aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCédric Bonhomme <cedric@cedricbonhomme.org>2023-06-27 23:07:01 +0200
committerCédric Bonhomme <cedric@cedricbonhomme.org>2023-06-27 23:07:01 +0200
commit7a2cd5baed73e1634b83ce8d627ef275c993df7a (patch)
treeb3f27d46f4b01cab3f2444e695408041e965ac74
parent[PATCH] ldap-auth (diff)
downloadnewspipe-7a2cd5baed73e1634b83ce8d627ef275c993df7a.tar.gz
newspipe-7a2cd5baed73e1634b83ce8d627ef275c993df7a.tar.bz2
newspipe-7a2cd5baed73e1634b83ce8d627ef275c993df7a.zip
chg: [flake8] Adresses some flake8 warnings.
-rw-r--r--instance/config.py3
-rw-r--r--instance/sqlite.py3
-rw-r--r--migrations/versions/2a5604bed382_add_string_user_external_auth.py6
-rw-r--r--newspipe/controllers/__init__.py1
-rw-r--r--newspipe/controllers/user.py17
-rw-r--r--newspipe/web/forms.py5
-rw-r--r--newspipe/web/views/user.py1
-rw-r--r--package-lock.json10
-rw-r--r--poetry.lock27
-rw-r--r--pyproject.toml1
10 files changed, 54 insertions, 20 deletions
diff --git a/instance/config.py b/instance/config.py
index e3362694..42e624cb 100644
--- a/instance/config.py
+++ b/instance/config.py
@@ -85,7 +85,8 @@ LDAP_USER_ATTRIB_MEMBEROF = "memberof"
LDAP_GROUP_DISPLAY_ATTRIB = "cn"
LDAP_BIND_DN = "uid=sampleuser,cn=users,cn=accounts,dc=ipa,dc=internal,dc=com"
LDAP_BIND_PASSWORD = "examplepassword"
-# Additional filter to restrict user lookup. If not equivalent to False (e.g., undefined), will be logical-anded to the user-match-attribute search filter.
+# Additional filter to restrict user lookup. If not equivalent to False
+# (e.g., undefined), will be logical-anded to the user-match-attribute search filter.
LDAP_FILTER = (
"(memberOf=cn=newspipe-users,cn=groups,cn=accounts,dc=ipa,dc=internal,dc=com)"
)
diff --git a/instance/sqlite.py b/instance/sqlite.py
index de6aab23..1f8d6206 100644
--- a/instance/sqlite.py
+++ b/instance/sqlite.py
@@ -78,7 +78,8 @@ LDAP_USER_ATTRIB_MEMBEROF = "memberof"
LDAP_GROUP_DISPLAY_ATTRIB = "cn"
LDAP_BIND_DN = "uid=sampleuser,cn=users,cn=accounts,dc=ipa,dc=internal,dc=com"
LDAP_BIND_PASSWORD = "examplepassword"
-# Additional filter to restrict user lookup. If not equivalent to False (e.g., undefined), will be logical-anded to the user-match-attribute search filter.
+# Additional filter to restrict user lookup. If not equivalent to False
+# (e.g., undefined), will be logical-anded to the user-match-attribute search filter.
LDAP_FILTER = (
"(memberOf=cn=newspipe-users,cn=groups,cn=accounts,dc=ipa,dc=internal,dc=com)"
)
diff --git a/migrations/versions/2a5604bed382_add_string_user_external_auth.py b/migrations/versions/2a5604bed382_add_string_user_external_auth.py
index 95fe3ac9..41def8f4 100644
--- a/migrations/versions/2a5604bed382_add_string_user_external_auth.py
+++ b/migrations/versions/2a5604bed382_add_string_user_external_auth.py
@@ -5,15 +5,15 @@ Revises: bdd38bd755cb
Create Date: 2023-06-17 15:30:40.434393
"""
