Format code using black

This commit is contained in:
PapaTutuWawa 2020-11-14 16:44:45 +01:00
parent 6751502e21
commit 2d11c82e32
2 changed files with 52 additions and 41 deletions

View File

@ -96,10 +96,18 @@ WSGI_APPLICATION = "etebase_server.wsgi.application"
# https://docs.djangoproject.com/en/3.0/ref/settings/#auth-password-validators # https://docs.djangoproject.com/en/3.0/ref/settings/#auth-password-validators
AUTH_PASSWORD_VALIDATORS = [ AUTH_PASSWORD_VALIDATORS = [
{"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",}, {
{"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",}, "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
{"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",}, },
{"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",}, {
"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
},
{
"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
},
{
"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
},
] ]
@ -128,10 +136,12 @@ STATIC_ROOT = os.environ.get("DJANGO_STATIC_ROOT", os.path.join(BASE_DIR, "stati
MEDIA_ROOT = os.environ.get("DJANGO_MEDIA_ROOT", os.path.join(BASE_DIR, "media")) MEDIA_ROOT = os.environ.get("DJANGO_MEDIA_ROOT", os.path.join(BASE_DIR, "media"))
MEDIA_URL = "/user-media/" MEDIA_URL = "/user-media/"
ETEBASE_API_PERMISSIONS = ['rest_framework.permissions.IsAuthenticated'] ETEBASE_API_PERMISSIONS = ["rest_framework.permissions.IsAuthenticated"]
ETEBASE_API_AUTHENTICATORS = ('django_etebase.token_auth.authentication.TokenAuthentication', ETEBASE_API_AUTHENTICATORS = (
'rest_framework.authentication.SessionAuthentication') "django_etebase.token_auth.authentication.TokenAuthentication",
ETEBASE_CREATE_USER_FUNC = 'django_etebase.utils.create_user_blocked' "rest_framework.authentication.SessionAuthentication",
)
ETEBASE_CREATE_USER_FUNC = "django_etebase.utils.create_user_blocked"
# Define where to find configuration files # Define where to find configuration files
config_locations = [ config_locations = [
@ -169,17 +179,17 @@ if any(os.path.isfile(x) for x in config_locations):
if "database" in config: if "database" in config:
DATABASES = {"default": {x.upper(): y for x, y in config.items("database")}} DATABASES = {"default": {x.upper(): y for x, y in config.items("database")}}
if 'ldap' in config: if "ldap" in config:
ldap = config['ldap'] ldap = config["ldap"]
LDAP_SERVER = ldap.get('server', '') LDAP_SERVER = ldap.get("server", "")
LDAP_SEARCH_BASE = ldap.get('search_base', '') LDAP_SEARCH_BASE = ldap.get("search_base", "")
LDAP_FILTER = ldap.get('filter', '') LDAP_FILTER = ldap.get("filter", "")
LDAP_BIND_DN = ldap.get('bind_dn', '') LDAP_BIND_DN = ldap.get("bind_dn", "")
LDAP_BIND_PW = ldap.get('bind_pw', '') LDAP_BIND_PW = ldap.get("bind_pw", "")
# Configure EteBase to use LDAP # Configure EteBase to use LDAP
ETEBASE_CREATE_USER_FUNC = 'myauth.ldap.create_user' ETEBASE_CREATE_USER_FUNC = "myauth.ldap.create_user"
ETEBASE_API_PERMISSIONS.append('myauth.ldap.LDAPUserExists') ETEBASE_API_PERMISSIONS.append("myauth.ldap.LDAPUserExists")
# Make an `etebase_server_settings` module available to override settings. # Make an `etebase_server_settings` module available to override settings.
try: try:

View File

@ -9,16 +9,17 @@ import ldap
def ldap_setting(name, default): def ldap_setting(name, default):
'''Wrapper around django.conf.settings''' """Wrapper around django.conf.settings"""
return getattr(settings, f'LDAP_{name}', default) return getattr(settings, f"LDAP_{name}", default)
class LDAPConnection: class LDAPConnection:
__instance__ = None __instance__ = None
__user_cache = {} # Username -> Valid until __user_cache = {} # Username -> Valid until
@staticmethod @staticmethod
def get_instance(): def get_instance():
'''To get a Singleton''' """To get a Singleton"""
if not LDAPConnection.__instance__: if not LDAPConnection.__instance__:
return LDAPConnection() return LDAPConnection()
else: else:
@ -26,18 +27,17 @@ class LDAPConnection:
def __init__(self): def __init__(self):
# Cache some settings # Cache some settings
self.__LDAP_FILTER = ldap_setting('FILTER', '') self.__LDAP_FILTER = ldap_setting("FILTER", "")
self.__LDAP_SEARCH_BASE = ldap_setting('SEARCH_BASE', '') self.__LDAP_SEARCH_BASE = ldap_setting("SEARCH_BASE", "")
self.__ldap_connection = ldap.initialize(ldap_setting('SERVER', '')) self.__ldap_connection = ldap.initialize(ldap_setting("SERVER", ""))
try: try:
self.__ldap_connection.simple_bind_s(ldap_setting('BIND_DN', ''), self.__ldap_connection.simple_bind_s(ldap_setting("BIND_DN", ""), ldap_setting("BIND_PW", ""))
ldap_setting('BIND_PW', ''))
except ldap.LDAPError as err: except ldap.LDAPError as err:
logging.error(f'LDAP Error occuring during bind: {err.desc}') logging.error(f"LDAP Error occuring during bind: {err.desc}")
def __is_cache_valid(self, username): def __is_cache_valid(self, username):
'''Returns True if the cache entry is still valid. Returns False otherwise.''' """Returns True if the cache entry is still valid. Returns False otherwise."""
if username in self.__user_cache: if username in self.__user_cache:
if timezone.now() <= self.__user_cache[username]: if timezone.now() <= self.__user_cache[username]:
# Cache entry is still valid # Cache entry is still valid
@ -48,26 +48,24 @@ class LDAPConnection:
del self.__user_cache[username] del self.__user_cache[username]
def has_user(self, username): def has_user(self, username):
''' """
Since we don't care about the password and so authentication Since we don't care about the password and so authentication
another way, all we care about is whether the user exists. another way, all we care about is whether the user exists.
''' """
if self.__is_cache_valid(username): if self.__is_cache_valid(username):
return True return True
if username in self.__user_cache: if username in self.__user_cache:
self.__remove_cache(username) self.__remove_cache(username)
filterstr = self.__LDAP_FILTER.replace('%s', username) filterstr = self.__LDAP_FILTER.replace("%s", username)
try: try:
result = self.__ldap_connection.search_s(self.__LDAP_SEARCH_BASE, result = self.__ldap_connection.search_s(self.__LDAP_SEARCH_BASE, ldap.SCOPE_SUBTREE, filterstr=filterstr)
ldap.SCOPE_SUBTREE,
filterstr=filterstr)
except ldap.NO_RESULTS_RETURNED: except ldap.NO_RESULTS_RETURNED:
# We handle the specific error first and the the generic error, as # We handle the specific error first and the the generic error, as
# we may expect ldap.NO_RESULTS_RETURNED, but not any other error # we may expect ldap.NO_RESULTS_RETURNED, but not any other error
return False return False
except ldap.LDAPError as err: except ldap.LDAPError as err:
logging.error(f'Error occured while performing an LDAP query: {err.desc}') logging.error(f"Error occured while performing an LDAP query: {err.desc}")
return False return False
if len(result) == 1: if len(result) == 1:
@ -75,19 +73,22 @@ class LDAPConnection:
return True return True
return False return False
class LDAPUserExists(BasePermission): class LDAPUserExists(BasePermission):
''' """
A permission check which first checks with the LDAP directory if the user A permission check which first checks with the LDAP directory if the user
exists. exists.
''' """
def has_permission(self, request, view): def has_permission(self, request, view):
return LDAPConnection.get_instance().has_user(request.user.username) return LDAPConnection.get_instance().has_user(request.user.username)
def create_user(*args, **kwargs): def create_user(*args, **kwargs):
''' """
A create_user function which first checks if the user already exists in the A create_user function which first checks if the user already exists in the
configured LDAP directory. configured LDAP directory.
''' """
if not LDAPConnection.get_instance().has_user(kwargs['username']): if not LDAPConnection.get_instance().has_user(kwargs["username"]):
raise PermissionDenied('User not in the LDAP directory.') raise PermissionDenied("User not in the LDAP directory.")
return User.objects.create_user(*args, **kwargs) return User.objects.create_user(*args, **kwargs)