bk-dss/dss.py

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

import uuid

import ldap
import ldap.modlist
from flask import Flask, render_template, redirect, url_for, session
from flask_wtf import FlaskForm
from passlib.hash import ldap_salted_sha1
from redis import Redis
from wtforms.fields import IntegerField, PasswordField, StringField, SubmitField
from wtforms.validators import EqualTo, DataRequired

app = Flask(__name__)
app.config.from_pyfile('config.cfg')
app.jinja_env.trim_blocks = True
app.jinja_env.lstrip_blocks = True

rdb = Redis(host=app.config.get('REDIS_HOST', '127.0.0.1'), password=app.config.get('REDIS_PASSWD'), decode_responses=True)

ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
ldap.set_option(ldap.OPT_REFERRALS, 0)
if 'LDAP_CA' in app.config.keys():
    ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, app.config.get('LDAP_CA'))


class CreateForm(FlaskForm):
    user = StringField('Username', validators=[DataRequired()])
    uid = IntegerField('User ID', validators=[DataRequired()])
    gn = StringField('Given Name', validators=[DataRequired()])
    sn = StringField('Family Name', validators=[DataRequired()])
    pwd1 = PasswordField('Password', validators=[DataRequired()])
    pwd2 = PasswordField('Password (repeat)', validators=[DataRequired(), EqualTo('pwd1', "Passwords must match")])
    submit = SubmitField('Submit')


class EditForm(FlaskForm):
    user = StringField('Username', render_kw={'readonly': True})
    pwd1 = PasswordField('New Password', validators=[DataRequired()])
    pwd2 = PasswordField('New Password (repeat)', validators=[DataRequired(), EqualTo('pwd1', "Passwords must match")])
    submit = SubmitField('Submit')


class LoginForm(FlaskForm):
    user = StringField('Username', validators=[DataRequired()])
    pswd = PasswordField('Password', validators=[DataRequired()])
    submit = SubmitField('Login')


def make_secret(password):
    return ldap_salted_sha1.encrypt(password)


def is_admin():
    return is_loggedin() and rdb.hget(session['uuid'], 'user') in app.config.get('ADMINS', [])


def is_loggedin():
    return 'uuid' in session and rdb.exists(session['uuid'])


def build_nav():
    nav = []
    if is_loggedin():
        nav.append(('Edit own Account', 'edit'))
        if is_admin():
            nav.append(('List Accounts', 'list_users'))
            nav.append(('Create Account', 'create'))
        nav.append(('Logout', 'logout'))
    else:
        nav.append(('Login', 'login'))
    return nav


@app.route('/')
def index():
    return render_template('index.html', nav=build_nav())


@app.route('/create', methods=['GET', 'POST'])
def create():
    if not is_loggedin():
        return render_template('error.html', message="You are not logged in. Please log in first.", nav=build_nav())

    if not is_admin():
        return render_template('error.html', message="You do not have administrative privileges. Please log in using an administrative account.",
                               nav=build_nav())

    form = CreateForm()

    if form.validate_on_submit():
        ldap_connection = ldap.initialize(app.config.get('LDAP_URI', 'ldaps://127.0.0.1'))
        try:
            ldap_connection.simple_bind_s(rdb.hget(session['uuid'], 'user'), rdb.hget(session['uuid'], 'pswd'))
            d = {
                'user': form.user.data,
                'uid': form.uid.data,
                'gn': form.gn.data,
                'sn': form.sn.data,
                'pass': make_secret(form.pwd1.data)
            }

            # add user
            user_dn = app.config.get('USER_DN').format(**d)
            attrs = {}
            for k, v in app.config.get('USER_ATTRS').items():
                if isinstance(v, str):
                    attrs[k] = v.format(**d).encode()
                elif isinstance(v, list):
                    attrs[k] = []
                    for e in v:
                        attrs[k].append(e.format(**d).encode())
            ldap_connection.add_s(user_dn, ldap.modlist.addModlist(attrs))

            # add user to group
            group_dn = app.config.get('GROUP_DN').format(**d)
            ldap_connection.modify_s(group_dn, [(ldap.MOD_ADD, 'memberUid', str(form.user.data).encode())])

        except ldap.LDAPError as e:
            ldap_connection.unbind_s()
            message = "LDAP Error"
            if 'desc' in e.args[0]:
                message = message + " " + e.args[0]['desc']
            if 'info' in e.args[0]:
                message = message + ": " + e.args[0]['info']
            return render_template('error.html', message=message, nav=build_nav())
        else:
            ldap_connection.unbind_s()
            return render_template('success.html', message="User successfully created.", nav=build_nav())

    return render_template('create.html', form=form, nav=build_nav())


@app.route('/edit', methods=['GET', 'POST'])
def edit():
    if not is_loggedin():
        return render_template('error.html', message="You are not logged in. Please log in first.", nav=build_nav())

    form = EditForm()
    creds = rdb.hgetall(session['uuid'])

    if form.validate_on_submit():
        npwd = form.pwd1.data
        ldap_connection = ldap.initialize(app.config.get('LDAP_URI', 'ldaps://127.0.0.1'))
        try:
            ldap_connection.simple_bind_s(creds['user'], creds['pswd'])
            ldap_connection.passwd_s(creds['user'], creds['pswd'], npwd)
        except ldap.INVALID_CREDENTIALS:
            form.user.errors.append('Invalid credentials')
            ldap_connection.unbind_s()
            return render_template('edit.html', form=form, nav=build_nav())
        else:
            rdb.hset(session['uuid'], 'pswd', npwd)
            ldap_connection.unbind_s()
            return render_template('success.html', message="User successfully edited.", nav=build_nav())

    form.user.data = creds['user']
    return render_template('edit.html', form=form, nav=build_nav())


@app.route('/list')
def list_users():
    if not is_loggedin():
        return render_template('error.html', message="You are not logged in. Please log in first.", nav=build_nav())

    if not is_admin():
        return render_template('error.html', message="You do not have administrative privileges. Please log in using an administrative account.",
                               nav=build_nav())

    ldap_connection = ldap.initialize(app.config.get('LDAP_URI', 'ldaps://127.0.0.1'))
    ldap_connection.simple_bind_s(rdb.hget(session['uuid'], 'user'), rdb.hget(session['uuid'], 'pswd'))
    sr = ldap_connection.search_s(app.config.get('LDAP_BASE'), ldap.SCOPE_SUBTREE, '(objectClass=posixAccount)', ['cn', 'uidNumber'])
    accounts = [(attr['cn'][0].decode(errors='ignore'), attr['uidNumber'][0].decode(errors='ignore'), dn) for dn, attr in sr]
    return render_template('list.html', accounts=accounts, nav=build_nav())


@app.route('/login', methods=['GET', 'POST'])
def login():
    form = LoginForm()

    if form.validate_on_submit():
        if form.user.data.endswith(app.config.get('LDAP_BASE', '')):
            user = form.user.data
        else:
            user = app.config.get('USER_DN').format(user=form.user.data)
        pswd = form.pswd.data
        ldap_connection = ldap.initialize(app.config.get('LDAP_URI', 'ldaps://127.0.0.1'))
        try:
            ldap_connection.simple_bind_s(user, pswd)
        except ldap.INVALID_CREDENTIALS:
            form.pswd.errors.append('Invalid credentials')
            ldap_connection.unbind_s()
            return render_template('login.html', form=form, nav=build_nav())
        ldap_connection.unbind_s()

        session['uuid'] = str(uuid.uuid4())
        credentials = {'user': user, 'pswd': pswd}
        rdb.hmset(session['uuid'], credentials)
        # TODO refactor this and reuse
        rdb.expire(session['uuid'], app.config.get('SESSION_TIMEOUT', 3600))

        return redirect(url_for('index'))
    return render_template('login.html', form=form, nav=build_nav())


@app.route('/logout')
def logout():
    if 'uuid' in session:
        rdb.delete(session['uuid'])
        del session['uuid']
    return redirect(url_for('index'))


if __name__ == '__main__':
    app.run(host='0.0.0.0', port=5000)
dss.py: enforce python3 Some systems come with python2 as default interpreter. Signed-off-by: Ralf Ramsauer <ralf@binary-kitchen.de> 2018-09-17 21:11:35 +02:00			`#!/usr/bin/env python3`
fix account listing for python3 2019-02-11 15:53:17 +01:00			`# -- coding: utf-8 --`
Add very basic templates, style and a handler for '/'. 2015-06-16 21:57:44 +02:00
First working login. 2015-06-17 20:22:52 +02:00			`import uuid`
dss.py: reorder imports statements Increases readability. Signed-off-by: Ralf Ramsauer <ralf@binary-kitchen.de> 2018-09-17 21:12:47 +02:00
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00			`import ldap`
			`import ldap.modlist`
dss.py: reorder imports statements Increases readability. Signed-off-by: Ralf Ramsauer <ralf@binary-kitchen.de> 2018-09-17 21:12:47 +02:00			`from flask import Flask, render_template, redirect, url_for, session`
dss.py: use FlaskForm instead of deprecated Form 2020-09-10 11:18:41 +02:00			`from flask_wtf import FlaskForm`
dss.py: reorder imports statements Increases readability. Signed-off-by: Ralf Ramsauer <ralf@binary-kitchen.de> 2018-09-17 21:12:47 +02:00			`from passlib.hash import ldap_salted_sha1`
			`from redis import Redis`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00			`from wtforms.fields import IntegerField, PasswordField, StringField, SubmitField`
			`from wtforms.validators import EqualTo, DataRequired`
dss.py: reorder imports statements Increases readability. Signed-off-by: Ralf Ramsauer <ralf@binary-kitchen.de> 2018-09-17 21:12:47 +02:00
Add very basic templates, style and a handler for '/'. 2015-06-16 21:57:44 +02:00			`app = Flask(__name__)`
First working login. 2015-06-17 20:22:52 +02:00			`app.config.from_pyfile('config.cfg')`
Add very basic templates, style and a handler for '/'. 2015-06-16 21:57:44 +02:00			`app.jinja_env.trim_blocks = True`
			`app.jinja_env.lstrip_blocks = True`

dss.py: automatically decode REDIS responses ... as UTF-8 Signed-off-by: Ralf Ramsauer <ralf@binary-kitchen.de> 2018-09-17 22:21:41 +02:00			`rdb = Redis(host=app.config.get('REDIS_HOST', '127.0.0.1'), password=app.config.get('REDIS_PASSWD'), decode_responses=True)`
Use ldap/redis. Use external configuration file (example provided). Prepare login. 2015-06-17 20:13:55 +02:00
Add support for custom CA certificates. 2017-01-21 18:24:14 +01:00			`ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)`
			`ldap.set_option(ldap.OPT_REFERRALS, 0)`
			`if 'LDAP_CA' in app.config.keys():`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00			`ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, app.config.get('LDAP_CA'))`
Add support for custom CA certificates. 2017-01-21 18:24:14 +01:00
Use ldap/redis. Use external configuration file (example provided). Prepare login. 2015-06-17 20:13:55 +02:00
dss.py: use FlaskForm instead of deprecated Form 2020-09-10 11:18:41 +02:00			`class CreateForm(FlaskForm):`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00			`user = StringField('Username', validators=[DataRequired()])`
			`uid = IntegerField('User ID', validators=[DataRequired()])`
			`gn = StringField('Given Name', validators=[DataRequired()])`
			`sn = StringField('Family Name', validators=[DataRequired()])`
			`pwd1 = PasswordField('Password', validators=[DataRequired()])`
			`pwd2 = PasswordField('Password (repeat)', validators=[DataRequired(), EqualTo('pwd1', "Passwords must match")])`
			`submit = SubmitField('Submit')`

Start implementation of a create user dialog. 2016-02-10 17:03:09 +01:00
dss.py: use FlaskForm instead of deprecated Form 2020-09-10 11:18:41 +02:00			`class EditForm(FlaskForm):`
dss: refactor ReadOnlyField 2019-04-01 19:29:06 +02:00			`user = StringField('Username', render_kw={'readonly': True})`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00			`pwd1 = PasswordField('New Password', validators=[DataRequired()])`
			`pwd2 = PasswordField('New Password (repeat)', validators=[DataRequired(), EqualTo('pwd1', "Passwords must match")])`
			`submit = SubmitField('Submit')`

