From 01f21083a897b86bf148f1d2bb9c8edca4d3786a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Fri, 25 Jan 2019 23:15:08 +0100 Subject: Rename virtual folder to nixops Fixes https://git.immae.eu/mantisbt/view.php?id=82 --- .../modules/websites/tools/mediagoblin/ldap_fix.py | 93 ++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 nixops/modules/websites/tools/mediagoblin/ldap_fix.py (limited to 'nixops/modules/websites/tools/mediagoblin/ldap_fix.py') diff --git a/nixops/modules/websites/tools/mediagoblin/ldap_fix.py b/nixops/modules/websites/tools/mediagoblin/ldap_fix.py new file mode 100644 index 0000000..10cc375 --- /dev/null +++ b/nixops/modules/websites/tools/mediagoblin/ldap_fix.py @@ -0,0 +1,93 @@ +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +from ldap3 import Server, Connection, SUBTREE +from ldap3.core.exceptions import LDAPException +import logging + +import six + +from mediagoblin.tools import pluginapi + +_log = logging.getLogger(__name__) + + +class LDAP(object): + def __init__(self): + self.ldap_settings = pluginapi.get_config('mediagoblin.plugins.ldap') + + def _connect(self, server): + _log.info('Connecting to {0}.'.format(server['LDAP_SERVER_URI'])) + self.server = Server(server['LDAP_SERVER_URI']) + + if 'LDAP_START_TLS' in server and server['LDAP_START_TLS'] == 'true': + _log.info('Initiating TLS') + self.server.start_tls() + + def _manager_auth(self, settings, username, password): + conn = Connection(self.server, + settings['LDAP_BIND_DN'], + settings['LDAP_BIND_PW'], + auto_bind=True) + found = conn.search( + search_base=settings['LDAP_SEARCH_BASE'], + search_filter=settings['LDAP_SEARCH_FILTER'].format(username=username), + search_scope=SUBTREE, + attributes=[settings['EMAIL_SEARCH_FIELD']]) + if (not found) or len(conn.entries) > 1: + return False, None + + user = conn.entries[0] + user_dn = user.entry_dn + try: + email = user.entry_attributes_as_dict[settings['EMAIL_SEARCH_FIELD']][0] + except KeyError: + email = None + + Connection(self.server, user_dn, password, auto_bind=True) + + return username, email + + def _direct_auth(self, settings, username, password): + user_dn = settings['LDAP_USER_DN_TEMPLATE'].format(username=username) + conn = Connection(self.server, user_dn, password, auto_bind=True) + email_found = conn.search( + search_base=settings['LDAP_SEARCH_BASE'], + search_filter='uid={0}'.format(username), + search_scope=SUBTREE, + attributes=[settings['EMAIL_SEARCH_FIELD']]) + + if email_found: + try: + email = conn.entries[0].entry_attributes_as_dict[settings['EMAIL_SEARCH_FIELD']][0] + except KeyError: + email = None + + return username, email + + def login(self, username, password): + for k, v in six.iteritems(self.ldap_settings): + try: + self._connect(v) + + if 'LDAP_BIND_DN' in v: + return self._manager_auth(v, username, password) + else: + return self._direct_auth(v, username, password) + + except LDAPException as e: + _log.info(e) + + return False, None -- cgit v1.2.3