def login(): errors = [] if 'username' in request.form: if app.config['LDAP_AUTH']: if len(request.form['password']) > 0: o = orthrus.Orthrus( ldap_uri=app.config['LDAP_URI'], user_template_dn=app.config['LDAP_AUTH_DN'], group_base_dn=app.config['LDAP_BASE_DN'], role_mapping={ 'admin': app.config['LDAP_GROUPS_ADMIN'], 'content': app.config['LDAP_GROUPS_CONTENT'], 'business': app.config['LDAP_GROUPS_BUSINESS'], 'library': app.config['LDAP_GROUPS_LIBRARY'], 'missioncontrol': app.config['LDAP_GROUPS_MISSIONCONTROL'], }, verify=app.config['LDAP_VERIFY']) try: r = o.authenticate(request.form['username'], request.form['password'], ['uid', 'cn', 'mail']) if r[0] is True: user = User.query.filter( User.username == r[1]['uid'][0]).first() if user is None: # create new user in the database, since one does # not already exist for this orthrus user user = User(r[1]['uid'][0], r[1]['cn'][0], r[1]['mail'][0]) db.session.add(user) db.session.commit() else: # update existing user data in database user.name = r[1]['cn'][0] user.email = r[1]['mail'][0] db.session.commit() login_user(user) session['username'] = user.username session['access'] = r[2] log_auth_success("orthrus", user.username, request) return redirect_back('admin.index') else: log_auth_failure("orthrus", request.form['username'], request) errors.append("Invalid username or password.") except Exception as e: app.logger.error("wuvt-site: orthrus: {}".format(e)) errors.append("Authentication backend error.") else: log_auth_failure("orthrus", request.form['username'], request) errors.append("Invalid username or password.") else: user = User.query.filter( User.username == request.form['username']).first() if user and user.check_password(request.form['password']): login_user(user) session['username'] = user.username session['access'] = [ 'admin', 'content', 'library', 'missioncontrol', 'business' ] log_auth_success("DB", user.username, request) return redirect_back('admin.index') else: log_auth_failure("DB", request.form['username'], request) errors.append("Invalid username or password.") return render_template('auth/login.html', next=request.values.get('next') or "", errors=errors)
def login(): errors = [] if 'username' in request.form: if app.config['LDAP_AUTH']: if len(request.form['password']) > 0: dn = build_dn(request.form['username']) try: client = ldap.initialize(app.config['LDAP_URI']) client.set_option(ldap.OPT_REFERRALS, 0) if app.config['LDAP_STARTTLS']: client.start_tls_s() client.simple_bind_s(dn, request.form['password']) except ldap.INVALID_CREDENTIALS: client.unbind() errors.append("Invalid username or password.") except ldap.SERVER_DOWN as e: errors.append("Could not contact the LDAP server.") app.logger.error("Could not contact the LDAP server: " "{}".format(e)) else: result = client.search_s(dn, ldap.SCOPE_SUBTREE) user = User.query.filter( User.username == result[0][1]['uid'][0]).first() if user is None: # create new user in the database, since one does not # already exist for this LDAP user user = User(result[0][1]['uid'][0], result[0][1]['cn'][0], result[0][1]['mail'][0]) db.session.add(user) db.session.commit() else: # update existing user data in database user.name = result[0][1]['cn'][0] user.email = result[0][1]['mail'][0] db.session.commit() login_user(user) session['username'] = user.username session['access'] = [] if ldap_group_test(client, app.config['LDAP_GROUPS_ADMIN'], user.username): session['access'].append('admin') if ldap_group_test(client, app.config['LDAP_GROUPS_LIBRARY'], user.username): session['access'].append('library') if ldap_group_test(client, app.config['LDAP_GROUPS_RADIOTHON'], user.username): session['access'].append('missioncontrol') if ldap_group_test(client, app.config['LDAP_GROUPS_BUSINESS'], user.username): session['access'].append('business') app.logger.warning("LDAP user {} logged in.".format( user.username)) client.unbind() return redirect_back('admin.index') else: errors.append("Invalid username or password.") else: user = User.query.filter( User.username == request.form['username']).first() if user and user.check_password(request.form['password']): login_user(user) session['username'] = user.username session['access'] = ['admin', 'library', 'missioncontrol', 'business'] app.logger.warning("Database user {} logged in.".format( user.username)) return redirect_back('admin.index') else: errors.append("Invalid username or password.") return render_template('auth/login.html', next=request.values.get('next') or "", errors=errors)