aboutsummaryrefslogtreecommitdiff
path: root/newspipe/web/forms.py
diff options
context:
space:
mode:
Diffstat (limited to 'newspipe/web/forms.py')
-rw-r--r--newspipe/web/forms.py62
1 files changed, 56 insertions, 6 deletions
diff --git a/newspipe/web/forms.py b/newspipe/web/forms.py
index 1240e4ab..4cd552e0 100644
--- a/newspipe/web/forms.py
+++ b/newspipe/web/forms.py
@@ -1,4 +1,5 @@
#! /usr/bin/env python
+# vim: set ts=4 sts=4 sw=4 et:
# Newspipe - A web news aggregator.
# Copyright (C) 2010-2023 Cédric Bonhomme - https://www.cedricbonhomme.org
#
@@ -24,6 +25,7 @@ __revision__ = "$Date: 2015/05/06 $"
__copyright__ = "Copyright (c) Cedric Bonhomme"
__license__ = "GPLv3"
+import logging
from flask import redirect, url_for
from flask_babel import lazy_gettext
from flask_wtf import FlaskForm
@@ -41,10 +43,12 @@ from wtforms import (
)
from wtforms.fields.html5 import EmailField, URLField
-from newspipe.controllers import UserController
+from newspipe.bootstrap import application
+from newspipe.controllers import UserController, LdapuserController
from newspipe.lib import misc_utils
from newspipe.models import User
+logger = logging.getLogger(__name__)
class SignupForm(FlaskForm):
"""
@@ -138,19 +142,65 @@ class SigninForm(RedirectForm):
def validate(self):
validated = super().validate()
+ # try ldap before doing anything else
+ ldap_enabled = application.config["LDAP_ENABLED"] if "LDAP_ENABLED" in application.config else False
+ ldapuser = None
+ if ldap_enabled:
+ ucontrldap = LdapuserController()
+ try:
+ # this returns False if invalid username or password.
+ ldapuser = ucontrldap.check_password(
+ user = self.nickmane.data,
+ password = self.password.data,
+ config = application.config
+ )
+ if ldapuser:
+ self.nickmane.errors.append(f"validated ldap user {self.nickmane.data}")
+ else:
+ #self.nickmane.errors.append(f"Invalid username or password.")
+ raise NotFound
+ except NotFound:
+ pass # just assume the user is trying a local account
ucontr = UserController()
try:
user = ucontr.get(nickname=self.nickmane.data)
except NotFound:
- self.nickmane.errors.append("Wrong nickname")
- validated = False
+ if ldap_enabled and ldapuser:
+ try:
+ user = ucontr.create(
+ nickname=self.nickmane.data,
+ password="",
+ automatic_crawling=True,
+ is_admin=False,
+ is_active=True,
+ )
+ if user:
+ validated = True
+ self.user = user
+ except:
+ self.nickmane.errors.append(f"Unable to provision user for valid ldap user {self.nickmane.data}")
+ validated = False
+ else:
+ self.nickmane.errors.append("Wrong nickname")
+ validated = False
else:
if not user.is_active:
self.nickmane.errors.append("Account not active")
validated = False
- if not ucontr.check_password(user, self.password.data):
- self.password.errors.append("Wrong password")
- validated = False
+ # must short-circuit the password check for ldap users
+ if not ldapuser:
+ try:
+ # with an external_auth user but external auth disabled in config now, the empty password on the user in the database will fail
+ if not ucontr.check_password(user, self.password.data):
+ self.password.errors.append("Wrong password")
+ validated = False
+ except AttributeError:
+ if ldap_enabled:
+ self.password.errors.append("Wrong password")
+ validated = False
+ else:
+ self.password.errors.append("External auth unavailable. Contact the admin.")
+ validated = False
self.user = user
return validated
bgstack15