116 lines
3.3 KiB
Python
116 lines
3.3 KiB
Python
import flask_wtf
|
|
import wtforms
|
|
import secrets
|
|
import os
|
|
|
|
from typing import Dict, Set, List, Tuple, Any, TypeVar
|
|
|
|
hackerspace_name: str = "Warsaw Hackerspace"
|
|
secret_key: str = secrets.token_hex(32)
|
|
|
|
# Kerberos configuration
|
|
kadmin_principal_map: str = "{}@HACKERSPACE.PL"
|
|
|
|
# LDAP configuration
|
|
|
|
ldap_url: str = "ldap://ldap.hackerspace.pl"
|
|
ldap_base: str = "dc=hackerspace,dc=pl"
|
|
ldap_people: str = "ou=people,dc=hackerspace,dc=pl"
|
|
ldap_user_dn_format: str = "uid={},ou=people,dc=hackerspace,dc=pl"
|
|
ldap_group_dn_format: str = "cn={},ou=group,dc=hackerspace,dc=pl"
|
|
|
|
# LDAP user groups allowed to see /admin
|
|
ldap_admin_groups: List[str] = os.getenv(
|
|
"LDAPWEB_ADMIN_GROUPS", "ldap-admin,staff,zarzad"
|
|
).split(",")
|
|
|
|
# LDAP user groups indicating that a user is active
|
|
ldap_active_groups: List[str] = os.getenv(
|
|
"LDAPWEB_ACTIVE_GROUPS", "fatty,starving,potato"
|
|
).split(",")
|
|
|
|
# LDAP service user with admin privileges (for admin listings, creating new users)
|
|
ldap_admin_dn: str = os.getenv(
|
|
"LDAPWEB_ADMIN_DN", "cn=ldapweb,ou=services,dc=hackerspace,dc=pl"
|
|
)
|
|
ldap_admin_password: str = os.getenv("LDAPWEB_ADMIN_PASSWORD", "unused")
|
|
|
|
# Protected LDAP user groups
|
|
# These groups (and their members) cannot be modified by admin UI
|
|
ldap_protected_groups: List[str] = "staff,zarzad,ldap-admin".split(",") + os.getenv(
|
|
"LDAPWEB_PROTECTED_GROUPS", ""
|
|
).split(",")
|
|
|
|
# Email notification (paper trail) configuration
|
|
smtp_server: str = "mail.hackerspace.pl"
|
|
smtp_format: str = "{}@hackerspace.pl"
|
|
smtp_user: str = os.getenv("LDAPWEB_SMTP_USER", "ldapweb")
|
|
smtp_password: str = os.getenv("LDAPWEB_SMTP_PASSWORD", "unused")
|
|
|
|
papertrail_recipients: str = os.getenv(
|
|
"LDAPWEB_PAPERTRAIL_RECIPIENTS", "zarzad@hackerspace.pl"
|
|
)
|
|
|
|
# Avatar server
|
|
avatar_cache_timeout: int = int(os.getenv("LDAPWEB_AVATAR_CACHE_TIMEOUT", "1800"))
|
|
|
|
# LDAP attribute configuration
|
|
|
|
readable_names: Dict[str, str] = {
|
|
"jpegphoto": "Avatar",
|
|
"commonname": "Common Name",
|
|
"givenname": "Given Name",
|
|
"gecos": "GECOS (public name)",
|
|
"surname": "Surname",
|
|
"loginshell": "Shell",
|
|
"telephonenumber": "Phone Number",
|
|
"mobiletelephonenumber": "Mobile Number",
|
|
"sshpublickey": "SSH Public Key",
|
|
"mifareidhash": "MIFARE ID Hash",
|
|
"mail": "Email Adress",
|
|
"mailroutingaddress": "Email Adress (external)",
|
|
}
|
|
|
|
full_name: Dict[str, str] = {
|
|
"cn": "commonname",
|
|
"gecos": "gecos",
|
|
"sn": "surname",
|
|
"mobile": "mobiletelephonenumber",
|
|
"l": "locality",
|
|
}
|
|
|
|
can_add: Set[str] = {
|
|
"jpegphoto",
|
|
"telephonenumber",
|
|
"mobiletelephonenumber",
|
|
"sshpublickey",
|
|
}
|
|
can_delete: Set[str] = can_add
|
|
can_modify: Set[str] = can_add | {
|
|
"jpegphoto",
|
|
"givenname",
|
|
"surname",
|
|
"commonname",
|
|
"gecos",
|
|
}
|
|
can: Dict[str, Set[str]] = {
|
|
"add": can_add,
|
|
"mod": can_modify,
|
|
"del": can_delete,
|
|
"admin": {"mifareidhash"},
|
|
}
|
|
|
|
FormField = Tuple[type[wtforms.Field], Dict[str, Any]]
|
|
|
|
default_field: FormField = (wtforms.fields.StringField, {})
|
|
fields: Dict[str, FormField] = {
|
|
"jpegphoto": (wtforms.fields.FileField, {"validators": []}),
|
|
"mobiletelephonenumber": (
|
|
wtforms.fields.StringField,
|
|
{"validators": [wtforms.validators.Regexp(r"[+0-9 ]+")]},
|
|
),
|
|
"telephonenumber": (
|
|
wtforms.fields.StringField,
|
|
{"validators": [wtforms.validators.Regexp(r"[+0-9 ]+")]},
|
|
),
|
|
}
|