From f7c0c0146ab976259fecd4d4cdceaae5dbd26159 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 10 Mar 2019 19:45:16 +0100 Subject: [PATCH] add LDAP Group Membership Policy --- passbook/ldap/forms.py | 67 ++++--------------- .../0002_ldapgroupmembershippolicy.py | 28 ++++++++ passbook/ldap/models.py | 35 ++++------ 3 files changed, 54 insertions(+), 76 deletions(-) create mode 100644 passbook/ldap/migrations/0002_ldapgroupmembershippolicy.py diff --git a/passbook/ldap/forms.py b/passbook/ldap/forms.py index b16658886..c663a1c00 100644 --- a/passbook/ldap/forms.py +++ b/passbook/ldap/forms.py @@ -5,7 +5,8 @@ from django.contrib.admin.widgets import FilteredSelectMultiple from django.utils.translation import gettext_lazy as _ from passbook.admin.forms.source import SOURCE_FORM_FIELDS -from passbook.ldap.models import LDAPSource +from passbook.core.forms.policies import GENERAL_FIELDS +from passbook.ldap.models import LDAPGroupMembershipPolicy, LDAPSource class LDAPSourceForm(forms.ModelForm): @@ -32,58 +33,18 @@ class LDAPSourceForm(forms.ModelForm): 'base_dn': _('Base DN'), } -# class GeneralSettingsForm(SettingsForm): -# """general settings form""" -# MODE_AUTHENTICATION_BACKEND = 'auth_backend' -# MODE_CREATE_USERS = 'create_users' -# MODE_CHOICES = ( -# (MODE_AUTHENTICATION_BACKEND, _('Authentication Backend')), -# (MODE_CREATE_USERS, _('Create Users')) -# ) -# namespace = 'passbook.ldap' -# settings = ['enabled', 'mode'] +class LDAPGroupMembershipPolicyForm(forms.ModelForm): + """LDAPGroupMembershipPolicy Form""" -# widgets = { -# 'enabled': forms.BooleanField(required=False), -# 'mode': forms.ChoiceField(widget=forms.RadioSelect, choices=MODE_CHOICES), -# } + class Meta: - -# class ConnectionSettings(SettingsForm): -# """Connection settings form""" - -# namespace = 'passbook.ldap' -# settings = ['server', 'server:tls', 'bind:user', 'bind:password', 'domain'] - -# attrs_map = { -# 'server': {'placeholder': 'dc1.corp.exmaple.com'}, -# 'bind:user': {'placeholder': 'Administrator'}, -# 'domain': {'placeholder': 'corp.example.com'}, -# } - -# widgets = { -# 'server:tls': forms.BooleanField(required=False, label=_('Server TLS')), -# } - - -# class AuthenticationBackendSettings(SettingsForm): -# """Authentication backend settings""" - -# namespace = 'passbook.ldap' -# settings = ['base'] - -# attrs_map = { -# 'base': {'placeholder': 'DN in which to search for users'}, -# } - - -# class CreateUsersSettings(SettingsForm): -# """Create users settings""" - -# namespace = 'passbook.ldap' -# settings = ['create_base'] - -# attrs_map = { -# 'create_base': {'placeholder': 'DN in which to create users'}, -# } + model = LDAPGroupMembershipPolicy + fields = GENERAL_FIELDS + ['dn', ] + widgets = { + 'name': forms.TextInput(), + 'dn': forms.TextInput(), + } + labels = { + 'dn': _('DN') + } diff --git a/passbook/ldap/migrations/0002_ldapgroupmembershippolicy.py b/passbook/ldap/migrations/0002_ldapgroupmembershippolicy.py new file mode 100644 index 000000000..a7f2bed7e --- /dev/null +++ b/passbook/ldap/migrations/0002_ldapgroupmembershippolicy.py @@ -0,0 +1,28 @@ +# Generated by Django 2.1.7 on 2019-03-10 18:38 + +import django.db.models.deletion +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('passbook_core', '0020_groupmembershippolicy'), + ('passbook_ldap', '0001_initial'), + ] + + operations = [ + migrations.CreateModel( + name='LDAPGroupMembershipPolicy', + fields=[ + ('policy_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.Policy')), + ('dn', models.TextField()), + ('source', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='passbook_ldap.LDAPSource')), + ], + options={ + 'verbose_name': 'LDAP Group Membership Policy', + 'verbose_name_plural': 'LDAP Group Membership Policys', + }, + bases=('passbook_core.policy',), + ), + ] diff --git a/passbook/ldap/models.py b/passbook/ldap/models.py index 6d112cfc7..190da2ebe 100644 --- a/passbook/ldap/models.py +++ b/passbook/ldap/models.py @@ -3,7 +3,7 @@ from django.db import models from django.utils.translation import gettext as _ -from passbook.core.models import Source +from passbook.core.models import Policy, Source, User class LDAPSource(Source): @@ -37,30 +37,19 @@ class LDAPSource(Source): verbose_name = _('LDAP Source') verbose_name_plural = _('LDAP Sources') +class LDAPGroupMembershipPolicy(Policy): + """Policy to check if a user is in a certain LDAP Group""" -# class LDAPModification(UUIDModel, CreatedUpdatedModel): -# """Store LDAP Data in DB if LDAP Server is unavailable""" -# ACTION_ADD = 'ADD' -# ACTION_MODIFY = 'MODIFY' + dn = models.TextField() + source = models.ForeignKey('LDAPSource', on_delete=models.CASCADE) -# ACTIONS = ( -# (ACTION_ADD, 'ADD'), -# (ACTION_MODIFY, 'MODIFY'), -# ) + form = 'passbook.ldap.forms.LDAPGroupMembershipPolicyForm' -# dn = models.CharField(max_length=255) -# action = models.CharField(max_length=17, choices=ACTIONS, default=ACTION_MODIFY) -# data = JSONField() + def passes(self, user: User): + """Check if user instance passes this policy""" + raise NotImplementedError() -# def __str__(self): -# return "LDAPModification %d from %s" % (self.pk, self.created) + class Meta: - -# class LDAPGroupMapping(UUIDModel, CreatedUpdatedModel): -# """Model to map an LDAP Group to a passbook group""" - -# ldap_dn = models.TextField() -# group = models.ForeignKey(Group, on_delete=models.CASCADE) - -# def __str__(self): -# return "LDAPGroupMapping %s -> %s" % (self.ldap_dn, self.group.name) + verbose_name = _('LDAP Group Membership Policy') + verbose_name_plural = _('LDAP Group Membership Policys')