forked from hswaw/hscloud
62 lines
1.9 KiB
Python
Executable File
62 lines
1.9 KiB
Python
Executable File
import ldap3
|
|
import os
|
|
import sys
|
|
import ssl
|
|
from ldap3.utils.conv import escape_filter_chars
|
|
|
|
class NotActiveMember(Exception):
|
|
"Person is not an active hackerspace member"
|
|
|
|
def check_member(uid: str, password: str):
|
|
escaped_uid = escape_filter_chars(uid)
|
|
user_dn = f"uid={escaped_uid},ou=People,dc=hackerspace,dc=pl"
|
|
|
|
tls_configuration = ldap3.Tls(validate=ssl.CERT_REQUIRED)
|
|
server = ldap3.Server("ldap.hackerspace.pl", use_ssl=True, tls=tls_configuration)
|
|
with ldap3.Connection(server, user=user_dn, password=password, raise_exceptions=True) as conn:
|
|
filterstr = (
|
|
"(&"
|
|
f"(uid={escaped_uid})"
|
|
"(objectClass=hsMember)"
|
|
"(|"
|
|
"(memberOf=cn=starving,ou=Group,dc=hackerspace,dc=pl)"
|
|
"(memberOf=cn=fatty,ou=Group,dc=hackerspace,dc=pl)"
|
|
"(memberOf=cn=potato,ou=Group,dc=hackerspace,dc=pl)"
|
|
")"
|
|
")")
|
|
conn.search('ou=People,dc=hackerspace,dc=pl',
|
|
filterstr,
|
|
search_scope = ldap3.LEVEL,
|
|
attributes = ['uid'])
|
|
for e in conn.entries:
|
|
if e['uid'] == uid:
|
|
break
|
|
else:
|
|
NotActiveMember(f'Member {uid} not found in active members groups')
|
|
|
|
def member_auth():
|
|
import argparse
|
|
import getpass
|
|
|
|
uid = os.environ.get('username', None)
|
|
password = os.environ.get('password', None)
|
|
|
|
if uid is None and password is None:
|
|
print('"username" and "password" not found in environment')
|
|
parser = argparse.ArgumentParser()
|
|
parser.add_argument("uid", nargs='?', default=getpass.getuser(), help="user id")
|
|
args = parser.parse_args()
|
|
|
|
uid = args.uid
|
|
password = getpass.getpass()
|
|
|
|
try:
|
|
check_member(uid, password)
|
|
sys.exit(0)
|
|
except Exception:
|
|
sys.exit(1)
|
|
|
|
if __name__ == "__main__":
|
|
member_auth()
|
|
|