First edit implementation (doesn't do too much). 2015-06-18 19:14:24 +02:00
dss.py: use FlaskForm instead of deprecated Form 2020-09-10 11:18:41 +02:00			`class LoginForm(FlaskForm):`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00			`user = StringField('Username', validators=[DataRequired()])`
			`pswd = PasswordField('Password', validators=[DataRequired()])`
			`submit = SubmitField('Login')`
Use ldap/redis. Use external configuration file (example provided). Prepare login. 2015-06-17 20:13:55 +02:00
Add very basic templates, style and a handler for '/'. 2015-06-16 21:57:44 +02:00
Refactor function names according to PEP8. 2019-02-09 13:30:05 +01:00			`def make_secret(password):`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00			`return ldap_salted_sha1.encrypt(password)`

Add password support 2016-11-10 08:11:25 +01:00
Refactor function names according to PEP8. 2019-02-09 13:30:05 +01:00			`def is_admin():`
			`return is_loggedin() and rdb.hget(session['uuid'], 'user') in app.config.get('ADMINS', [])`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00
Start implementation of a create user dialog. 2016-02-10 17:03:09 +01:00
Refactor function names according to PEP8. 2019-02-09 13:30:05 +01:00			`def is_loggedin():`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00			`return 'uuid' in session and rdb.exists(session['uuid'])`
Refactor isLoggedin. 2015-10-01 16:39:19 +02:00

Refactor function names according to PEP8. 2019-02-09 13:30:05 +01:00			`def build_nav():`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00			`nav = []`
Refactor function names according to PEP8. 2019-02-09 13:30:05 +01:00			`if is_loggedin():`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00			`nav.append(('Edit own Account', 'edit'))`
Refactor function names according to PEP8. 2019-02-09 13:30:05 +01:00			`if is_admin():`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00			`nav.append(('List Accounts', 'list_users'))`
			`nav.append(('Create Account', 'create'))`
			`nav.append(('Logout', 'logout'))`
			`else:`
			`nav.append(('Login', 'login'))`
			`return nav`
Refactor navigation. 2016-02-10 17:00:40 +01:00

			`@app.route('/')`
			`def index():`
Refactor function names according to PEP8. 2019-02-09 13:30:05 +01:00			`return render_template('index.html', nav=build_nav())`
Add very basic templates, style and a handler for '/'. 2015-06-16 21:57:44 +02:00
First working login. 2015-06-17 20:22:52 +02:00
Start implementation of a create user dialog. 2016-02-10 17:03:09 +01:00			`@app.route('/create', methods=['GET', 'POST'])`
			`def create():`
Refactor function names according to PEP8. 2019-02-09 13:30:05 +01:00			`if not is_loggedin():`
			`return render_template('error.html', message="You are not logged in. Please log in first.", nav=build_nav())`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00
Properly protect create and list functionality 2019-03-22 12:57:02 +01:00			`if not is_admin():`
refactor variable names to improve readability 2020-09-10 12:14:17 +02:00			`return render_template('error.html', message="You do not have administrative privileges. Please log in using an administrative account.",`
			`nav=build_nav())`
Properly protect create and list functionality 2019-03-22 12:57:02 +01:00
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00			`form = CreateForm()`

			`if form.validate_on_submit():`
refactor variable names to improve readability 2020-09-10 12:14:17 +02:00			`ldap_connection = ldap.initialize(app.config.get('LDAP_URI', 'ldaps://127.0.0.1'))`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00			`try:`
refactor variable names to improve readability 2020-09-10 12:14:17 +02:00			`ldap_connection.simple_bind_s(rdb.hget(session['uuid'], 'user'), rdb.hget(session['uuid'], 'pswd'))`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00			`d = {`
			`'user': form.user.data,`
			`'uid': form.uid.data,`
			`'gn': form.gn.data,`
			`'sn': form.sn.data,`
Refactor function names according to PEP8. 2019-02-09 13:30:05 +01:00			`'pass': make_secret(form.pwd1.data)`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00			`}`

