstrap4==4.0.2
 Flask-Login==0.5.0
 Flask-SimpleLDAP==1.4.0
 python-ldap==3.2.0
-ldap3==2.7
+ldap3==2.8.1
 short_url==1.2.2
+Flask-SQLAlchemy==2.4.4
+Flask-WTF==0.14.3
diff --git a/templates/login.j2 b/templates/login.j2
index e6919ce..4822917 100644
--- a/templates/login.j2
+++ b/templates/login.j2
@@ -1,3 +1,4 @@
+{% import "bootstrap/wtf.html" as wtf %}
 {% extends "bootstrap/base.html" %}
 {% block title %}Technical Incompetence Link Shortener{% endblock %}
 
@@ -26,12 +27,6 @@
         </div>
         {% endif %}
 
-        <form action="" method="post">
-            <label for="exampleFormControlInput1">Username</label>
-            <input name="user" class="form-control"><br>
-            <label for="exampleFormControlInput2">Password</label>
-            <input type="password" name="passwd" class="form-control"><br>
-            <button type="submit" class="btn btn-primary">Log In</button>
-        </form>
+        {{wtf.quick_form(form, novalidate=True)}}
     </div>
 {% endblock %}
\ No newline at end of file