diff options
author | Alexander Sulfrian <alex@spline.inf.fu-berlin.de> | 2016-01-10 05:08:36 +0100 |
---|---|---|
committer | Alexander Sulfrian <alex@spline.inf.fu-berlin.de> | 2016-01-10 05:08:36 +0100 |
commit | 1ec270de4390f215f874e8fad23736ce978c1bbd (patch) | |
tree | f56ebd30ec7648f785b558e499148d424bc55147 /utils/login.py | |
parent | 915c05c05a5b510d53042944582dc62c7d3f28d1 (diff) | |
download | padlite-teams-1ec270de4390f215f874e8fad23736ce978c1bbd.tar.gz padlite-teams-1ec270de4390f215f874e8fad23736ce978c1bbd.tar.bz2 padlite-teams-1ec270de4390f215f874e8fad23736ce978c1bbd.zip |
Use sqlalchemy, flask-migrate, flask-login and flask-script
No peewee anymore. All dependencies are available as debian packages now.
Diffstat (limited to 'utils/login.py')
-rw-r--r-- | utils/login.py | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/utils/login.py b/utils/login.py new file mode 100644 index 0000000..e6c8f21 --- /dev/null +++ b/utils/login.py @@ -0,0 +1,40 @@ +import ldap +from functools import reduce + + +def user_cls(login): + def decorator(cls): + login.user_loader(lambda uid: cls.query.get(uid)) + return cls + return decorator + + +def _format_dn(attr, base_dn=None): + attr = [attr] + if base_dn is not None: + attr.extend(base_dn) + + return ','.join(['%s=%s' % (key, ldap.dn.escape_dn_chars(value)) + for (key, value) in attr]) + + +def auth(config, model, username, password): + ldap.protocol_version = 3 + l = ldap.initialize(config['host']) + l.set_option(ldap.OPT_X_TLS_DEMAND, True) + try: + user_dn = _format_dn(('uid', username), config['base_dn']) + l.simple_bind_s(user_dn, password) + except ldap.INVALID_CREDENTIALS: + return None + + user = model.query.filter_by(name=username).first() + if user is None: + user_data = l.search_s(user_dn, ldap.SCOPE_BASE) + if len(user_data) != 1: + return None + + (dn, user_data) = user_data[0] + user = model.create(name=username, email=user_data['mail'][0]) + + return user |