bk-dss/index.py

#!/usr/bin/env python

from flask import Flask, render_template, redirect, url_for, session
from flask_wtf import Form
import ldap
from redis import Redis
import uuid
from wtforms.fields import PasswordField, SelectField, StringField, SubmitField
from wtforms.validators import Required

app = Flask(__name__)
app.config.from_pyfile('config.cfg')
app.jinja_env.trim_blocks = True
app.jinja_env.lstrip_blocks = True

rdb = Redis(host=app.config.get('REDIS_HOST', '127.0.0.1'), password=app.config.get('REDIS_PSWD'))


class ReadonlyStringField(StringField):
	def __call__(self, *args, **kwargs):
		kwargs.setdefault('readonly', True)
		return super(ReadonlyStringField, self).__call__(*args, **kwargs)

class EditForm(Form):
	user = ReadonlyStringField('Username')
	pwd1 = PasswordField('New Password')
	pwd2 = PasswordField('New Password (repeat)')
	submit = SubmitField('Submit')

class LoginForm(Form):
	user = StringField('Username', validators=[Required()])
	pswd = PasswordField('Password', validators=[Required()])
	submit = SubmitField('Login')


def isLoggedin():
	return 'uuid' in session and rdb.exists(session['uuid'])


@app.route('/')
def index():
	nav = None
	if isLoggedin():
		nav = ['edit', 'logout']
	else:
		nav = ['login']

	return render_template('index.html', nav=nav)


@app.route('/edit', methods=['GET', 'POST'])
def edit():
	if not isLoggedin():
		nav = ['login']
		return render_template('error.html', message="You are not logged in. Please log in first.", nav=nav)

	nav = ['edit', 'logout']
	form = EditForm()
	user = rdb.hget(session['uuid'], 'user')

	if form.validate_on_submit():
		if form.pwd1.data != form.pwd2.data:
			form.pwd2.errors.append("Passwords do not match.")
		else:
			opwd = rdb.hget(session['uuid'], 'pswd')
			npwd = form.pwd1.data
			l = ldap.initialize(app.config.get('LDAP_URI', 'ldaps://127.0.0.1'))
			try:
				l.simple_bind_s(user, opwd)
				l.passwd_s(user, opwd, npwd)
			except ldap.INVALID_CREDENTIALS as e:
				form.user.errors.append(e.message['desc'])
				l.unbind_s()
				return render_template('edit.html', form=form, nav=nav)
			else:
				# TODO display success message
				rdb.hset(session['uuid'], 'pswd', npwd)
				l.unbind_s()
				return redirect(url_for('index'))

	form.user.data = user
	return render_template('edit.html', form=form, nav=nav)


@app.route('/login', methods=['GET', 'POST'])
def login():
	nav = ['login']
	form = LoginForm()

	if form.validate_on_submit():
		user = 'cn=' + form.user.data + ',' + app.config.get('LDAP_BASE','')
		pswd = form.pswd.data
		l = ldap.initialize(app.config.get('LDAP_URI', 'ldaps://127.0.0.1'))
		try:
			l.simple_bind_s(user, pswd)
		except ldap.INVALID_CREDENTIALS as e:
			form.pswd.errors.append(e.message['desc'])
			l.unbind_s()
			return render_template('login.html', form=form, nav=nav)
		l.unbind_s()

		session['uuid'] = str(uuid.uuid4())
		credentials = { 'user': user, 'pswd': pswd }
		rdb.hmset(session['uuid'], credentials)
		# TODO refactor this and reuse
		rdb.expire(session['uuid'], app.config.get('SESSION_TIMEOUT', 3600))

		return redirect(url_for('index'))
	return render_template('login.html', form=form, nav=nav)


@app.route('/logout')
def logout():
	if 'uuid' in session:
		rdb.delete(session['uuid'])
		del session['uuid']
	return redirect(url_for('index'))


if __name__ == '__main__':
	app.run(host='0.0.0.0', port=5000)
Add very basic templates, style and a handler for '/'. 2015-06-16 21:57:44 +02:00			`#!/usr/bin/env python`

			`from flask import Flask, render_template, redirect, url_for, session`
			`from flask_wtf import Form`
Use ldap/redis. Use external configuration file (example provided). Prepare login. 2015-06-17 20:13:55 +02:00			`import ldap`
			`from redis import Redis`
First working login. 2015-06-17 20:22:52 +02:00			`import uuid`
Add very basic templates, style and a handler for '/'. 2015-06-16 21:57:44 +02:00			`from wtforms.fields import PasswordField, SelectField, StringField, SubmitField`
			`from wtforms.validators import Required`

