summaryrefslogtreecommitdiffstats
path: root/utils/login.py
blob: e6c8f21b99b73b9323448b75703f3d7011afcd00 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

import ldap
from functools import reduce


def user_cls(login):
    def decorator(cls):
        login.user_loader(lambda uid: cls.query.get(uid))
        return cls
    return decorator


def _format_dn(attr, base_dn=None):
    attr = [attr]
    if base_dn is not None:
        attr.extend(base_dn)

    return ','.join(['%s=%s' % (key, ldap.dn.escape_dn_chars(value))
                     for (key, value) in attr])


def auth(config, model, username, password):
    ldap.protocol_version = 3
    l = ldap.initialize(config['host'])
    l.set_option(ldap.OPT_X_TLS_DEMAND, True)
    try:
	user_dn = _format_dn(('uid', username), config['base_dn'])
	l.simple_bind_s(user_dn, password)
    except ldap.INVALID_CREDENTIALS:
	return None

    user = model.query.filter_by(name=username).first()
    if user is None:
	user_data = l.search_s(user_dn, ldap.SCOPE_BASE)
	if len(user_data) != 1:
	    return None

	(dn, user_data) = user_data[0]
	user = model.create(name=username, email=user_data['mail'][0])

    return user
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-05-18 19:08:44 +0000