INQ-31 ldap login, not bound to database

2018-12-19 14:18:21 +01:00 · 2018-12-19 14:18:21 +01:00 · a47f67045a
parent 16c97e7689
commit a47f67045a
3 changed files with 47 additions and 4 deletions
--- a/App.py
+++ b/App.py
@ -4,7 +4,10 @@ import os
 import sqlite3

 DATABASE = 'inquire.db'
-
+servers = ["ldap://dc1.labs.wmi.amu.edu.pl", "ldap://dc2.labs.wmi.amu.edu.pl"]
+suffix =  "@labs.wmi.amu.edu.pl";
+port = 636;
+root = "DC=labs,DC=wmi,DC=amu,DC=edu,DC=pl";


 app = Flask(__name__)
@ -51,14 +54,18 @@ def lecturer():

@app.route('/login', methods=['POST'])
 def do_login():
-    if request.form['password'] == 'lecturer' and request.form['name'] == 'lecturer':
+    login=request.form['name']
+    password=request.form['password']
+    ldapquery = py_ldap.LdapQuery(servers, port, root)
+    auth=ldapquery.authenticate(login+suffix, password)
+    if  auth==True and login == 's396355':
        session['logged_in'] = True
        session['user_type'] = 'lecturer'
-    elif request.form['password'] == 'student' and request.form['name'] == 'student':
+    elif auth==True and login == 's441471':
        session['logged_in'] = True
        session['user_type'] = 'student'
    else:
-        flash('Niepoprawne hasło/nazwa użytkownika!'.decode('utf-8'))
+        flash('Niepoprawne hasło/nazwa użytkownika!')
    return redirect('/')

@app.route('/logout', methods=['GET', 'POST'])
--- a/init.py
+++ b/init.py
--- a/py_ldap.py
+++ b/py_ldap.py
@ -0,0 +1,36 @@
+import ldap
+
+class LdapQuery():
+    def __init__(self, servers, port, root):
+        self.servers = servers
+        self.root = "OU=Students,OU=People," + root
+
+        ldap.PORT = port
+
+        # cert path
+        ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, "./ca_labs.wmi.amu.edu.pl.pem")
+
+        for i in range(len(self.servers)):
+            try:
+                self.ldap_handler = ldap.initialize(self.servers[i])
+                break
+            except:
+                print ("Server down")
+
+        self.ldap_handler.set_option(ldap.OPT_X_TLS_DEMAND, True)
+        self.ldap_handler.start_tls_s()
+
+    def search_user(self, login):
+        return self.ldap_handler.search_s(
+                    self.root,
+                    ldap.SCOPE_SUBTREE,
+                    'cn=' + login,
+                    ['givenname', 'sn', 'mail'])
+
+    def authenticate(self, login=None, passwd=None):
+        try:
+            test=self.ldap_handler.simple_bind_s(login, passwd)
+            return True
+        except ldap.INVALID_CREDENTIALS:
+            print ("Invalid credentials")
+            return False