From 7a2cd5baed73e1634b83ce8d627ef275c993df7a Mon Sep 17 00:00:00 2001 From: Cédric Bonhomme Date: Tue, 27 Jun 2023 23:07:01 +0200 Subject: chg: [flake8] Adresses some flake8 warnings. --- instance/config.py | 3 ++- instance/sqlite.py | 3 ++- .../2a5604bed382_add_string_user_external_auth.py | 6 ++--- newspipe/controllers/__init__.py | 1 + newspipe/controllers/user.py | 17 +++++++++----- newspipe/web/forms.py | 5 ++-- newspipe/web/views/user.py | 1 - package-lock.json | 10 ++++---- poetry.lock | 27 +++++++++++++++++++++- pyproject.toml | 1 + 10 files changed, 54 insertions(+), 20 deletions(-) diff --git a/instance/config.py b/instance/config.py index e3362694..42e624cb 100644 --- a/instance/config.py +++ b/instance/config.py @@ -85,7 +85,8 @@ LDAP_USER_ATTRIB_MEMBEROF = "memberof" LDAP_GROUP_DISPLAY_ATTRIB = "cn" LDAP_BIND_DN = "uid=sampleuser,cn=users,cn=accounts,dc=ipa,dc=internal,dc=com" LDAP_BIND_PASSWORD = "examplepassword" -# Additional filter to restrict user lookup. If not equivalent to False (e.g., undefined), will be logical-anded to the user-match-attribute search filter. +# Additional filter to restrict user lookup. If not equivalent to False +# (e.g., undefined), will be logical-anded to the user-match-attribute search filter. LDAP_FILTER = ( "(memberOf=cn=newspipe-users,cn=groups,cn=accounts,dc=ipa,dc=internal,dc=com)" ) diff --git a/instance/sqlite.py b/instance/sqlite.py index de6aab23..1f8d6206 100644 --- a/instance/sqlite.py +++ b/instance/sqlite.py @@ -78,7 +78,8 @@ LDAP_USER_ATTRIB_MEMBEROF = "memberof" LDAP_GROUP_DISPLAY_ATTRIB = "cn" LDAP_BIND_DN = "uid=sampleuser,cn=users,cn=accounts,dc=ipa,dc=internal,dc=com" LDAP_BIND_PASSWORD = "examplepassword" -# Additional filter to restrict user lookup. If not equivalent to False (e.g., undefined), will be logical-anded to the user-match-attribute search filter. +# Additional filter to restrict user lookup. If not equivalent to False +# (e.g., undefined), will be logical-anded to the user-match-attribute search filter. LDAP_FILTER = ( "(memberOf=cn=newspipe-users,cn=groups,cn=accounts,dc=ipa,dc=internal,dc=com)" ) diff --git a/migrations/versions/2a5604bed382_add_string_user_external_auth.py b/migrations/versions/2a5604bed382_add_string_user_external_auth.py index 95fe3ac9..41def8f4 100644 --- a/migrations/versions/2a5604bed382_add_string_user_external_auth.py +++ b/migrations/versions/2a5604bed382_add_string_user_external_auth.py @@ -5,15 +5,15 @@ Revises: bdd38bd755cb Create Date: 2023-06-17 15:30:40.434393 """ +import sqlalchemy as sa +from alembic import op + # revision identifiers, used by Alembic. revision = "2a5604bed382" down_revision = "bdd38bd755cb" branch_labels = None depends_on = None -from alembic import op -import sqlalchemy as sa - def upgrade(): op.add_column("user", sa.Column("external_auth", sa.String(), nullable=True)) diff --git a/newspipe/controllers/__init__.py b/newspipe/controllers/__init__.py index 449d93e9..ffe066b9 100644 --- a/newspipe/controllers/__init__.py +++ b/newspipe/controllers/__init__.py @@ -12,6 +12,7 @@ __all__ = [ "CategoryController", "ArticleController", "UserController", + "LdapuserController", "IconController", "BookmarkController", "BookmarkTagController", diff --git a/newspipe/controllers/user.py b/newspipe/controllers/user.py index e259940e..2aaded64 100644 --- a/newspipe/controllers/user.py +++ b/newspipe/controllers/user.py @@ -1,18 +1,20 @@ import logging from urllib.parse import urlparse +import ldap3 +from ldap3.core.exceptions import LDAPBindError from werkzeug.security import check_password_hash from werkzeug.security import generate_password_hash from .abstract import AbstractController from newspipe.models import User -logger = logging.getLogger(__name__) +# from ldap3.core.exceptions import LDAPPasswordIsMandatoryError # FOR LDAP # Reference: session_app -import ldap3 -from ldap3.core.exceptions import LDAPBindError, LDAPPasswordIsMandatoryError + +logger = logging.getLogger(__name__) class UserController(AbstractController): @@ -53,7 +55,8 @@ class LdapuserController: # list_matching_users always returns list, so if it contains <> 1 we are in trouble if len(this_user) != 1: print( - f"WARNING: cannot determine unique user for {config['LDAP_USER_MATCH_ATTRIB']}={user} which returned {this_user}" + f"WARNING: cannot determine unique user for" + f" {config['LDAP_USER_MATCH_ATTRIB']}={user} which returned {this_user}" ) return False # logger does not work here+flask for some reason. Very sad! @@ -128,14 +131,16 @@ class LdapuserController: try: import dns import dns.resolver - except: + except Exception: print("Need python3-dns or dnspython installed for dns lookups.") return [domain] namelist = [] try: query = dns.resolver.query(f"_ldap._tcp.