mirrors/calibre-web
1
0
Fork 0
mirror of https://github.com/janeczku/calibre-web synced 2024-11-16 06:44:54 +00:00
Code Issues Releases Wiki Activity

auto create users upon successful ldap login

Browse Source
This commit is contained in:
Boris Rybalkin 2023-05-27 22:52:36 +01:00
parent cc733454b2
commit 567942c565
4 changed files with 59 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
cps/admin.py
View File

@ -1541,7 +1541,6 @@ def get_updater_status():
def ldap_import_create_user(user, user_data): def ldap_import_create_user(user, user_data):
user_login_field = extract_dynamic_field_from_filter(user, config.config_ldap_user_object) user_login_field = extract_dynamic_field_from_filter(user, config.config_ldap_user_object)
try: try:
username = user_data[user_login_field][0].decode('utf-8') username = user_data[user_login_field][0].decode('utf-8')
except KeyError as ex: except KeyError as ex:
@ -1555,6 +1554,15 @@ def ldap_import_create_user(user, user_data):
log.warning("LDAP User %s Already in Database", user_data) log.warning("LDAP User %s Already in Database", user_data)
return 0, None return 0, None
user, error = ldap_create_user(username, user_data, config.config_default_role)
if user:
return 1, error
else:
return 0, error
def ldap_create_user(username, user_data, role):
ereader_mail = '' ereader_mail = ''
if 'mail' in user_data: if 'mail' in user_data:
useremail = user_data['mail'][0].decode('utf-8') useremail = user_data['mail'][0].decode('utf-8')
@ -1569,8 +1577,8 @@ def ldap_import_create_user(user, user_data):
# check for duplicate email # check for duplicate email
useremail = check_email(useremail) useremail = check_email(useremail)
except Exception as ex: except Exception as ex:
log.warning("LDAP Email Error: {}, {}".format(user_data, ex)) log.warning("LDAP Email Error: {}, {}".format(username, ex))
return 0, None return None, None
content = ub.User() content = ub.User()
content.name = username content.name = username
content.password = '' # dummy password which will be replaced by ldap one content.password = '' # dummy password which will be replaced by ldap one
@ -1578,7 +1586,7 @@ def ldap_import_create_user(user, user_data):
content.kindle_mail = ereader_mail content.kindle_mail = ereader_mail
content.default_language = config.config_default_language content.default_language = config.config_default_language
content.locale = config.config_default_locale content.locale = config.config_default_locale
content.role = config.config_default_role content.role = role
content.sidebar_view = config.config_default_show content.sidebar_view = config.config_default_show
content.allowed_tags = config.config_allowed_tags content.allowed_tags = config.config_allowed_tags
content.denied_tags = config.config_denied_tags content.denied_tags = config.config_denied_tags
@ -1587,12 +1595,12 @@ def ldap_import_create_user(user, user_data):
ub.session.add(content) ub.session.add(content)
try: try:
ub.session.commit() ub.session.commit()
return 1, None # increase no of users return content, None
except Exception as ex: except Exception as ex:
log.warning("Failed to create LDAP user: %s - %s", user, ex) log.warning("Failed to create LDAP user: %s - %s", username, ex)
ub.session.rollback() ub.session.rollback()
message = _(u'Failed to Create at Least One LDAP User') message = _(u'Failed to Create at Least One LDAP User')
return 0, message return None, message
@admi.route('/import_ldap_users', methods=["POST"]) @admi.route('/import_ldap_users', methods=["POST"])

2
cps/constants.py
View File

@ -128,7 +128,7 @@ LOGIN_OAUTH = 2
LDAP_AUTH_ANONYMOUS = 0 LDAP_AUTH_ANONYMOUS = 0
LDAP_AUTH_UNAUTHENTICATE = 1 LDAP_AUTH_UNAUTHENTICATE = 1
LDAP_AUTH_SIMPLE = 0 LDAP_AUTH_SIMPLE = 2
DEFAULT_MAIL_SERVER = "mail.example.org" DEFAULT_MAIL_SERVER = "mail.example.org"

