Merge branch 'master' of git.fsmpi.rwth-aachen.de:julianundandyfrickelnkram/videoagwebsite

726fda6f · Andreas Valder · 25297e65 · 1ce40ec8 · 726fda6f · 726fda6f
Commit 726fda6f authored 8 years ago by Andreas Valder
--- a/server.py
+++ b/server.py
 #!/bin/python
 from flask import Flask, render_template, g, request, url_for, redirect, session
-import mysql.connector
 import sqlite3
 import os
-#import ldap3
 import re

 app = Flask(__name__)
@@ -43,6 +41,7 @@ def dict_factory(cursor, row):

 def query(operation, *params):
 	if config['DB_ENGINE'] == 'mysql':
+		import mysql.connector
 		if 'db' not in g or not g.db.is_connected():
 			g.db = mysql.connector.connect(user=config['MYSQL_USER'], password=config['MYSQL_PASSWD'], host=config['MYSQL_HOST'], database=config['MYSQL_DB'])
 		cur = g.db.cursor(dictionary=True)
@@ -78,6 +77,7 @@ def ldapauth(user, password):
 	notldap = {'videoag':('videoag', ['users','videoag']), 'gustav':('passwort', ['users'])}
 	user = LDAP_USERRE.sub(r'', user.lower())
 	if 'LDAP_HOST' in config:
+		import ldap3
 		try:
 			conn = ldap3.Connection(config['LDAP_HOST'], 'uid=%s,ou=users,dc=fsmpi,dc=rwth-aachen,dc=de'%user, password, auto_bind=True)
 			if conn.search("ou=groups,dc=fsmpi,dc=rwth-aachen,dc=de", "(&(cn=*)(memberUid=%s))"%user, attributes=['cn']):
@@ -90,6 +90,20 @@ def ldapauth(user, password):
 		return user, notldap[user][1]
 	return None, []

+def ldapget(user):
+	notldap = {'videoag': {'uid': 'videoag', 'givenName': 'Video', 'sn': 'Geier'},
+		'gustav': {'uid': 'gustav', 'givenName': 'Gustav', 'sn': 'Geier'}}
+	user = LDAP_USERRE.sub(r'', user.lower())
+	if 'LDAP_HOST' in config:
+		import ldap3
+		conn = ldap3.Connection('ldaps://rumo.fsmpi.rwth-aachen.de', auto_bind=True)
+		conn.search("ou=users,dc=fsmpi,dc=rwth-aachen,dc=de", "(uid=%s)"%user,
+				attributes=ldap3.ALL_ATTRIBUTES)
+		e = conn.entries[0]
+		return {'uid': user, 'givenName': e.givenName.value, 'sn':e.sn.value}
+	else:
+		return notldap[user]
+
 @app.route('/')
 def index():
 	return render_template('index.html', latestvideos=query('''
@@ -153,5 +167,23 @@ def course():
 	else:
 		return redirect(url_for('index'))

+@app.route('/login', methods=['POST'])
+def login():
+	user, groups = ldapauth(request.form.get('user'), request.form.get('password'))
+	if user and 'users' in groups:
+		session['user'] = ldapget(user)
+	if 'ref' in request.values:
+		return redirect(request.values['ref'])
+	else:
+		return redirect(url_for('index'))
+
+@app.route('/logout')
+def logout():
+	session.pop('user')
+	if 'ref' in request.values:
+		return redirect(request.values['ref'])
+	else:
+		return redirect(url_for('index'))
+
 if __name__ == '__main__':
 	app.run()
--- a/templates/base.html
+++ b/templates/base.html
@@ -56,7 +56,7 @@
 									</li>
 									{% endfor %}
 									<li class="navbar-right">
-										{% if not session.userid is defined %}
+										{% if not session.user is defined %}
 										<a id="loginpopover" data-container="body" data-toggle="popover" data-placement="bottom"> 
 											<span class="glyphicon glyphicon-log-in"></span>
 										</a>
@@ -70,7 +70,8 @@
 											)
 										</script>
 										{% else %}
-										<a herf="/logout">
+										<a href="/logout?ref={{ request.url|urlencode }}">
+											{{ session.user.givenName }}
 											<span class="glyphicon glyphicon-log-out"></span>
 										</a>
 										{% endif %}