aboutsummaryrefslogtreecommitdiff
path: root/flakes/mediagoblin/ldap_fix.py
blob: 10cc375cf31acc38463477392287b249c59c8fa0 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
from ldap3 import Server, Connection, SUBTREE
from ldap3.core.exceptions import LDAPException
import logging

import six

from mediagoblin.tools import pluginapi

_log = logging.getLogger(__name__)


class LDAP(object):
    def __init__(self):
        self.ldap_settings = pluginapi.get_config('mediagoblin.plugins.ldap')

    def _connect(self, server):
        _log.info('Connecting to {0}.'.format(server['LDAP_SERVER_URI']))
        self.server = Server(server['LDAP_SERVER_URI'])

        if 'LDAP_START_TLS' in server and server['LDAP_START_TLS'] == 'true':
            _log.info('Initiating TLS')
            self.server.start_tls()

    def _manager_auth(self, settings, username, password):
        conn = Connection(self.server,
                settings['LDAP_BIND_DN'],
                settings['LDAP_BIND_PW'],
                auto_bind=True)
        found = conn.search(
                search_base=settings['LDAP_SEARCH_BASE'],
                search_filter=settings['LDAP_SEARCH_FILTER'].format(username=username),
                search_scope=SUBTREE,
                attributes=[settings['EMAIL_SEARCH_FIELD']])
        if (not found) or len(conn.entries) > 1:
            return False, None

        user = conn.entries[0]
        user_dn = user.entry_dn
        try:
            email = user.entry_attributes_as_dict[settings['EMAIL_SEARCH_FIELD']][0]
        except KeyError:
            email = None

        Connection(self.server, user_dn, password, auto_bind=True)

        return username, email

    def _direct_auth(self, settings, username, password):
        user_dn = settings['LDAP_USER_DN_TEMPLATE'].format(username=username)
        conn = Connection(self.server, user_dn, password, auto_bind=True)
        email_found = conn.search(
                search_base=settings['LDAP_SEARCH_BASE'],
                search_filter='uid={0}'.format(username),
                search_scope=SUBTREE,
                attributes=[settings['EMAIL_SEARCH_FIELD']])

        if email_found:
            try:
                email = conn.entries[0].entry_attributes_as_dict[settings['EMAIL_SEARCH_FIELD']][0]
            except KeyError:
                email = None

        return username, email

    def login(self, username, password):
        for k, v in six.iteritems(self.ldap_settings):
            try:
                self._connect(v)

                if 'LDAP_BIND_DN' in v:
                    return self._manager_auth(v, username, password)
                else:
                    return self._direct_auth(v, username, password)

            except LDAPException as e:
                _log.info(e)

        return False, None