4
cps/services/simpleldap.py
View File

@ -124,8 +124,8 @@ def init_app(app, config):
log.error(e) log.error(e)
def get_object_details(user=None,query_filter=None): def get_object_details(user=None, query_filter=None, group=None):
return _ldap.get_object_details(user, query_filter=query_filter) return _ldap.get_object_details(user=user, query_filter=query_filter, group=group)
def bind(): def bind():

47
cps/web.py
View File

@ -43,6 +43,7 @@ from werkzeug.security import generate_password_hash, check_password_hash
from . import constants, logger, isoLanguages, services from . import constants, logger, isoLanguages, services
from . import db, ub, config, app from . import db, ub, config, app
from . import calibre_db, kobo_sync_status from . import calibre_db, kobo_sync_status
from .admin import ldap_create_user
from .search import render_search_results, render_adv_search_results from .search import render_search_results, render_adv_search_results
from .gdriveutils import getFileFromEbooksFolder, do_gdrive_download from .gdriveutils import getFileFromEbooksFolder, do_gdrive_download
from .helper import check_valid_domain, check_email, check_username, \ from .helper import check_valid_domain, check_email, check_username, \
@ -1352,14 +1353,20 @@ def login_post():
user = ub.session.query(ub.User).filter(func.lower(ub.User.name) == form.get('username', "").strip().lower()) \ user = ub.session.query(ub.User).filter(func.lower(ub.User.name) == form.get('username', "").strip().lower()) \
.first() .first()
remember_me = bool(form.get('remember_me')) remember_me = bool(form.get('remember_me'))
if config.config_login_type == constants.LOGIN_LDAP and services.ldap and user and form['password'] != "": if config.config_login_type == constants.LOGIN_LDAP and services.ldap and (user or os.environ.get("CALIBRE_LDAP_AUTO_CREATE", None)) and form['password'] != "":
login_result, error = services.ldap.bind_user(form['username'], form['password']) login_result, error = services.ldap.bind_user(form['username'], form['password'])
if login_result: if login_result:
log.debug(u"You are now logged in as: '{}'".format(user.name)) log.debug(u"You are now logged in as: '{}'".format(form['username']))
return handle_login_user(user, if not user:
remember_me, user, error = create_user(form['username'])
_(u"you are now logged in as: '%(nickname)s'", nickname=user.name), if not user:
"success") log.info(error)
flash(_(u"Could not create user from ldap login: %(message)s", message=error), category="error")
else:
return handle_login_user(user,
remember_me,
_(u"you are now logged in as: '%(nickname)s'", nickname=user.name),
"success")
elif login_result is None and user and check_password_hash(str(user.password), form['password']) \ elif login_result is None and user and check_password_hash(str(user.password), form['password']) \
and user.name != "Guest": and user.name != "Guest":
log.info("Local Fallback Login as: '{}'".format(user.name)) log.info("Local Fallback Login as: '{}'".format(user.name))
@ -1403,6 +1410,34 @@ def login_post():
return render_login(form.get("username", ""), form.get("password", "")) return render_login(form.get("username", ""), form.get("password", ""))
def create_user(username):
try:
user_data = services.ldap.get_object_details(user=username)
except Exception as e:
log.error('LDAP user details failed: %s', e)
message = _(u'Failed to get LDAP User details')
return None, message
admin_group_filter = os.environ.get("CALIBRE_LDAP_ADMIN_GROUP_FILTER", None)
role = constants.ROLE_USER
if admin_group_filter:
try:
log.debug(u"LDAP admin group filter: '{}'".format(admin_group_filter))
group_data = services.ldap.get_object_details(user=username, query_filter=admin_group_filter)
if group_data:
log.debug(u"LDAP admin group is found: '{}'".format(group_data))
role = constants.ROLE_ADMIN | constants.ROLE_DELETE_BOOKS | constants.ROLE_DOWNLOAD | constants.ROLE_UPLOAD | constants.ROLE_EDIT | constants.ROLE_EDIT_SHELFS | constants.ROLE_VIEWER
else:
log.debug(u"LDAP admin group is not found")
except Exception as e:
log.error('LDAP admin group lookup failed: %s', e)
message = _(u'Failed to get LDAP admin group details')
return None, message
user, error = ldap_create_user(username, user_data, role)
return user, error
@web.route('/logout') @web.route('/logout')
@login_required @login_required
def logout(): def logout():