freenit-framework
diff --git a/‎bin/common.sh
+1-6 b/‎bin/common.sh
+1-6
diff --git a/‎bin/devel.sh
+1-1 b/‎bin/devel.sh
+1-1
diff --git a/‎bin/freenit.sh
+6-6 b/‎bin/freenit.sh
+6-6
diff --git a/‎freenit/api/auth.py
+24-31 b/‎freenit/api/auth.py
+24-31
diff --git a/‎freenit/api/user.py
+37-1 b/‎freenit/api/user.py
+37-1
diff --git a/‎freenit/auth.py
+55-25 b/‎freenit/auth.py
+55-25
diff --git a/‎freenit/base_config.py
+20-8 b/‎freenit/base_config.py
+20-8
diff --git a/‎freenit/models/ldap/__init__.py b/‎freenit/models/ldap/__init__.py
diff --git a/‎freenit/models/ldap/base.py
+19 b/‎freenit/models/ldap/base.py
+19
@@ -21,14 +21,9 @@ setup() {
     fi
     . ${HOME}/.virtualenvs/${VIRTUALENV}/bin/activate
 
-    INSTALL_TARGET=".[${DB_TYPE}"
-    if [ "${FREENIT_ENV}" != "prod" ]; then
-      INSTALL_TARGET="${INSTALL_TARGET},${FREENIT_ENV}"
-    fi
-    INSTALL_TARGET="${INSTALL_TARGET}]"
     if [ "${1}" != "no" -a "${OFFLINE}" != "yes" ]; then
       ${PIP_INSTALL} pip wheel
-      ${PIP_INSTALL} -e "${INSTALL_TARGET}"
+      ${PIP_INSTALL} -e ".[${DB_TYPE},${FREENIT_ENV}]"
     fi
   fi
 
 
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 BIN_DIR=`dirname $0`
-export FREENIT_ENV="dev"
+export FREENIT_ENV="dev,all"
 export OFFLINE=${OFFLINE:="no"}
 
 
 
@@ -45,8 +45,8 @@ export SED_CMD="sed -i"
 backend() {
   PROJECT_ROOT=`python${PY_VERSION} -c 'import os; import freenit; print(os.path.dirname(os.path.abspath(freenit.__file__)))'`
 
-  mkdir backend
-  cd backend
+  mkdir "${NAME}"
+  cd "${NAME}"
   cp -r ${PROJECT_ROOT}/project/* .
   case `uname` in
     *BSD)
@@ -215,6 +215,7 @@ echo "========"
 cd "\${PROJECT_ROOT}"
 rm -rf build
 yarn run build
+touch build/.keep
 EOF
   chmod +x collect.sh
 
@@ -395,8 +396,7 @@ EOF
 
 svelte() {
   yarn create svelte "${NAME}"
-  mv "${NAME}" frontend
-  cd frontend
+  cd "${NAME}"
   yarn install
   frontend_common
   yarn add --dev @zerodevx/svelte-toast @freenit-framework/svelte-base
@@ -677,14 +677,13 @@ services/
 vars.mk
 EOF
 
-  echo "DEVEL_MODE = YES" >vars.mk
-
   echo "Creating services"
   mkdir services
   cd services
 
   echo "Creating backend"
   backend
+  mv "${NAME}" backend
 
   echo "Creating frontend"
   FRONTEND_TYPE=${FRONTEND_TYPE:=svelte}
@@ -696,6 +695,7 @@ EOF
     help >&2
     exit 1
   fi
+  mv "${NAME}" frontend
   cd ..
 }
 
 
@@ -1,7 +1,5 @@
 from email.mime.text import MIMEText
 
-import ormar
-import ormar.exceptions
 import pydantic
 from fastapi import Header, HTTPException, Request, Response
 
@@ -36,39 +34,34 @@ class Verification(pydantic.BaseModel):
 
