do it my own way

This commit is contained in:
cazagen 2019-11-11 23:43:39 +00:00
parent 06e421fca8
commit 9df7d53dce

View File

@ -5,8 +5,16 @@ import octoprint.plugin
from octoprint.users import FilebasedUserManager, User from octoprint.users import FilebasedUserManager, User
from octoprint.settings import settings from octoprint.settings import settings
import ldap import ldap
import ldap3
import ldap3.utils.dn
import uuid import uuid
LDAP_SERVER = ldap3.Server("pool.ldap.ehlab.uk", tls=ldap3.Tls(validate=ssl.CERT_REQUIRED, version=ssl.PROTOCOL_TLSv1_2))
LDAP_BASE = 'dc=edinburghhacklab,dc=com'
LDAP_GROUPS = ["octoprint"]
class LDAPUserManager(FilebasedUserManager, class LDAPUserManager(FilebasedUserManager,
octoprint.plugin.SettingsPlugin, octoprint.plugin.SettingsPlugin,
@ -17,27 +25,59 @@ class LDAPUserManager(FilebasedUserManager,
# - chaeckPassword called, if it return True # - chaeckPassword called, if it return True
# - login_user called with User returned by previous findUser # - login_user called with User returned by previous findUser
def ldapify_groups(self, groups):
output = []
for group in groups:
output.append('cn={},ou=Groups,ou=People,dc=edinburghhacklab,dc=com'.format(group))
return output
def check_auth(self, username, password):
if username in [None, ''] or password in [None, '']:
return None
ldap_conn = ldap3.Connection(LDAP_SERVER, auto_bind=ldap3.AUTO_BIND_TLS_BEFORE_BIND)
ldap_conn.search(search_base=LDAP_BASE,
search_filter='(&(objectClass=account)(uid={}))'.format(username),
search_scope=ldap3.SUBTREE,
attributes=['uid', 'memberOf'])
if len(ldap_conn.response) > 0:
dn = ldap_conn.response[0]['dn']
try:
bind_conn = ldap3.Connection(LDAP_SERVER, user=dn, password=password, auto_bind=ldap3.AUTO_BIND_TLS_BEFORE_BIND)
if bind_conn:
return ldap_conn.response[0]['attributes']
except ldap3.core.exceptions.LDAPBindError:
pass
return None
def checkPassword(self, username, password): def checkPassword(self, username, password):
try: try:
connection = self.getLDAPClient() #connection = self.getLDAPClient()
username = self.escapeLDAP(username) #username = self.escapeLDAP(username)
dn = self.findLDAPUser(username) #dn = self.findLDAPUser(username)
if dn is None: #if dn is None:
return False # return False
connection.bind_s(dn, password) #connection.bind_s(dn, password)
connection.unbind_s() #connection.unbind_s()
data = check_auth(self, username, password)
for group in ldapify_groups(LDAP_GROUPS):
if group in data.get('memberOf', []):
user = FilebasedUserManager.findUser(self, username) user = FilebasedUserManager.findUser(self, username)
if not user: if not user:
self._logger.debug("Add new user") self._logger.debug("Add new user")
self.addUser(username, str(uuid.uuid4()), True) self.addUser(username, str(uuid.uuid4()), True)
return True return True
else:
self._logger.error("LDAP-CAMERON: user or password incorrect."")
return False
except ldap.INVALID_CREDENTIALS: except ldap.INVALID_CREDENTIALS:
self._logger.error("LDAP : Your username or password is incorrect.") self._logger.error("LDAP : Your username or password is incorrect.")
return FilebasedUserManager.checkPassword(self, username, password) return FilebasedUserManager.checkPassword(self, username, password)
except ldap.LDAPError, e: except Exception as e:
if type(e.message) == dict: if type(e.message) == dict:
for (k, v) in e.message.iteritems(): for (k, v) in e.message.iteritems():
self._logger.error("%s: %sn" % (k, v)) self._logger.error("%s: %sn" % (k, v))
@ -54,7 +94,6 @@ class LDAPUserManager(FilebasedUserManager,
local_user = FilebasedUserManager.findUser(self, userid, apikey, session) local_user = FilebasedUserManager.findUser(self, userid, apikey, session)
#If user not exists in local database, search it on LDAP #If user not exists in local database, search it on LDAP
if userid and not local_user: if userid and not local_user:
if(self.findLDAPUser(userid)):
#Return a fake user instance #Return a fake user instance
return User(userid, str(uuid.uuid4()), True, ["user"]) return User(userid, str(uuid.uuid4()), True, ["user"])