Commit 4f51f303 authored by Recteur LP's avatar Recteur LP
Browse files

Add a gravatar config option and bump required pyrmin version

parent 8ac74396
......@@ -13,6 +13,7 @@ ldapauth:
port: 389
ssl: False
version: 3
gravatar: False
authorize_non_ldap_user: False # Set to True to Accept non LDAP user in the Remote-User Header
user_id: sAMAccountName
user_displayname: displayName
......@@ -32,6 +33,7 @@ ldapauth:
port: 389
ssl: False
version: 3
gravatar: False
authorize_non_ldap_user: False # Set to True to Accept non LDAP user in the Remote-User Header
user_id: uid
group_member_attr: memberUid
......@@ -51,6 +53,7 @@ ldapauth:
port: 389
ssl: False
version: 3
gravatar: False
authorize_non_ldap_user: False # Set to True to Accept non LDAP user in the Remote-User Header
user_id: uid
group_member_attr: member
......
......@@ -4,6 +4,7 @@
import sys
import hashlib
import pyrmin
from six.moves.urllib.parse import urlencode
try:
import ldap
......@@ -16,14 +17,18 @@ except ImportError:
__name__ = "LDAP Authentification"
__description__ = "Module to authenticate user with Active Directory Server"
__version__ = "0.3.7"
__pyrmin_version__ = "0.3.2"
__pyrmin_version__ = "0.4.0"
__logo__ = "/plugins/ldapauth/img/logo.png"
__namespace__ = "ldapauth"
###################################
__gravatar_url__ = '//www.gravatar.com/avatar/'
class auth():
"LDAP auth module"
def __init__(self, config):
self.config = config
if 'user_displayname' not in self.config:
......@@ -72,7 +77,7 @@ class auth():
if sys.version_info < (3, 0):
try:
self.ld.unbind_s()
except:
except Exception:
pass
def __getresults(self, filter):
......@@ -102,6 +107,16 @@ class auth():
else:
return self.ld.search_s(group, ldap.SCOPE_SUBTREE)
def get_image_url(self, mail):
""" Return Gravatar url for mail
"""
if 'gravatar' in self.config and self.config['gravatar']:
gravatar_url = __gravatar_url__ + hashlib.md5(mail.encode("utf-8")).hexdigest() + "?"
gravatar_url += urlencode({'d': "identicon", 's': str(50)})
return gravatar_url
else:
return "/img/default-user.png"
def getusersfromgroup(self, group):
users = []
if sys.version_info >= (3, 0):
......@@ -161,9 +176,6 @@ class auth():
attrs = entry['attributes']
name = self._to_string(attrs.get(self.config['user_id'], ['Guest']))
mail = str(self._to_string(attrs.get('mail'))).lower()
gravatar_url = "https://www.gravatar.com/avatar/" + \
hashlib.md5(mail.encode('utf-8')).hexdigest() + "?"
gravatar_url += urllib.parse.urlencode({'d': "identicon", 's': str(50)})
division = self._to_string(attrs.get('division', 'Guest'))
displayname = self._to_string(attrs.get(self.config['user_displayname'], 'Guest'))
company = self._to_string(attrs.get('company', ''))
......@@ -191,41 +203,39 @@ class auth():
"mobile": self._to_string(attrs.get('otherMobile', [''])),
"company": company,
"mail": mail,
"img": gravatar_url,
"img": self.get_image_url(mail),
"dn": dn
}
else:
filter = "(&(" + self.config['user_id'] + "=" + name + ")(!(objectClass=computer)))"
for dn, attrs in self.__getresults(filter):
name = attrs.get(self.config['user_id'], ['Guest'])[0]
mail = str(attrs.get('mail')[0]).decode('utf-8').lower()
gravatar_url = "https://www.gravatar.com/avatar/" + hashlib.md5(mail).hexdigest() + "?"
gravatar_url += urllib.urlencode({'d': "identicon", 's': str(50)})
division = attrs.get('division', ['Guest'])[0].decode("utf-8")
displayname = attrs.get(self.config['user_displayname'], ['Guest'])[0].decode("utf-8")
company = attrs.get('company', [''])[0].decode("utf-8")
name = attrs.get(self.config['user_id'], ['Guest'])[0]
mail = str(attrs.get('mail')[0]).decode('utf-8').lower()
division = attrs.get('division', ['Guest'])[0].decode("utf-8")
displayname = attrs.get(self.config['user_displayname'], ['Guest'])[0].decode("utf-8")
company = attrs.get('company', [''])[0].decode("utf-8")
isadmin = False
admins = []
for group in self.config['admin']:
admins = self.getusersfromgroup(group)
for admin in admins:
if 'name' in admin and name.lower() == admin['name'].lower():
isadmin = True
break
if isadmin:
isadmin = False
admins = []
for group in self.config['admin']:
admins = self.getusersfromgroup(group)
for admin in admins:
if 'name' in admin and name.lower() == admin['name'].lower():
isadmin = True
break
return {
"username": name,
"auth": True,
"admin": isadmin,
"division": division,
"displayname": displayname,
"mobile": attrs.get('otherMobile', [''])[0],
"company": company,
"mail": mail,
"img": gravatar_url
}
if isadmin:
break
return {
"username": name,
"auth": True,
"admin": isadmin,
"division": division,
"displayname": displayname,
"mobile": attrs.get('otherMobile', [''])[0],
"company": company,
"mail": mail,
"img": self.get_image_url(mail)
}
if len(name) > 0 and self.config['authorize_non_ldap_user']:
return {
......@@ -237,5 +247,5 @@ class auth():
"mobile": "",
"company": "",
"mail": "",
"img": "https://assets.github.com/images/gravatars/gravatar-140.png"
"img": self.get_image_url("")
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment