bk-dss/index.py

#!/usr/bin/env python

from flask import Flask, render_template, redirect, url_for, session
from flask_wtf import Form
import ldap
from redis import Redis
import uuid
from wtforms.fields import PasswordField, SelectField, StringField, SubmitField
from wtforms.validators import EqualTo, Required

app = Flask(__name__)
app.config.from_pyfile('config.cfg')
app.jinja_env.trim_blocks = True
app.jinja_env.lstrip_blocks = True

rdb = Redis(host=app.config.get('REDIS_HOST', '127.0.0.1'), password=app.config.get('REDIS_PSWD'))


class ReadonlyStringField(StringField):
	def __call__(self, *args, **kwargs):
		kwargs.setdefault('readonly', True)
		return super(ReadonlyStringField, self).__call__(*args, **kwargs)

class EditForm(Form):
	user = ReadonlyStringField('Username')
	pwd1 = PasswordField('New Password', validators = [Required()])
	pwd2 = PasswordField('New Password (repeat)', validators = [Required(), EqualTo('pwd1', "Passwords must match")])
	submit = SubmitField('Submit')

class LoginForm(Form):
	user = StringField('Username', validators=[Required()])
	pswd = PasswordField('Password', validators=[Required()])
	submit = SubmitField('Login')


def isLoggedin():
	return 'uuid' in session and rdb.exists(session['uuid'])


def buildNav():
	nav = []
	if isLoggedin():
		nav.append('edit')
		nav.append('logout')
	else:
		nav.append('login')
	return nav


@app.route('/')
def index():

	return render_template('index.html', nav=buildNav())


@app.route('/edit', methods=['GET', 'POST'])
def edit():
	if not isLoggedin():
		return render_template('error.html', message="You are not logged in. Please log in first.", nav=buildNav())

	form = EditForm()
	user = rdb.hget(session['uuid'], 'user')

	if form.validate_on_submit():
		opwd = rdb.hget(session['uuid'], 'pswd')
		npwd = form.pwd1.data
		l = ldap.initialize(app.config.get('LDAP_URI', 'ldaps://127.0.0.1'))
		try:
			l.simple_bind_s(user, opwd)
			l.passwd_s(user, opwd, npwd)
		except ldap.INVALID_CREDENTIALS as e:
			form.user.errors.append(e.message['desc'])
			l.unbind_s()
			return render_template('edit.html', form=form, nav=buildNav())
		else:
			# TODO display success message
			rdb.hset(session['uuid'], 'pswd', npwd)
			l.unbind_s()
			return redirect(url_for('index'))

	form.user.data = user
	return render_template('edit.html', form=form, nav=buildNav())


@app.route('/login', methods=['GET', 'POST'])
def login():
	form = LoginForm()

	if form.validate_on_submit():
		user = 'cn=' + form.user.data + ',' + app.config.get('LDAP_BASE','')
		pswd = form.pswd.data
		l = ldap.initialize(app.config.get('LDAP_URI', 'ldaps://127.0.0.1'))
		try:
			l.simple_bind_s(user, pswd)
		except ldap.INVALID_CREDENTIALS as e:
			form.pswd.errors.append(e.message['desc'])
			l.unbind_s()
			return render_template('login.html', form=form, nav=buildNav())
		l.unbind_s()

		session['uuid'] = str(uuid.uuid4())
		credentials = { 'user': user, 'pswd': pswd }
		rdb.hmset(session['uuid'], credentials)
		# TODO refactor this and reuse
		rdb.expire(session['uuid'], app.config.get('SESSION_TIMEOUT', 3600))

		return redirect(url_for('index'))
	return render_template('login.html', form=form, nav=buildNav())


@app.route('/logout')
def logout():
	if 'uuid' in session:
		rdb.delete(session['uuid'])
		del session['uuid']
	return redirect(url_for('index'))


if __name__ == '__main__':
	app.run(host='0.0.0.0', port=5000)
Add very basic templates, style and a handler for '/'. 2015-06-16 21:57:44 +02:00			`#!/usr/bin/env python`

