-
Notifications
You must be signed in to change notification settings - Fork 21
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into json_presenter
- Loading branch information
Showing
22 changed files
with
594 additions
and
192 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -26,6 +26,7 @@ src/.env | |
*.key | ||
*.log | ||
*.crt | ||
*.asc | ||
local/ | ||
|
||
# settings of editors | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,23 @@ | ||
|
||
repos: | ||
- repo: https://github.com/psf/black | ||
rev: 22.6.0 | ||
rev: 23.3.0 | ||
hooks: | ||
- id: black | ||
language_version: python3 | ||
args: [--line-length=142] | ||
|
||
- repo: https://github.com/PyCQA/flake8 | ||
rev: 6.0.0 | ||
hooks: | ||
- id: flake8 | ||
additional_dependencies: [flake8-docstrings] | ||
args: [--max-line-length=142] | ||
types: ['python'] | ||
|
||
- repo: https://github.com/pre-commit/pre-commit-hooks | ||
rev: v4.3.0 | ||
rev: v4.4.0 | ||
hooks: | ||
- id: trailing-whitespace | ||
- id: check-yaml | ||
- id: end-of-file-fixer | ||
- id: trailing-whitespace |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Place certificate for LDAP authentication in this folder and name it ldap_ca.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
from managers import log_manager | ||
from auth.base_authenticator import BaseAuthenticator | ||
from flask import request | ||
from ldap3 import Server, Connection, ALL, Tls | ||
import ssl | ||
import time | ||
import random | ||
import os | ||
|
||
|
||
class LDAPAuthenticator(BaseAuthenticator): | ||
"""Authenticates users against an LDAP server. | ||
Args: | ||
BaseAuthenticator (_type_): _description_ | ||
Returns: | ||
_type_: _description_ | ||
""" | ||
|
||
LDAP_SERVER = os.getenv('LDAP_SERVER') | ||
LDAP_BASE_DN = os.getenv('LDAP_BASE_DN') | ||
LDAP_CA_CERT_PATH = 'auth/ldap_ca.pem' | ||
if not os.path.isfile(LDAP_CA_CERT_PATH): | ||
LDAP_CA_CERT_PATH = None | ||
log_manager.store_auth_error_activity("No LDAP CA certificate found. LDAP authentication might not work.") | ||
|
||
def get_required_credentials(self): | ||
"""Gets the username and the password. | ||
Returns: | ||
_type_: _description_ | ||
""" | ||
return ["username", "password"] | ||
|
||
def authenticate(self, credentials): | ||
"""Tries to authenticate the user against the LDAP server. | ||
Args: | ||
credentials (_type_): _description_ | ||
Returns: | ||
_type_: _description_ | ||
""" | ||
tls = Tls(ca_certs_file=self.LDAP_CA_CERT_PATH, validate=ssl.CERT_REQUIRED, version=ssl.PROTOCOL_TLSv1_2) | ||
server = Server(self.LDAP_SERVER, use_ssl=True, tls=tls, get_info=ALL) | ||
conn = Connection(server, user=f'uid={credentials["username"]},{self.LDAP_BASE_DN}', password=credentials["password"], read_only=True) | ||
|
||
if not conn.bind(): | ||
data = request.get_json() | ||
data["password"] = log_manager.sensitive_value(data["password"]) | ||
log_manager.store_auth_error_activity("Authentication failed for user: " + credentials["username"], request_data=data) | ||
time.sleep(random.uniform(1, 3)) | ||
return BaseAuthenticator.generate_error() | ||
|
||
return BaseAuthenticator.generate_jwt(credentials["username"]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.