yohan/brie-aurore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1ebaaf8322
brie-aurore/Brie/brie/controllers/auth.py
Roven Gabriel 6e1c2ced05 oublie commit precedent
2013-09-29 20:28:40 +02:00

180 lines
4.5 KiB
Python
Raw Blame History

# -*- coding: utf-8 -*-
from tg import session
from tg.controllers import RestController, redirect
from tg.decorators import expose, validate
from brie.lib.base import BaseController
from brie.config import ldap_config
from brie.lib.ldap_helper import *
from brie.lib.aurore_helper import *
from brie.model.ldap import Groupes
class AuthHandler(object):
__users = dict()
__user_session_name = "user"
__anon_bind = None
def get_anon_bind(self):
if self.__anon_bind is not None:
return self.__anon_bind
else:
self.__anon_bind = Ldap.connect("", "")
return self.__anon_bind
#end if
#end def
def get_anon_user(self):
return User(self.get_anon_bind(), None)
#end def
def login(self, residence_dn, username, password):
if self.get_anon_bind() is None:
return False
user_base_dn = ldap_config.username_base_dn + residence_dn
actual_user = self.get_anon_bind().search_first(user_base_dn, "(uid=" + username + ")")
if actual_user is None:
return False
username_dn = actual_user.dn
bind = Ldap.connect(username_dn, password)
if bind is None:
return False
attributes = bind.search_first(username_dn, "(uid=" + username + ")")
user = User(bind, attributes, residence_dn)
AuthHandler.__users[username] = user
session[AuthHandler.__user_session_name] = username
session.save()
return True
#end def
def logout(self):
user = session[AuthHandler.__user_session_name]
if user in AuthHandler.__users:
stored_user = AuthHandler.__users[user]
stored_user.ldap_bind.close()
del AuthHandler.__users[user]
#end if
session[AuthHandler.__user_session_name] = None
session.save()
#end def
def get_user(self):
if not AuthHandler.__user_session_name in session:
return None
user = session[AuthHandler.__user_session_name]
if user in AuthHandler.__users:
return AuthHandler.__users[user]
return None
#end def
def get_user_or_redirect(self):
maybe_user = self.get_user()
if maybe_user is None:
redirect("/auth/login/") # TODO from config
#end if
return maybe_user
#end def
#end class
class AuthenticatedRestController(RestController):
user = None
require_group = None
def __before__(self, *args, **kwargs):
self.user = current.get_user_or_redirect()
if self.require_group is not None:
if self.require_group not in self.user.groups.list():
redirect("/error/permission_denied/")
#end if
#end if
#end def
#end def
class AuthenticatedBaseController(BaseController):
user = None
require_group = None
def __before__(self, *args, **kwargs):
self.user = current.get_user_or_redirect()
if self.require_group is not None:
if self.require_group not in self.user.groups.list():
redirect("/error/permission_denied/")
#end if
#end if
#end def
#end def
current = AuthHandler()
class LoginRestController(RestController):
@expose("brie.templates.auth.login")
def get(self):
residences = Residences.get_residences(current.get_anon_user())
return dict(residences = residences, login = "", error = "")
#end def
@expose("brie.templates.auth.login")
def post(self, residence, username, password):
anon_user = current.get_anon_user()
residence_dn = Residences.get_dn_by_name(anon_user, residence)
residences = Residences.get_residences(anon_user)
if residence_dn is None:
return dict(
residences = residences,
login = username,
residence = residence,
error = u"erreur de résidence"
)
#end if
success = current.login(residence_dn, username, password)
if success:
redirect("/")
#end if
return dict(
residences = residences,
login = username,
residence = residence,
error = "erreur de connexion"
)
#end def
class AuthRestController(BaseController):
login = LoginRestController()
@expose()
def logout(self):
current.logout()
redirect("/")
#end class
Reference in New Issue View Git Blame Copy Permalink