use AccountService

Add it to the request context (as `g.ldap`); Use it for login; Connect
to ldap on request startup and store the user object as `g.user`.

1 files changed, 8 insertions, 6 deletions

diff --git a/utils.py b/utils.py
index 39d07de..da6d741 100644
--- a/utils.py
+++ b/utils.py
@@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-
+import ldap
 from functools import wraps
-from flask import flash, request, redirect, render_template, session, url_for
+from flask import flash, g, redirect, render_template, request, session, url_for
 from random import randint
 from Crypto.Cipher import AES
 from werkzeug.exceptions import Forbidden
@@ -28,21 +29,21 @@ def templated(template=None):
 def login_required(f):
     @wraps(f)
     def login_required_(*args, **kwargs):
-        if 'username' not in session:
+        if not g.user:
             raise Forbidden
         return f(*args, **kwargs)
     return login_required_
 
 
 def login_user(username, password):
-#    if not ldap_bind():
-#        return False
+    try:
+        g.user = g.ldap.auth(username, password)
+    except ldap.INVALID_CREDENTIALS:
+        return False
 
     session['username'] = username
     session['password'] = encrypt_password(password)
 
-    #ldap_unbind()
-
     return True
 
 
@@ -74,5 +75,6 @@ def decrypt_password(ciphertext):
     return encryptor.decrypt(ciphertext[16:]).rstrip('\0')
 
 
+
 # circular import
 from app import app