Quarter-Internal/app/auth/routes.py

# import ldap
# import pexpect
# from flask import render_template, request, flash, current_app
# from flask_login import login_user, current_user, logout_user, login_required
# from app_common import make_ldap_connection, close_ldap_connection
# from app.auth import bp
# from app.model import User
#
#
# @bp.route('/ajax/login', methods=['POST'])
# def login():
#     if current_user.is_authenticated:
#         return {'message': 'Already logged in'}, 200
#     user = request.json['user']
#     passwd = request.json['passwd']
#
#     ldap_connection = make_ldap_connection()
#     result = ldap_connection.search_s(current_app.config['LDAP_BASE_DN'], ldap.SCOPE_SUBTREE, f'uid={user}')[0]
#
#     try:
#         user = User.from_raw_ldap(result)
#         ldap_connection.bind_s(f'uid={user.id},ou={user.group},{current_app.config["LDAP_BASE_DN"]}', passwd, ldap.AUTH_SIMPLE)
#         login_user(user)
#         return {'message': 'Logged in successfully'}, 200
#     except Exception as ex:
#         return {'message': f'Unable to login {str(ex)}'}, 405
#     finally:
#         close_ldap_connection(ldap_connection)
#
#
# @bp.route('/ajax/logout', methods=['POST'])
# @login_required
# def logout():
#     if current_user:
#         logout_user()
#         return {}, 200
#
#
# @bp.route('/ajax/change_passwd', methods=['POST'])
# @login_required
# def change_passwd():
#     passwd = request.json['passwd']
#     new_passwd = request.json['new_passwd']
#     ldap_connection = make_ldap_connection
#     try:
#         ldap_connection.bind_s(f'uid={current_user.id},ou={current_user.group},{current_app.config["LDAP_BASE_DN"]}', passwd, ldap.AUTH_SIMPLE)
#         ldap_connection.passwd_s(f'uid={current_user.id},ou={current_user.group},{current_app.config["LDAP_BASE_DN"]}', passwd, new_passwd)
#         flash('Password changed successfully')
#         return {'message': 'User password updated successfully'}, 200
#     except ldap.INVALID_CREDENTIALS:
#         flash('Bad password given!')
#         return {'message': 'Bad password'}, 405
#     except Exception as ex:
#         flash('Failed to update password')
#         return {'message': f'Unable to change password: {str(ex)}'}, 400
#     finally:
#         close_ldap_connection(ldap_connection)
#
#
# @bp.route('/account')
# @login_required
# def account():
#     return render_template('account.html', current_user=current_user)
#
#
# @bp.route('/ajax/add_shh_pub_key', methods=['POST', 'DELETE'])
# @login_required
# def add_ssh_pub_key():
#     key = request.json['pubkey']
#     if request.method == 'POST':
#         try:
#             process = pexpect.spawn(f'ssh-ldap-pubkey -D {current_app.config["LDAP_ADMIN_DN"]} add -u {current_user.id} -')
#             process.expect('Enter LDAP password .*:')
#             process.send(current_app.config['LDAP_ADMIN_PASS'])
#             process.sendline()
#             process.expect('')
#             process.send(key)
#             process.sendline()
#             process.sendeof()
#             process.expect('[Kk]ey has been stored: .*')
#             process.close()
#             current_user.ssh_pub_keys.append(key)
#             flash('New SSH public key added')
#             return {}, 200
#         except Exception as ex:
#             if 'Invalid key' in str(ex):
#                 return {'error': 'INVALID_KEY'}, 400
#             return {'error': f'Failed to save ssh key: {str(ex)}'}, 400
#     # request should be post
#     else:
#         try:
#             process = pexpect.spawn(f'ssh-ldap-pubkey -D {current_app.config["LDAP_ADMIN_DN"]} del -u {current_user.id} -')
#             process.expect('Enter LDAP password .*:')
#             process.sendline(current_app.config['LDAP_ADMIN_PASS'])
#             process.send(key)
#             process.sendeof()
#             process.close()
#             flash('Public key removed')
#             current_user.ssh_pub_keys.remove(key)
#             return {}, 200
#         except ValueError:
#             return {'No key found'}, 404
#
#
# @bp.route('/ajax/update_phone', methods=['POST'])
# def update_phone():
#     phone_number = request.json['phone_number']
#     ldap_connection = make_ldap_connection()
#     try:
#         if current_user.phone:
#             ldap_mod_mode = ldap.MOD_REPLACE
#         else:
#             ldap_mod_mode = ldap.MOD_ADD
#
#         phone_mod = [(ldap_mod_mode, 'mobile', phone_number.encode('utf-8'))]
#
#         ldap_connection.bind_s(current_app.config['LDAP_ADMIN_DN'], current_app.config['LDAP_ADMIN_PASS'], ldap.AUTH_SIMPLE)
#         ldap_connection.modify_s(f'uid={current_user.id},ou={current_user.group},{current_app.config["LDAP_BASE_DN"]}', phone_mod)
#         return {'message': 'Phone number updated'}, 200
#     except Exception as ex:
#         return {'error': str(ex)}, 400
#     finally:
#         close_ldap_connection(ldap_connection)