almet/argos
1
0
Fork 0
mirror of https://framagit.org/framasoft/framaspace/argos.git synced 2025-04-28 18:02:41 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

🐛 — Automatically reconnect to LDAP if unreachable (fix #81)

Browse source
This commit is contained in:
Luc Didry 2025-02-18 11:28:05 +01:00
parent a48c7b74e6
commit 23fea9fffa
No known key found for this signature in database
GPG key ID: EA868E12D0257E3C
4 changed files with 22 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -7,6 +7,7 @@
- ✨ — No need cron tasks for DB cleaning anymore (#74 and #75) - ✨ — No need cron tasks for DB cleaning anymore (#74 and #75)
- ✨ — No need cron tasks for agents watching (#76) - ✨ — No need cron tasks for agents watching (#76)
- ✨ — Reload configuration asynchronously (#79) - ✨ — Reload configuration asynchronously (#79)
- 🐛 — Automatically reconnect to LDAP if unreachable (#81)
## 0.7.4 ## 0.7.4

4
argos/server/main.py
View file

@ -39,9 +39,7 @@ def get_application() -> FastAPI:
if config.general.ldap is not None: if config.general.ldap is not None:
import ldap import ldap
l = ldap.initialize(config.general.ldap.uri) appli.state.ldap = ldap.initialize(config.general.ldap.uri)
l.simple_bind_s(config.general.ldap.bind_dn, config.general.ldap.bind_pwd)
appli.state.ldap = l
@appli.state.manager.user_loader() @appli.state.manager.user_loader()
async def query_user(user: str) -> None | str | models.User: async def query_user(user: str) -> None | str | models.User:

13
argos/server/routes/dependencies.py
View file

@ -2,6 +2,8 @@ from fastapi import Depends, HTTPException, Request
from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
from fastapi_login import LoginManager from fastapi_login import LoginManager
from argos.logging import logger
auth_scheme = HTTPBearer() auth_scheme = HTTPBearer()
@ -33,12 +35,19 @@ async def verify_token(
return token return token
async def find_ldap_user(config, ldap, user: str) -> str | None: async def find_ldap_user(config, ldapobj, user: str) -> str | None:
"""Do a LDAP search for user and return its dn""" """Do a LDAP search for user and return its dn"""
import ldap
import ldap.filter as ldap_filter import ldap.filter as ldap_filter
from ldapurl import LDAP_SCOPE_SUBTREE from ldapurl import LDAP_SCOPE_SUBTREE
result = ldap.search_s( try:
ldapobj.simple_bind_s(config.general.ldap.bind_dn, config.general.ldap.bind_pwd)
except ldap.LDAPError as err: # pylint: disable-msg=no-member
logger.error("LDAP error: %s", err)
return None
result = ldapobj.search_s(
config.general.ldap.user_tree, config.general.ldap.user_tree,
LDAP_SCOPE_SUBTREE, LDAP_SCOPE_SUBTREE,
filterstr=ldap_filter.filter_format( filterstr=ldap_filter.filter_format(

9
argos/server/routes/views.py
View file

@ -90,6 +90,15 @@ async def post_login(
from ldap import INVALID_CREDENTIALS # pylint: disable-msg=no-name-in-module from ldap import INVALID_CREDENTIALS # pylint: disable-msg=no-name-in-module
from argos.server.routes.dependencies import find_ldap_user from argos.server.routes.dependencies import find_ldap_user
invalid_credentials = templates.TemplateResponse(
"login.html",
{
"request": request,
"msg": "Sorry, invalid username or bad password. "
"Or the LDAP server is unreachable (see logs to verify).",
},
)
ldap_dn = await find_ldap_user(config, request.app.state.ldap, username) ldap_dn = await find_ldap_user(config, request.app.state.ldap, username)
if ldap_dn is None: if ldap_dn is None:
return invalid_credentials return invalid_credentials