diff --git a/config.cfg.example b/config.cfg.example index dbcbc0d..de2a113 100644 --- a/config.cfg.example +++ b/config.cfg.example @@ -1,5 +1,6 @@ DEBUG = True SECRET_KEY = "CHANGE!ME" +SESSION_TIMEOUT = 3600 LDAP_URI = "ldaps://ldap.example.com" LDAP_BASE = "ou=people,dc=example,dc=com" diff --git a/index.py b/index.py index 552e817..0a87af5 100755 --- a/index.py +++ b/index.py @@ -50,10 +50,27 @@ def edit(): nav = ['edit', 'logout'] form = EditForm() - user = rdb.hgetall(session['uuid'])['user'] + user = rdb.hget(session['uuid'], 'user') + + if form.validate_on_submit(): + opwd = rdb.hget(session['uuid'], 'pswd') + pswd = form.pswd.data + l = ldap.initialize(app.config.get('LDAP_URI', 'ldaps://127.0.0.1')) + try: + l.simple_bind_s(user, opwd) + l.passwd_s(user, opwd, pswd) + except ldap.INVALID_CREDENTIALS as e: + # TODO error message + l.unbind_s() + else: + rdb.hset(session'uuid'], 'pswd', pswd) + # TODO show a success message + return redirect(url_for('index')) + form.user.data = user return render_template('edit.html', form=form, nav=nav) + @app.route('/login', methods=['GET', 'POST']) def login(): nav = ['login'] @@ -74,8 +91,8 @@ def login(): session['uuid'] = str(uuid.uuid4()) credentials = { 'user': user, 'pswd': pswd } rdb.hmset(session['uuid'], credentials) - # TODO refactor this are reuse, make session timeout a config variable - rdb.expire(session['uuid'], 3600) + # TODO refactor this and reuse + rdb.expire(session['uuid'], app.config.get('SESSION_TIMEOUT', 3600)) return redirect(url_for('index')) return render_template('login.html', form=form, nav=nav)