From 4b3aed25d2c2e13592723b2e87480e026a6b7e47 Mon Sep 17 00:00:00 2001 From: Simon Pirkelmann Date: Sun, 30 Jan 2022 21:56:11 +0100 Subject: [PATCH] moved models to auth module --- imaginaerraum_door_admin/__init__.py | 13 ++----------- imaginaerraum_door_admin/auth.py | 24 ++++++++++++++++++++---- 2 files changed, 22 insertions(+), 15 deletions(-) diff --git a/imaginaerraum_door_admin/__init__.py b/imaginaerraum_door_admin/__init__.py index 5500810..95e4053 100644 --- a/imaginaerraum_door_admin/__init__.py +++ b/imaginaerraum_door_admin/__init__.py @@ -1,7 +1,6 @@ import logging from flask import Flask from flask_sqlalchemy import SQLAlchemy -from flask_security.models import fsqla_v2 as fsqla from flask_security import Security, SQLAlchemyUserDatastore, hash_password from email_validator import validate_email @@ -11,7 +10,6 @@ from pathlib import Path #from .webapp import door_app from .door_handle import DoorHandle -from .auth import ExtendedLoginForm security = Security() db = SQLAlchemy() @@ -147,21 +145,14 @@ def create_app(): # Create database connection object db.init_app(app) - # Define models - fsqla.FsModels.set_db_info(db) - - class Role(db.Model, fsqla.FsRoleMixin): - pass - - class User(db.Model, fsqla.FsUserMixin): - pass - from . webapp import door_app app.register_blueprint(door_app) ldap_server = ldap3.Server(app.config['LDAP_URL']) # Setup Flask-Security + from .auth import ExtendedLoginForm, User, Role + user_datastore = SQLAlchemyUserDatastore(db, User, Role) security.init_app(app, user_datastore, login_form=ExtendedLoginForm) diff --git a/imaginaerraum_door_admin/auth.py b/imaginaerraum_door_admin/auth.py index e4614cb..da0bd5a 100644 --- a/imaginaerraum_door_admin/auth.py +++ b/imaginaerraum_door_admin/auth.py @@ -3,9 +3,24 @@ from flask import current_app from flask_security import hash_password from flask_security.forms import LoginForm, Required, PasswordField from flask_security.utils import find_user +from flask_security.models import fsqla_v2 as fsqla + import ldap3 from ldap3.core.exceptions import LDAPBindError, LDAPSocketOpenError +from imaginaerraum_door_admin import db, security + +# Define models +fsqla.FsModels.set_db_info(db) + + +class Role(db.Model, fsqla.FsRoleMixin): + pass + + +class User(db.Model, fsqla.FsUserMixin): + pass + class ExtendedLoginForm(LoginForm): email = StringField('Benutzername oder E-Mail', [Required()]) @@ -35,8 +50,8 @@ class ExtendedLoginForm(LoginForm): user.email = new_user_data['email'] user.password = new_user_data['password'] for role in new_user_data['roles']: - user_datastore.add_role_to_user(user, role) - user_datastore.commit() + security.datastore.add_role_to_user(user, role) + security.datastore.commit() self.user = user else: self.password.errors = ['Invalid password'] @@ -49,15 +64,16 @@ class ExtendedLoginForm(LoginForm): if authorized: # if there was no user in the database before we create a new user - self.user = user_datastore.create_user(username=new_user_data['username'], email=new_user_data['email'], + self.user = security.datastore.create_user(username=new_user_data['username'], email=new_user_data['email'], password=new_user_data['password'], roles=new_user_data['roles']) - user_datastore.commit() + security.datastore.commit() current_app.logger.info(f"New admin user '{new_user_data['username']} <{new_user_data['email']}>' created after" " successful LDAP authorization") # if any of the authorization methods is successful we authorize the user return authorized + def validate_ldap(username, password): """Validate the user and password through an LDAP server.