+import sqlalchemy as sa
+from alembic import op
+
# revision identifiers, used by Alembic.
revision = "2a5604bed382"
down_revision = "bdd38bd755cb"
branch_labels = None
depends_on = None
-from alembic import op
-import sqlalchemy as sa
-
def upgrade():
op.add_column("user", sa.Column("external_auth", sa.String(), nullable=True))
diff --git a/newspipe/controllers/__init__.py b/newspipe/controllers/__init__.py
index 449d93e9..ffe066b9 100644
--- a/newspipe/controllers/__init__.py
+++ b/newspipe/controllers/__init__.py
@@ -12,6 +12,7 @@ __all__ = [
"CategoryController",
"ArticleController",
"UserController",
+ "LdapuserController",
"IconController",
"BookmarkController",
"BookmarkTagController",
diff --git a/newspipe/controllers/user.py b/newspipe/controllers/user.py
index e259940e..2aaded64 100644
--- a/newspipe/controllers/user.py
+++ b/newspipe/controllers/user.py
@@ -1,18 +1,20 @@
import logging
from urllib.parse import urlparse
+import ldap3
+from ldap3.core.exceptions import LDAPBindError
from werkzeug.security import check_password_hash
from werkzeug.security import generate_password_hash
from .abstract import AbstractController
from newspipe.models import User
-logger = logging.getLogger(__name__)
+# from ldap3.core.exceptions import LDAPPasswordIsMandatoryError
# FOR LDAP
# Reference: session_app
-import ldap3
-from ldap3.core.exceptions import LDAPBindError, LDAPPasswordIsMandatoryError
+
+logger = logging.getLogger(__name__)
class UserController(AbstractController):
@@ -53,7 +55,8 @@ class LdapuserController:
# list_matching_users always returns list, so if it contains <> 1 we are in trouble
if len(this_user) != 1:
print(
- f"WARNING: cannot determine unique user for {config['LDAP_USER_MATCH_ATTRIB']}={user} which returned {this_user}"
+ f"WARNING: cannot determine unique user for"
+ f" {config['LDAP_USER_MATCH_ATTRIB']}={user} which returned {this_user}"
)
return False
# logger does not work here+flask for some reason. Very sad!
@@ -128,14 +131,16 @@ class LdapuserController:
try:
import dns
import dns.resolver
- except:
+ except Exception:
print("Need python3-dns or dnspython installed for dns lookups.")
return [domain]
namelist = []
try:
query = dns.resolver.query(f"_ldap._tcp.{domain}", "SRV")
except dns.resolver.NXDOMAIN:
- # no records exist that match the request, so we were probably given a specific hostname, and an empty query will trigger the logic below that will add the original domain to the list.
+ # no records exist that match the request, so we were probably
+ # given a specific hostname, and an empty query will trigger
+ # the logic below that will add the original domain to the list.
query = []
for i in query:
namelist.append(i.target.to_text().rstrip("."))
diff --git a/newspipe/web/forms.py b/newspipe/web/forms.py
index dba2e1b8..3eac8e6b 100644
--- a/newspipe/web/forms.py
+++ b/newspipe/web/forms.py
@@ -185,7 +185,7 @@ class SigninForm(RedirectForm):
if user:
validated = True
self.user = user
- except:
+ except Exception:
self.nickmane.errors.append(
f"Unable to provision user for valid ldap user {self.nickmane.data}"
)
@@ -200,7 +200,8 @@ class SigninForm(RedirectForm):
# must short-circuit the password check for ldap users
if not ldapuser:
try:
- # with an external_auth user but external auth disabled in config now, the empty password on the user in the database will fail
+ # with an external_auth user but external auth disabled in config now,
+ # the empty password on the user in the database will fail
