diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ae65216 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +# config file +config.cfg diff --git a/config.cfg.example b/config.cfg.example index a8c361f..dbcbc0d 100644 --- a/config.cfg.example +++ b/config.cfg.example @@ -3,3 +3,6 @@ SECRET_KEY = "CHANGE!ME" LDAP_URI = "ldaps://ldap.example.com" LDAP_BASE = "ou=people,dc=example,dc=com" + +REDIS_HOST = "127.0.0.1" +REDIS_PSWD = "foobared" diff --git a/index.py b/index.py index 23d48a3..e86ab8d 100755 --- a/index.py +++ b/index.py @@ -4,15 +4,16 @@ from flask import Flask, render_template, redirect, url_for, session from flask_wtf import Form import ldap from redis import Redis +import uuid from wtforms.fields import PasswordField, SelectField, StringField, SubmitField from wtforms.validators import Required app = Flask(__name__) -app.config.from_pyfile('index.cfg') +app.config.from_pyfile('config.cfg') app.jinja_env.trim_blocks = True app.jinja_env.lstrip_blocks = True -rdb = Redis(host='127.0.0.1', password='foobared') +rdb = Redis(host=app.config.get('REDIS_HOST', '127.0.0.1'), password=app.config.get('REDIS_PSWD')) class LoginForm(Form): @@ -25,13 +26,38 @@ class LoginForm(Form): def index(): return render_template('index.html') + @app.route('/login', methods=['GET', 'POST']) def login(): form = LoginForm() + if form.validate_on_submit(): - # TODO implement login with LDAP + user = 'cn=' + form.user.data + ',' + app.config.get('LDAP_BASE','') + pswd = form.pswd.data + l = ldap.initialize(app.config.get('LDAP_URI', 'ldaps://127.0.0.1')) + try: + l.simple_bind_s(user, pswd) + except ldap.INVALID_CREDENTIALS as e: + form.pswd.errors.append(e.message['desc']) + l.unbind_s() + return render_template('login.html', form=form) + l.unbind_s() + + session['uuid'] = str(uuid.uuid4()) + credentials = { 'user': user, 'pswd': pswd } + rdb.hmset(session['uuid'], credentials) + # TODO refactor this are reuse, make session timeout a config variable + rdb.expire(session['uuid'], 3600) + return redirect(url_for('index')) return render_template('login.html', form=form) + +@app.route('/logout') +def logout(): + session['uuid'] = None + return redirect(url_for('index')) + + if __name__ == '__main__': app.run(host='0.0.0.0', port=5000)