use AccountService

Add it to the request context (as `g.ldap`); Use it for login; Connect
to ldap on request startup and store the user object as `g.user`.

3 files changed, 27 insertions, 10 deletions

diff --git a/app.py b/app.py
index 46ca682..4819a51 100644
--- a/app.py
+++ b/app.py
@@ -3,8 +3,9 @@
 import flaskext_compat
 flaskext_compat.activate()
 
+import account
 import os
-from flask import Flask, request, redirect, url_for, flash, session
+from flask import flash, Flask, g, redirect, request, session, url_for
 from utils import templated, login_required, encrypt_password, decrypt_password, login_user, logout_user
 from forms import RegisterForm, LoginForm, SettingsForm
 
@@ -14,6 +15,18 @@ app.config.from_object('default_settings')
 if 'SPLINE_ACCOUNT_WEB_SETTINGS' in os.environ:
     app.config.from_envvar('SPLINE_ACCOUNT_WEB_SETTINGS')
 
+@app.before_request
+def ldap_connect():
+    g.ldap = account.AccountService(account.LDAP_HOST, account.LDAP_BASE_DN,
+        account.LDAP_ADMIN_USER, account.LDAP_ADMIN_PASS, account.SERVICES)
+
+    if 'username' in session and 'password' in session:
+        try:
+            g.user = g.ldap.auth(session['username'], decrypt_password(session['password']))
+        except ldap.INVALID_CREDENTIALS:
+            # we had crap in the session, delete it
+            logout_user()
+
 
 @app.route('/', methods=['GET', 'POST'])
 @templated('index.html')
@@ -21,8 +34,8 @@ def index():
     form = LoginForm(request.form)
     if request.method == 'POST' and form.validate():
         if login_user(form.username.data, form.password.data):
-            flash(u'Erfolgreich eingeloggt (%s)' % session['username'])
-            return redirect(url_for('index'))
+            flash(u'Erfolgreich eingeloggt (als %s)' % session['username'])
+            return redirect(url_for('settings'))
         else:
             flash(u'Ungültiger Benutzername und/oder Passwort', 'error')
 
@@ -47,7 +60,7 @@ def register():
 @templated('settings.html')
 @login_required
 def settings():
-    form = SettingsForm(request.form, mail='mail aus ldap #TODO')
+    form = SettingsForm(request.form, mail=g.user.mail)
     if request.method == 'POST' and form.validate():
         flash(u'Gespeichert. Nicht.')
         return redirect(url_for('index'))
diff --git a/templates/settings.html b/templates/settings.html
index addd137..de7f898 100644
--- a/templates/settings.html
+++ b/templates/settings.html
@@ -24,5 +24,7 @@
       {%- else %}
       setzen
       {%- endif %}
+    </li>
+    {%- endfor %}
 </form>
 {%- endblock %}
diff --git a/utils.py b/utils.py
index 39d07de..da6d741 100644
--- a/utils.py
+++ b/utils.py
@@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-
+import ldap
 from functools import wraps
-from flask import flash, request, redirect, render_template, session, url_for
+from flask import flash, g, redirect, render_template, request, session, url_for
 from random import randint
 from Crypto.Cipher import AES
 from werkzeug.exceptions import Forbidden
@@ -28,21 +29,21 @@ def templated(template=None):
 def login_required(f):
     @wraps(f)
     def login_required_(*args, **kwargs):
-        if 'username' not in session:
+        if not g.user:
             raise Forbidden
         return f(*args, **kwargs)
     return login_required_
 
 
 def login_user(username, password):
-#    if not ldap_bind():
-#        return False
+    try:
+        g.user = g.ldap.auth(username, password)
+    except ldap.INVALID_CREDENTIALS:
+        return False
 
     session['username'] = username
     session['password'] = encrypt_password(password)
 
-    #ldap_unbind()
-
     return True
 
 
@@ -74,5 +75,6 @@ def decrypt_password(ciphertext):
     return encryptor.decrypt(ciphertext[16:]).rstrip('\0')
 
 
+
 # circular import
 from app import app