Skip to content

Commit

Permalink
add LDAP user auto-creation functionality
Browse files Browse the repository at this point in the history
Closes: janeczku#1808

Signed-off-by: Aisha Tammy <[email protected]>
  • Loading branch information
epsilon-0 committed Dec 31, 2022
1 parent 3d59a78 commit 5363306
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 7 deletions.
1 change: 1 addition & 0 deletions cps/admin.py
Original file line number Diff line number Diff line change
Expand Up @@ -1177,6 +1177,7 @@ def _configuration_ldap_helper(to_save):
reboot_required |= _config_string(to_save, "config_ldap_cert_path")
reboot_required |= _config_string(to_save, "config_ldap_key_path")
_config_string(to_save, "config_ldap_group_name")
_config_checkbox(to_save, "config_ldap_autocreate_user")
if to_save.get("config_ldap_serv_password", "") != "":
reboot_required |= 1
config.set_from_dictionary(to_save, "config_ldap_serv_password", base64.b64encode, encode='UTF-8')
Expand Down
1 change: 1 addition & 0 deletions cps/config_sql.py
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,7 @@ class _Settings(_Base):
config_ldap_group_object_filter = Column(String, default='(&(objectclass=posixGroup)(cn=%s))')
config_ldap_group_members_field = Column(String, default='memberUid')
config_ldap_group_name = Column(String, default='calibreweb')
config_ldap_autocreate_user = Column(Boolean, default=False)

config_kepubifypath = Column(String, default=None)
config_converterpath = Column(String, default=None)
Expand Down
4 changes: 4 additions & 0 deletions cps/templates/config_edit.html
Original file line number Diff line number Diff line change
Expand Up @@ -260,6 +260,10 @@ <h4 class="panel-title">
<div class="form-group">
<input type="checkbox" id="config_ldap_openldap" name="config_ldap_openldap" {% if config.config_ldap_openldap %}checked{% endif %}>
<label for="config_ldap_openldap">{{_('LDAP Server is OpenLDAP?')}}</label>
</div>
<div class="form-group">
<input type="checkbox" id="config_ldap_autocreate_user" name="config_ldap_autocreate_user" {% if config.config_ldap_autocreate_user %}checked{% endif %}>
<label for="config_ldap_autocreate_user">{{_('Automatically create the user when logging in?')}}</label>
</div>
<h4 class="text-center">{{_('Following Settings are Needed For User Import')}}</h4>
<div class="form-group">
Expand Down
24 changes: 17 additions & 7 deletions cps/web.py
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@
from . import constants, logger, isoLanguages, services
from . import db, ub, config, app
from . import calibre_db, kobo_sync_status
from .admin import ldap_import_create_user
from .search import render_search_results, render_adv_search_results
from .gdriveutils import getFileFromEbooksFolder, do_gdrive_download
from .helper import check_valid_domain, check_email, check_username, \
Expand Down Expand Up @@ -1280,15 +1281,24 @@ def login():
form = request.form.to_dict()
user = ub.session.query(ub.User).filter(func.lower(ub.User.name) == form['username'].strip().lower()) \
.first()
if config.config_login_type == constants.LOGIN_LDAP and services.ldap and user and form['password'] != "":
if config.config_login_type == constants.LOGIN_LDAP and services.ldap and (user or config.config_ldap_autocreate_user) and form['password'] != "":
login_result, error = services.ldap.bind_user(form['username'], form['password'])
if login_result:
login_user(user, remember=bool(form.get('remember_me')))
ub.store_user_session()
log.debug(u"You are now logged in as: '{}'".format(user.name))
flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.name),
category="success")
return redirect_back(url_for("web.index"))
if config.config_ldap_autocreate_user and not user:
user_data = services.ldap.get_object_details(user=form['username'], query_filter=config.config_ldap_user_object)
user_count, message = ldap_import_create_user(user, user_data)
user = ub.session.query(ub.User).filter(func.lower(ub.User.name) == form['username'].strip().lower()).first()

if user:
login_user(user, remember=bool(form.get('remember_me')))
ub.store_user_session()
log.debug(u"You are now logged in as: '{}'".format(user.name))
flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.name), category="success")
return redirect_back(url_for("web.index"))
else:
log.info("Login failed for user '{}'".format(user.name))
log.debug("LDAP login succeeded but auto-create user has been disabled")
flash(_(u"Wrong Username or Password"), category="error")
elif login_result is None and user and check_password_hash(str(user.password), form['password']) \
and user.name != "Guest":
login_user(user, remember=bool(form.get('remember_me')))
Expand Down

0 comments on commit 5363306

Please sign in to comment.