auth/auth.py

import ldap
import re
from flask import Flask, render_template, request, make_response
from time import sleep
app = Flask('auth')
app.config.from_object(__name__)
app.config.from_pyfile('auth.cfg')

def connect_to_ldap():
    conn = ldap.initialize(app.config['LDAP_URL'])
    conn.start_tls_s()
    conn.simple_bind(app.config['LDAP_BIND_DN'], app.config['LDAP_BIND_PASSWORD'])
    return conn

@app.route('/', methods=['GET'])
def form():
    return render_template('login.html')

@app.route('/', methods=['POST'])
def login():
    conn = ldap.initialize(app.config['LDAP_URL'])
    conn.start_tls_s()
    res,code = 'OK', 200
    # hack!
    if ' ' in request.form['login']:
        res, code = 'ERROR', 401
        return make_response(res, code, { 'Content-Type': 'text/plain' })
    try:
        conn.simple_bind_s(app.config['DN_STRING'] % request.form['login'],
                request.form.get('password', ''))
    except ldap.LDAPError:
        sleep(app.config['FAIL_DELAY'])
        res,code = 'ERROR', 401
    return make_response(res, code, { 'Content-Type': 'text/plain' })

@app.route('/irc', methods=['GET'])
def irc_form():
    return render_template('irc.html')

@app.route('/irc', methods=['POST'])
def irc_nick():
    conn = connect_to_ldap()
    login,code = '', 401
    try:
        nick = re.sub(app.config['STRIP_RE'], '', request.form['nick'])
        res = conn.search_s(app.config['IRC_BASEDN'], ldap.SCOPE_SUBTREE, 
                app.config['IRC_LDAP_FILTER'] % nick)
        if len(res) == 1:
            login = res[0][1]['uid'][0]
            code = 200
    except ldap.LDAPError as e:
        print e
        code = 500
    return make_response(login, code, { 'Content-Type': 'text/plain' })

@app.route('/mifare', methods=['POST'])
def mifare():
    conn = connect_to_ldap()
    login,code = '', 401
    try:
        h = re.sub(app.config['STRIP_RE'], '', request.form['hash'])
        res = conn.search_s(app.config['MIFARE_BASEDN'], ldap.SCOPE_SUBTREE, 
                app.config['MIFARE_LDAP_FILTER'] % h)
        if len(res) == 1:
            login = res[0][1]['uid'][0]
            code = 200
    except ldap.LDAPError as e:
        print e
        code = 500
    return make_response(login, code, { 'Content-Type': 'text/plain' })

if __name__ == '__main__':
    app.run('0.0.0.0', 8082, debug=True)
initial commit 2012-09-14 20:45:25 +00:00			`import ldap`
forgot an import :/ 2012-11-19 23:06:07 +00:00			`import re`
401 for bad login; text-plain 2012-09-14 22:35:40 +00:00			`from flask import Flask, render_template, request, make_response`
initial commit 2012-09-14 20:45:25 +00:00			`from time import sleep`
			`app = Flask('auth')`
			`app.config.from_object(__name__)`
			`app.config.from_pyfile('auth.cfg')`

Add mifare hash support. 2013-09-01 12:36:37 +00:00			`def connect_to_ldap():`
			`conn = ldap.initialize(app.config['LDAP_URL'])`
			`conn.start_tls_s()`
			`conn.simple_bind(app.config['LDAP_BIND_DN'], app.config['LDAP_BIND_PASSWORD'])`
Oh... 2013-09-01 12:42:49 +00:00			`return conn`
Add mifare hash support. 2013-09-01 12:36:37 +00:00
initial commit 2012-09-14 20:45:25 +00:00			`@app.route('/', methods=['GET'])`
			`def form():`
			`return render_template('login.html')`

			`@app.route('/', methods=['POST'])`
			`def login():`
Oops. 2013-09-01 12:39:34 +00:00			`conn = ldap.initialize(app.config['LDAP_URL'])`
			`conn.start_tls_s()`
401 for bad login; text-plain 2012-09-14 22:35:40 +00:00			`res,code = 'OK', 200`
quick hack to not allow duplicate usernames with spaces 2014-10-11 12:02:15 +00:00			`# hack!`
			`if ' ' in request.form['login']:`
			`res, code = 'ERROR', 401`
			`return make_response(res, code, { 'Content-Type': 'text/plain' })`
initial commit 2012-09-14 20:45:25 +00:00			`try:`
			`conn.simple_bind_s(app.config['DN_STRING'] % request.form['login'],`
			`request.form.get('password', ''))`
			`except ldap.LDAPError:`
			`sleep(app.config['FAIL_DELAY'])`
401 for bad login; text-plain 2012-09-14 22:35:40 +00:00			`res,code = 'ERROR', 401`
			`return make_response(res, code, { 'Content-Type': 'text/plain' })`
initial commit 2012-09-14 20:45:25 +00:00
irc dereference 2012-09-16 23:43:51 +00:00			`@app.route('/irc', methods=['GET'])`
			`def irc_form():`
			`return render_template('irc.html')`

			`@app.route('/irc', methods=['POST'])`
			`def irc_nick():`
Add mifare hash support. 2013-09-01 12:36:37 +00:00			`conn = connect_to_ldap()`
irc dereference 2012-09-16 23:43:51 +00:00			`login,code = '', 401`
			`try:`
fixed a security vulnerability 2012-11-19 22:59:53 +00:00			`nick = re.sub(app.config['STRIP_RE'], '', request.form['nick'])`
irc dereference 2012-09-16 23:43:51 +00:00			`res = conn.search_s(app.config['IRC_BASEDN'], ldap.SCOPE_SUBTREE,`
fixed a security vulnerability 2012-11-19 22:59:53 +00:00			`app.config['IRC_LDAP_FILTER'] % nick)`
irc dereference 2012-09-16 23:43:51 +00:00			`if len(res) == 1:`
			`login = res[0][1]['uid'][0]`
			`code = 200`
			`except ldap.LDAPError as e:`
			`print e`
			`code = 500`
			`return make_response(login, code, { 'Content-Type': 'text/plain' })`

Add mifare hash support. 2013-09-01 12:36:37 +00:00			`@app.route('/mifare', methods=['POST'])`
			`def mifare():`
			`conn = connect_to_ldap()`
			`login,code = '', 401`
			`try:`
			`h = re.sub(app.config['STRIP_RE'], '', request.form['hash'])`
			`res = conn.search_s(app.config['MIFARE_BASEDN'], ldap.SCOPE_SUBTREE,`
			`app.config['MIFARE_LDAP_FILTER'] % h)`
			`if len(res) == 1:`
			`login = res[0][1]['uid'][0]`
			`code = 200`
			`except ldap.LDAPError as e:`
			`print e`
			`code = 500`
			`return make_response(login, code, { 'Content-Type': 'text/plain' })`

initial commit 2012-09-14 20:45:25 +00:00			`if __name__ == '__main__':`
			`app.run('0.0.0.0', 8082, debug=True)`