Loading src/common/auth.py 0 → 100644 +58 −0 Original line number Diff line number Diff line """Provide authentication methods.""" from common.env import check_environment as ce try: from onelogin.saml2.auth import OneLogin_Saml2_Auth from ldap3 import Server, Connection, ALL, SUBTREE from ldap3.core.exceptions import LDAPException, LDAPBindError from flask import jsonify except ImportError: import sys from common.logz import create_logger log = create_logger() log.warn("To use this module, install common-package[auth] extra.") sys.exit(1) def authenticate_ldap_user(uid, password): """ Authenticates a user against an LDAP server using their user ID and password. This function retrieves the necessary LDAP configuration from environment variables, establishes a connection to the LDAP server, and attempts to bind with the provided credentials. If the binding is successful, it searches for the user's entry and returns it. Parameters: - uid (str): The user ID of the LDAP account to authenticate. - password (str): The password for the LDAP account. Returns: - ldap3.Entry: The LDAP entry of the authenticated user if successful. - None: If the authentication fails (e.g., incorrect credentials or issues with server connection). Environment Variables: - LDAP_SERVER: URL of the LDAP server. Default is "ldaps://ldapx.ornl.gov". - LDAP_ROOT_DN: The root distinguished name (DN) for LDAP queries. Default is "dc=xcams,dc=ornl,dc=gov". - LDAP_USER_DN: Template for constructing the user's DN. Default is "uid={uid},ou=Users". - LDAP_USER_SEARCH_FILTER: LDAP search filter to find the user. Default is "(uid={uid})". Example: To authenticate a user with ID 'jdoe' and password 'securepassword', you can call: authenticate_ldap_user('jdoe', 'securepassword') Raises: - ldap3.core.exceptions.LDAPException: If there is an issue connecting to the LDAP server or during the search. """ ldap_server = ce("LDAP_SERVER", "ldaps://ldapx.ornl.gov") root_dn = ce("LDAP_ROOT_DN", "dc=xcams,dc=ornl,dc=gov") user_dn = ce("LDAP_USER_DN", f"uid={uid},ou=Users") user_search_filter = ce("LDAP_USER_SEARCH_FILTER", f"(uid={uid})") dn = f"{user_dn},{root_dn}" server = Server(ldap_server, get_info=ALL) connection = Connection(server, user=dn, password=password) # check if binding to the connection works if not connection.bind(): return None connection.search(root_dn, user_search_filter, attributes=["*"]) return connection.entries[0] Loading
src/common/auth.py 0 → 100644 +58 −0 Original line number Diff line number Diff line """Provide authentication methods.""" from common.env import check_environment as ce try: from onelogin.saml2.auth import OneLogin_Saml2_Auth from ldap3 import Server, Connection, ALL, SUBTREE from ldap3.core.exceptions import LDAPException, LDAPBindError from flask import jsonify except ImportError: import sys from common.logz import create_logger log = create_logger() log.warn("To use this module, install common-package[auth] extra.") sys.exit(1) def authenticate_ldap_user(uid, password): """ Authenticates a user against an LDAP server using their user ID and password. This function retrieves the necessary LDAP configuration from environment variables, establishes a connection to the LDAP server, and attempts to bind with the provided credentials. If the binding is successful, it searches for the user's entry and returns it. Parameters: - uid (str): The user ID of the LDAP account to authenticate. - password (str): The password for the LDAP account. Returns: - ldap3.Entry: The LDAP entry of the authenticated user if successful. - None: If the authentication fails (e.g., incorrect credentials or issues with server connection). Environment Variables: - LDAP_SERVER: URL of the LDAP server. Default is "ldaps://ldapx.ornl.gov". - LDAP_ROOT_DN: The root distinguished name (DN) for LDAP queries. Default is "dc=xcams,dc=ornl,dc=gov". - LDAP_USER_DN: Template for constructing the user's DN. Default is "uid={uid},ou=Users". - LDAP_USER_SEARCH_FILTER: LDAP search filter to find the user. Default is "(uid={uid})". Example: To authenticate a user with ID 'jdoe' and password 'securepassword', you can call: authenticate_ldap_user('jdoe', 'securepassword') Raises: - ldap3.core.exceptions.LDAPException: If there is an issue connecting to the LDAP server or during the search. """ ldap_server = ce("LDAP_SERVER", "ldaps://ldapx.ornl.gov") root_dn = ce("LDAP_ROOT_DN", "dc=xcams,dc=ornl,dc=gov") user_dn = ce("LDAP_USER_DN", f"uid={uid},ou=Users") user_search_filter = ce("LDAP_USER_SEARCH_FILTER", f"(uid={uid})") dn = f"{user_dn},{root_dn}" server = Server(ldap_server, get_info=ALL) connection = Connection(server, user=dn, password=password) # check if binding to the connection works if not connection.bind(): return None connection.search(root_dn, user_search_filter, attributes=["*"]) return connection.entries[0]