			`from flask import Flask, render_template, redirect, url_for, session`
			`from flask_wtf import Form`
Use ldap/redis. Use external configuration file (example provided). Prepare login. 2015-06-17 20:13:55 +02:00			`import ldap`
			`from redis import Redis`
First working login. 2015-06-17 20:22:52 +02:00			`import uuid`
Add very basic templates, style and a handler for '/'. 2015-06-16 21:57:44 +02:00			`from wtforms.fields import PasswordField, SelectField, StringField, SubmitField`
Refactor navigation. 2016-02-10 17:00:40 +01:00			`from wtforms.validators import EqualTo, Required`
Add very basic templates, style and a handler for '/'. 2015-06-16 21:57:44 +02:00
			`app = Flask(__name__)`
First working login. 2015-06-17 20:22:52 +02:00			`app.config.from_pyfile('config.cfg')`
Add very basic templates, style and a handler for '/'. 2015-06-16 21:57:44 +02:00			`app.jinja_env.trim_blocks = True`
			`app.jinja_env.lstrip_blocks = True`

First working login. 2015-06-17 20:22:52 +02:00			`rdb = Redis(host=app.config.get('REDIS_HOST', '127.0.0.1'), password=app.config.get('REDIS_PSWD'))`
Use ldap/redis. Use external configuration file (example provided). Prepare login. 2015-06-17 20:13:55 +02:00

First edit implementation (doesn't do too much). 2015-06-18 19:14:24 +02:00			`class ReadonlyStringField(StringField):`
			`def __call__(self, args, *kwargs):`
			`kwargs.setdefault('readonly', True)`
			`return super(ReadonlyStringField, self).__call__(args, *kwargs)`

			`class EditForm(Form):`
			`user = ReadonlyStringField('Username')`
Simplify form validation. 2016-02-10 16:56:54 +01:00			`pwd1 = PasswordField('New Password', validators = [Required()])`
			`pwd2 = PasswordField('New Password (repeat)', validators = [Required(), EqualTo('pwd1', "Passwords must match")])`
First edit implementation (doesn't do too much). 2015-06-18 19:14:24 +02:00			`submit = SubmitField('Submit')`

Use ldap/redis. Use external configuration file (example provided). Prepare login. 2015-06-17 20:13:55 +02:00			`class LoginForm(Form):`
			`user = StringField('Username', validators=[Required()])`
			`pswd = PasswordField('Password', validators=[Required()])`
			`submit = SubmitField('Login')`

Add very basic templates, style and a handler for '/'. 2015-06-16 21:57:44 +02:00
Refactor isLoggedin. 2015-10-01 16:39:19 +02:00			`def isLoggedin():`
			`return 'uuid' in session and rdb.exists(session['uuid'])`


Refactor navigation. 2016-02-10 17:00:40 +01:00			`def buildNav():`
			`nav = []`
Refactor isLoggedin. 2015-10-01 16:39:19 +02:00			`if isLoggedin():`
Refactor navigation. 2016-02-10 17:00:40 +01:00			`nav.append('edit')`
			`nav.append('logout')`
Working login/logout. Generate navigation based on login status. 2015-06-17 20:34:30 +02:00			`else:`
Refactor navigation. 2016-02-10 17:00:40 +01:00			`nav.append('login')`
			`return nav`


			`@app.route('/')`
			`def index():`
Working login/logout. Generate navigation based on login status. 2015-06-17 20:34:30 +02:00
Refactor navigation. 2016-02-10 17:00:40 +01:00			`return render_template('index.html', nav=buildNav())`
Add very basic templates, style and a handler for '/'. 2015-06-16 21:57:44 +02:00
First working login. 2015-06-17 20:22:52 +02:00
First edit implementation (doesn't do too much). 2015-06-18 19:14:24 +02:00			`@app.route('/edit', methods=['GET', 'POST'])`
			`def edit():`
Refactor isLoggedin. 2015-10-01 16:39:19 +02:00			`if not isLoggedin():`
Refactor navigation. 2016-02-10 17:00:40 +01:00			`return render_template('error.html', message="You are not logged in. Please log in first.", nav=buildNav())`
First edit implementation (doesn't do too much). 2015-06-18 19:14:24 +02:00
			`form = EditForm()`
Implement password changing and configurable session timeout. 2015-09-28 21:27:56 +02:00			`user = rdb.hget(session['uuid'], 'user')`