if not ucontr.check_password(user, self.password.data):
self.password.errors.append("Wrong password")
validated = False
diff --git a/newspipe/web/views/user.py b/newspipe/web/views/user.py
index 1945be89..00615ba8 100644
--- a/newspipe/web/views/user.py
+++ b/newspipe/web/views/user.py
@@ -9,7 +9,6 @@ from flask_login import current_user
from flask_login import login_required
from flask_paginate import get_page_args
from flask_paginate import Pagination
-from werkzeug.exceptions import BadRequest
from newspipe.bootstrap import application
from newspipe.controllers import ArticleController
diff --git a/package-lock.json b/package-lock.json
index bb868b3b..ccade94f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -13,7 +13,7 @@
"@popperjs/core": "^2.11.6",
"bootstrap": "^5.2.3",
"bootstrap-select": "^1.13.18",
- "chart.js": "^4.2.0",
+ "chart.js": "^4.2.1",
"fork-awesome": "^1.2.0",
"moment": "^2.29.4"
},
@@ -63,14 +63,14 @@
}
},
"node_modules/chart.js": {
- "version": "4.2.0",
- "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-4.2.0.tgz",
- "integrity": "sha512-wbtcV+QKeH0F7gQZaCJEIpsNriFheacouJQTVIjITi3eQA8bTlIBoknz0+dgV79aeKLNMAX+nDslIVE/nJ3rzA==",
+ "version": "4.3.0",
+ "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-4.3.0.tgz",
+ "integrity": "sha512-ynG0E79xGfMaV2xAHdbhwiPLczxnNNnasrmPEXriXsPJGjmhOBYzFVEsB65w2qMDz+CaBJJuJD0inE/ab/h36g==",
"dependencies": {
"@kurkle/color": "^0.3.0"
},
"engines": {
- "pnpm": "^7.0.0"
+ "pnpm": ">=7"
}
},
"node_modules/fork-awesome": {
diff --git a/poetry.lock b/poetry.lock
index 71252846..f99c7c46 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -904,6 +904,20 @@ MarkupSafe = ">=2.0"
i18n = ["Babel (>=2.7)"]
[[package]]
+name = "ldap3"
+version = "2.9.1"
+description = "A strictly RFC 4510 conforming LDAP V3 pure Python client library"
+optional = false
+python-versions = "*"
+files = [
+ {file = "ldap3-2.9.1-py2.py3-none-any.whl", hash = "sha256:5869596fc4948797020d3f03b7939da938778a0f9e2009f7a072ccf92b8e8d70"},
+ {file = "ldap3-2.9.1.tar.gz", hash = "sha256:f3e7fc4718e3f09dda568b57100095e0ce58633bcabbed8667ce3f8fbaa4229f"},
+]
+
+[package.dependencies]
+pyasn1 = ">=0.4.6"
+
+[[package]]
name = "lxml"
version = "4.9.2"
description = "Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API."
@@ -1579,6 +1593,17 @@ files = [
]
[[package]]
+name = "pyasn1"
+version = "0.5.0"
+description = "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)"
+optional = false
+python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,>=2.7"
+files = [
+ {file = "pyasn1-0.5.0-py2.py3-none-any.whl", hash = "sha256:87a2121042a1ac9358cabcaf1d07680ff97ee6404333bacca15f76aa8ad01a57"},
+ {file = "pyasn1-0.5.0.tar.gz", hash = "sha256:97b7290ca68e62a832558ec3976f15cbf911bf5d7c7039d8b861c2a0ece69fde"},
+]
+
+[[package]]
name = "pycodestyle"
version = "2.7.0"
description = "Python style guide checker"
@@ -2176,4 +2201,4 @@ multidict = ">=4.0"
[metadata]
lock-version = "2.0"
python-versions = "^3.10"
-content-hash = "5cdc3c4952373fffabe6837e3316a640b6fdaf26e0e53e6e1afb9245be51e268"
+content-hash = "bed4476a4291f5d5bb4029a145c9b4c595723a8167482b0a382cab9d4688d74d"
diff --git a/pyproject.toml b/pyproject.toml
index 51d49e02..2c809344 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -33,6 +33,7 @@ psycopg2-binary = "^2.9.6"
flask-talisman = "^0.8.1"
feedparser = "^6.0.8"
mypy = "^0.991"
+ldap3 = "^2.9.1"
[tool.poetry.group.dev.dependencies ]
sqlalchemy-schemadisplay = "^1.3"
bgstack15