diff --git a/main.py b/main.py index 6bcfe6f..2ef3ff1 100644 --- a/main.py +++ b/main.py @@ -7,12 +7,10 @@ from wtforms import SubmitField, StringField, HiddenField, SelectField, IntegerF from flask_wtf import FlaskForm from status import st, Status from shared import CreateSelect, CreateFoldersSelect, LocationIcon, DB_URL -from flask_login import login_required, current_user - # for ldap auth from flask_ldap3_login import LDAP3LoginManager -from flask_login import LoginManager, login_user, UserMixin, current_user +from flask_login import LoginManager, login_user, login_required, UserMixin, current_user from flask_ldap3_login.forms import LDAPLoginForm import re @@ -49,11 +47,6 @@ login_manager = LoginManager(app) # Setup a Flask-Login Manager ldap_manager = LDAP3LoginManager(app) # Setup a LDAP3 Login Manager. login_manager.login_view = "login" # default login route, failed with url_for, so hard-coded -# Create a dictionary to store the users in when they authenticate -# This example stores users in memory. -users = {} - - ################################# Now, import non-book classes ################################### from settings import Settings @@ -63,6 +56,7 @@ from refimg import Refimg from job import Job, GetNumActiveJobs from ai import aistats from path import StoragePathNames +from user import PAUser ####################################### GLOBALS ####################################### # allow jinja2 to call these python functions directly @@ -98,9 +92,8 @@ class User(UserMixin): # returns None. @login_manager.user_loader def load_user(id): - if id in users: - return users[id] - return None + pau=PAUser.query.filter(PAUser.dn==id).first() + return pau # Declare The User Saver for Flask-Ldap3-Login # This method is called whenever a LDAPLoginForm() successfully validates. @@ -108,9 +101,14 @@ def load_user(id): # login controller. @ldap_manager.save_user def save_user(dn, username, data, memberships): - user = User(dn, username, data) - users[dn] = user - return user + pau=PAUser.query.filter(PAUser.dn==dn).first() + # if we already have a valid user/session, and say the web has restarted, just re-use it, dont make more users + if pau: + return pau + pau=PAUser(dn=dn) + db.session.add(pau) + db.session.commit() + return pau # default page, just the navbar @app.route("/", methods=["GET"]) @@ -129,9 +127,15 @@ def login(): form = LDAPLoginForm() form.submit.label.text="Login" + # the re matches on any special LDAP chars, we dont want someone + # ldap-injecting our username, so send them back to the login page instead + if request.method == 'POST' and re.search( r'[()\\*&!]', request.form['username']): + print( f"WARNING: Detected special LDAP chars in username: {request.form['username']}") + return redirect('/login') if form.validate_on_submit(): # Successfully logged in, We can now access the saved user object # via form.user. + print( f"form user = {form.user}" ) login_user(form.user, remember=True) # Tell flask-login to log them in. next = request.args.get("next") if next: diff --git a/tables.sql b/tables.sql index f82832f..07094d5 100644 --- a/tables.sql +++ b/tables.sql @@ -2,6 +2,8 @@ alter database PA set timezone to 'Australia/Victoria'; create table SETTINGS( ID integer, IMPORT_PATH varchar, STORAGE_PATH varchar, RECYCLE_BIN_PATH varchar, constraint PK_SETTINGS_ID primary key(ID) ); +create table PA_USER( ID integer, dn varchar, constraint PK_PA_USER_ID primary key(ID) ); + create table FILE_TYPE ( ID integer, NAME varchar(32) unique, constraint PK_FILE_TYPE_ID primary key(ID) ); create table PATH_TYPE ( ID integer, NAME varchar(16) unique, constraint PK_PATH_TYPE_ID primary key(ID) ); @@ -69,6 +71,7 @@ create table PA_JOB_MANAGER_FE_MESSAGE ( ID integer, JOB_ID integer, ALERT varch constraint PA_JOB_MANAGER_FE_ACKS_ID primary key(ID), constraint FK_PA_JOB_MANAGER_FE_MESSAGE_JOB_ID foreign key(JOB_ID) references JOB(ID) ); +create sequence PA_USER_ID_SEQ; create sequence PATH_ID_SEQ; create sequence PATH_TYPE_ID_SEQ; create sequence FILE_ID_SEQ;