Project

General

Profile

Download (7.16 KB) Statistics
| Branch: | Tag: | Revision:

root / extra / modules / ezldap.py @ 22eeae99

1
'''
2
Module to provide the kind of interaction needed for a eZ publish website
3
acting as reverse proxy and passing in an HTTP header a pointer to an LDAP
4
entry.
5
'''
6

    
7
try:
8
    import ldap
9
    import ldap.modlist
10
except ImportError:
11
    ldap = None
12

    
13
LDAP_EMAIL = 'courriel'
14

    
15
import time
16
import random
17

    
18
from quixote import get_publisher, get_request, get_session
19
from qommon import get_cfg, get_logger
20
from qommon.form import *
21
from qommon.admin.texts import TextsDirectory
22
from qommon import misc
23

    
24
from wcs.users import User
25

    
26

    
27
def get_ldap_conn():
28
    if hasattr(get_request(), 'ldap_conn'):
29
        return get_request().ldap_conn
30

    
31
    misc_cfg = get_cfg('misc', {})
32
    ldap_url = misc_cfg.get('aq-ezldap-url')
33
    if not ldap_url:
34
        return
35
    ldap_binddn = misc_cfg.get('aq-ezldap-binddn')
36
    ldap_bindpassword = misc_cfg.get('aq-ezldap-bindpassword')
37

    
38
    ldap_conn = ldap.initialize(ldap_url)
39
    ldap_conn.protocol_version = ldap.VERSION3
40
    ldap_conn.simple_bind(ldap_binddn, ldap_bindpassword)
41
    get_request().ldap_conn = ldap_conn
42
    return ldap_conn
43

    
44

    
45
class EzEmailWidget(EmailWidget):
46
    extra_css_class = 'EmailWidget'
47
    def _parse(self, request):
48
        EmailWidget._parse(self, request)
49
        if self.value and not self.error:
50
            # check if an account already exists
51
            misc_cfg = get_cfg('misc', {})
52
            ldap_basedn = misc_cfg.get('aq-ezldap-basedn')
53
            ldap_conn = get_ldap_conn()
54
            ldap_result_id = ldap_conn.search(ldap_basedn, ldap.SCOPE_SUBTREE,
55
                    filterstr='%s=%s' % (LDAP_EMAIL, self.value))
56
            result_type, result_data = ldap_conn.result(ldap_result_id, all=0)
57
            if result_type == ldap.RES_SEARCH_ENTRY:
58
                self.error = _('This email already has an account.')
59

    
60

    
61
class EzLdapUser(object):
62
    anonymous = False
63
    is_admin = False
64
    roles = []
65

    
66
    def __init__(self, dn):
67
        self.id = dn
68
        self.dn = dn
69

    
70
    _ldap_dict = None
71
    def get_ldap_dict(self):
72
        if self._ldap_dict:
73
            return self._ldap_dict
74
        else:
75
            t = get_ldap_conn().search_s(self.dn, ldap.SCOPE_BASE)[0][1]
76
            self._ldap_dict = {}
77
            for k, v in t.items():
78
                if v:
79
                    if k.startswith('date'):
80
                        date = datetime.datetime.strptime(v[0][:14], '%Y%m%d%H%M%S')
81
                        v[0] = date.strftime(misc.date_format())
82
                    self._ldap_dict[k] = v[0]
83
            return self._ldap_dict
84

    
85
    _form_data = None
86
    def get_form_data(self):
87
        if self._form_data:
88
            return self._form_data
89
        else:
90
            self._form_data = {}
91
            ldap_dict = self.get_ldap_dict()
92
            for k, v in ldap_dict.items():
93
                # get the corresponding id from wcs user
94
                for admin_field in User.get_formdef().fields:
95
                    if admin_field.varname == k:
96
                        self._form_data[admin_field.id] = v
97
                        break
98
            return self._form_data
99

    
100
    def set_form_data(self, data):
101
        pass
102
    form_data = property(get_form_data, set_form_data)
103

    
104
    _name = None
105
    def get_display_name(self):
106
        if self._name is None:
107
            parts = []
108
            user = self.get_ldap_dict()
109
            users_cfg = get_cfg('users', {})
110
            # get the corresponding ldap attribute
111
            parts = [user.get(admin_field.varname, '')
112
                        for admin_field in User.get_formdef().fields
113
                            if admin_field.id in users_cfg.get('field_name')]
114
            self._name = ' '.join(parts)
115
        return self._name
116
    display_name = property(get_display_name)
117
    name = property(get_display_name)
118

