moved models to auth module

This commit is contained in:
Simon Pirkelmann 2022-01-30 21:56:11 +01:00
parent 080ea0f3b0
commit 4b3aed25d2
2 changed files with 22 additions and 15 deletions

View File

@ -1,7 +1,6 @@
import logging import logging
from flask import Flask from flask import Flask
from flask_sqlalchemy import SQLAlchemy from flask_sqlalchemy import SQLAlchemy
from flask_security.models import fsqla_v2 as fsqla
from flask_security import Security, SQLAlchemyUserDatastore, hash_password from flask_security import Security, SQLAlchemyUserDatastore, hash_password
from email_validator import validate_email from email_validator import validate_email
@ -11,7 +10,6 @@ from pathlib import Path
#from .webapp import door_app #from .webapp import door_app
from .door_handle import DoorHandle from .door_handle import DoorHandle
from .auth import ExtendedLoginForm
security = Security() security = Security()
db = SQLAlchemy() db = SQLAlchemy()
@ -147,21 +145,14 @@ def create_app():
# Create database connection object # Create database connection object
db.init_app(app) db.init_app(app)
# Define models
fsqla.FsModels.set_db_info(db)
class Role(db.Model, fsqla.FsRoleMixin):
pass
class User(db.Model, fsqla.FsUserMixin):
pass
from . webapp import door_app from . webapp import door_app
app.register_blueprint(door_app) app.register_blueprint(door_app)
ldap_server = ldap3.Server(app.config['LDAP_URL']) ldap_server = ldap3.Server(app.config['LDAP_URL'])
# Setup Flask-Security # Setup Flask-Security
from .auth import ExtendedLoginForm, User, Role
user_datastore = SQLAlchemyUserDatastore(db, User, Role) user_datastore = SQLAlchemyUserDatastore(db, User, Role)
security.init_app(app, user_datastore, login_form=ExtendedLoginForm) security.init_app(app, user_datastore, login_form=ExtendedLoginForm)

View File

@ -3,9 +3,24 @@ from flask import current_app
from flask_security import hash_password from flask_security import hash_password
from flask_security.forms import LoginForm, Required, PasswordField from flask_security.forms import LoginForm, Required, PasswordField
from flask_security.utils import find_user from flask_security.utils import find_user
from flask_security.models import fsqla_v2 as fsqla
import ldap3 import ldap3
from ldap3.core.exceptions import LDAPBindError, LDAPSocketOpenError from ldap3.core.exceptions import LDAPBindError, LDAPSocketOpenError
from imaginaerraum_door_admin import db, security
# Define models
fsqla.FsModels.set_db_info(db)
class Role(db.Model, fsqla.FsRoleMixin):
pass
class User(db.Model, fsqla.FsUserMixin):
pass
class ExtendedLoginForm(LoginForm): class ExtendedLoginForm(LoginForm):
email = StringField('Benutzername oder E-Mail', [Required()]) email = StringField('Benutzername oder E-Mail', [Required()])
@ -35,8 +50,8 @@ class ExtendedLoginForm(LoginForm):
user.email = new_user_data['email'] user.email = new_user_data['email']
user.password = new_user_data['password'] user.password = new_user_data['password']
for role in new_user_data['roles']: for role in new_user_data['roles']:
user_datastore.add_role_to_user(user, role) security.datastore.add_role_to_user(user, role)
user_datastore.commit() security.datastore.commit()
self.user = user self.user = user
else: else:
self.password.errors = ['Invalid password'] self.password.errors = ['Invalid password']
@ -49,15 +64,16 @@ class ExtendedLoginForm(LoginForm):
if authorized: if authorized:
# if there was no user in the database before we create a new user # if there was no user in the database before we create a new user
self.user = user_datastore.create_user(username=new_user_data['username'], email=new_user_data['email'], self.user = security.datastore.create_user(username=new_user_data['username'], email=new_user_data['email'],
password=new_user_data['password'], roles=new_user_data['roles']) password=new_user_data['password'], roles=new_user_data['roles'])
user_datastore.commit() security.datastore.commit()
current_app.logger.info(f"New admin user '{new_user_data['username']} <{new_user_data['email']}>' created after" current_app.logger.info(f"New admin user '{new_user_data['username']} <{new_user_data['email']}>' created after"
" successful LDAP authorization") " successful LDAP authorization")
# if any of the authorization methods is successful we authorize the user # if any of the authorization methods is successful we authorize the user
return authorized return authorized
def validate_ldap(username, password): def validate_ldap(username, password):
"""Validate the user and password through an LDAP server. """Validate the user and password through an LDAP server.