Merge remote-tracking branch 'upstream/master' into ldap_group_security

Conflicts: app/models.py config_template.py
2016-04-13 09:56:46 -06:00 · 2016-04-13 09:56:46 -06:00 · 942ca47103
parent 5914c3cc86 8f8b26266b
commit 942ca47103
6 changed files with 33 additions and 8 deletions
--- a/app/lib/utils.py
+++ b/app/lib/utils.py
@ -5,7 +5,10 @@ import requests
 import urlparse
 from app import app

-TIMEOUT = app.config['TIMEOUT']
+if 'TIMEOUT' in app.config.keys():
+    TIMEOUT = app.config['TIMEOUT']
+else:
+    TIMEOUT = 10

 def auth_from_url(url):
    auth = None
--- a/app/models.py
+++ b/app/models.py
@ -19,10 +19,18 @@ LDAP_USERNAME = app.config['LDAP_USERNAME']
 LDAP_PASSWORD = app.config['LDAP_PASSWORD']
 LDAP_SEARCH_BASE = app.config['LDAP_SEARCH_BASE']
 LDAP_TYPE = app.config['LDAP_TYPE']
-LDAP_GROUP_SECURITY = app.config['LDAP_GROUP_SECURITY']
-if LDAP_GROUP_SECURITY == True:
-    LDAP_ADMIN_GROUP = app.config['LDAP_ADMIN_GROUP']
-    LDAP_USER_GROUP = app.config['LDAP_USER_GROUP']
+if 'LDAP_TYPE' in app.config.keys():
+    LDAP_URI = app.config['LDAP_URI']
+    LDAP_USERNAME = app.config['LDAP_USERNAME']
+    LDAP_PASSWORD = app.config['LDAP_PASSWORD']
+    LDAP_SEARCH_BASE = app.config['LDAP_SEARCH_BASE']
+    LDAP_TYPE = app.config['LDAP_TYPE']
+    LDAP_GROUP_SECURITY = app.config['LDAP_GROUP_SECURITY']
+    if LDAP_GROUP_SECURITY == True:
+        LDAP_ADMIN_GROUP = app.config['LDAP_ADMIN_GROUP']
+        LDAP_USER_GROUP = app.config['LDAP_USER_GROUP']
+else:
+    LDAP_TYPE = False

 PDNS_STATS_URL = app.config['PDNS_STATS_URL']
 PDNS_API_KEY = app.config['PDNS_API_KEY']
@ -151,6 +159,10 @@ class User(db.Model):
                return False

        elif method == 'LDAP':
+            if not LDAP_TYPE:
+                logging.error('LDAP authentication is disabled')
+                return False
+
            if LDAP_TYPE == 'ldap':
              searchFilter = "cn=%s" % self.username
            else:
--- a/app/templates/login.html
+++ b/app/templates/login.html
@ -75,7 +75,9 @@
        <div class="form-group">
            <select class="form-control" name="auth_method">
                <option value="LOCAL">Default Authentication</option>
+                {% if ldap_enabled %}
                <option value="LDAP">LDAP Authentication</option>
+                {% endif %}
            </select>
        </div>
        <div class="form-actions">
--- a/app/views.py
+++ b/app/views.py
@ -65,7 +65,8 @@ def login():
        return redirect(url_for('dashboard'))

    if request.method == 'GET':
-        return render_template('login.html')
+        LDAP_ENABLED = True if 'LDAP_TYPE' in app.config.keys() else False
+        return render_template('login.html', ldap_enabled=LDAP_ENABLED)
    
    # process login
    username = request.form['username']
--- a/config_template.py
+++ b/config_template.py
@ -4,6 +4,7 @@ basedir = os.path.abspath(os.path.dirname(__file__))
 # BASIC APP CONFIG
 WTF_CSRF_ENABLED = True
 SECRET_KEY = 'We are the world'
+BIND_ADDRESS = '127.0.0.1'
 PORT = 9393

 # TIMEOUT - for large zones
@ -22,14 +23,15 @@ SQLALCHEMY_MIGRATE_REPO = os.path.join(basedir, 'db_repository')
 SQLALCHEMY_TRACK_MODIFICATIONS = True

 # LDAP CONFIG
+LDAP_TYPE = 'ldap' # use 'ad' for MS Active Directory
 LDAP_URI = 'ldaps://your-ldap-server:636'
 LDAP_USERNAME = 'cn=dnsuser,ou=users,ou=services,dc=duykhanh,dc=me'
 LDAP_PASSWORD = 'dnsuser'
 LDAP_SEARCH_BASE = 'ou=System Admins,ou=People,dc=duykhanh,dc=me'
-LDAP_TYPE = 'ldap' // or 'ad'
 LDAP_GROUP_SECURITY = False // or True
 LDAP_ADMIN_GROUP = 'CN=PowerDNS-Admin Admin,OU=Custom,DC=ivan,DC=local'
 LDAP_USER_GROUP = 'CN=PowerDNS-Admin User,OU=Custom,DC=ivan,DC=local'
+=======

 # POWERDNS CONFIG
 PDNS_STATS_URL = 'http://172.16.214.131:8081/'
--- a/run.py
+++ b/run.py
@ -2,5 +2,10 @@
 from app import app
 from config import PORT

+try:
+	from config import BIND_ADDRESS 
+except:
+	BIND_ADDRESS = '127.0.0.1'
+
 if __name__ == '__main__':
-    app.run(debug = True, port=PORT)
+    app.run(debug = True, host=BIND_ADDRESS, port=PORT)