			`# add user`
			`user_dn = app.config.get('USER_DN').format(**d)`
			`attrs = {}`
fix byte string and error handling 2019-02-11 16:16:40 +01:00			`for k, v in app.config.get('USER_ATTRS').items():`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00			`if isinstance(v, str):`
fix byte string and error handling 2019-02-11 16:16:40 +01:00			`attrs[k] = v.format(**d).encode()`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00			`elif isinstance(v, list):`
			`attrs[k] = []`
			`for e in v:`
fix byte string and error handling 2019-02-11 16:16:40 +01:00			`attrs[k].append(e.format(**d).encode())`
refactor variable names to improve readability 2020-09-10 12:14:17 +02:00			`ldap_connection.add_s(user_dn, ldap.modlist.addModlist(attrs))`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00
			`# add user to group`
			`group_dn = app.config.get('GROUP_DN').format(**d)`
refactor variable names to improve readability 2020-09-10 12:14:17 +02:00			`ldap_connection.modify_s(group_dn, [(ldap.MOD_ADD, 'memberUid', str(form.user.data).encode())])`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00
			`except ldap.LDAPError as e:`
refactor variable names to improve readability 2020-09-10 12:14:17 +02:00			`ldap_connection.unbind_s()`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00			`message = "LDAP Error"`
fix byte string and error handling 2019-02-11 16:16:40 +01:00			`if 'desc' in e.args[0]:`
			`message = message + " " + e.args[0]['desc']`
			`if 'info' in e.args[0]:`
			`message = message + ": " + e.args[0]['info']`
Refactor function names according to PEP8. 2019-02-09 13:30:05 +01:00			`return render_template('error.html', message=message, nav=build_nav())`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00			`else:`
refactor variable names to improve readability 2020-09-10 12:14:17 +02:00			`ldap_connection.unbind_s()`
Refactor function names according to PEP8. 2019-02-09 13:30:05 +01:00			`return render_template('success.html', message="User successfully created.", nav=build_nav())`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00
Refactor function names according to PEP8. 2019-02-09 13:30:05 +01:00			`return render_template('create.html', form=form, nav=build_nav())`
Start implementation of a create user dialog. 2016-02-10 17:03:09 +01:00

First edit implementation (doesn't do too much). 2015-06-18 19:14:24 +02:00			`@app.route('/edit', methods=['GET', 'POST'])`
			`def edit():`
Refactor function names according to PEP8. 2019-02-09 13:30:05 +01:00			`if not is_loggedin():`
			`return render_template('error.html', message="You are not logged in. Please log in first.", nav=build_nav())`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00
			`form = EditForm()`
			`creds = rdb.hgetall(session['uuid'])`

			`if form.validate_on_submit():`
			`npwd = form.pwd1.data`
refactor variable names to improve readability 2020-09-10 12:14:17 +02:00			`ldap_connection = ldap.initialize(app.config.get('LDAP_URI', 'ldaps://127.0.0.1'))`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00			`try:`
refactor variable names to improve readability 2020-09-10 12:14:17 +02:00			`ldap_connection.simple_bind_s(creds['user'], creds['pswd'])`
			`ldap_connection.passwd_s(creds['user'], creds['pswd'], npwd)`
Remove unused variable 2019-02-25 09:59:37 +01:00			`except ldap.INVALID_CREDENTIALS:`
fix byte string and error handling 2019-02-11 16:16:40 +01:00			`form.user.errors.append('Invalid credentials')`
refactor variable names to improve readability 2020-09-10 12:14:17 +02:00			`ldap_connection.unbind_s()`
Refactor function names according to PEP8. 2019-02-09 13:30:05 +01:00			`return render_template('edit.html', form=form, nav=build_nav())`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00			`else:`
			`rdb.hset(session['uuid'], 'pswd', npwd)`
refactor variable names to improve readability 2020-09-10 12:14:17 +02:00			`ldap_connection.unbind_s()`
Refactor function names according to PEP8. 2019-02-09 13:30:05 +01:00			`return render_template('success.html', message="User successfully edited.", nav=build_nav())`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00
			`form.user.data = creds['user']`
Refactor function names according to PEP8. 2019-02-09 13:30:05 +01:00			`return render_template('edit.html', form=form, nav=build_nav())`
First edit implementation (doesn't do too much). 2015-06-18 19:14:24 +02:00
Implement password changing and configurable session timeout. 2015-09-28 21:27:56 +02:00
Implement user listing. 2016-03-22 01:06:25 +01:00			`@app.route('/list')`
Rename function list to list_users. The function list shadowed the built-in type list leading to weird TypeError exceptions in the user creation. While at it list the users cn before the dn to improve readability. 2016-04-16 21:03:11 +02:00			`def list_users():`
Refactor function names according to PEP8. 2019-02-09 13:30:05 +01:00			`if not is_loggedin():`
			`return render_template('error.html', message="You are not logged in. Please log in first.", nav=build_nav())`
Implement user listing. 2016-03-22 01:06:25 +01:00
Properly protect create and list functionality 2019-03-22 12:57:02 +01:00			`if not is_admin():`
refactor variable names to improve readability 2020-09-10 12:14:17 +02:00			`return render_template('error.html', message="You do not have administrative privileges. Please log in using an administrative account.",`
			`nav=build_nav())`
Properly protect create and list functionality 2019-03-22 12:57:02 +01:00
refactor variable names to improve readability 2020-09-10 12:14:17 +02:00			`ldap_connection = ldap.initialize(app.config.get('LDAP_URI', 'ldaps://127.0.0.1'))`
			`ldap_connection.simple_bind_s(rdb.hget(session['uuid'], 'user'), rdb.hget(session['uuid'], 'pswd'))`
			`sr = ldap_connection.search_s(app.config.get('LDAP_BASE'), ldap.SCOPE_SUBTREE, '(objectClass=posixAccount)', ['cn', 'uidNumber'])`
list: also display numberic uid 2019-05-16 16:13:05 +02:00			`accounts = [(attr['cn'][0].decode(errors='ignore'), attr['uidNumber'][0].decode(errors='ignore'), dn) for dn, attr in sr]`
fix account listing for python3 2019-02-11 15:53:17 +01:00			`return render_template('list.html', accounts=accounts, nav=build_nav())`
Implement user listing. 2016-03-22 01:06:25 +01:00

