def login(): """ Function called when user logs in """ if g.user: return redirect(url_for('index')) if request.method == 'POST': username = request.form['username'] password = request.form['password'] ldap_username = '******'+username+',ou=' + config.get('ldap', 'ou') + \ ',' + config.get('ldap', 'base_dn') app.config['LDAP_USERNAME'] = ldap_username app.config['LDAP_PASSWORD'] = password ldap = LDAP(app) try: grp_members = ldap.get_group_members( group=config.get('ldap', 'group')) if ldap_username in grp_members: ldap.bind_user(username, password) except Exception: app.logger.warning('Login attempt failed for %s', username) return render_template('login.html') else: session['username'] = request.form['username'] app.logger.info('User %s logged in', username) return redirect('/') return render_template('login.html')
def init_ldap(app): app.config['LDAP_HOST'] = 'ad-crypto.epsi.intra' app.config['LDAP_BASE_DN'] = 'cn=Users,dc=epsi,dc=intra' app.config['LDAP_USERNAME'] = '******' app.config['LDAP_PASSWORD'] = '******' app.config['LDAP_USER_OBJECT_FILTER'] = '(sAMAccountName=%s)' return LDAP(app)
from flask import Flask from flask_simpleldap import LDAP from main.util.config import LDAPConfig ldap = LDAP() def create_app(): """Creates the flask app """ app = Flask(__name__) configure_app(app, LDAPConfig) register_extensions(app) return app def configure_app(app, config=None): """configures the flask app from a config file :param app: Flask App :type app: Flask :param config: A config Class, defaults to None :type config: Class, optional :raises FileNotFoundError: Config class not found """ if config: app.config.from_object(config) else: raise FileNotFoundError()
if os.environ['LDAP_USERNAME'] is not None: app.config['LDAP_USERNAME'] = os.environ['LDAP_USERNAME'] else: app.config[ 'LDAP_USERNAME'] = '******' if os.environ['LDAP_PASSWORD'] is not None: app.config['LDAP_PASSWORD'] = os.environ['LDAP_PASSWORD'] else: app.config['LDAP_PASSWORD'] = '******' app.config[ 'LDAP_USER_OBJECT_FILTER'] = '(&(objectclass=inetOrgPerson)(uid=%s))' ldap = LDAP(app) # We retrieve student age file if os.environ['student_age_file_path'] is not None: student_age_file_path = os.environ['student_age_file_path'] else: student_age_file_path = '/data/student_age.json' student_age_file = open(student_age_file_path, "r") student_age = json.load(student_age_file) @app.route('/pozos/api/v1.0/get_student_ages', methods=['GET']) @ldap.basic_auth_required def get_student_ages():
from dash import Dash import dash_html_components as html import os from flask import Flask from flask_simpleldap import LDAP # Make Dash run on a Flask server app = Dash(__name__, server=Flask(__name__)) # The Dash app app.layout = html.P('Hello world!') # Configure LDAP app.server.config.update({ 'LDAP_BASE_DN': 'OU=users,dc=example,dc=org', 'LDAP_USERNAME': '******', 'LDAP_PASSWORD': os.getenv('LDAP_PASSWORD') }) # Protect view functions with LDAP authentication for view_func in app.server.view_functions: app.server.view_functions[view_func] = LDAP( app.server).basic_auth_required(app.server.view_functions[view_func]) # Run Flask server if __name__ == '__main__': app.run_server() # For gunicorn server = app.server
def decorated_function(*args, **kwargs): auth = request.authorization ldap = None authentication_method = "" if "X-API-Key" in request.headers: try: username, password = request.headers["X-API-Key"].split(":", 1) authentication_method = "key" except: return Response( "Access denied", 401, {"WWW-Authenticate": 'Basic realm="PowerDNS API"'}, ) elif "X-LDAP-Auth" in request.headers: if not current_app.config["LDAP"]["enabled"]: return Response( "LDAP not enabled for authentication", 406, {"WWW-Authenticate": 'Basic realm="PowerDNS API"'}, ) else: try: username, password = request.headers["X-LDAP-Auth"].split(":", 1) authentication_method = "ldap" except: return Response( "Access denied", 401, {"WWW-Authenticate": 'Basic realm="PowerDNS API"'}, ) elif auth: username = auth.username password = auth.password authentication_method = "basic" if authentication_method == "ldap": current_app.config["LDAP_HOST"] = current_app.config["LDAP"]["host"] current_app.config["LDAP_PORT"] = current_app.config["LDAP"].get( "port", 389 ) current_app.config["LDAP_SCHEMA"] = current_app.config["LDAP"].get( "protocol", "ldap" ) current_app.config["LDAP_USE_SSL"] = current_app.config["LDAP"].get( "use_ssl", False ) current_app.config["LDAP_OPENLDAP"] = current_app.config["LDAP"].get( "openldap", False ) current_app.config["LDAP_OBJECTS_DN"] = current_app.config["LDAP"].get( "objects_dn", "distinguishedName" ) current_app.config["LDAP_BASE_DN"] = current_app.config["LDAP"]["base_dn"] current_app.config["LDAP_USERNAME"] = current_app.config["LDAP"]["bind_dn"] current_app.config["LDAP_PASSWORD"] = current_app.config["LDAP"]["password"] current_app.config["LDAP_USER_OBJECT_FILTER"] = current_app.config["LDAP"][ "user_object_filter" ] current_app.config["LDAP_GROUP_MEMBER_FILTER"] = current_app.config["LDAP"][ "group_member_filter" ] current_app.config["LDAP_GROUP_MEMBER_FILTER_FIELD"] = current_app.config[ "LDAP" ]["group_member_filter_field"] ldap = LDAP(current_app) elif ( authentication_method not in ("key", "basic") or username not in current_app.config["USERS"] or not hmac.compare_digest( current_app.config["USERS"][username]["key"], password ) ): return Response( "Access denied", 401, {"WWW-Authenticate": 'Basic realm="PowerDNS API"'} ) if ldap: try: test = ldap.bind_user(username, password) if test is None or password == "": return Response( "Access denied", 401, {"WWW-Authenticate": 'Basic realm="PowerDNS API"'}, ) else: # g.user = ldap.get_object_details(username)['pdns-allow-suffix-creation'] # custom value g.user = {"allow-suffix-creation": "example.com."} g.username = username except KeyError: pass else: g.user = current_app.config["USERS"][username] g.username = username return f(*args, **kwargs)
def login(self): """ user login /passport/ :return: """ form = LoginForm(request.form, csrf=False) if form.validate_on_submit(): if current_app.config['LDAP']: ldap = LDAP(current_app) if form.password.data == '': userbind = None else: userbind = ldap.bind_user(form.email.data, form.password.data) else: ldap = current_app.config['LDAP'] userbind = None if form.email.data in current_app.config['LDAP_PRIVILEGE']: ldap = False if ldap: if userbind: user = UserModel.query.filter_by( email=form.email.data).first() if user is not None: login_user(user) user.fresh_session() return self.render_json(data=current_user.to_json()) else: # ldap验证成功,取信息入库 ldap_user = ldap.get_object_details(form.email.data) user_info = { 'username': ldap_user['displayName'][0].decode(), 'password': generate_password_hash(form.password.data), 'email': form.email.data, 'role': '', 'last_space': 1, 'created_at': datetime.now(), 'updated_at': datetime.now(), } user = UserModel().add(user_info) member_info = { 'user_id': user.id, 'source_id': 1, 'source_type': 'group', 'access_level': 'DEVELOPER', 'status': MemberModel.status_available } m = MemberModel(**member_info) db.session.add(m) db.session.commit() login_user(user) user.fresh_session() return self.render_json(data=current_user.to_json()) else: return self.render_json(code=Code.error_pwd, data=form.errors) else: user = UserModel.query.filter_by(email=form.email.data).first() if user is not None and user.verify_password( form.password.data): login_user(user) user.fresh_session() return self.render_json(data=current_user.to_json()) return self.render_json(code=Code.error_pwd, data=form.errors)
from flask import g, session from flask_simpleldap import LDAP from models.users import User ldap_client = LDAP() def register_hooks(app): @app.before_request def before_request(): g.user = None if 'username' in session: session['logged_in'] = True # This is where you'd query your database to get the user info. user = User.query.filter_by( username=session['username']).first().username g.user = user # Create a global with the LDAP groups the user is a member of. g.ldap_groups = ldap_client.get_user_groups( user=session['username']) def refine_data(obj, data_tag): out = obj[data_tag][0].decode('utf8') return out
from PIL import Image, ImageFont, ImageOps, ImageDraw import base64 import logging from logging.handlers import RotatingFileHandler application = Flask(__name__) application.secret_key = 'pexdev key' application.debug = True application.config['LDAP_LOGIN_VIEW'] = 'login' application.config.from_object('config') log_filename = application.config['LOG_FILENAME'] mgr_address = application.config['MGR_ADDRESS'] mgr_user = application.config['MGR_USER'] mgr_password = application.config['MGR_PASSWORD'] ldap = LDAP(application) @application.errorhandler(404) def page_not_found(error): return 'This route does not exist {}'.format(request.url), 404 # def register_hooks(application): @application.before_request def before_request(): if 'logged_in' not in session and '/static/' not in request.path and request.endpoint != 'logout': g.user = None if 'user_id' in session: # This is where you'd query your database to get the user info. g.user = {}
def init_app(app): app.config.setdefault('LDAP_USER_PREFIX', "") app.config.setdefault('LDAP_USER_MAIL', "*****@*****.**") LDAP.init_app(app)
# Flask Initialization app = Flask(__name__) # Include config from config.py app.config.from_object('config') group = app.config['GROUP_NAME'] from models import db db.init_app(app) from models import * from specification import * from utils import set_boolean_value, make_component_info, _monkey_patch_openldap_string_flask_simpleldap_1_2_0_issue_44, owner_or_group_required ldap = _monkey_patch_openldap_string_flask_simpleldap_1_2_0_issue_44(LDAP(app)) @app.before_request def before_request(): g.user = None if 'user_id' in session: g.user = ldap.get_object_details(user=session['user_id']) groups = ldap.get_user_groups(user=session['user_id']) if groups: g.ldap_groups = groups else: g.ldap_groups = list() @app.route('/')