    
119
    def get_email(self):
120
        return self.get_ldap_dict().get(LDAP_EMAIL)
121
    email = property(get_email)
122

    
123
    def can_go_in_admin(self):
124
        return False
125

    
126
    def can_go_in_backoffice(self):
127
        return False
128

    
129
    def store(self):
130
        pass
131

    
132
    def get_formdef(cls):
133
        formdef = User.get_formdef()
134
        # use only fields with a varname (= ldap attribute)
135
        formdef.fields = [f for f in User.get_formdef().fields if f.varname ]
136
        return formdef
137
    get_formdef = classmethod(get_formdef)
138

    
139
    def get_substitution_variables(self, prefix='session_'):
140
        d = {
141
            prefix+'user': self,
142
            prefix+'user_display_name': self.display_name,
143
            prefix+'user_email': self.email,
144
        }
145
        formdef = self.get_formdef()
146
        if formdef:
147
            from formdata import get_dict_with_varnames
148
            data = get_dict_with_varnames(formdef.fields, self.form_data)
149
            for k, v in data.items():
150
                d[prefix+'user_'+k] = v
151
        return d
152

    
153
    def get_substitution_variables_list(self):
154
        return User.get_substitution_variables_list()
155

    
156
    def set_attributes_from_formdata(self, formdata):
157
        new_entry = self.get_ldap_dict().copy()
158
        for k, v in formdata.items():
159
            attr = k
160
            # if k is an wcs user ID, the ldap attribute is the varname
161
            for admin_field in User.get_formdef().fields:
162
                if k == admin_field.id:
163
                    attr = admin_field.varname
164
                    break
165
            if v:
166
                if isinstance(v, time.struct_time):
167
                    v = time.strftime('%Y%m%d%H%M%SZ',v)
168
                new_entry[attr] = v
169
            else:
170
                new_entry[attr] = ''
171

    
172
        mod_list = ldap.modlist.modifyModlist(self.get_ldap_dict(), new_entry)
173
        if mod_list:
174
            get_ldap_conn().modify_s(get_session().user, mod_list)
175

    
176

    
177
class EzMagicUser(User):
178
    def get(cls, id, ignore_errors=False, ignore_migration=False):
179
        if '=' in str(id):
180
            try:
181
                # FIXME : do a ldap search on each get is not very efficient,
182
                # perhaps add a little cache ? (ttl 5 min ?)
183
                get_ldap_conn().search_s(str(id), ldap.SCOPE_BASE)
184
            except ldap.NO_SUCH_OBJECT:
185
                raise KeyError
186
            return EzLdapUser(id)
187
        else:
188
            return User.get(id, ignore_errors, ignore_migration)
189
    get = classmethod(get)
190

    
191
    def search(cls, q):
192
        '''search in names and email (from wcs user configuration)'''
193
        result = []
194

    
195
        # build the ldap filter string : (|(attr1=*q*)(attr2=*q*)...)
196
        users_cfg = get_cfg('users', {})
197
        search_fields = [ LDAP_EMAIL ] + users_cfg.get('field_name')
198
        attrs = [f.varname for f in User.get_formdef().fields if f.id in search_fields]
199
        filterstr = '(|' + ''.join(['(%%s=*%s*)' % q % a for a in attrs]) + ')'
200

    
201
        ldap_basedn = get_cfg('misc', {}).get('aq-ezldap-basedn')
202
        ldap_conn = get_ldap_conn()
203
        try:
204
            ldap_result_id = ldap_conn.search(ldap_basedn, ldap.SCOPE_SUBTREE,
205
                    filterstr=filterstr)
206
        except ldap.FILTER_ERROR:
207
            return []
208
        while True:
209
            result_type, result_data = ldap_conn.result(ldap_result_id, all=0)
210
            if not result_data:
211
                break
212
            if result_type == ldap.RES_SEARCH_ENTRY:
213
                result.append(result_data[0][0])
214
        return [EzLdapUser(dn) for dn in result]
215
    search = classmethod(search)
216

    
(18-18/32)