			`app = Flask(__name__)`
First working login. 2015-06-17 20:22:52 +02:00			`app.config.from_pyfile('config.cfg')`
Add very basic templates, style and a handler for '/'. 2015-06-16 21:57:44 +02:00			`app.jinja_env.trim_blocks = True`
			`app.jinja_env.lstrip_blocks = True`

First working login. 2015-06-17 20:22:52 +02:00			`rdb = Redis(host=app.config.get('REDIS_HOST', '127.0.0.1'), password=app.config.get('REDIS_PSWD'))`
Use ldap/redis. Use external configuration file (example provided). Prepare login. 2015-06-17 20:13:55 +02:00

First edit implementation (doesn't do too much). 2015-06-18 19:14:24 +02:00			`class ReadonlyStringField(StringField):`
			`def __call__(self, args, *kwargs):`
			`kwargs.setdefault('readonly', True)`
			`return super(ReadonlyStringField, self).__call__(args, *kwargs)`

			`class EditForm(Form):`
			`user = ReadonlyStringField('Username')`
Improve error-handling. 2016-01-31 16:12:35 +01:00			`pwd1 = PasswordField('New Password')`
			`pwd2 = PasswordField('New Password (repeat)')`
First edit implementation (doesn't do too much). 2015-06-18 19:14:24 +02:00			`submit = SubmitField('Submit')`

Use ldap/redis. Use external configuration file (example provided). Prepare login. 2015-06-17 20:13:55 +02:00			`class LoginForm(Form):`
			`user = StringField('Username', validators=[Required()])`
			`pswd = PasswordField('Password', validators=[Required()])`
			`submit = SubmitField('Login')`

Add very basic templates, style and a handler for '/'. 2015-06-16 21:57:44 +02:00
Refactor isLoggedin. 2015-10-01 16:39:19 +02:00			`def isLoggedin():`
			`return 'uuid' in session and rdb.exists(session['uuid'])`


Add very basic templates, style and a handler for '/'. 2015-06-16 21:57:44 +02:00			`@app.route('/')`
			`def index():`
Working login/logout. Generate navigation based on login status. 2015-06-17 20:34:30 +02:00			`nav = None`
Refactor isLoggedin. 2015-10-01 16:39:19 +02:00			`if isLoggedin():`
First edit implementation (doesn't do too much). 2015-06-18 19:14:24 +02:00			`nav = ['edit', 'logout']`
Working login/logout. Generate navigation based on login status. 2015-06-17 20:34:30 +02:00			`else:`
			`nav = ['login']`

			`return render_template('index.html', nav=nav)`
Add very basic templates, style and a handler for '/'. 2015-06-16 21:57:44 +02:00
First working login. 2015-06-17 20:22:52 +02:00
First edit implementation (doesn't do too much). 2015-06-18 19:14:24 +02:00			`@app.route('/edit', methods=['GET', 'POST'])`
			`def edit():`
Refactor isLoggedin. 2015-10-01 16:39:19 +02:00			`if not isLoggedin():`
Add some error messages and improve edit dialog. 2015-10-01 17:06:33 +02:00			`nav = ['login']`
			`return render_template('error.html', message="You are not logged in. Please log in first.", nav=nav)`
First edit implementation (doesn't do too much). 2015-06-18 19:14:24 +02:00
			`nav = ['edit', 'logout']`
			`form = EditForm()`
Implement password changing and configurable session timeout. 2015-09-28 21:27:56 +02:00			`user = rdb.hget(session['uuid'], 'user')`

