Skip to content
Snippets Groups Projects
Commit 1fab0a6a authored by Julian Rother's avatar Julian Rother
Browse files

Refactored api wrapper

parent c9f81b22
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 14 additions and 4 deletions
server.py
+ 14
4
View file @ 1fab0a6a
import sys import sys
import json import json
import socketserver import socketserver
import requests import requests
from cachecontrol import CacheControl from cachecontrol import CacheControl
from cachecontrol.heuristics import ExpiresAfter from cachecontrol.heuristics import ExpiresAfter
...@@ -39,6 +40,15 @@ class UffdAPI: ...@@ -39,6 +40,15 @@ class UffdAPI:
assert(resp.ok) assert(resp.ok)
return resp.json() return resp.json()
def get_users(self, id=None, loginname=None, group=None):
return self.get('getusers', id=id, loginname=loginname, group=group)
def get_groups(self, id=None, name=None, member=None):
return self.get('getgroups', id=id, name=name, member=member)
def check_password(self, loginname, password):
return self.api.post('checkpassword', loginname=loginname, password=password)
def normalize_user_loginname(loginname): def normalize_user_loginname(loginname):
# The equality matching rule for uid is caseIgnoreMatch. It prepares # The equality matching rule for uid is caseIgnoreMatch. It prepares
# attribute and assertion value according to LDAP stringprep with # attribute and assertion value according to LDAP stringprep with
...@@ -88,7 +98,7 @@ class RequestHandler(LDAPRequestHandler): ...@@ -88,7 +98,7 @@ class RequestHandler(LDAPRequestHandler):
return True return True
if not dn.is_direct_child_of(DN('ou=users') + self.dn_base) or len(dn[0]) != 1 or dn[0][0].attribute != 'uid': if not dn.is_direct_child_of(DN('ou=users') + self.dn_base) or len(dn[0]) != 1 or dn[0][0].attribute != 'uid':
raise LDAPInvalidCredentials() raise LDAPInvalidCredentials()
if self.api.post('checkpassword', loginname=dn[0][0].value, password=password): if self.api.check_password(loginname=dn[0][0].value, password=password):
return True return True
raise LDAPInvalidCredentials() raise LDAPInvalidCredentials()
...@@ -97,7 +107,7 @@ class RequestHandler(LDAPRequestHandler): ...@@ -97,7 +107,7 @@ class RequestHandler(LDAPRequestHandler):
def do_bind_sasl_plain(self, identity, password, authzid=None): def do_bind_sasl_plain(self, identity, password, authzid=None):
if authzid is not None and identity != authzid: if authzid is not None and identity != authzid:
raise LDAPInvalidCredentials() raise LDAPInvalidCredentials()
user = self.api.post('checkpassword', loginname=identity, password=password) user = self.api.check_password(loginname=identity, password=password)
if user is None: if user is None:
raise LDAPInvalidCredentials() raise LDAPInvalidCredentials()
return user return user
...@@ -165,7 +175,7 @@ class RequestHandler(LDAPRequestHandler): ...@@ -165,7 +175,7 @@ class RequestHandler(LDAPRequestHandler):
if value.is_direct_child_of(DN(self.dn_base, ou='groups')) and value.object_attribute == 'cn': if value.is_direct_child_of(DN(self.dn_base, ou='groups')) and value.object_attribute == 'cn':
request_params = {'group': normalize_group_name(value.object_value)} request_params = {'group': normalize_group_name(value.object_value)}
break break
for user in self.api.get('getusers', **request_params): for user in self.api.get_users(**request_params):
yield template.create_object(user['loginname'], yield template.create_object(user['loginname'],
cn=[user['displayname']], cn=[user['displayname']],
displayname=[user['displayname']], displayname=[user['displayname']],
...@@ -199,7 +209,7 @@ class RequestHandler(LDAPRequestHandler): ...@@ -199,7 +209,7 @@ class RequestHandler(LDAPRequestHandler):
if value.is_direct_child_of(DN(self.dn_base, ou='users')) and value.object_attribute == 'uid': if value.is_direct_child_of(DN(self.dn_base, ou='users')) and value.object_attribute == 'uid':
request_params = {'member': normalize_user_loginname(value.object_value)} request_params = {'member': normalize_user_loginname(value.object_value)}
break break
for group in self.api.get('getgroups', **request_params): for group in self.api.get_groups(**request_params):
yield template.create_object(group['name'], yield template.create_object(group['name'],
cn=[group['name']], cn=[group['name']],
gidNumber=[group['id']], gidNumber=[group['id']],
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Impressum - Datenschutzerklärung