215 lines
5.3 KiB
Python
215 lines
5.3 KiB
Python
# -*- coding: utf-8 -*-
|
|
|
|
from tg import session
|
|
from tg.controllers import RestController, redirect
|
|
from tg.decorators import expose, validate
|
|
|
|
from brie.lib.base import BaseController
|
|
from brie.config import ldap_config
|
|
from brie.lib.ldap_helper import *
|
|
from brie.lib.aurore_helper import *
|
|
from brie.model.ldap import Groupes
|
|
|
|
class Groups(object):
|
|
__groups = list()
|
|
|
|
def __init__(self, groups):
|
|
self.__groups = groups
|
|
#end def
|
|
|
|
def __getattr__(self, name):
|
|
return name in self.__groups
|
|
#end def
|
|
|
|
def list(self):
|
|
return list(self.__groups)
|
|
#end def
|
|
|
|
#end class
|
|
|
|
class User(object):
|
|
ldap_bind = None
|
|
attrs = None
|
|
groups = None
|
|
residence_dn = None
|
|
|
|
def __init__(self, ldap_bind, attrs, residence_dn = None):
|
|
self.ldap_bind = ldap_bind
|
|
self.attrs = attrs
|
|
self.residence_dn = residence_dn
|
|
|
|
if attrs is not None:
|
|
groups = Groupes.get_by_user_dn(self, residence_dn, self.attrs.dn)
|
|
|
|
self.groups = Groups(groups)
|
|
#end if
|
|
#end def
|
|
#end class
|
|
|
|
class AuthHandler(object):
|
|
__users = dict()
|
|
__user_session_name = "user"
|
|
__anon_bind = None
|
|
|
|
def get_anon_bind(self):
|
|
if self.__anon_bind is not None:
|
|
return self.__anon_bind
|
|
else:
|
|
self.__anon_bind = Ldap.connect("", "")
|
|
return self.__anon_bind
|
|
#end if
|
|
#end def
|
|
|
|
def get_anon_user(self):
|
|
return User(self.get_anon_bind(), None)
|
|
#end def
|
|
|
|
def login(self, residence_dn, username, password):
|
|
if self.get_anon_bind() is None:
|
|
return False
|
|
|
|
user_base_dn = ldap_config.username_base_dn + residence_dn
|
|
actual_user = self.get_anon_bind().search_first(user_base_dn, "(uid=" + username + ")")
|
|
|
|
if actual_user is None:
|
|
return False
|
|
|
|
username_dn = actual_user.dn
|
|
bind = Ldap.connect(username_dn, password)
|
|
|
|
if bind is None:
|
|
return False
|
|
|
|
attributes = bind.search_first(username_dn, "(uid=" + username + ")")
|
|
|
|
user = User(bind, attributes, residence_dn)
|
|
|
|
AuthHandler.__users[username] = user
|
|
|
|
session[AuthHandler.__user_session_name] = username
|
|
session.save()
|
|
|
|
return True
|
|
#end def
|
|
|
|
def logout(self):
|
|
user = session[AuthHandler.__user_session_name]
|
|
if user in AuthHandler.__users:
|
|
stored_user = AuthHandler.__users[user]
|
|
stored_user.ldap_bind.close()
|
|
del AuthHandler.__users[user]
|
|
#end if
|
|
session[AuthHandler.__user_session_name] = None
|
|
session.save()
|
|
#end def
|
|
|
|
def get_user(self):
|
|
if not AuthHandler.__user_session_name in session:
|
|
return None
|
|
|
|
user = session[AuthHandler.__user_session_name]
|
|
if user in AuthHandler.__users:
|
|
return AuthHandler.__users[user]
|
|
|
|
return None
|
|
#end def
|
|
|
|
def get_user_or_redirect(self):
|
|
maybe_user = self.get_user()
|
|
if maybe_user is None:
|
|
redirect("/auth/login/") # TODO from config
|
|
#end if
|
|
|
|
return maybe_user
|
|
#end def
|
|
|
|
#end class
|
|
|
|
class AuthenticatedRestController(RestController):
|
|
user = None
|
|
require_group = None
|
|
|
|
def __before__(self, *args, **kwargs):
|
|
self.user = current.get_user_or_redirect()
|
|
|
|
if self.require_group is not None:
|
|
if self.require_group not in self.user.groups.list():
|
|
redirect("/error/permission_denied/")
|
|
#end if
|
|
#end if
|
|
|
|
#end def
|
|
#end def
|
|
|
|
class AuthenticatedBaseController(BaseController):
|
|
user = None
|
|
require_group = None
|
|
|
|
def __before__(self, *args, **kwargs):
|
|
self.user = current.get_user_or_redirect()
|
|
|
|
if self.require_group is not None:
|
|
if self.require_group not in self.user.groups.list():
|
|
redirect("/error/permission_denied/")
|
|
#end if
|
|
#end if
|
|
|
|
#end def
|
|
#end def
|
|
|
|
current = AuthHandler()
|
|
|
|
class LoginRestController(RestController):
|
|
|
|
@expose("brie.templates.auth.login")
|
|
def get(self):
|
|
residences = Residences.get_residences(current.get_anon_user())
|
|
|
|
return dict(residences = residences, login = "", error = "")
|
|
#end def
|
|
|
|
@expose("brie.templates.auth.login")
|
|
def post(self, residence, username, password):
|
|
anon_user = current.get_anon_user()
|
|
|
|
residence_dn = Residences.get_dn_by_name(anon_user, residence)
|
|
|
|
residences = Residences.get_residences(anon_user)
|
|
|
|
if residence_dn is None:
|
|
return dict(
|
|
residences = residences,
|
|
login = username,
|
|
residence = residence,
|
|
error = u"erreur de résidence"
|
|
)
|
|
#end if
|
|
|
|
success = current.login(residence_dn, username, password)
|
|
|
|
if success:
|
|
redirect("/")
|
|
#end if
|
|
|
|
return dict(
|
|
residences = residences,
|
|
login = username,
|
|
residence = residence,
|
|
error = "erreur de connexion"
|
|
)
|
|
#end def
|
|
|
|
|
|
class AuthRestController(BaseController):
|
|
login = LoginRestController()
|
|
|
|
@expose()
|
|
def logout(self):
|
|
current.logout()
|
|
redirect("/")
|
|
#end class
|
|
|
|
|
|
|
|
|