			`if form.validate_on_submit():`
Simplify form validation. 2016-02-10 16:56:54 +01:00			`opwd = rdb.hget(session['uuid'], 'pswd')`
			`npwd = form.pwd1.data`
			`l = ldap.initialize(app.config.get('LDAP_URI', 'ldaps://127.0.0.1'))`
			`try:`
			`l.simple_bind_s(user, opwd)`
			`l.passwd_s(user, opwd, npwd)`
			`except ldap.INVALID_CREDENTIALS as e:`
			`form.user.errors.append(e.message['desc'])`
			`l.unbind_s()`
Refactor navigation. 2016-02-10 17:00:40 +01:00			`return render_template('edit.html', form=form, nav=buildNav())`
Implement password changing and configurable session timeout. 2015-09-28 21:27:56 +02:00			`else:`
Simplify form validation. 2016-02-10 16:56:54 +01:00			`# TODO display success message`
			`rdb.hset(session['uuid'], 'pswd', npwd)`
			`l.unbind_s()`
			`return redirect(url_for('index'))`
Implement password changing and configurable session timeout. 2015-09-28 21:27:56 +02:00
First edit implementation (doesn't do too much). 2015-06-18 19:14:24 +02:00			`form.user.data = user`
Refactor navigation. 2016-02-10 17:00:40 +01:00			`return render_template('edit.html', form=form, nav=buildNav())`
First edit implementation (doesn't do too much). 2015-06-18 19:14:24 +02:00
Implement password changing and configurable session timeout. 2015-09-28 21:27:56 +02:00
Use ldap/redis. Use external configuration file (example provided). Prepare login. 2015-06-17 20:13:55 +02:00			`@app.route('/login', methods=['GET', 'POST'])`
			`def login():`
			`form = LoginForm()`
First working login. 2015-06-17 20:22:52 +02:00
Use ldap/redis. Use external configuration file (example provided). Prepare login. 2015-06-17 20:13:55 +02:00			`if form.validate_on_submit():`
First working login. 2015-06-17 20:22:52 +02:00			`user = 'cn=' + form.user.data + ',' + app.config.get('LDAP_BASE','')`
			`pswd = form.pswd.data`
			`l = ldap.initialize(app.config.get('LDAP_URI', 'ldaps://127.0.0.1'))`
			`try:`
			`l.simple_bind_s(user, pswd)`
			`except ldap.INVALID_CREDENTIALS as e:`
			`form.pswd.errors.append(e.message['desc'])`
			`l.unbind_s()`
Refactor navigation. 2016-02-10 17:00:40 +01:00			`return render_template('login.html', form=form, nav=buildNav())`
First working login. 2015-06-17 20:22:52 +02:00			`l.unbind_s()`

			`session['uuid'] = str(uuid.uuid4())`
			`credentials = { 'user': user, 'pswd': pswd }`
			`rdb.hmset(session['uuid'], credentials)`
Implement password changing and configurable session timeout. 2015-09-28 21:27:56 +02:00			`# TODO refactor this and reuse`
			`rdb.expire(session['uuid'], app.config.get('SESSION_TIMEOUT', 3600))`
First working login. 2015-06-17 20:22:52 +02:00
Use ldap/redis. Use external configuration file (example provided). Prepare login. 2015-06-17 20:13:55 +02:00			`return redirect(url_for('index'))`
Refactor navigation. 2016-02-10 17:00:40 +01:00			`return render_template('login.html', form=form, nav=buildNav())`
Add very basic templates, style and a handler for '/'. 2015-06-16 21:57:44 +02:00
First working login. 2015-06-17 20:22:52 +02:00
			`@app.route('/logout')`
			`def logout():`
Working login/logout. Generate navigation based on login status. 2015-06-17 20:34:30 +02:00			`if 'uuid' in session:`
			`rdb.delete(session['uuid'])`
First edit implementation (doesn't do too much). 2015-06-18 19:14:24 +02:00			`del session['uuid']`
First working login. 2015-06-17 20:22:52 +02:00			`return redirect(url_for('index'))`


Add very basic templates, style and a handler for '/'. 2015-06-16 21:57:44 +02:00			`if __name__ == '__main__':`
Use ldap/redis. Use external configuration file (example provided). Prepare login. 2015-06-17 20:13:55 +02:00			`app.run(host='0.0.0.0', port=5000)`