From 5851bfabb4caba9c24ec4fd5edece49c99137f65 Mon Sep 17 00:00:00 2001 From: "B. Stack" Date: Sun, 27 Jun 2021 18:01:37 -0400 Subject: add settings page for admins group so far we only support changing the ldap_uri for runtime. --- session_app.py | 40 +++++++++++++++++++++++++++++++++++++--- 1 file changed, 37 insertions(+), 3 deletions(-) (limited to 'session_app.py') diff --git a/session_app.py b/session_app.py index 847df19..50a52fd 100755 --- a/session_app.py +++ b/session_app.py @@ -16,7 +16,6 @@ # preserve POST with code 307 https://stackoverflow.com/a/15480983/3569534 # Improve: # remove session info, when logging out? -# provide web page for adjusting settings like ldap uri # Run: # FLASK_APP=session_app.py FLASK_DEBUG=1 flask run --host 0.0.0.0 # Dependencies: @@ -56,13 +55,14 @@ def requires_session(function): if 'user' not in session: return Response("User is not in this session.",401) s_user = session['user'] + s_groups = session['groups'] c_user = request.cookies.get('user') print(f"session user: {s_user}") print(f"cookie user: {c_user}") if session['user'] != c_user: return Response("Wrong user for this session!.",401) # otherwise, everything is good! - return function(*args,**kwargs) + return function(s_user, s_groups, *args,**kwargs) # catch-all return Response("requires session",401) return decorated @@ -205,7 +205,7 @@ def index(): @app.route("/protected/") @requires_session -def protected_page(): +def protected_page(user=None,groups=None): return protected_page_real() def protected_page_real(): @@ -358,6 +358,40 @@ def login_basic(): session['formdata'] = form return redirect(url_for("login_ldap"),code=307) +@app.route("/protected/settings/", methods=['GET','POST']) +@requires_session +def protected_settings(user,groups): + print(f"DEBUG: visit settings page as user {user}") + print(f"DEBUG: with groups {groups}") + if "admins" not in groups: + #return Response(f'

Not Found

What you were looking for is just not there.

Start over', 404) + #return Response(f'

Not Found

The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.

', 404) + return Response(f'

Not Authorized

You are not authorized to access this page.

', 403) + else: + if request.method == "GET": + return render_template( + 'settings.html', + ldap_uri=app.config['LDAP_URI'] + ) + elif request.method == "POST": + form = request.form + print(f"Form: {form}") + message = "" + if 'ldap_uri' not in form: + return Response("Invalid input.", 400) + else: + new_ldap_uri = form['ldap_uri'] + if new_ldap_uri != app.config['LDAP_URI']: + app.config['LDAP_URI'] = new_ldap_uri + # removing LDAP_HOSTS causes get_new_ldap_server to reidentify the ldap servers for this uri. + if 'LDAP_HOSTS' in app.config: + app.config.pop('LDAP_HOSTS') + message += "
  • LDAP_URI
  • " + if "" != message: + message = "Settings updated:" + message += f"
    " + return Response(message, 200) + ## This bumps the session lifetime to two minutes farther out from each web request with this session. #@app.before_request #def make_session_permanent(): -- cgit