render barebones ldap profile of any user

2023-09-20 23:02:56 +02:00 · 2023-09-20 23:02:56 +02:00 · 4732fb7066
parent a94c138829
commit 4732fb7066
2 changed files with 71 additions and 1 deletions
--- a/webapp/templates/admin/user.html
+++ b/webapp/templates/admin/user.html
@ -0,0 +1,36 @@
+{% extends 'basic.html' %}
+{% block content %}
+<h1>User: {{ username }}</h1>
+
+<p>Full LDAP record:</p>
+
+<table class="table profile-table">
+  <tr>
+    <th scope="col">Attribute</th>
+    <th scope="col">Attribute</th>
+    <th scope="col" class="profile-table-value">Value</th>
+  </tr>
+  {% for attr, attr_readable, value in profile %}
+    <tr>
+      <td>{{ attr }}</td>
+      <td>{{ attr_readable if attr_readable else '' }}</td>
+      <td class="profile-table-value">{{ value }}</td>
+    </tr>
+  {% endfor %}
+</table>
+
+{% endblock %}
+
+{% block head %}
+<style type="text/css">
+.profile-table td, .profile-table th {
+  overflow: hidden;
+  overflow-wrap: anywhere;
+  width: 200px;
+}
+.profile-table td.profile-table-value,
+.profile-table th.profile-table-value {
+  width: max-content;
+}
+</style>
+{% endblock %}
--- a/webapp/views.py
+++ b/webapp/views.py
@ -4,6 +4,7 @@ import functools

 import ldap
 import kerberos
+import re

 import flask
 import flask_wtf
@ -251,7 +252,7 @@ def ldap_get_all_users_groupped(conn):

    return groupped_users

-@app.route('/admin')
+@app.route('/admin/')
@login_required
 def admin_list():
    # TODO: check if user is admin
@ -260,3 +261,36 @@ def admin_list():

    return flask.render_template('admin/list.html', user_groups=user_groups)

+def ldap_get_user(conn, uid):
+    profile = []
+    for user, attrs in conn.search_s(config.dn_format % uid, ldap.SCOPE_SUBTREE):
+        for attr, values in attrs.items():
+            for value in values:
+                profile.append((attr, value.decode()))
+
+    return profile
+
+def rendered_ldap_profile(profile):
+    rendered_profile = []
+    for attr, value in profile:
+        attr_sanitized = attr.lower()
+        attr_full_name = config.full_name.get(attr_sanitized, attr_sanitized)
+        attr_readable_name = config.readable_names.get(attr_full_name)
+        rendered_profile.append((attr, attr_readable_name, value))
+
+    rendered_profile.sort(key=lambda x: x[1] is None)
+    return rendered_profile
+
+def ldap_validate_uid(uid):
+    if not re.match(r'^[a-z-_][a-z0-9-_]*\Z', uid, flags=re.I):
+        raise RuntimeError('Invalid uid')
+
+@app.route('/admin/users/<uid>')
+@login_required
+def admin_user_view(uid):
+    conn = context.get_connection()
+    ldap_validate_uid(uid)
+
+    profile = ldap_get_user(conn, uid)
+
+    return flask.render_template('admin/user.html', username=uid, profile=rendered_ldap_profile(profile))