 @api.post("/auth/login", response_model=LoginResponse, tags=["auth"])
 async def login(credentials: LoginInput, response: Response):
-    try:
-        user = await User.objects.get(email=credentials.email, active=True)
-        valid = user.check(credentials.password)
-        if valid:
-            access = encode(user)
-            refresh = encode(user)
-            response.set_cookie(
-                "access",
-                access,
-                httponly=True,
-                secure=config.auth.secure,
-            )
-            response.set_cookie(
-                "refresh",
-                refresh,
-                httponly=True,
-                secure=config.auth.secure,
-            )
-            return {
-                "user": user.dict(exclude={"password"}),
-                "expire": {
-                    "access": config.auth.expire,
-                    "refresh": config.auth.refresh_expire,
-                },
-            }
-    except ormar.exceptions.NoMatch:
-        pass
-    raise HTTPException(status_code=403, detail="Failed to login")
+    user = await User.login(credentials)
+    access = encode(user)
+    refresh = encode(user)
+    response.set_cookie(
+        "access",
+        access,
+        httponly=True,
+        secure=config.auth.secure,
+    )
+    response.set_cookie(
+        "refresh",
+        refresh,
+        httponly=True,
+        secure=config.auth.secure,
+    )
+    return {
+        "user": user,
+        "expire": {
+            "access": config.auth.expire,
+            "refresh": config.auth.refresh_expire,
+        },
+    }
 
 
 @api.post("/auth/register", tags=["auth"])
 async def register(credentials: LoginInput, host=Header(default="")):
-    print("host", host)
+    import ormar.exceptions
+
     try:
         user = await User.objects.get(email=credentials.email)
         raise HTTPException(status_code=409, detail="User already registered")
 
@@ -4,6 +4,7 @@
 
 from freenit.api.router import route
 from freenit.auth import encrypt
+from freenit.config import getConfig
 from freenit.decorators import description
 from freenit.models.pagination import Page, paginate
 from freenit.models.safe import UserSafe
@@ -12,6 +13,8 @@
 
 tags = ["user"]
 
+config = getConfig()
+
 
 @route("/users", tags=tags)
 class UserListAPI:
@@ -22,7 +25,40 @@ async def get(
         perpage: int = Header(default=10),
         _: User = Depends(user_perms),
     ) -> Page[UserSafe]:
-        return await paginate(User.objects, page, perpage)
+        if User.Meta.type == "ormar":
+            return await paginate(User.objects, page, perpage)
+        elif User.Meta.type == "bonsai":
+            import bonsai
+
+            client = bonsai.LDAPClient(f"ldap://{config.ldap.host}", config.ldap.tls)
+            try:
+                async with client.connect(is_async=True) as conn:
+                    res = await conn.search(
+                        f"dc=account,dc=ldap",
+                        bonsai.LDAPSearchScope.SUB,
+                        "objectClass=person",
+                    )
+            except bonsai.errors.AuthenticationError:
+                raise HTTPException(status_code=403, detail="Failed to login")
+
+            data = []
+            for udata in res:
+                email = udata.get("mail", None)
+                if email is None:
+                    continue
+                user = User(
+                    email=email[0],
+                    sn=udata["sn"][0],
+                    cn=udata["cn"][0],
+                    dn=str(udata["dn"]),
+                    uid=udata["uid"][0],
+                )
+                data.append(user)
+
+            total = len(res)
+            page = Page(total=total, page=1, pages=1, perpage=total, data=data)
+            return page
+        raise HTTPException(status_code=409, detail="Unknown user type")
 
 
 @route("/users/{id}", tags=tags)
 
@@ -1,6 +1,4 @@
 import jwt
-import ormar
-import ormar.exceptions
 from fastapi import HTTPException, Request
 from passlib.hash import pbkdf2_sha256
 
@@ -17,16 +15,44 @@ async def decode(token):
     pk = data.get("pk", None)
     if pk is None:
         raise HTTPException(status_code=403, detail="Unauthorized")
-    try:
-        user = await User.objects.get(pk=pk)
+    if User.Meta.type == "ormar":
+        import ormar
+        import ormar.exceptions
+
+        try:
+            user = await User.objects.get(pk=pk)
+            return user
+        except ormar.exceptions.NoMatch:
+            raise HTTPException(status_code=403, detail="Unauthorized")
+    elif User.Meta.type == "bonsai":
+        import bonsai
+
+        client = bonsai.LDAPClient(f"ldap://{config.ldap.host}", config.ldap.tls)
+        async with client.connect(is_async=True) as conn:
+            res = await conn.search(
+                pk,
+                bonsai.LDAPSearchScope.BASE,
+                "objectClass=person",
+            )
+        data = res[0]
+        user = User(
+            email=data["mail"][0],
+            sn=data["sn"][0],
+            cn=data["cn"][0],
+            dn=str(data["dn"]),
+            uid=data["uid"][0],
+        )
         return user
-    except ormar.exceptions.NoMatch:
-        raise HTTPException(status_code=403, detail="Unauthorized")
+    raise HTTPException(status_code=409, detail="Unknown user type")
 
