Introduced LDAP authentication!

4fdef16a · Jean Michel Rouly · b9e42740 · 4fdef16a · 4fdef16a · 4fdef16a
Commit 4fdef16a authored Oct 06, 2013 by Jean Michel Rouly
--- a/wsgi/authenticate.py
+++ b/wsgi/authenticate.py
@@ -25,13 +25,24 @@ def application(environ, start_response):
    # Determine the user credentials to authenticate.
    usr = data['usr']
    psw = data['pass']
+    bind = 'uid='+usr+',ou=people,o=gmu.edu'
    
+    success = False # authentication success
+
    # Try to talk with the LDAP server.
-    #ld = ldap.initialize( goconfig.ldap_domain )
-    #ld.simple_bind_s()
-    #ld.unbind_s()
-    
-    success = True
+    ldap.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND)
+    ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
+    try:
+      ld = ldap.initialize( goconfig.ldap_domain )
+      result = ld.simple_bind_s( bind, psw )
+      if result is not None:
+        success = True
+    except ldap.INVALID_CREDENTIALS:
+      pass
+    except ldap.INAPPROPRIATE_AUTH:
+      pass
+    except ldap.NO_SUCH_OBJECT:
+      pass
    
    if( success ):
      # create a hashed cookie

--- a/wsgi/goconfig.py
+++ b/wsgi/goconfig.py
@@ -35,7 +35,7 @@ sql_url_table  = "urls"
 sql_usr_table = "usrs"

 #ldap_domain: The location of the LDAP database to connect to.
-ldap_domain = "ldap://ldap.gmu.edu"
+ldap_domain = "ldaps://directory.gmu.edu:636"




--- a/wsgi/index.py
+++ b/wsgi/index.py
@@ -51,7 +51,7 @@ def application(environ, start_response):
      <p>Make sure to include http:// in front.</p>
      <input type="text" id="long-url" name="long-url" value="http://" />
      <br /><br />
-      <label for="short-url">identifier</label>
+      <label for="short-url">identifier (optional)</label>
      <p>What your want your URL to look like. This is optional.</p>
      <p>Identifier must be at least 5 characters, and only 
      contain letters and numbers.</p>
@@ -59,6 +59,7 @@ def application(environ, start_response):
      <br /><br />
      <input type="submit" name="submit" value="SHORTEN" />
      <br />
+      <p><a href="/exec/out">(logout)</a></p>
    </form>
  """
  #body.append( url_form )

--- a/wsgi/library.py
+++ b/wsgi/library.py
@@ -46,6 +46,15 @@ def generate_cookie( user ):
  return cookie


+# Generate an expired cookie in order to remove any preexisting cookie.
+def eat_cookie():
+  cookie = Cookie.SimpleCookie()
+  cookie["user"] = "goodbye"
+  cookie["user"]["expires"] = "Thu, 01 Jan 1970 00:00:00 GMT"
+  cookie["user"]["path"] = "/"
+  return cookie
+
+
 # Register the user in the table of active users.
 def activate_user( hash_value ):
  mdb,cursor = connect_to_mysql()

--- a/wsgi/logout.py
+++ b/wsgi/logout.py
+import ldap
+import site
+import Cookie
+
+site.addsitedir('/srv/http/wsgi')
+import library
+import goconfig
+
+def application(environ, start_response):
+  
+  # Grab the current user hash value cookie if there is one, and then
+  # deactivate that hash value from the SQL database.
+  current_cookie = Cookie.SimpleCookie()
+  try:
+    current_cookie.load( environ['HTTP_COOKIE'] )
+    user_hash = current_cookie['user'].value
+    library.deactivate_user( user_hash )
+  except KeyError:
+    pass
+  
+  # Generate an expired cookie to overwrite any existing cookie.
+  expired_cookie = library.eat_cookie()
+  expired_cookie_value = expired_cookie['user'].OutputString()
+  
+  # Push push push.
+  status = '303 See Other'
+  response_headers = [('Set-Cookie', expired_cookie_value),
+                      ('Location', '/'),
+                      ('Content-type', 'text/plain')]
+  start_response(status, response_headers)
+  
+  return [ str(expired_cookie) ]