Use ldap/redis. Use external configuration file (example provided). Prepare login. 2015-06-17 20:13:55 +02:00			`@app.route('/login', methods=['GET', 'POST'])`
			`def login():`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00			`form = LoginForm()`

			`if form.validate_on_submit():`
			`if form.user.data.endswith(app.config.get('LDAP_BASE', '')):`
			`user = form.user.data`
			`else:`
			`user = app.config.get('USER_DN').format(user=form.user.data)`
			`pswd = form.pswd.data`
refactor variable names to improve readability 2020-09-10 12:14:17 +02:00			`ldap_connection = ldap.initialize(app.config.get('LDAP_URI', 'ldaps://127.0.0.1'))`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00			`try:`
refactor variable names to improve readability 2020-09-10 12:14:17 +02:00			`ldap_connection.simple_bind_s(user, pswd)`
Refactor function names according to PEP8. 2019-02-09 13:30:05 +01:00			`except ldap.INVALID_CREDENTIALS:`
fix byte string and error handling 2019-02-11 16:16:40 +01:00			`form.pswd.errors.append('Invalid credentials')`
refactor variable names to improve readability 2020-09-10 12:14:17 +02:00			`ldap_connection.unbind_s()`
Refactor function names according to PEP8. 2019-02-09 13:30:05 +01:00			`return render_template('login.html', form=form, nav=build_nav())`
refactor variable names to improve readability 2020-09-10 12:14:17 +02:00			`ldap_connection.unbind_s()`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00
			`session['uuid'] = str(uuid.uuid4())`
			`credentials = {'user': user, 'pswd': pswd}`
			`rdb.hmset(session['uuid'], credentials)`
			`# TODO refactor this and reuse`
			`rdb.expire(session['uuid'], app.config.get('SESSION_TIMEOUT', 3600))`

			`return redirect(url_for('index'))`
Refactor function names according to PEP8. 2019-02-09 13:30:05 +01:00			`return render_template('login.html', form=form, nav=build_nav())`
Add very basic templates, style and a handler for '/'. 2015-06-16 21:57:44 +02:00
First working login. 2015-06-17 20:22:52 +02:00
			`@app.route('/logout')`
			`def logout():`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00			`if 'uuid' in session:`
			`rdb.delete(session['uuid'])`
			`del session['uuid']`
			`return redirect(url_for('index'))`
First working login. 2015-06-17 20:22:52 +02:00

Add very basic templates, style and a handler for '/'. 2015-06-16 21:57:44 +02:00			`if __name__ == '__main__':`
Indention and imports according to PEP8. 2019-02-09 13:23:36 +01:00			`app.run(host='0.0.0.0', port=5000)`