76 lines
2.8 KiB
Python
76 lines
2.8 KiB
Python
from flask import Blueprint, render_template, request, redirect, url_for, flash, session
|
|
from functools import wraps
|
|
from ldap3 import Server, Connection, ALL
|
|
from ldap3.core.exceptions import LDAPException
|
|
|
|
|
|
class LoginAuth:
|
|
def __init__(self):
|
|
# Create Blueprint
|
|
self.bp = Blueprint("auth", __name__)
|
|
|
|
# -------------------------------
|
|
# LDAP CONFIGURATION
|
|
# -------------------------------
|
|
self.LDAP_SERVER = "ldap://localhost:389"
|
|
|
|
self.BASE_DN = "ou=users,dc=lcepl,dc=org" # LDAP Users DN
|
|
|
|
# -------------------------------
|
|
# LOGIN ROUTE
|
|
# -------------------------------
|
|
@self.bp.route('/login', methods=['GET', 'POST'])
|
|
def login():
|
|
if request.method == 'POST':
|
|
username = request.form.get("username")
|
|
password = request.form.get("password")
|
|
|
|
if not username or not password:
|
|
flash("Username and password are required!", "danger")
|
|
return render_template("login.html")
|
|
|
|
user_dn = f"uid={username},{self.BASE_DN}"
|
|
server = Server(self.LDAP_SERVER, get_info=ALL)
|
|
|
|
try:
|
|
# Attempt LDAP bind
|
|
conn = Connection(server, user=user_dn, password=password, auto_bind=True)
|
|
if conn.bound:
|
|
session['user'] = username
|
|
flash(f"Login successful! Welcome {username}", "success")
|
|
return redirect(url_for('welcome'))
|
|
else:
|
|
flash("Invalid username or password!", "danger")
|
|
except LDAPException as e:
|
|
flash(f"LDAP login failed: {str(e)}", "danger")
|
|
finally:
|
|
if 'conn' in locals():
|
|
conn.unbind()
|
|
|
|
# GET request: show login form
|
|
return render_template("login.html")
|
|
|
|
# -------------------------------
|
|
# LOGOUT ROUTE
|
|
# -------------------------------
|
|
@self.bp.route('/logout')
|
|
def logout():
|
|
session.clear()
|
|
flash("Logged out successfully!", "success")
|
|
return redirect(url_for('auth.login'))
|
|
|
|
# ===================================================
|
|
# LOGIN REQUIRED DECORATOR INSIDE CLASS
|
|
# ===================================================
|
|
def login_required(self, f):
|
|
"""
|
|
Protect routes: redirect to login if user not authenticated.
|
|
"""
|
|
@wraps(f)
|
|
def wrapper(*args, **kwargs):
|
|
if "user" not in session:
|
|
flash("Please login first!", "danger")
|
|
return redirect(url_for("auth.login"))
|
|
return f(*args, **kwargs)
|
|
return wrapper
|