diff options
-rw-r--r-- | app.py | 21 | ||||
-rw-r--r-- | templates/settings.html | 2 | ||||
-rw-r--r-- | utils.py | 14 |
3 files changed, 27 insertions, 10 deletions
@@ -3,8 +3,9 @@ import flaskext_compat flaskext_compat.activate() +import account import os -from flask import Flask, request, redirect, url_for, flash, session +from flask import flash, Flask, g, redirect, request, session, url_for from utils import templated, login_required, encrypt_password, decrypt_password, login_user, logout_user from forms import RegisterForm, LoginForm, SettingsForm @@ -14,6 +15,18 @@ app.config.from_object('default_settings') if 'SPLINE_ACCOUNT_WEB_SETTINGS' in os.environ: app.config.from_envvar('SPLINE_ACCOUNT_WEB_SETTINGS') +@app.before_request +def ldap_connect(): + g.ldap = account.AccountService(account.LDAP_HOST, account.LDAP_BASE_DN, + account.LDAP_ADMIN_USER, account.LDAP_ADMIN_PASS, account.SERVICES) + + if 'username' in session and 'password' in session: + try: + g.user = g.ldap.auth(session['username'], decrypt_password(session['password'])) + except ldap.INVALID_CREDENTIALS: + # we had crap in the session, delete it + logout_user() + @app.route('/', methods=['GET', 'POST']) @templated('index.html') @@ -21,8 +34,8 @@ def index(): form = LoginForm(request.form) if request.method == 'POST' and form.validate(): if login_user(form.username.data, form.password.data): - flash(u'Erfolgreich eingeloggt (%s)' % session['username']) - return redirect(url_for('index')) + flash(u'Erfolgreich eingeloggt (als %s)' % session['username']) + return redirect(url_for('settings')) else: flash(u'Ungültiger Benutzername und/oder Passwort', 'error') @@ -47,7 +60,7 @@ def register(): @templated('settings.html') @login_required def settings(): - form = SettingsForm(request.form, mail='mail aus ldap #TODO') + form = SettingsForm(request.form, mail=g.user.mail) if request.method == 'POST' and form.validate(): flash(u'Gespeichert. Nicht.') return redirect(url_for('index')) diff --git a/templates/settings.html b/templates/settings.html index addd137..de7f898 100644 --- a/templates/settings.html +++ b/templates/settings.html @@ -24,5 +24,7 @@ {%- else %} setzen {%- endif %} + </li> + {%- endfor %} </form> {%- endblock %} @@ -1,6 +1,7 @@ # -*- coding: utf-8 -*- +import ldap from functools import wraps -from flask import flash, request, redirect, render_template, session, url_for +from flask import flash, g, redirect, render_template, request, session, url_for from random import randint from Crypto.Cipher import AES from werkzeug.exceptions import Forbidden @@ -28,21 +29,21 @@ def templated(template=None): def login_required(f): @wraps(f) def login_required_(*args, **kwargs): - if 'username' not in session: + if not g.user: raise Forbidden return f(*args, **kwargs) return login_required_ def login_user(username, password): -# if not ldap_bind(): -# return False + try: + g.user = g.ldap.auth(username, password) + except ldap.INVALID_CREDENTIALS: + return False session['username'] = username session['password'] = encrypt_password(password) - #ldap_unbind() - return True @@ -74,5 +75,6 @@ def decrypt_password(ciphertext): return encryptor.decrypt(ciphertext[16:]).rstrip('\0') + # circular import from app import app |