hswaw
/
ldapweb
4
0
Fork 0
Code Issues 3 Pull Requests 1 Packages Projects Releases Wiki Activity

tweaks based on q3k's feedback

pull/1/head
radex 2023-09-22 22:35:14 +02:00
parent def69fb5d3
commit b4e185ff31
1 changed files with 21 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
webapp/views.py
View File

@ -110,7 +110,7 @@ def login_action():
if k == 'uid': if k == 'uid':
username = vs[0].decode() username = vs[0].decode()
# Check if user is an admin # Check if user belongs to admin group
is_admin = bool(conn.search_s(dn, ldap.SCOPE_SUBTREE, f'memberOf={config.ldapweb_admin_group}')) is_admin = bool(conn.search_s(dn, ldap.SCOPE_SUBTREE, f'memberOf={config.ldapweb_admin_group}'))
flask.session["username"] = username flask.session["username"] = username
@ -203,12 +203,12 @@ def del_attr(uid):
def mod_attr(uid): def mod_attr(uid):
return attr_op('mod', None, uid) return attr_op('mod', None, uid)
def ldap_not_in(patterns): def _ldap_not_in(patterns):
joined_patterns = ''.join(f'({p})' for p in patterns) joined_patterns = ''.join(f'({p})' for p in patterns)
one_of_pattern = f'(|{joined_patterns})' one_of_pattern = f'(|{joined_patterns})'
return f'!{one_of_pattern}' return f'!{one_of_pattern}'
def ldap_get_users_list(conn, query='&'): def _ldap_get_users_list(conn, query='&'):
all_users = [] all_users = []
results = conn.search_s(config.ldap_people, ldap.SCOPE_SUBTREE, f'(&(uid=*)(cn=*)({query}))', attrlist=['uid', 'cn']) results = conn.search_s(config.ldap_people, ldap.SCOPE_SUBTREE, f'(&(uid=*)(cn=*)({query}))', attrlist=['uid', 'cn'])
for user, attrs in results: for user, attrs in results:
@ -219,20 +219,20 @@ def ldap_get_users_list(conn, query='&'):
all_users.sort(key=lambda user: user[0].lower()) all_users.sort(key=lambda user: user[0].lower())
return all_users return all_users
def ldap_get_all_users_groupped(conn): def _ldap_get_all_users_groupped(conn):
group_queries = [ group_queries = [
(group_name, f'memberOf={pattern}') (group_name, f'memberOf={pattern}')
for group_name, pattern in config.admin_groups.items() for group_name, pattern in config.admin_groups.items()
] ]
groupped_users = [ groupped_users = [
(group_name, ldap_get_users_list(conn, query)) (group_name, _ldap_get_users_list(conn, query))
for group_name, query in group_queries for group_name, query in group_queries
] ]
other_users_query = ldap_not_in(query for _, query in group_queries) other_users_query = _ldap_not_in(query for _, query in group_queries)
groupped_users.append( groupped_users.append(
('Other', ldap_get_users_list(conn, other_users_query)) ('Other', _ldap_get_users_list(conn, other_users_query))
) )
return groupped_users return groupped_users
@ -244,12 +244,13 @@ def admin_list():
flask.abort(403) flask.abort(403)
conn = context.get_connection() conn = context.get_connection()
user_groups = ldap_get_all_users_groupped(conn) user_groups = _ldap_get_all_users_groupped(conn)
return flask.render_template('admin/list.html', user_groups=user_groups) return flask.render_template('admin/list.html', user_groups=user_groups)
def ldap_get_user(conn, uid): def _ldap_get_user(conn, uid):
profile = [] profile = []
for user, attrs in conn.search_s(config.dn_format % uid, ldap.SCOPE_SUBTREE): for user, attrs in conn.search_s(config.dn_format % uid, ldap.SCOPE_SUBTREE):
for attr, values in attrs.items(): for attr, values in attrs.items():
for value in values: for value in values:
@ -257,7 +258,7 @@ def ldap_get_user(conn, uid):
return profile return profile
def rendered_ldap_profile(profile): def _rendered_ldap_profile(profile):
rendered_profile = [] rendered_profile = []
for attr, value in profile: for attr, value in profile:
attr_sanitized = attr.lower() attr_sanitized = attr.lower()
@ -265,10 +266,12 @@ def rendered_ldap_profile(profile):
attr_readable_name = config.readable_names.get(attr_full_name) attr_readable_name = config.readable_names.get(attr_full_name)
rendered_profile.append((attr, attr_readable_name, value)) rendered_profile.append((attr, attr_readable_name, value))
rendered_profile.sort(key=lambda x: x[1] is None) # Attributes with readable names first, then by name
rendered_profile.sort(key=lambda profile: profile[0])
rendered_profile.sort(key=lambda profile: profile[1] is None)
return rendered_profile return rendered_profile
def ldap_get_user_groups(conn, uid): def _ldap_get_user_groups(conn, uid):
groups = [] groups = []
user_dn = config.dn_format % uid user_dn = config.dn_format % uid
filter = f'(&(objectClass=groupOfUniqueNames)(uniqueMember={user_dn}))' filter = f'(&(objectClass=groupOfUniqueNames)(uniqueMember={user_dn}))'
@ -277,8 +280,8 @@ def ldap_get_user_groups(conn, uid):
return groups return groups
def ldap_validate_uid(uid): def _ldap_validate_uid(uid):
if not re.match(r'^[a-z-_][a-z0-9-_]*\Z', uid, flags=re.I): if not re.match(r'^[a-zA-Z_][a-zA-Z0-9-_]*\Z', uid):
raise RuntimeError('Invalid uid') raise RuntimeError('Invalid uid')
@app.route('/admin/users/<uid>') @app.route('/admin/users/<uid>')
@ -288,9 +291,9 @@ def admin_user_view(uid):
flask.abort(403) flask.abort(403)
conn = context.get_connection() conn = context.get_connection()
ldap_validate_uid(uid) _ldap_validate_uid(uid)
profile = ldap_get_user(conn, uid) profile = _ldap_get_user(conn, uid)
groups = ldap_get_user_groups(conn, uid) groups = _ldap_get_user_groups(conn, uid)
return flask.render_template('admin/user.html', uid=uid, profile=rendered_ldap_profile(profile), groups=groups) return flask.render_template('admin/user.html', uid=uid, profile=_rendered_ldap_profile(profile), groups=groups)