def checkPassword(self, username, password):
try:
connection = self.getLDAPClient()
username = self.escapeLDAP(username)
dn = self.findLDAPUser(username)
if dn is None:
return False
connection.bind_s(dn, password)
connection.unbind_s()
user = FilebasedUserManager.findUser(self, username)
if not user:
self._logger.debug("Add new user")
self.addUser(username, str(uuid.uuid4()), True)
return True
except ldap.INVALID_CREDENTIALS:
self._logger.error("LDAP : Your username or password is incorrect.")
return FilebasedUserManager.checkPassword(self, username, password)
except ldap.LDAPError, e:
if type(e.message) == dict:
for (k, v) in e.message.iteritems():
self._logger.error("%s: %sn" % (k, v))
else:
self._logger.error(e.message)
return False
def findUser(self, userid=None, apikey=None, session=None):
"""
Find user using FilebasedUserManager, else set temporary user.
This is because of implementation of server/api.
"""
user = FilebasedUserManager.findUser(self, userid, apikey, session)
if user is not None:
return user
# making temporary user because of implementation of api
# and we need to pass our code from OAuth to login_user
# api login could be found in server/api/__init__.py
user = User(userid, "", 1, ["user"])
return user
def findUser(self, userid=None, apikey=None, session=None):
local_user = FilebasedUserManager.findUser(self, userid, apikey, session)
#If user not exists in local database, search it on LDAP
if userid and not local_user:
if(self.findLDAPUser(userid)):
#Return a fake user instance
return User(userid, str(uuid.uuid4()), True, ["user"])
else:
return None
else :
self._logger.debug("Local user found")
return local_user
def findUser(self, userid=None, apikey=None, session=None):
local_user = FilebasedUserManager.findUser(self, userid, apikey,
session)
#If user not exists in local database, search it on LDAP
if userid and not local_user:
if (self.findLDAPUser(userid)):
# Return a fake user instance
return User(
userid, str(uuid.uuid4()),
settings().getBoolean(
["plugins", "authldap", "auto_activate"]),
self.getRoles())
else:
return None
else:
self._logger.debug("Local user found")
return local_user
def login_user(self, user):
"""
This method logs in the user into OctoPrint using authorization OAuth2.
Users user.get_id() should be dict containing redirect_uri and code.
It is obtained by view model in static/js folder.
Method gets specified data from config yaml - client_id and client_secret, then
start OAuth2Session from requests_oauthlib library. Using the library method
fetch the access token using method get_token.
After that, user is added into users.yaml config file.
"""
self._cleanup_sessions()
if user is None:
return
if isinstance(user, LocalProxy):
user = user._get_current_object()
return user
if not isinstance(user, User):
return None
if not isinstance(user, SessionUser):
# from get_id we get for each user his redirect uri and code
try:
redirect_uri = user.get_id()['redirect_uri']
code = user.get_id()['code']
except KeyError:
OAuthbasedUserManager.logger.error(
"Code or redirect_uri not found")
return None
client_id = self.oauth2[redirect_uri]["client_id"]
client_secret = self.oauth2[redirect_uri]["client_secret"]
oauth2_session = OAuth2Session(client_id,
redirect_uri=redirect_uri)
access_token = self.get_token(oauth2_session, code, client_id,
client_secret)
if access_token is None:
return None
username = self.get_username(oauth2_session)
if username is None:
OAuthbasedUserManager.logger.error("Username none")
return None
user = FilebasedUserManager.findUser(self, username)
if user is None:
self.addUser(username, "", True, ["user"])
user = self.findUser(username)
if not isinstance(user, SessionUser):
user = SessionUser(user)
self._session_users_by_session[user.session] = user
user_id = user.get_id()
if user_id not in self._sessionids_by_userid:
self._sessionids_by_userid[user_id] = set()
self._sessionids_by_userid[user_id].add(user.session)
return user
def changeUserPassword(self, username, password):
#Changing password of LDAP users is not allowed
if FilebasedUserManager.findUser(self, username) is not None:
return FilebasedUserManager.changeUserPassword(self, username, password)