add settings page for admins group

so far we only support changing the ldap_uri for runtime.
author: B. Stack <bgstack15@gmail.com> 2021-06-27 18:01:37 -0400
committer: B. Stack <bgstack15@gmail.com> 2021-06-27 18:01:37 -0400
commit: 5851bfabb4caba9c24ec4fd5edece49c99137f65 (patch)
tree: 8c0701815edf8ee750e51081f8d7cde668402657
parent: move config to separate file (diff)
download: session_app-5851bfabb4caba9c24ec4fd5edece49c99137f65.tar.gz
session_app-5851bfabb4caba9c24ec4fd5edece49c99137f65.tar.bz2
session_app-5851bfabb4caba9c24ec4fd5edece49c99137f65.zip
2 files changed, 54 insertions, 3 deletions
diff --git a/session_app.py b/session_app.py
index 847df19..50a52fd 100755
--- a/session_app.py
+++ b/session_app.py
@@ -16,7 +16,6 @@
 #    preserve POST with code 307 https://stackoverflow.com/a/15480983/3569534
 # Improve:
 #    remove session info, when logging out?
-#    provide web page for adjusting settings like ldap uri
 # Run:
 #    FLASK_APP=session_app.py FLASK_DEBUG=1 flask run --host 0.0.0.0
 # Dependencies:
@@ -56,13 +55,14 @@ def requires_session(function):
          if 'user' not in session:
             return Response("User is not in this session.",401)
          s_user = session['user']
+         s_groups = session['groups']
          c_user = request.cookies.get('user')
          print(f"session user: {s_user}")
          print(f"cookie user: {c_user}")
          if session['user'] != c_user:
             return Response("Wrong user for this session!.",401)
          # otherwise, everything is good!
-         return function(*args,**kwargs)
+         return function(s_user, s_groups, *args,**kwargs)
       # catch-all
       return Response("requires session",401)
    return decorated
@@ -205,7 +205,7 @@ def index():
 
 @app.route("/protected/")
 @requires_session
-def protected_page():
+def protected_page(user=None,groups=None):
    return protected_page_real()
 
 def protected_page_real():
@@ -358,6 +358,40 @@ def login_basic():
    session['formdata'] = form
    return redirect(url_for("login_ldap"),code=307)
 
+@app.route("/protected/settings/", methods=['GET','POST'])
+@requires_session
+def protected_settings(user,groups):
+   print(f"DEBUG: visit settings page as user {user}")
+   print(f"DEBUG: with groups {groups}")
+   if "admins" not in groups:
+      #return Response(f'<h1>Not Found</h1><p>What you were looking for is just not there.<p><a href="{ url_for("index") }">Start over</a>', 404)
+      #return Response(f'<h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>', 404)
+      return Response(f'<h1>Not Authorized</h1><p>You are not authorized to access this page.</p>', 403)
+   else:
+      if request.method == "GET":
+         return render_template(
+            'settings.html',
+            ldap_uri=app.config['LDAP_URI']
+         )
+      elif request.method == "POST":
+         form = request.form
+         print(f"Form: {form}")
+         message = ""
+         if 'ldap_uri' not in form:
+            return Response("Invalid input.", 400)
+         else:
+            new_ldap_uri = form['ldap_uri']
+            if new_ldap_uri != app.config['LDAP_URI']:
+               app.config['LDAP_URI'] = new_ldap_uri
+               # removing LDAP_HOSTS causes get_new_ldap_server to reidentify the ldap servers for this uri.
+               if 'LDAP_HOSTS' in app.config:
+                  app.config.pop('LDAP_HOSTS')
+               message += "<li>LDAP_URI</li>"
+         if "" != message:
+            message = "Settings updated:<ul>" + message + "</ul>"
+         message += f"<form action='{url_for('protected_settings')}' method='get'><input type='submit' value='Return to settings'/></form>"
+         return Response(message, 200)
+
 ## This bumps the session lifetime to two minutes farther out from each web request with this session.
 #@app.before_request
 #def make_session_permanent():
diff --git a/templates/settings.html b/templates/settings.html
new file mode 100644
index 0000000..c5f6e68
--- /dev/null
+++ b/templates/settings.html
@@ -0,0 +1,17 @@
+<html>
+<head>
+<title>Session_app settings</title>
+<!--<style type="text/css" media="screen">
+input {
+   width: 500px;
+}
+</style> -->
+</head>
+<body>
+<h1>Settings</h1>
+<form action="#" method="post">
+<p>Ldap URI <input style="width: 500px;" type="text" value="{{ ldap_uri }}" name="ldap_uri"</p>
+<p><input accesskey="s" type="submit" value="Submit"/></p>
+</form>
+</center>
+</html>
author	B. Stack <bgstack15@gmail.com>	2021-06-27 18:01:37 -0400
committer	B. Stack <bgstack15@gmail.com>	2021-06-27 18:01:37 -0400
commit	5851bfabb4caba9c24ec4fd5edece49c99137f65 (patch)
tree	8c0701815edf8ee750e51081f8d7cde668402657
parent	move config to separate file (diff)
download	session_app-5851bfabb4caba9c24ec4fd5edece49c99137f65.tar.gz session_app-5851bfabb4caba9c24ec4fd5edece49c99137f65.tar.bz2 session_app-5851bfabb4caba9c24ec4fd5edece49c99137f65.zip