do it my own way
This commit is contained in:
parent
06e421fca8
commit
9df7d53dce
|
|
@ -5,8 +5,16 @@ import octoprint.plugin
|
|||
from octoprint.users import FilebasedUserManager, User
|
||||
from octoprint.settings import settings
|
||||
import ldap
|
||||
import ldap3
|
||||
import ldap3.utils.dn
|
||||
import uuid
|
||||
|
||||
LDAP_SERVER = ldap3.Server("pool.ldap.ehlab.uk", tls=ldap3.Tls(validate=ssl.CERT_REQUIRED, version=ssl.PROTOCOL_TLSv1_2))
|
||||
LDAP_BASE = 'dc=edinburghhacklab,dc=com'
|
||||
LDAP_GROUPS = ["octoprint"]
|
||||
|
||||
|
||||
|
||||
|
||||
class LDAPUserManager(FilebasedUserManager,
|
||||
octoprint.plugin.SettingsPlugin,
|
||||
|
|
@ -17,27 +25,59 @@ class LDAPUserManager(FilebasedUserManager,
|
|||
# - chaeckPassword called, if it return True
|
||||
# - login_user called with User returned by previous findUser
|
||||
|
||||
def ldapify_groups(self, groups):
|
||||
output = []
|
||||
for group in groups:
|
||||
output.append('cn={},ou=Groups,ou=People,dc=edinburghhacklab,dc=com'.format(group))
|
||||
return output
|
||||
|
||||
|
||||
def check_auth(self, username, password):
|
||||
if username in [None, ''] or password in [None, '']:
|
||||
return None
|
||||
ldap_conn = ldap3.Connection(LDAP_SERVER, auto_bind=ldap3.AUTO_BIND_TLS_BEFORE_BIND)
|
||||
ldap_conn.search(search_base=LDAP_BASE,
|
||||
search_filter='(&(objectClass=account)(uid={}))'.format(username),
|
||||
search_scope=ldap3.SUBTREE,
|
||||
attributes=['uid', 'memberOf'])
|
||||
if len(ldap_conn.response) > 0:
|
||||
dn = ldap_conn.response[0]['dn']
|
||||
try:
|
||||
bind_conn = ldap3.Connection(LDAP_SERVER, user=dn, password=password, auto_bind=ldap3.AUTO_BIND_TLS_BEFORE_BIND)
|
||||
if bind_conn:
|
||||
return ldap_conn.response[0]['attributes']
|
||||
except ldap3.core.exceptions.LDAPBindError:
|
||||
pass
|
||||
return None
|
||||
|
||||
def checkPassword(self, username, password):
|
||||
try:
|
||||
connection = self.getLDAPClient()
|
||||
#connection = self.getLDAPClient()
|
||||
|
||||
username = self.escapeLDAP(username)
|
||||
dn = self.findLDAPUser(username)
|
||||
if dn is None:
|
||||
return False
|
||||
connection.bind_s(dn, password)
|
||||
connection.unbind_s()
|
||||
#username = self.escapeLDAP(username)
|
||||
#dn = self.findLDAPUser(username)
|
||||
#if dn is None:
|
||||
# return False
|
||||
#connection.bind_s(dn, password)
|
||||
#connection.unbind_s()
|
||||
|
||||
data = check_auth(self, username, password)
|
||||
|
||||
user = FilebasedUserManager.findUser(self, username)
|
||||
if not user:
|
||||
self._logger.debug("Add new user")
|
||||
self.addUser(username, str(uuid.uuid4()), True)
|
||||
return True
|
||||
for group in ldapify_groups(LDAP_GROUPS):
|
||||
if group in data.get('memberOf', []):
|
||||
user = FilebasedUserManager.findUser(self, username)
|
||||
if not user:
|
||||
self._logger.debug("Add new user")
|
||||
self.addUser(username, str(uuid.uuid4()), True)
|
||||
return True
|
||||
else:
|
||||
self._logger.error("LDAP-CAMERON: user or password incorrect."")
|
||||
return False
|
||||
|
||||
except ldap.INVALID_CREDENTIALS:
|
||||
self._logger.error("LDAP : Your username or password is incorrect.")
|
||||
return FilebasedUserManager.checkPassword(self, username, password)
|
||||
except ldap.LDAPError, e:
|
||||
except Exception as e:
|
||||
if type(e.message) == dict:
|
||||
for (k, v) in e.message.iteritems():
|
||||
self._logger.error("%s: %sn" % (k, v))
|
||||
|
|
@ -54,9 +94,8 @@ class LDAPUserManager(FilebasedUserManager,
|
|||
local_user = FilebasedUserManager.findUser(self, userid, apikey, session)
|
||||
#If user not exists in local database, search it on LDAP
|
||||
if userid and not local_user:
|
||||
if(self.findLDAPUser(userid)):
|
||||
#Return a fake user instance
|
||||
return User(userid, str(uuid.uuid4()), True, ["user"])
|
||||
return User(userid, str(uuid.uuid4()), True, ["user"])
|
||||
|
||||
else:
|
||||
return None
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user