From a47f67045a0920b402df5b3f8f081d81c33a4b5a Mon Sep 17 00:00:00 2001
From: max <makkra@st.amu.edu.pl>
Date: Wed, 19 Dec 2018 14:18:21 +0100
Subject: [PATCH] INQ-31 ldap login, not bound to database

---
 App.py      | 15 +++++++++++----
 __init__.py |  0
 py_ldap.py  | 36 ++++++++++++++++++++++++++++++++++++
 3 files changed, 47 insertions(+), 4 deletions(-)
 create mode 100644 __init__.py
 create mode 100644 py_ldap.py

diff --git a/App.py b/App.py
index a7c1a21..247b52e 100644
--- a/App.py
+++ b/App.py
@@ -4,7 +4,10 @@ import os
 import sqlite3
 
 DATABASE = 'inquire.db'
-
+servers = ["ldap://dc1.labs.wmi.amu.edu.pl", "ldap://dc2.labs.wmi.amu.edu.pl"]
+suffix =  "@labs.wmi.amu.edu.pl";
+port = 636;
+root = "DC=labs,DC=wmi,DC=amu,DC=edu,DC=pl";
 
 
 app = Flask(__name__)
@@ -51,14 +54,18 @@ def lecturer():
 
 @app.route('/login', methods=['POST'])
 def do_login():
-    if request.form['password'] == 'lecturer' and request.form['name'] == 'lecturer':
+    login=request.form['name']
+    password=request.form['password']
+    ldapquery = py_ldap.LdapQuery(servers, port, root)
+    auth=ldapquery.authenticate(login+suffix, password)
+    if  auth==True and login == 's396355':
         session['logged_in'] = True
         session['user_type'] = 'lecturer'
-    elif request.form['password'] == 'student' and request.form['name'] == 'student':
+    elif auth==True and login == 's441471':
         session['logged_in'] = True
         session['user_type'] = 'student'
     else:
-        flash('Niepoprawne hasło/nazwa użytkownika!'.decode('utf-8'))
+        flash('Niepoprawne hasło/nazwa użytkownika!')
     return redirect('/')
 
 @app.route('/logout', methods=['GET', 'POST'])
diff --git a/__init__.py b/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/py_ldap.py b/py_ldap.py
new file mode 100644
index 0000000..a763ec0
--- /dev/null
+++ b/py_ldap.py
@@ -0,0 +1,36 @@
+import ldap
+
+class LdapQuery():
+    def __init__(self, servers, port, root):
+        self.servers = servers
+        self.root = "OU=Students,OU=People," + root
+
+        ldap.PORT = port
+
+        # cert path
+        ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, "./ca_labs.wmi.amu.edu.pl.pem")
+
+        for i in range(len(self.servers)):
+            try:
+                self.ldap_handler = ldap.initialize(self.servers[i])
+                break
+            except:
+                print ("Server down")
+
+        self.ldap_handler.set_option(ldap.OPT_X_TLS_DEMAND, True)
+        self.ldap_handler.start_tls_s()
+
+    def search_user(self, login):
+        return self.ldap_handler.search_s(
+                    self.root,
+                    ldap.SCOPE_SUBTREE,
+                    'cn=' + login,
+                    ['givenname', 'sn', 'mail'])
+
+    def authenticate(self, login=None, passwd=None):
+        try:
+            test=self.ldap_handler.simple_bind_s(login, passwd)
+            return True
+        except ldap.INVALID_CREDENTIALS:
+            print ("Invalid credentials")
+            return False