			`if form.validate_on_submit():`
Add some error messages and improve edit dialog. 2015-10-01 17:06:33 +02:00			`if form.pwd1.data != form.pwd2.data:`
			`form.pwd2.errors.append("Passwords do not match.")`
Implement password changing and configurable session timeout. 2015-09-28 21:27:56 +02:00			`else:`
Add some error messages and improve edit dialog. 2015-10-01 17:06:33 +02:00			`opwd = rdb.hget(session['uuid'], 'pswd')`
			`npwd = form.pwd1.data`
			`l = ldap.initialize(app.config.get('LDAP_URI', 'ldaps://127.0.0.1'))`
			`try:`
			`l.simple_bind_s(user, opwd)`
			`l.passwd_s(user, opwd, npwd)`
			`except ldap.INVALID_CREDENTIALS as e:`
Improve error-handling. 2016-01-31 16:12:35 +01:00			`form.user.errors.append(e.message['desc'])`
Add some error messages and improve edit dialog. 2015-10-01 17:06:33 +02:00			`l.unbind_s()`
Improve error-handling. 2016-01-31 16:12:35 +01:00			`return render_template('edit.html', form=form, nav=nav)`
Add some error messages and improve edit dialog. 2015-10-01 17:06:33 +02:00			`else:`
			`# TODO display success message`
			`rdb.hset(session['uuid'], 'pswd', npwd)`
			`l.unbind_s()`
Improve error-handling. 2016-01-31 16:12:35 +01:00			`return redirect(url_for('index'))`
Implement password changing and configurable session timeout. 2015-09-28 21:27:56 +02:00
First edit implementation (doesn't do too much). 2015-06-18 19:14:24 +02:00			`form.user.data = user`
			`return render_template('edit.html', form=form, nav=nav)`

Implement password changing and configurable session timeout. 2015-09-28 21:27:56 +02:00
Use ldap/redis. Use external configuration file (example provided). Prepare login. 2015-06-17 20:13:55 +02:00			`@app.route('/login', methods=['GET', 'POST'])`
			`def login():`
Working login/logout. Generate navigation based on login status. 2015-06-17 20:34:30 +02:00			`nav = ['login']`
Use ldap/redis. Use external configuration file (example provided). Prepare login. 2015-06-17 20:13:55 +02:00			`form = LoginForm()`
First working login. 2015-06-17 20:22:52 +02:00
Use ldap/redis. Use external configuration file (example provided). Prepare login. 2015-06-17 20:13:55 +02:00			`if form.validate_on_submit():`
First working login. 2015-06-17 20:22:52 +02:00			`user = 'cn=' + form.user.data + ',' + app.config.get('LDAP_BASE','')`
			`pswd = form.pswd.data`
			`l = ldap.initialize(app.config.get('LDAP_URI', 'ldaps://127.0.0.1'))`
			`try:`
			`l.simple_bind_s(user, pswd)`
			`except ldap.INVALID_CREDENTIALS as e:`
			`form.pswd.errors.append(e.message['desc'])`
			`l.unbind_s()`
Working login/logout. Generate navigation based on login status. 2015-06-17 20:34:30 +02:00			`return render_template('login.html', form=form, nav=nav)`
First working login. 2015-06-17 20:22:52 +02:00			`l.unbind_s()`

			`session['uuid'] = str(uuid.uuid4())`
			`credentials = { 'user': user, 'pswd': pswd }`
			`rdb.hmset(session['uuid'], credentials)`
Implement password changing and configurable session timeout. 2015-09-28 21:27:56 +02:00			`# TODO refactor this and reuse`
			`rdb.expire(session['uuid'], app.config.get('SESSION_TIMEOUT', 3600))`
First working login. 2015-06-17 20:22:52 +02:00
Use ldap/redis. Use external configuration file (example provided). Prepare login. 2015-06-17 20:13:55 +02:00			`return redirect(url_for('index'))`
Working login/logout. Generate navigation based on login status. 2015-06-17 20:34:30 +02:00			`return render_template('login.html', form=form, nav=nav)`
Add very basic templates, style and a handler for '/'. 2015-06-16 21:57:44 +02:00
First working login. 2015-06-17 20:22:52 +02:00
			`@app.route('/logout')`
			`def logout():`
Working login/logout. Generate navigation based on login status. 2015-06-17 20:34:30 +02:00			`if 'uuid' in session:`
			`rdb.delete(session['uuid'])`
First edit implementation (doesn't do too much). 2015-06-18 19:14:24 +02:00			`del session['uuid']`
First working login. 2015-06-17 20:22:52 +02:00			`return redirect(url_for('index'))`


Add very basic templates, style and a handler for '/'. 2015-06-16 21:57:44 +02:00			`if __name__ == '__main__':`
Use ldap/redis. Use external configuration file (example provided). Prepare login. 2015-06-17 20:13:55 +02:00			`app.run(host='0.0.0.0', port=5000)`