Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import ldap as l
- from flask import Flask, g, request, session, redirect, url_for
- from flask_simpleldap import LDAP
- app = Flask(__name__)
- app.secret_key = 'dev key'
- app.debug = True
- app.config['LDAP_OPENLDAP'] = True
- app.config['LDAP_HOST'] = 'localhost'
- app.config['LDAP_BASE_DN'] = 'dc=example,dc=com'
- app.config['LDAP_USERNAME'] = 'cn=admin,dc=example,dc=com'
- app.config['LDAP_PASSWORD'] = 'root'
- app.config['LDAP_CUSTOM_OPTIONS'] = {l.OPT_REFERRALS: 0}
- app.config['LDAP_USER_OBJECT_FILTER'] = '(&(objectclass=inetOrgPerson)(uid=%s))'
- # Group configuration
- app.config['LDAP_GROUP_MEMBERS_FIELD'] = "member"
- app.config['LDAP_GROUP_OBJECT_FILTER'] = "(&(objectclass=groupOfnames)(member=%s))"
- app.config['LDAP_GROUP_MEMBER_FILTER'] = "(member=%s)"
- app.config['LDAP_GROUP_MEMBER_FILTER_FIELD'] = "cn"
- def _monkey_patch_openldap_string_flask_simpleldap_1_2_0_issue_44(ldap_instance):
- import ldap
- def bind_user(self, username, password):
- user_dn = self.get_object_details(user=username, dn_only=True)
- if user_dn is None:
- return
- try:
- if type(user_dn) == bytes:
- user_dn = user_dn.decode('utf-8')
- conn = self.initialize
- conn.simple_bind_s(user_dn, password)
- return True
- except ldap.LDAPError:
- return
- import types
- ldap_instance.bind_user = types.MethodType(bind_user, ldap_instance)
- return ldap_instance
- ldap = _monkey_patch_openldap_string_flask_simpleldap_1_2_0_issue_44(LDAP(app))
- @app.before_request
- def before_request():
- g.user = None
- if 'user_id' in session:
- g.user = {}
- groups = ldap.get_user_groups(user=session['user_id'])
- if groups:
- g.ldap_groups = groups
- else:
- g.ldap_groups = []
- # print(ldap.get_object_details(user=session['user_id']))
- print(ldap.get_group_members('users'))
- @app.route('/')
- @ldap.login_required
- def index():
- return 'Successfully logged in!'
- @app.route('/login', methods=['GET', 'POST'])
- def login():
- if g.user:
- return redirect(url_for('index'))
- if request.method == 'POST':
- user = request.form['user']
- passwd = request.form['passwd']
- test = ldap.bind_user(user, passwd)
- if test is None or passwd == '':
- return 'Invalid credentials'
- else:
- session['user_id'] = request.form['user']
- return redirect('/')
- return """<form action="" method="post">
- user: <input name="user"><br>
- password:<input type="password" name="passwd"><br>
- <input type="submit" value="Submit"></form>"""
- @app.route('/group')
- @ldap.group_required(groups=['501', 'users', 'admin', 'developers'])
- def group():
- return 'Group restricted page'
- @app.route('/logout')
- def logout():
- session.pop('user_id', None)
- return redirect(url_for('index'))
- if __name__ == '__main__':
- app.run()
Add Comment
Please, Sign In to add comment