do it my own way
This commit is contained in:
parent
06e421fca8
commit
9df7d53dce
|
@ -5,8 +5,16 @@ import octoprint.plugin
|
||||||
from octoprint.users import FilebasedUserManager, User
|
from octoprint.users import FilebasedUserManager, User
|
||||||
from octoprint.settings import settings
|
from octoprint.settings import settings
|
||||||
import ldap
|
import ldap
|
||||||
|
import ldap3
|
||||||
|
import ldap3.utils.dn
|
||||||
import uuid
|
import uuid
|
||||||
|
|
||||||
|
LDAP_SERVER = ldap3.Server("pool.ldap.ehlab.uk", tls=ldap3.Tls(validate=ssl.CERT_REQUIRED, version=ssl.PROTOCOL_TLSv1_2))
|
||||||
|
LDAP_BASE = 'dc=edinburghhacklab,dc=com'
|
||||||
|
LDAP_GROUPS = ["octoprint"]
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
class LDAPUserManager(FilebasedUserManager,
|
class LDAPUserManager(FilebasedUserManager,
|
||||||
octoprint.plugin.SettingsPlugin,
|
octoprint.plugin.SettingsPlugin,
|
||||||
|
@ -17,27 +25,59 @@ class LDAPUserManager(FilebasedUserManager,
|
||||||
# - chaeckPassword called, if it return True
|
# - chaeckPassword called, if it return True
|
||||||
# - login_user called with User returned by previous findUser
|
# - login_user called with User returned by previous findUser
|
||||||
|
|
||||||
|
def ldapify_groups(self, groups):
|
||||||
|
output = []
|
||||||
|
for group in groups:
|
||||||
|
output.append('cn={},ou=Groups,ou=People,dc=edinburghhacklab,dc=com'.format(group))
|
||||||
|
return output
|
||||||
|
|
||||||
|
|
||||||
|
def check_auth(self, username, password):
|
||||||
|
if username in [None, ''] or password in [None, '']:
|
||||||
|
return None
|
||||||
|
ldap_conn = ldap3.Connection(LDAP_SERVER, auto_bind=ldap3.AUTO_BIND_TLS_BEFORE_BIND)
|
||||||
|
ldap_conn.search(search_base=LDAP_BASE,
|
||||||
|
search_filter='(&(objectClass=account)(uid={}))'.format(username),
|
||||||
|
search_scope=ldap3.SUBTREE,
|
||||||
|
attributes=['uid', 'memberOf'])
|
||||||
|
if len(ldap_conn.response) > 0:
|
||||||
|
dn = ldap_conn.response[0]['dn']
|
||||||
|
try:
|
||||||
|
bind_conn = ldap3.Connection(LDAP_SERVER, user=dn, password=password, auto_bind=ldap3.AUTO_BIND_TLS_BEFORE_BIND)
|
||||||
|
if bind_conn:
|
||||||
|
return ldap_conn.response[0]['attributes']
|
||||||
|
except ldap3.core.exceptions.LDAPBindError:
|
||||||
|
pass
|
||||||
|
return None
|
||||||
|
|
||||||
def checkPassword(self, username, password):
|
def checkPassword(self, username, password):
|
||||||
try:
|
try:
|
||||||
connection = self.getLDAPClient()
|
#connection = self.getLDAPClient()
|
||||||
|
|
||||||
username = self.escapeLDAP(username)
|
#username = self.escapeLDAP(username)
|
||||||
dn = self.findLDAPUser(username)
|
#dn = self.findLDAPUser(username)
|
||||||
if dn is None:
|
#if dn is None:
|
||||||
return False
|
# return False
|
||||||
connection.bind_s(dn, password)
|
#connection.bind_s(dn, password)
|
||||||
connection.unbind_s()
|
#connection.unbind_s()
|
||||||
|
|
||||||
|
data = check_auth(self, username, password)
|
||||||
|
|
||||||
|
for group in ldapify_groups(LDAP_GROUPS):
|
||||||
|
if group in data.get('memberOf', []):
|
||||||
user = FilebasedUserManager.findUser(self, username)
|
user = FilebasedUserManager.findUser(self, username)
|
||||||
if not user:
|
if not user:
|
||||||
self._logger.debug("Add new user")
|
self._logger.debug("Add new user")
|
||||||
self.addUser(username, str(uuid.uuid4()), True)
|
self.addUser(username, str(uuid.uuid4()), True)
|
||||||
return True
|
return True
|
||||||
|
else:
|
||||||
|
self._logger.error("LDAP-CAMERON: user or password incorrect."")
|
||||||
|
return False
|
||||||
|
|
||||||
except ldap.INVALID_CREDENTIALS:
|
except ldap.INVALID_CREDENTIALS:
|
||||||
self._logger.error("LDAP : Your username or password is incorrect.")
|
self._logger.error("LDAP : Your username or password is incorrect.")
|
||||||
return FilebasedUserManager.checkPassword(self, username, password)
|
return FilebasedUserManager.checkPassword(self, username, password)
|
||||||
except ldap.LDAPError, e:
|
except Exception as e:
|
||||||
if type(e.message) == dict:
|
if type(e.message) == dict:
|
||||||
for (k, v) in e.message.iteritems():
|
for (k, v) in e.message.iteritems():
|
||||||
self._logger.error("%s: %sn" % (k, v))
|
self._logger.error("%s: %sn" % (k, v))
|
||||||
|
@ -54,7 +94,6 @@ class LDAPUserManager(FilebasedUserManager,
|
||||||
local_user = FilebasedUserManager.findUser(self, userid, apikey, session)
|
local_user = FilebasedUserManager.findUser(self, userid, apikey, session)
|
||||||
#If user not exists in local database, search it on LDAP
|
#If user not exists in local database, search it on LDAP
|
||||||
if userid and not local_user:
|
if userid and not local_user:
|
||||||
if(self.findLDAPUser(userid)):
|
|
||||||
#Return a fake user instance
|
#Return a fake user instance
|
||||||
return User(userid, str(uuid.uuid4()), True, ["user"])
|
return User(userid, str(uuid.uuid4()), True, ["user"])
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user