 
 def encode(user):
     config = getConfig()
-    payload = {"pk": user.pk}
+    payload = {}
+    if user.Meta.type == "ormar":
+        payload = {"pk": user.pk, "type": user.Meta.type}
+    elif user.Meta.type == "bonsai":
+        payload = {"pk": user.dn, "type": user.Meta.type}
     return jwt.encode(payload, config.secret, algorithm="HS256")
 
 
@@ -35,27 +61,31 @@ async def authorize(request: Request, roles=[], allof=[], cookie="access"):
     if not token:
         raise HTTPException(status_code=403, detail="Unauthorized")
     user = await decode(token)
-    await user.load_all()
-    if not user.active:
-        raise HTTPException(status_code=403, detail="Permission denied")
-    if user.admin:
-        return user
-    if len(user.roles) == 0:
-        if len(roles) > 0 or len(allof) > 0:
+    if user.Meta.type == "ormar":
+        await user.load_all()
+        if not user.active:
             raise HTTPException(status_code=403, detail="Permission denied")
-    else:
-        if len(roles) > 0:
-            found = False
-            for role in user.roles:
-                if role.name in roles:
-                    found = True
-                    break
-            if not found:
+        if user.admin:
+            return user
+        if len(user.roles) == 0:
+            if len(roles) > 0 or len(allof) > 0:
                 raise HTTPException(status_code=403, detail="Permission denied")
-        if len(allof) > 0:
-            for role in user.roles:
-                if role.name not in allof:
+        else:
+            if len(roles) > 0:
+                found = False
+                for role in user.roles:
+                    if role.name in roles:
+                        found = True
+                        break
+                if not found:
                     raise HTTPException(status_code=403, detail="Permission denied")
+            if len(allof) > 0:
+                for role in user.roles:
+                    if role.name not in allof:
+                        raise HTTPException(status_code=403, detail="Permission denied")
+        return user
+    # elif user.Meta.type == "bonsai":
+    #     pass
     return user
 
 
 
@@ -9,6 +9,15 @@
 hour = 60 * minute
 day = 24 * hour
 year = 365 * day
+register_message = """Hello,
+
+Please confirm user registration by following this link
+
+{}
+
+Regards,
+Freenit
+"""
 
 
 class Auth:
@@ -28,14 +37,7 @@ def __init__(
         tls=True,
         from_addr="[email protected]",
         register_subject="[Freenit] User Registration",
-        register_message="""Hello,
-
-Please confirm user registration by following this link
-
-{}
-
-Regards,
-Freenit""",
+        register_message=register_message,
     ) -> None:
         self.server = server
         self.user = user
@@ -47,6 +49,15 @@ def __init__(
         self.register_message = register_message
 
 
+class LDAP:
+    def __init__(
+        self, host="ldap.example.com", tls=True, base="uid={},ou={},dc=account,dc=ldap"
+    ):
+        self.host = host
+        self.tls = tls
+        self.base = base
+
+
 class BaseConfig:
     name = "Freenit"
     version = "0.0.1"
@@ -66,6 +77,7 @@ class BaseConfig:
     meta = None
     auth = Auth()
     mail = Mail()
+    ldap = LDAP()
 
     def __init__(self):
         self.database = databases.Database(self.dburl)
 
@@ -0,0 +1,19 @@
+from typing import Generic, TypeVar
+
+from pydantic import EmailStr, Field, generics
+
+T = TypeVar("T")
+
+
+class LDAPBaseModel(generics.GenericModel, Generic[T]):
+    class Meta:
+        type = "bonsai"
+
+    dn: str = Field("", description=("Distinguished name"))
+
+
+class LDAPUserMixin:
+    uid: str = Field("", description=("User ID"))
+    email: EmailStr = Field("", description=("Email"))
+    cn: str = Field("", description=("Common name"))
+    sn: str = Field("", description=("Surname"))