import ldap as lfrom flask import Flask, g, request, session, redirect, url_for

1. import ldap as l
2. from flask import Flask, g, request, session, redirect, url_for
3. from flask_simpleldap import LDAP
4.  
5. app = Flask(__name__)
6. app.secret_key = 'dev key'
7. app.debug = True
8.  
9. app.config['LDAP_OPENLDAP'] = True
10. app.config['LDAP_HOST'] = 'localhost'
11. app.config['LDAP_BASE_DN'] = 'dc=example,dc=com'
12. app.config['LDAP_USERNAME'] = 'cn=admin,dc=example,dc=com'
13. app.config['LDAP_PASSWORD'] = 'root'
14. app.config['LDAP_CUSTOM_OPTIONS'] = {l.OPT_REFERRALS: 0}
15. app.config['LDAP_USER_OBJECT_FILTER'] = '(&(objectclass=inetOrgPerson)(uid=%s))'
16.  
17. # Group configuration
18. app.config['LDAP_GROUP_MEMBERS_FIELD'] = "member"
19. app.config['LDAP_GROUP_OBJECT_FILTER'] = "(&(objectclass=groupOfnames)(member=%s))"
20. app.config['LDAP_GROUP_MEMBER_FILTER'] = "(member=%s)"
21. app.config['LDAP_GROUP_MEMBER_FILTER_FIELD'] = "cn"
22.  
23. def _monkey_patch_openldap_string_flask_simpleldap_1_2_0_issue_44(ldap_instance):
24. import ldap
25.  
26. def bind_user(self, username, password):
27. user_dn = self.get_object_details(user=username, dn_only=True)
28.  
29. if user_dn is None:
30. return
31. try:
32. if type(user_dn) == bytes:
33. user_dn = user_dn.decode('utf-8')
34.  
35. conn = self.initialize
36. conn.simple_bind_s(user_dn, password)
37. return True
38. except ldap.LDAPError:
39. return
40.  
41. import types
42. ldap_instance.bind_user = types.MethodType(bind_user, ldap_instance)
43.  
44. return ldap_instance
45.  
46. ldap = _monkey_patch_openldap_string_flask_simpleldap_1_2_0_issue_44(LDAP(app))
47.  
48.  
49. @app.before_request
50. def before_request():
51. g.user = None
52. if 'user_id' in session:
53. g.user = {}
54. groups = ldap.get_user_groups(user=session['user_id'])
55. if groups:
56. g.ldap_groups = groups
57. else:
58. g.ldap_groups = []
59. # print(ldap.get_object_details(user=session['user_id']))
60. print(ldap.get_group_members('users'))
61.  
62.  
63. @app.route('/')
64. @ldap.login_required
65. def index():
66. return 'Successfully logged in!'
67.  
68.  
69. @app.route('/login', methods=['GET', 'POST'])
70. def login():
71. if g.user:
72. return redirect(url_for('index'))
73. if request.method == 'POST':
74. user = request.form['user']
75. passwd = request.form['passwd']
76. test = ldap.bind_user(user, passwd)
77. if test is None or passwd == '':
78. return 'Invalid credentials'
79. else:
80. session['user_id'] = request.form['user']
81. return redirect('/')
82. return """<form action="" method="post">
83. user: <input name="user"><br>
84. password:<input type="password" name="passwd"><br>
85. <input type="submit" value="Submit"></form>"""
86.  
87.  
88. @app.route('/group')
89. @ldap.group_required(groups=['501', 'users', 'admin', 'developers'])
90. def group():
91. return 'Group restricted page'
92.  
93.  
94. @app.route('/logout')
95. def logout():
96. session.pop('user_id', None)
97. return redirect(url_for('index'))
98.  
99.  
100. if __name__ == '__main__':
101. app.run()