from ldap3.utils.dn import escape_rdn
This commit is contained in:
parent
c08a24b9f3
commit
1fd2c4e984
GPG key ID:
12E3D2136B818350
1 changed files with 8 additions and 6 deletions
|
|
@ -4,6 +4,7 @@ from os import environ
|
||||||
from flask import Flask, flash, redirect, request, session, url_for
|
from flask import Flask, flash, redirect, request, session, url_for
|
||||||
from ldap3 import ALL_ATTRIBUTES, MODIFY_ADD, MODIFY_DELETE
|
from ldap3 import ALL_ATTRIBUTES, MODIFY_ADD, MODIFY_DELETE
|
||||||
from ldap3.core.exceptions import LDAPException
|
from ldap3.core.exceptions import LDAPException
|
||||||
|
from ldap3.utils.dn import escape_rdn
|
||||||
|
|
||||||
from .helpers.flask import template
|
from .helpers.flask import template
|
||||||
from .helpers.ldap import (
|
from .helpers.ldap import (
|
||||||
|
|
@ -35,11 +36,11 @@ def login():
|
||||||
|
|
||||||
if request.method == "POST":
|
if request.method == "POST":
|
||||||
if try_auth(
|
if try_auth(
|
||||||
request.form["username"],
|
escape_rdn(request.form["username"]),
|
||||||
request.form["password"],
|
request.form["password"],
|
||||||
):
|
):
|
||||||
session["is_logged_in"] = True
|
session["is_logged_in"] = True
|
||||||
session["username"] = request.form["username"]
|
session["username"] = escape_rdn(request.form["username"])
|
||||||
session["password"] = request.form["password"]
|
session["password"] = request.form["password"]
|
||||||
|
|
||||||
flash("logged in")
|
flash("logged in")
|
||||||
|
|
@ -119,12 +120,11 @@ def selfservice(ldap):
|
||||||
flash("password changed")
|
flash("password changed")
|
||||||
except LDAPException as e:
|
except LDAPException as e:
|
||||||
app.logger.error(
|
app.logger.error(
|
||||||
"Updating {} failed: {}\n{}".format(
|
"Updating {} failed: {}".format(
|
||||||
APP_CONFIG["template"]["user_dn"].format(
|
APP_CONFIG["template"]["user_dn"].format(
|
||||||
session["username"]
|
session["username"]
|
||||||
),
|
),
|
||||||
repr(e),
|
repr(e),
|
||||||
repr(request.form),
|
|
||||||
),
|
),
|
||||||
)
|
)
|
||||||
flash(e)
|
flash(e)
|
||||||
|
|
@ -154,6 +154,8 @@ def groups(ldap):
|
||||||
@app.route("/groups/<ou>", methods=["GET", "POST"])
|
@app.route("/groups/<ou>", methods=["GET", "POST"])
|
||||||
@admin_required
|
@admin_required
|
||||||
def group_edit(ldap, ou):
|
def group_edit(ldap, ou):
|
||||||
|
ou = escape_rdn(ou)
|
||||||
|
|
||||||
if request.method == "POST":
|
if request.method == "POST":
|
||||||
if request.form.get("remove"):
|
if request.form.get("remove"):
|
||||||
ldap.modify(
|
ldap.modify(
|
||||||
|
|
@ -163,7 +165,7 @@ def group_edit(ldap, ou):
|
||||||
(
|
(
|
||||||
MODIFY_DELETE,
|
MODIFY_DELETE,
|
||||||
APP_CONFIG["template"]["user_dn"].format(
|
APP_CONFIG["template"]["user_dn"].format(
|
||||||
request.form["remove"]
|
escape_rdn(request.form["remove"])
|
||||||
),
|
),
|
||||||
)
|
)
|
||||||
]
|
]
|
||||||
|
|
@ -178,7 +180,7 @@ def group_edit(ldap, ou):
|
||||||
(
|
(
|
||||||
MODIFY_ADD,
|
MODIFY_ADD,
|
||||||
APP_CONFIG["template"]["user_dn"].format(
|
APP_CONFIG["template"]["user_dn"].format(
|
||||||
request.form["add"]
|
escape_rdn(request.form["add"])
|
||||||
),
|
),
|
||||||
)
|
)
|
||||||
]
|
]
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue