Merge remote-tracking branch 'upstream/master' into ldap_group_security

Conflicts:
	app/models.py
	config_template.py

app/lib/utils.py

@@ -5,7 +5,10 @@ import requests
 import urlparse
 from app import app
 
-TIMEOUT = app.config['TIMEOUT']
+if 'TIMEOUT' in app.config.keys():
+    TIMEOUT = app.config['TIMEOUT']
+else:
+    TIMEOUT = 10
 
 def auth_from_url(url):
     auth = None

app/models.py

@@ -19,10 +19,18 @@ LDAP_USERNAME = app.config['LDAP_USERNAME']
 LDAP_PASSWORD = app.config['LDAP_PASSWORD']
 LDAP_SEARCH_BASE = app.config['LDAP_SEARCH_BASE']
 LDAP_TYPE = app.config['LDAP_TYPE']
-LDAP_GROUP_SECURITY = app.config['LDAP_GROUP_SECURITY']
+if 'LDAP_TYPE' in app.config.keys():
-if LDAP_GROUP_SECURITY == True:
+    LDAP_URI = app.config['LDAP_URI']
-    LDAP_ADMIN_GROUP = app.config['LDAP_ADMIN_GROUP']
+    LDAP_USERNAME = app.config['LDAP_USERNAME']
-    LDAP_USER_GROUP = app.config['LDAP_USER_GROUP']
+    LDAP_PASSWORD = app.config['LDAP_PASSWORD']
+    LDAP_SEARCH_BASE = app.config['LDAP_SEARCH_BASE']
+    LDAP_TYPE = app.config['LDAP_TYPE']
+    LDAP_GROUP_SECURITY = app.config['LDAP_GROUP_SECURITY']
+    if LDAP_GROUP_SECURITY == True:
+        LDAP_ADMIN_GROUP = app.config['LDAP_ADMIN_GROUP']
+        LDAP_USER_GROUP = app.config['LDAP_USER_GROUP']
+else:
+    LDAP_TYPE = False
 
 PDNS_STATS_URL = app.config['PDNS_STATS_URL']
 PDNS_API_KEY = app.config['PDNS_API_KEY']
@@ -151,6 +159,10 @@ class User(db.Model):
                 return False
 
         elif method == 'LDAP':
+            if not LDAP_TYPE:
+                logging.error('LDAP authentication is disabled')
+                return False
+
             if LDAP_TYPE == 'ldap':
               searchFilter = "cn=%s" % self.username
             else:

app/templates/login.html

@@ -75,7 +75,9 @@
         <div class="form-group">
             <select class="form-control" name="auth_method">
                 <option value="LOCAL">Default Authentication</option>
+                {% if ldap_enabled %}
                 <option value="LDAP">LDAP Authentication</option>
+                {% endif %}
             </select>
         </div>
         <div class="form-actions">

app/views.py

@@ -65,7 +65,8 @@ def login():
         return redirect(url_for('dashboard'))
 
     if request.method == 'GET':
-        return render_template('login.html')
+        LDAP_ENABLED = True if 'LDAP_TYPE' in app.config.keys() else False
+        return render_template('login.html', ldap_enabled=LDAP_ENABLED)
     
     # process login
     username = request.form['username']

config_template.py

@@ -4,6 +4,7 @@ basedir = os.path.abspath(os.path.dirname(__file__))
 # BASIC APP CONFIG
 WTF_CSRF_ENABLED = True
 SECRET_KEY = 'We are the world'
+BIND_ADDRESS = '127.0.0.1'
 PORT = 9393
 
 # TIMEOUT - for large zones
@@ -22,14 +23,15 @@ SQLALCHEMY_MIGRATE_REPO = os.path.join(basedir, 'db_repository')
 SQLALCHEMY_TRACK_MODIFICATIONS = True
 
 # LDAP CONFIG
+LDAP_TYPE = 'ldap' # use 'ad' for MS Active Directory
 LDAP_URI = 'ldaps://your-ldap-server:636'
 LDAP_USERNAME = 'cn=dnsuser,ou=users,ou=services,dc=duykhanh,dc=me'
 LDAP_PASSWORD = 'dnsuser'
 LDAP_SEARCH_BASE = 'ou=System Admins,ou=People,dc=duykhanh,dc=me'
-LDAP_TYPE = 'ldap' // or 'ad'
 LDAP_GROUP_SECURITY = False // or True
 LDAP_ADMIN_GROUP = 'CN=PowerDNS-Admin Admin,OU=Custom,DC=ivan,DC=local'
 LDAP_USER_GROUP = 'CN=PowerDNS-Admin User,OU=Custom,DC=ivan,DC=local'
+=======
 
 # POWERDNS CONFIG
 PDNS_STATS_URL = 'http://172.16.214.131:8081/'

run.py

@@ -2,5 +2,10 @@
 from app import app
 from config import PORT
 
+try:
+	from config import BIND_ADDRESS 
+except:
+	BIND_ADDRESS = '127.0.0.1'
+
 if __name__ == '__main__':
-    app.run(debug = True, port=PORT)
+    app.run(debug = True, host=BIND_ADDRESS, port=PORT)