From dfaa14e2e48602f99ed56b6cde6b3bedce34f4f1 Mon Sep 17 00:00:00 2001
From: root <root@debian-jessie.vagrantup.com>
Date: Tue, 26 Apr 2016 20:04:33 +0000
Subject: [PATCH 1/2] Add auth params to login page.

---
 app/templates/login.html | 6 +++++-
 app/views.py             | 5 ++++-
 config_template.py       | 4 ++++
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/app/templates/login.html b/app/templates/login.html
index d15a0ca..e36035b 100644
--- a/app/templates/login.html
+++ b/app/templates/login.html
@@ -50,7 +50,7 @@
 <div class="content">
     <!-- BEGIN LOGIN FORM -->
     <form class="login-form" action="" method="post">
-        <h3 class="form-title">Sign In</h3>
+        <h3 class="form-title">Sign In {{ login_title }}</h3>
         {% if error %}
         <div class="alert alert-danger">
             <button class="close" data-close="alert"></button>
@@ -74,7 +74,9 @@
         </div>
         <div class="form-group">
             <select class="form-control" name="auth_method">
+                {% if basic_enabled %}
                 <option value="LOCAL">Default Authentication</option>
+                {% endif %}
                 {% if ldap_enabled %}
                 <option value="LDAP">LDAP Authentication</option>
                 {% endif %}
@@ -86,11 +88,13 @@
             <input type="checkbox" name="remember" value="1"/>Remember </label>
             <a href="javascript:;" id="forget-password" class="forget-password">Forgot Password?</a>
         </div>
+        {% if signup_enabled %}
         <div class="create-account">
             <p>
                 <a href="javascript:;" id="register-btn" class="uppercase">Create an account</a>
             </p>
         </div>
+        {% endif %}
     </form>
     <!-- END LOGIN FORM -->
     <!-- BEGIN FORGOT PASSWORD FORM -->
diff --git a/app/views.py b/app/views.py
index a4a8bb8..c78f465 100644
--- a/app/views.py
+++ b/app/views.py
@@ -66,7 +66,10 @@ def login():
 
     if request.method == 'GET':
         LDAP_ENABLED = True if 'LDAP_TYPE' in app.config.keys() else False
-        return render_template('login.html', ldap_enabled=LDAP_ENABLED)
+        LOGIN_TITLE = app.config['LOGIN_TITLE']
+        BASIC_ENABLED = app.config['BASIC_ENABLED']
+        SIGNUP_ENABLED = app.config['SIGNUP_ENABLED']
+        return render_template('login.html', ldap_enabled=LDAP_ENABLED, login_title=LOGIN_TITLE, basic_enabled=BASIC_ENABLED, signup_enabled=SIGNUP_ENABLED)
     
     # process login
     username = request.form['username']
diff --git a/config_template.py b/config_template.py
index 0e8f5ae..ef4e390 100644
--- a/config_template.py
+++ b/config_template.py
@@ -29,6 +29,10 @@ LDAP_USERNAME = 'cn=dnsuser,ou=users,ou=services,dc=duykhanh,dc=me'
 LDAP_PASSWORD = 'dnsuser'
 LDAP_SEARCH_BASE = 'ou=System Admins,ou=People,dc=duykhanh,dc=me'
 
+#Default Auth
+BASIC_ENABLED = True
+SIGNUP_ENABLED = True
+
 # POWERDNS CONFIG
 PDNS_STATS_URL = 'http://172.16.214.131:8081/'
 PDNS_API_KEY = 'you never know'

From 437a9fe1b6cff9b1ee05ffa708994af3df042f8b Mon Sep 17 00:00:00 2001
From: xbulat <xbulat@gmail.com>
Date: Thu, 28 Apr 2016 15:53:50 +0000
Subject: [PATCH 2/2] Add more options to ldap

---
 app/models.py      | 8 ++++++--
 app/views.py       | 2 +-
 config_template.py | 4 ++++
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/app/models.py b/app/models.py
index db399e3..fe16422 100644
--- a/app/models.py
+++ b/app/models.py
@@ -20,6 +20,8 @@ if 'LDAP_TYPE' in app.config.keys():
     LDAP_PASSWORD = app.config['LDAP_PASSWORD']
     LDAP_SEARCH_BASE = app.config['LDAP_SEARCH_BASE']
     LDAP_TYPE = app.config['LDAP_TYPE']
+    LDAP_FILTER = app.config['LDAP_FILTER']
+    LDAP_USERNAMEFIELD = app.config['LDAP_USERNAMEFIELD']
 else:
     LDAP_TYPE = False
 
@@ -155,7 +157,8 @@ class User(db.Model):
                 return False
 
             if LDAP_TYPE == 'ldap':
-              searchFilter = "cn=%s" % self.username
+              searchFilter = "(&(%s=%s)%s)" % (LDAP_USERNAMEFIELD, self.username, LDAP_FILTER)
+              logging.info('Ldap searchFilter "%s"' % searchFilter)
             else:
               searchFilter = "(&(objectcategory=person)(samaccountname=%s))" % self.username
             try:
@@ -188,6 +191,7 @@ class User(db.Model):
                             # this might be changed in the future
                             self.firstname = result[0][0][1]['givenName'][0]
                             self.lastname = result[0][0][1]['sn'][0]
+                            self.email = result[0][0][1]['mail'][0]
                         except:
                             self.firstname = self.username
                             self.lastname = ''
@@ -214,7 +218,7 @@ class User(db.Model):
         We will create a local user (in DB) in order to manage user
         profile such as name, roles,...
         """
-        user = User(username=self.username, firstname=self.firstname, lastname=self.lastname, role_id=self.role_id)
+        user = User(username=self.username, firstname=self.firstname, lastname=self.lastname, role_id=self.role_id, email=self.email)
         db.session.add(user)
         db.session.commit()
         # assgine user_id to current_user after create in the DB
diff --git a/app/views.py b/app/views.py
index c78f465..fb4ef7a 100644
--- a/app/views.py
+++ b/app/views.py
@@ -66,7 +66,7 @@ def login():
 
     if request.method == 'GET':
         LDAP_ENABLED = True if 'LDAP_TYPE' in app.config.keys() else False
-        LOGIN_TITLE = app.config['LOGIN_TITLE']
+        LOGIN_TITLE = app.config['LOGIN_TITLE'] if 'LOGIN_TITLE' in app.config.keys() else ''
         BASIC_ENABLED = app.config['BASIC_ENABLED']
         SIGNUP_ENABLED = app.config['SIGNUP_ENABLED']
         return render_template('login.html', ldap_enabled=LDAP_ENABLED, login_title=LOGIN_TITLE, basic_enabled=BASIC_ENABLED, signup_enabled=SIGNUP_ENABLED)
diff --git a/config_template.py b/config_template.py
index ef4e390..c8c205d 100644
--- a/config_template.py
+++ b/config_template.py
@@ -6,6 +6,7 @@ WTF_CSRF_ENABLED = True
 SECRET_KEY = 'We are the world'
 BIND_ADDRESS = '127.0.0.1'
 PORT = 9393
+LOGIN_TITLE = "PDNS"
 
 # TIMEOUT - for large zones
 TIMEOUT = 10
@@ -28,6 +29,9 @@ LDAP_URI = 'ldaps://your-ldap-server:636'
 LDAP_USERNAME = 'cn=dnsuser,ou=users,ou=services,dc=duykhanh,dc=me'
 LDAP_PASSWORD = 'dnsuser'
 LDAP_SEARCH_BASE = 'ou=System Admins,ou=People,dc=duykhanh,dc=me'
+# Additional options only if LDAP_TYPE=ldap
+LDAP_USERNAMEFIELD = 'uid'
+LDAP_FILTER = '(objectClass=inetorgperson)'
 
 #Default Auth
 BASIC_ENABLED = True