search

jessepeterson / margarita

Web frontend for reposado
The Unlicense
245 stars 40 forks source link

LDAP Authentication and SSL #41

Open joshua-d-miller opened 8 years ago

joshua-d-miller commented 8 years ago

Hello,

I have been forking this repo for a year now and adding LDAP Authentication with SSL which you can see here - https://github.com/joshua-d-miller/margarita. I was wondering if there is interest in putting this code in with the main code and maybe making a settings.py file or something similar where users can enable Margarita's LDAP Authentication and SSL.

Thanks!

mkuron commented 8 years ago

LDAP support would be great. Unfortunately, your current code only implements it for use with the standalone server. I guess many people are running Margarita via WSGI. Below is the WSGI file we currently use to get LDAP logins:

import os, sys
import site

ENV_DIR = '/Volumes/deploy/reposado'

sys.path.append(ENV_DIR)
sys.path.append(os.path.join(ENV_DIR, 'margarita'))

from margarita import app as application
os.chdir(os.path.join(os.path.dirname(__file__), "../reposado/reposado/code"))
application.debug = True

### LDAP Login below ###

application.secret_key = 'xxx'

from flask_ldap_login import LDAPLoginForm, LDAPLoginManager
from flask import request, render_template_string, redirect, session

@application.before_request
def check_valid_login():
   if (request.endpoint and 'login' not in request.endpoint and not 'user' in session) :
       return redirect('login')

LDAP = {
   'URI': 'ldaps://ldap.example.com:636',
   'BIND_DN': '',
   'BIND_AUTH': '',
   'USER_SEARCH': {
       'base': 'cn=users,dc=ldap,dc=example,dc=com',
       'filter': 'uid=%(username)s',
   },
   'KEY_MAP': {
       'username': 'uid',
       'group': 'gidNumber',
   },
   'OPTIONS': {
       'OPT_PROTOCOL_VERSION': 3,
   },
}

application.config.update(LDAP=LDAP)
ldap_mgr = LDAPLoginManager(application)

@application.route('/logout', methods=['GET', 'POST'])
def ldap_logout():
   del session['user']
   return redirect('login')

@application.route('/login', methods=['GET', 'POST'])
def ldap_login():
   form = LDAPLoginForm(request.form)
   if form.validate_on_submit():
       print "Valid"
       return redirect('/margarita')
   print "Invalid"
   return render_template_string("""{% block body %}
 <h2>Login</h2>
 {% if error %}<p class=error><strong>Error:</strong> {{ error }}{% endif %}
 <form method=post>
 {{ form.csrf_token }}
   <dl>
     <dt>Username:
     <dd><input type=text name=username>
     <dt>Password:
     <dd><input type=password name=password>
     <dd><input type=submit value=Login>
   </dl>
 </form>
{% endblock %}""", form=form)

@ldap_mgr.save_user
def save_user(username, userdata):
   print username, "logged in", userdata
   if int(userdata['group']) == 1025:
       session['user'] = username
gmarnin commented 8 years ago

I agree AD/LDAP support would be a great addition

Tim81 commented 6 years ago

Would be great to have AD/LDAP login support