From 71bfe671ed2c03d6be76bc75433247b007b06712 Mon Sep 17 00:00:00 2001
From: Markus Hauschild <markus@moepman.eu>
Date: Wed, 10 Feb 2016 17:03:09 +0100
Subject: [PATCH] Start implementation of a create user dialog.

---
 config.cfg.example    |  2 ++
 index.py              | 39 ++++++++++++++++++++++++++++++++++++++-
 templates/create.html | 14 ++++++++++++++
 3 files changed, 54 insertions(+), 1 deletion(-)
 create mode 100644 templates/create.html

diff --git a/config.cfg.example b/config.cfg.example
index de2a113..97845ba 100644
--- a/config.cfg.example
+++ b/config.cfg.example
@@ -5,5 +5,7 @@ SESSION_TIMEOUT = 3600
 LDAP_URI = "ldaps://ldap.example.com"
 LDAP_BASE = "ou=people,dc=example,dc=com"
 
+ADMINS = [ "cn=admin,ou=people,dc=example,dc=com" ]
+
 REDIS_HOST = "127.0.0.1"
 REDIS_PSWD = "foobared"
diff --git a/index.py b/index.py
index 195b2be..f924e67 100755
--- a/index.py
+++ b/index.py
@@ -5,7 +5,7 @@ from flask_wtf import Form
 import ldap
 from redis import Redis
 import uuid
-from wtforms.fields import PasswordField, SelectField, StringField, SubmitField
+from wtforms.fields import IntegerField, PasswordField, SelectField, StringField, SubmitField
 from wtforms.validators import EqualTo, Required
 
 app = Flask(__name__)
@@ -21,6 +21,15 @@ class ReadonlyStringField(StringField):
 		kwargs.setdefault('readonly', True)
 		return super(ReadonlyStringField, self).__call__(*args, **kwargs)
 
+class CreateForm(Form):
+	user = StringField('Username', validators = [Required()])
+	uid = IntegerField('User ID', validators = [Required()])
+	gn = StringField('Given Name', validators = [Required()])
+	sn = StringField('Family Name', validators = [Required()])
+	pwd1 = PasswordField('Password', validators = [Required()])
+	pwd2 = PasswordField('Password (repeat)', validators = [Required(), EqualTo('pwd1', "Passwords must match")])
+	submit = SubmitField('Submit')
+
 class EditForm(Form):
 	user = ReadonlyStringField('Username')
 	pwd1 = PasswordField('New Password', validators = [Required()])
@@ -33,6 +42,9 @@ class LoginForm(Form):
 	submit = SubmitField('Login')
 
 
+def isAdmin():
+	return isLoggedin() and rdb.hget(session['uuid'], 'user') in app.config.get('ADMINS', [])
+
 def isLoggedin():
 	return 'uuid' in session and rdb.exists(session['uuid'])
 
@@ -41,6 +53,8 @@ def buildNav():
 	nav = []
 	if isLoggedin():
 		nav.append('edit')
+		if isAdmin():
+			nav.append('create')
 		nav.append('logout')
 	else:
 		nav.append('login')
@@ -53,6 +67,29 @@ def index():
 	return render_template('index.html', nav=buildNav())
 
 
+@app.route('/create', methods=['GET', 'POST'])
+def create():
+	if not isLoggedin():
+		return render_template('error.html', message="You are not logged in. Please log in first.", nav=buildNav())
+
+	form = CreateForm()
+
+	if form.validate_on_submit():
+		l = ldap.initialize(app.config.get('LDAP_URI', 'ldaps://127.0.0.1'))
+		try:
+			l.simple_bind_s(rdb.hget(session['uuid'], 'user'), rdb.hget(session['uuid'], 'pswd'))
+			# TODO implement
+			#l.add_s()
+		except:
+			l.unbind_s()
+		else:
+			# TODO display success message
+			l.unbind_s()
+			pass
+
+	return render_template('create.html', form=form, nav=buildNav())
+
+
 @app.route('/edit', methods=['GET', 'POST'])
 def edit():
 	if not isLoggedin():
diff --git a/templates/create.html b/templates/create.html
new file mode 100644
index 0000000..624c74e
--- /dev/null
+++ b/templates/create.html
@@ -0,0 +1,14 @@
+{% from "_helpers.html" import render_field %}
+{% extends "base.html" %}
+{% block content %}
+		<form method="POST">
+		{{ form.hidden_tag() }}
+		{{ render_field(form.user) }}
+		{{ render_field(form.uid) }}
+		{{ render_field(form.sn) }}
+		{{ render_field(form.gn) }}
+		{{ render_field(form.pwd1) }}
+		{{ render_field(form.pwd2) }}
+		<div class="form-group">{{ form.submit(class_="btn btn-default") }}</div>
+		</form>
+{% endblock %}