diff options
Diffstat (limited to 'newspipe/web/forms.py')
-rw-r--r-- | newspipe/web/forms.py | 62 |
1 files changed, 56 insertions, 6 deletions
diff --git a/newspipe/web/forms.py b/newspipe/web/forms.py index 1240e4ab..4cd552e0 100644 --- a/newspipe/web/forms.py +++ b/newspipe/web/forms.py @@ -1,4 +1,5 @@ #! /usr/bin/env python +# vim: set ts=4 sts=4 sw=4 et: # Newspipe - A web news aggregator. # Copyright (C) 2010-2023 Cédric Bonhomme - https://www.cedricbonhomme.org # @@ -24,6 +25,7 @@ __revision__ = "$Date: 2015/05/06 $" __copyright__ = "Copyright (c) Cedric Bonhomme" __license__ = "GPLv3" +import logging from flask import redirect, url_for from flask_babel import lazy_gettext from flask_wtf import FlaskForm @@ -41,10 +43,12 @@ from wtforms import ( ) from wtforms.fields.html5 import EmailField, URLField -from newspipe.controllers import UserController +from newspipe.bootstrap import application +from newspipe.controllers import UserController, LdapuserController from newspipe.lib import misc_utils from newspipe.models import User +logger = logging.getLogger(__name__) class SignupForm(FlaskForm): """ @@ -138,19 +142,65 @@ class SigninForm(RedirectForm): def validate(self): validated = super().validate() + # try ldap before doing anything else + ldap_enabled = application.config["LDAP_ENABLED"] if "LDAP_ENABLED" in application.config else False + ldapuser = None + if ldap_enabled: + ucontrldap = LdapuserController() + try: + # this returns False if invalid username or password. + ldapuser = ucontrldap.check_password( + user = self.nickmane.data, + password = self.password.data, + config = application.config + ) + if ldapuser: + self.nickmane.errors.append(f"validated ldap user {self.nickmane.data}") + else: + #self.nickmane.errors.append(f"Invalid username or password.") + raise NotFound + except NotFound: + pass # just assume the user is trying a local account ucontr = UserController() try: user = ucontr.get(nickname=self.nickmane.data) except NotFound: - self.nickmane.errors.append("Wrong nickname") - validated = False + if ldap_enabled and ldapuser: + try: + user = ucontr.create( + nickname=self.nickmane.data, + password="", + automatic_crawling=True, + is_admin=False, + is_active=True, + ) + if user: + validated = True + self.user = user + except: + self.nickmane.errors.append(f"Unable to provision user for valid ldap user {self.nickmane.data}") + validated = False + else: + self.nickmane.errors.append("Wrong nickname") + validated = False else: if not user.is_active: self.nickmane.errors.append("Account not active") validated = False - if not ucontr.check_password(user, self.password.data): - self.password.errors.append("Wrong password") - validated = False + # must short-circuit the password check for ldap users + if not ldapuser: + try: + # with an external_auth user but external auth disabled in config now, the empty password on the user in the database will fail + if not ucontr.check_password(user, self.password.data): + self.password.errors.append("Wrong password") + validated = False + except AttributeError: + if ldap_enabled: + self.password.errors.append("Wrong password") + validated = False + else: + self.password.errors.append("External auth unavailable. Contact the admin.") + validated = False self.user = user return validated |