From daf29c011a7224eef95fe3eb0e5f45f385abc869 Mon Sep 17 00:00:00 2001
From: Rodney Ewing <ewing.rj@gmail.com>
Date: Mon, 1 Jul 2013 11:46:57 -0700
Subject: [PATCH] starting ldap plugin

---
 mediagoblin/plugins/ldap/__init__.py | 62 ++++++++++++++++++++++++++++
 mediagoblin/plugins/ldap/tools.py    | 60 +++++++++++++++++++++++++++
 mediagoblin/plugins/ldap/views.py    | 44 ++++++++++++++++++++
 3 files changed, 166 insertions(+)
 create mode 100644 mediagoblin/plugins/ldap/__init__.py
 create mode 100644 mediagoblin/plugins/ldap/tools.py
 create mode 100644 mediagoblin/plugins/ldap/views.py

diff --git a/mediagoblin/plugins/ldap/__init__.py b/mediagoblin/plugins/ldap/__init__.py
new file mode 100644
index 00000000..a46a0ed3
--- /dev/null
+++ b/mediagoblin/plugins/ldap/__init__.py
@@ -0,0 +1,62 @@
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from mediagoblin.auth.tools import create_basic_user
+from mediagoblin.plugins.ldap.tools import LDAP
+from mediagoblin.plugins.ldap import forms
+from mediagoblin.tools import pluginapi
+
+
+def setup_plugin():
+    config = pluginapi.get_config('mediagoblin.plugins.ldap')
+
+    routes = [
+        ('mediagoblin.plugins.ldap.register',
+         '/auth/ldap/register/',
+         'mediagoblin.plugins.ldap.views:register')]
+    pluginapi.register_routes(routes)
+
+
+def check_login_simple(username, password, request):
+    l = LDAP(request)
+    return l.login(username, password)
+
+
+def create_user(register_form):
+    user = create_basic_user(register_form)
+    return user
+
+
+def get_login_form(request):
+    return forms.LoginForm(request.form)
+
+
+def auth():
+    return True
+
+
+def append_to_global_context(context):
+    context['pass_auth'] = True
+    return context
+
+hooks = {
+    'setup': setup_plugin,
+    'authentication': auth,
+    'auth_check_login_simple': check_login_simple,
+    'auth_create_user': create_user,
+    'template_global_context': append_to_global_context,
+    'auth_get_login_form': get_login_form,
+}
diff --git a/mediagoblin/plugins/ldap/tools.py b/mediagoblin/plugins/ldap/tools.py
new file mode 100644
index 00000000..6134aaba
--- /dev/null
+++ b/mediagoblin/plugins/ldap/tools.py
@@ -0,0 +1,60 @@
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+import ldap
+import logging
+
+from mediagoblin import mg_globals
+from mediagoblin.db.models import User
+from mediagoblin.tools.response import redirect
+
+_log = logging.getLogger(__name__)
+
+
+class LDAP(object):
+    def __init__(self, request):
+        self.ldap_settings = mg_globals.global_config['plugins']['mediagoblin.plugins.ldap']
+        self.request = request
+
+    def _connect(self, server):
+        _log.info('Connecting to {0}.'.format(server['LDAP_HOST']))
+        self.conn = ldap.initialize('ldap://{0}:{1}/'.format(
+            server['LDAP_HOST'], server['LDAP_PORT']))
+
+    def login(self, username, password):
+        for k, v in self.ldap_settings.iteritems():
+            try:
+                import ipdb
+                ipdb.set_trace()
+                self._connect(v)
+                user_dn = v['USER_DN_TEMPLATE'].format(username=username)
+                self.conn.simple_bind_s(user_dn, password.encode('utf8'))
+                return self._get_or_create_user(username)
+
+            except ldap.LDAPError, e:
+                _log.info(e)
+
+        return None
+
+    def _get_or_create_user(self, username):
+        user = User.query.filter_by(
+            username=username).first()
+
+        if user:
+            return user
+
+        self.request.session['username'] = username
+        redirect(
+            self.request, 'mediagoblin.plugins.ldap.register')
diff --git a/mediagoblin/plugins/ldap/views.py b/mediagoblin/plugins/ldap/views.py
new file mode 100644
index 00000000..95132f96
--- /dev/null
+++ b/mediagoblin/plugins/ldap/views.py
@@ -0,0 +1,44 @@
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+from mediagoblin.auth.tools import register_user
+from mediagoblin.plugins.ldap import forms
+from mediagoblin.tools.response import redirect, render_to_response
+
+
+def register(request):
+    username = request.session.pop('username')
+    if 'email' in request.session:
+        email = request.session.pop('email')
+    else:
+        email = None
+    register_form = forms.RegisterForm(request.form, username=username,
+                                       email=email)
+
+    if request.method == 'POST' and register_form.validate():
+        user = register_user(request, register_form)
+
+        if user:
+            # redirect the user to their homepage... there will be a
+            # message waiting for them to verify their email
+            return redirect(
+                request, 'mediagoblin.user_pages.user_home',
+                user=user.username)
+
+    return render_to_response(
+        request,
+        'mediagoblin/auth/register.html',
+        {'register_form': register_form,
+         'post_url': request.urlgen('mediagoblin.plugins.ldap.register')})
-- 
2.25.1