diff --git a/cps/admin.py b/cps/admin.py index 022acc8e1..12830c79e 100644 --- a/cps/admin.py +++ b/cps/admin.py @@ -1179,6 +1179,7 @@ def _configuration_ldap_helper(to_save): reboot_required |= _config_string(to_save, "config_ldap_cert_path") reboot_required |= _config_string(to_save, "config_ldap_key_path") _config_string(to_save, "config_ldap_group_name") + _config_checkbox(to_save, "config_ldap_autocreate_user") address = urlparse(to_save.get("config_ldap_provider_url", "")) to_save["config_ldap_provider_url"] = (address.hostname or address.path).strip("/") diff --git a/cps/config_sql.py b/cps/config_sql.py index f6c0991c7..e10c7df9d 100644 --- a/cps/config_sql.py +++ b/cps/config_sql.py @@ -137,6 +137,7 @@ class _Settings(_Base): config_ldap_group_object_filter = Column(String, default='(&(objectclass=posixGroup)(cn=%s))') config_ldap_group_members_field = Column(String, default='memberUid') config_ldap_group_name = Column(String, default='calibreweb') + config_ldap_autocreate_user = Column(Boolean, default=False) config_kepubifypath = Column(String, default=None) config_converterpath = Column(String, default=None) diff --git a/cps/templates/config_edit.html b/cps/templates/config_edit.html index d101f9608..a84128a8b 100644 --- a/cps/templates/config_edit.html +++ b/cps/templates/config_edit.html @@ -260,6 +260,10 @@

+
+
+ +

{{_('Following Settings are Needed For User Import')}}

diff --git a/cps/web.py b/cps/web.py index 6b26f29e5..f1201b8cc 100644 --- a/cps/web.py +++ b/cps/web.py @@ -43,6 +43,7 @@ from . import constants, logger, isoLanguages, services from . import db, ub, config, app from . import calibre_db, kobo_sync_status +from .admin import ldap_import_create_user from .search import render_search_results, render_adv_search_results from .gdriveutils import getFileFromEbooksFolder, do_gdrive_download from .helper import check_valid_domain, check_email, check_username, \ @@ -1360,14 +1361,27 @@ def login_post(): user = ub.session.query(ub.User).filter(func.lower(ub.User.name) == form.get('username', "").strip().lower()) \ .first() remember_me = bool(form.get('remember_me')) - if config.config_login_type == constants.LOGIN_LDAP and services.ldap and user and form['password'] != "": + if config.config_login_type == constants.LOGIN_LDAP and services.ldap and (user or config.config_ldap_autocreate_user) and form['password'] != "": login_result, error = services.ldap.bind_user(form['username'], form['password']) if login_result: - log.debug(u"You are now logged in as: '{}'".format(user.name)) - return handle_login_user(user, - remember_me, - _(u"you are now logged in as: '%(nickname)s'", nickname=user.name), - "success") + log.debug(u"LDAP Login succeeded for user: '{}'".format(form['username'])) + if config.config_ldap_autocreate_user and not user: + log.debug(u"LDAP login succeeded but user does not exist but auto-create has been enabled; trying to create the user") + user_data = services.ldap.get_object_details(user=form['username'], query_filter=config.config_ldap_user_object) + user_count, message = ldap_import_create_user(user, user_data) + user = ub.session.query(ub.User).filter(func.lower(ub.User.name) == form.get('username', "").strip().lower()).first() + if not user: + log.error(u"LDAP user auto creation failed") + + if user: + log.debug("You are now logged in as: '{}'".format(user.name)) + return handle_login_user(user, + remember_me, + _(u"you are now logged in as: '%(nickname)s'", nickname=user.name), + "success") + else: + log.info("Login failed for user '{}'".format(user.name)) + flash(_(u"Wrong Username or Password"), category="error") elif login_result is None and user and check_password_hash(str(user.password), form['password']) \ and user.name != "Guest": log.info("Local Fallback Login as: '{}'".format(user.name))