Merge branch 'master' into new_ui

- Fixed conflicts in login.html
- Fixed bug that would switch auth_method after the first failed login
attempt.
This commit is contained in:
Ivan Filippov 2016-04-29 12:26:10 -06:00
commit 7c5814beed
4 changed files with 38 additions and 14 deletions

View File

@ -20,6 +20,8 @@ if 'LDAP_TYPE' in app.config.keys():
LDAP_PASSWORD = app.config['LDAP_PASSWORD']
LDAP_SEARCH_BASE = app.config['LDAP_SEARCH_BASE']
LDAP_TYPE = app.config['LDAP_TYPE']
LDAP_FILTER = app.config['LDAP_FILTER']
LDAP_USERNAMEFIELD = app.config['LDAP_USERNAMEFIELD']
else:
LDAP_TYPE = False
@ -155,7 +157,8 @@ class User(db.Model):
return False
if LDAP_TYPE == 'ldap':
searchFilter = "cn=%s" % self.username
searchFilter = "(&(%s=%s)%s)" % (LDAP_USERNAMEFIELD, self.username, LDAP_FILTER)
logging.info('Ldap searchFilter "%s"' % searchFilter)
else:
searchFilter = "(&(objectcategory=person)(samaccountname=%s))" % self.username
try:
@ -188,6 +191,7 @@ class User(db.Model):
# this might be changed in the future
self.firstname = result[0][0][1]['givenName'][0]
self.lastname = result[0][0][1]['sn'][0]
self.email = result[0][0][1]['mail'][0]
except:
self.firstname = self.username
self.lastname = ''
@ -214,7 +218,7 @@ class User(db.Model):
We will create a local user (in DB) in order to manage user
profile such as name, roles,...
"""
user = User(username=self.username, firstname=self.firstname, lastname=self.lastname, role_id=self.role_id)
user = User(username=self.username, firstname=self.firstname, lastname=self.lastname, role_id=self.role_id, email=self.email)
db.session.add(user)
db.session.commit()
# assgine user_id to current_user after create in the DB

View File

@ -27,7 +27,7 @@
<body class="hold-transition login-page">
<div class="login-box">
<div class="login-logo">
<a href="{{ url_for('index') }}"><b>PowerDNS</b>-Admin</a>
<a href="{{ url_for('index') }}">Sign In {{ login_title }}</a>
</div>
<!-- /.login-logo -->
<div class="login-box-body">
@ -56,18 +56,26 @@
<span class="glyphicon glyphicon-lock form-control-feedback"></span>
</div>
{% if ldap_enabled %}
{% if ldap_enabled and basic_enabled %}
<div class="form-group">
<select class="form-control" name="auth_method">
<option value="LOCAL">Local Authentication</option>
<option value="LOCAL">LOCAL Authentication</option>
<option value="LDAP">LDAP Authentication</option>
</select>
</div>
{% else %}
{% elif ldap_enabled and not basic_enabled %}
<div class="form-group">
<input type="hidden" name="auth_method" value="LDAP">
</div>
{% elif basic_enabled and not ldap_enabled %}
<div class="form-group">
<input type="hidden" name="auth_method" value="LOCAL">
</div>
{% endif %}
{% else %}
<div class="form-group">
<input type="hidden" name="auth_method" value="LOCAL">
</div>
{% endif %}
<div class="row">
<div class="col-xs-8">

View File

@ -63,13 +63,17 @@ def register():
@app.route('/login', methods=['GET', 'POST'])
@login_manager.unauthorized_handler
def login():
# these parameters will be needed in multiple paths
LDAP_ENABLED = True if 'LDAP_TYPE' in app.config.keys() else False
LOGIN_TITLE = app.config['LOGIN_TITLE'] if 'LOGIN_TITLE' in app.config.keys() else ''
BASIC_ENABLED = app.config['BASIC_ENABLED']
SIGNUP_ENABLED = app.config['SIGNUP_ENABLED']
if g.user is not None and current_user.is_authenticated:
return redirect(url_for('dashboard'))
if request.method == 'GET':
LDAP_ENABLED = True if 'LDAP_TYPE' in app.config.keys() else False
return render_template('login.html', ldap_enabled=LDAP_ENABLED)
return render_template('login.html', ldap_enabled=LDAP_ENABLED, login_title=LOGIN_TITLE, basic_enabled=BASIC_ENABLED, signup_enabled=SIGNUP_ENABLED)
# process login
username = request.form['username']
@ -93,10 +97,10 @@ def login():
try:
auth = user.is_validate(method=auth_method)
if auth == False:
return render_template('login.html', error='Invalid credentials')
return render_template('login.html', error='Invalid credentials', ldap_enabled=LDAP_ENABLED, login_title=LOGIN_TITLE, basic_enabled=BASIC_ENABLED, signup_enabled=SIGNUP_ENABLED)
except Exception, e:
error = e.message['desc'] if 'desc' in e.message else e
return render_template('login.html', error=error)
return render_template('login.html', error=error, ldap_enabled=LDAP_ENABLED, login_title=LOGIN_TITLE, basic_enabled=BASIC_ENABLED, signup_enabled=SIGNUP_ENABLED)
login_user(user, remember = remember_me)
return redirect(request.args.get('next') or url_for('index'))
@ -113,7 +117,7 @@ def login():
try:
result = user.create_local_user()
if result == True:
return render_template('login.html', username=username, password=password)
return render_template('login.html', username=username, password=password, ldap_enabled=LDAP_ENABLED, login_title=LOGIN_TITLE, basic_enabled=BASIC_ENABLED, signup_enabled=SIGNUP_ENABLED)
else:
return render_template('register.html', error=result)
except Exception, e:

View File

@ -6,6 +6,7 @@ WTF_CSRF_ENABLED = True
SECRET_KEY = 'We are the world'
BIND_ADDRESS = '127.0.0.1'
PORT = 9393
LOGIN_TITLE = "PDNS"
# TIMEOUT - for large zones
TIMEOUT = 10
@ -28,6 +29,13 @@ LDAP_URI = 'ldaps://your-ldap-server:636'
LDAP_USERNAME = 'cn=dnsuser,ou=users,ou=services,dc=duykhanh,dc=me'
LDAP_PASSWORD = 'dnsuser'
LDAP_SEARCH_BASE = 'ou=System Admins,ou=People,dc=duykhanh,dc=me'
# Additional options only if LDAP_TYPE=ldap
LDAP_USERNAMEFIELD = 'uid'
LDAP_FILTER = '(objectClass=inetorgperson)'
#Default Auth
BASIC_ENABLED = True
SIGNUP_ENABLED = True
# POWERDNS CONFIG
PDNS_STATS_URL = 'http://172.16.214.131:8081/'