{domain}", "SRV") except dns.resolver.NXDOMAIN: - # no records exist that match the request, so we were probably given a specific hostname, and an empty query will trigger the logic below that will add the original domain to the list. + # no records exist that match the request, so we were probably + # given a specific hostname, and an empty query will trigger + # the logic below that will add the original domain to the list. query = [] for i in query: namelist.append(i.target.to_text().rstrip(".")) diff --git a/newspipe/web/forms.py b/newspipe/web/forms.py index dba2e1b8..3eac8e6b 100644 --- a/newspipe/web/forms.py +++ b/newspipe/web/forms.py @@ -185,7 +185,7 @@ class SigninForm(RedirectForm): if user: validated = True self.user = user - except: + except Exception: self.nickmane.errors.append( f"Unable to provision user for valid ldap user {self.nickmane.data}" ) @@ -200,7 +200,8 @@ class SigninForm(RedirectForm): # must short-circuit the password check for ldap users if not ldapuser: try: - # with an external_auth user but external auth disabled in config now, the empty password on the user in the database will fail + # with an external_auth user but external auth disabled in config now, + # the empty password on the user in the database will fail if not ucontr.check_password(user, self.password.data): self.password.errors.append("Wrong password") validated = False diff --git a/newspipe/web/views/user.py b/newspipe/web/views/user.py index 1945be89..00615ba8 100644 --- a/newspipe/web/views/user.py +++ b/newspipe/web/views/user.py @@ -9,7 +9,6 @@ from flask_login import current_user from flask_login import login_required from flask_paginate import get_page_args from flask_paginate import Pagination -from werkzeug.exceptions import BadRequest from newspipe.bootstrap import application from newspipe.controllers import ArticleController diff --git a/package-lock.json b/package-lock.json index bb868b3b..ccade94f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -13,7 +13,7 @@ "@popperjs/core": "^2.11.6", "bootstrap": "^5.2.3", "bootstrap-select": "^1.13.18", - "chart.js": "^4.2.0", + "chart.js": "^4.2.1", "fork-awesome": "^1.2.0", "moment": "^2.29.4" }, @@ -63,14 +63,14 @@ } }, "node_modules/chart.js": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-4.2.0.tgz", - "integrity": "sha512-wbtcV+QKeH0F7gQZaCJEIpsNriFheacouJQTVIjITi3eQA8bTlIBoknz0+dgV79aeKLNMAX+nDslIVE/nJ3rzA==", + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-4.3.0.tgz", + "integrity": "sha512-ynG0E79xGfMaV2xAHdbhwiPLczxnNNnasrmPEXriXsPJGjmhOBYzFVEsB65w2qMDz+CaBJJuJD0inE/ab/h36g==", "dependencies": { "@kurkle/color": "^0.3.0" }, "engines": { - "pnpm": "^7.0.0" + "pnpm": ">=7" } }, "node_modules/fork-awesome": { diff --git a/poetry.lock b/poetry.lock index 71252846..f99c7c46 100644 --- a/poetry.lock +++ b/poetry.lock @@ -903,6 +903,20 @@ MarkupSafe = ">=2.0" [package.extras] i18n = ["Babel (>=2.7)"] +[[package]] +name = "ldap3" +version = "2.9.1" +description = "A strictly RFC 4510 conforming LDAP V3 pure Python client library" +optional = false +python-versions = "*" +files = [ + {file = "ldap3-2.9.1-py2.py3-none-any.whl", hash = "sha256:5869596fc4948797020d3f03b7939da938778a0f9e2009f7a072ccf92b8e8d70"}, + {file = "ldap3-2.9.1.tar.gz", hash = "sha256:f3e7fc4718e3f09dda568b57100095e0ce58633bcabbed8667ce3f8fbaa4229f"}, +] + +[package.dependencies] +pyasn1 = ">=0.4.6" + [[package]] name = "lxml" version = "4.9.2" @@ -1578,6 +1592,17 @@ files = [ {file = "psycopg2_binary-2.9.6-cp39-cp39-win_amd64.whl", hash = "sha256:f6a88f384335bb27812293fdb11ac6aee2ca3f51d3c7820fe03de0a304ab6249"}, ] +[[package]] +name = "pyasn1" +version = "0.5.0" +description = "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)" +optional = false +python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,>=2.7" +files = [ + {file = "pyasn1-0.5.0-py2.py3-none-any.whl", hash = "sha256:87a2121042a1ac9358cabcaf1d07680ff97ee6404333bacca15f76aa8ad01a57"}, + {file = "pyasn1-0.5.0.tar.gz", hash = "sha256:97b7290ca68e62a832558ec3976f15cbf911bf5d7c7039d8b861c2a0ece69fde"}, +] + [[package]] name = "pycodestyle" version = "2.7.0" @@ -2176,4 +2201,4 @@ multidict = ">=4.0" [metadata] lock-version = "2.0" python-versions = "^3.10" -content-hash = "5cdc3c4952373fffabe6837e3316a640b6fdaf26e0e53e6e1afb9245be51e268" +content-hash = "bed4476a4291f5d5bb4029a145c9b4c595723a8167482b0a382cab9d4688d74d" diff --git a/pyproject.toml b/pyproject.toml index 51d49e02..2c809344 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -33,6 +33,7 @@ psycopg2-binary = "^2.9.6" flask-talisman = "^0.8.1" feedparser = "^6.0.8" mypy = "^0.991" +ldap3 = "^2.9.1" [tool.poetry.group.dev.dependencies ] sqlalchemy-schemadisplay = "^1.3" -- cgit