From 53b4fe2f8b9570e0b9382aa0d31ea98ac88ef048 Mon Sep 17 00:00:00 2001 From: Khanh Ngo Date: Wed, 13 Apr 2016 11:13:59 +0700 Subject: [PATCH 1/2] Adjustment in application config --- app/lib/utils.py | 5 ++++- app/models.py | 17 ++++++++++++----- config_template.py | 3 ++- run.py | 7 ++++++- 4 files changed, 24 insertions(+), 8 deletions(-) diff --git a/app/lib/utils.py b/app/lib/utils.py index 888b4d1..f43ae17 100644 --- a/app/lib/utils.py +++ b/app/lib/utils.py @@ -5,7 +5,10 @@ import requests import urlparse from app import app -TIMEOUT = app.config['TIMEOUT'] +if 'TIMEOUT' in app.config.keys(): + TIMEOUT = app.config['TIMEOUT'] +else: + TIMEOUT = 10 def auth_from_url(url): auth = None diff --git a/app/models.py b/app/models.py index 48ed39a..4ebc4ba 100644 --- a/app/models.py +++ b/app/models.py @@ -14,11 +14,14 @@ from lib import utils from lib.log import logger logging = logger('MODEL', app.config['LOG_LEVEL'], app.config['LOG_FILE']).config() -LDAP_URI = app.config['LDAP_URI'] -LDAP_USERNAME = app.config['LDAP_USERNAME'] -LDAP_PASSWORD = app.config['LDAP_PASSWORD'] -LDAP_SEARCH_BASE = app.config['LDAP_SEARCH_BASE'] -LDAP_TYPE = app.config['LDAP_TYPE'] +if 'LDAP_TYPE' in app.config.keys(): + LDAP_URI = app.config['LDAP_URI'] + LDAP_USERNAME = app.config['LDAP_USERNAME'] + LDAP_PASSWORD = app.config['LDAP_PASSWORD'] + LDAP_SEARCH_BASE = app.config['LDAP_SEARCH_BASE'] + LDAP_TYPE = app.config['LDAP_TYPE'] +else: + LDAP_TYPE = False PDNS_STATS_URL = app.config['PDNS_STATS_URL'] PDNS_API_KEY = app.config['PDNS_API_KEY'] @@ -147,6 +150,10 @@ class User(db.Model): return False elif method == 'LDAP': + if not LDAP_TYPE: + logging.error('LDAP authentication is disabled') + return False + if LDAP_TYPE == 'ldap': searchFilter = "cn=%s" % self.username else: diff --git a/config_template.py b/config_template.py index 12a3ca7..0e8f5ae 100644 --- a/config_template.py +++ b/config_template.py @@ -4,6 +4,7 @@ basedir = os.path.abspath(os.path.dirname(__file__)) # BASIC APP CONFIG WTF_CSRF_ENABLED = True SECRET_KEY = 'We are the world' +BIND_ADDRESS = '127.0.0.1' PORT = 9393 # TIMEOUT - for large zones @@ -22,11 +23,11 @@ SQLALCHEMY_MIGRATE_REPO = os.path.join(basedir, 'db_repository') SQLALCHEMY_TRACK_MODIFICATIONS = True # LDAP CONFIG +LDAP_TYPE = 'ldap' # use 'ad' for MS Active Directory LDAP_URI = 'ldaps://your-ldap-server:636' LDAP_USERNAME = 'cn=dnsuser,ou=users,ou=services,dc=duykhanh,dc=me' LDAP_PASSWORD = 'dnsuser' LDAP_SEARCH_BASE = 'ou=System Admins,ou=People,dc=duykhanh,dc=me' -LDAP_TYPE = 'ldap' // or 'ad' # POWERDNS CONFIG PDNS_STATS_URL = 'http://172.16.214.131:8081/' diff --git a/run.py b/run.py index de49011..3803d88 100755 --- a/run.py +++ b/run.py @@ -2,5 +2,10 @@ from app import app from config import PORT +try: + from config import BIND_ADDRESS +except: + BIND_ADDRESS = '127.0.0.1' + if __name__ == '__main__': - app.run(debug = True, port=PORT) + app.run(debug = True, host=BIND_ADDRESS, port=PORT) From 8f8b26266bf7e06d745e1553e5bb7c8390cffd62 Mon Sep 17 00:00:00 2001 From: Khanh Ngo Date: Wed, 13 Apr 2016 11:33:07 +0700 Subject: [PATCH 2/2] Don't show the LDAP authentication method in the login page if this feature isn't enabled --- app/templates/login.html | 2 ++ app/views.py | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/app/templates/login.html b/app/templates/login.html index 52ef018..627d517 100644 --- a/app/templates/login.html +++ b/app/templates/login.html @@ -75,7 +75,9 @@
diff --git a/app/views.py b/app/views.py index 9969349..a4a8bb8 100644 --- a/app/views.py +++ b/app/views.py @@ -65,7 +65,8 @@ def login(): return redirect(url_for('dashboard')) if request.method == 'GET': - return render_template('login.html') + LDAP_ENABLED = True if 'LDAP_TYPE' in app.config.keys() else False + return render_template('login.html', ldap_enabled=LDAP_ENABLED) # process login username = request.form['username']