auth/auth.py

import ldap
import re
from flask import Flask, render_template, request, make_response
from time import sleep
app = Flask('auth')
app.config.from_object(__name__)
app.config.from_pyfile('auth.cfg')

def connect_to_ldap():
    conn = ldap.initialize(app.config['LDAP_URL'])
    conn.start_tls_s()
    conn.simple_bind(app.config['LDAP_BIND_DN'], app.config['LDAP_BIND_PASSWORD'])
    return conn

@app.route('/', methods=['GET'])
def form():
    return render_template('login.html')

@app.route('/', methods=['POST'])
def login():
    conn = ldap.initialize(app.config['LDAP_URL'])
    conn.start_tls_s()
    res,code = 'OK', 200
    # hack!
    if ' ' in request.form['login']:
        res, code = 'ERROR', 401
        return make_response(res, code, { 'Content-Type': 'text/plain' })
    try:
        conn.simple_bind_s(app.config['DN_STRING'] % request.form['login'],
                request.form.get('password', ''))
    except ldap.LDAPError:
        sleep(app.config['FAIL_DELAY'])
        res,code = 'ERROR', 401
    return make_response(res, code, { 'Content-Type': 'text/plain' })

@app.route('/irc', methods=['GET'])
def irc_form():
    return render_template('irc.html')

@app.route('/irc', methods=['POST'])
def irc_nick():
    conn = connect_to_ldap()
    login,code = '', 401
    try:
        nick = re.sub(app.config['STRIP_RE'], '', request.form['nick'])
        res = conn.search_s(app.config['IRC_BASEDN'], ldap.SCOPE_SUBTREE, 
                app.config['IRC_LDAP_FILTER'] % nick)
        if len(res) == 1:
            login = res[0][1]['uid'][0]
            code = 200
    except ldap.LDAPError as e:
        print e
        code = 500
    return make_response(login, code, { 'Content-Type': 'text/plain' })

@app.route('/mifare', methods=['POST'])
def mifare():
    conn = connect_to_ldap()
    login,code = '', 401
    try:
        h = re.sub(app.config['STRIP_RE'], '', request.form['hash'])
        res = conn.search_s(app.config['MIFARE_BASEDN'], ldap.SCOPE_SUBTREE, 
                app.config['MIFARE_LDAP_FILTER'] % h)
        if len(res) == 1:
            login = res[0][1]['uid'][0]
            code = 200
    except ldap.LDAPError as e:
        print e
        code = 500
    return make_response(login, code, { 'Content-Type': 'text/plain' })

if __name__ == '__main__':
    app.run('0.0.0.0', 8082, debug=True)