基于组成员身份使用 Flask-LDAP3-Login 进行身份验证

2022-01-17 00:00:00 python flask authentication ldap ldap3

问题描述

我是 Flask 新手,我正在尝试 Flask-LDAP3-Login.

I'm new to Flask and I'm trying out Flask-LDAP3-Login.

我已经按照这里的文档进行了操作,我的工作很棒:https://flask-ldap3-login.readthedocs.io/en/latest/index.html

I've followed the documentation here and i have it working which is great: https://flask-ldap3-login.readthedocs.io/en/latest/index.html

我将如何根据用户是否是特定组的成员来对用户进行身份验证?我看到文档提到了组过滤,但我不确定如何将它们放在一起.

How would i go about authenticating a user based on whether they are a member of a specific group? I see the docs mention group filtering but i'm not sure how to put it all together.

解决方案

如果有人好奇,我自己解决了这个问题:

If anyone is curious, i solved this myself doing the following:

首先,我使用此处的步骤将 flask-ldap3-login 与 Flask-SQLAlchemy 集成 - https://github.com/nickw444/flask-ldap3-login/issues/26

First, i integrated flask-ldap3-login with Flask-SQLAlchemy using steps here - https://github.com/nickw444/flask-ldap3-login/issues/26

我的保存用户方法现在如下所示:

My save user method now looks like this:

@ldap_manager.save_user
def save_user(dn, username, data, memberships):
    id=int(data.get("uidNumber"))
    if 'group-goes-here' in data.get("memberOf"):
        user=User.query.filter_by(id=id).first()
        if not user:
            user=User(
                id=int(id),
                dn=dn,
                username=username,
                email=data['mail'],
                firstname=data['givenName'],
                lastname=data['sn']
            )
            db.session.add(user)
            db.session.commit()

        return user

所以基本上只要用户输入有效的 LDAP 凭据,它就会去 AD 检索他们的组成员资格,并且它的一个简单 if 'group-goes-here' in data.get("memberOf"): 确定是否将用户保存在我的用户模型并将其返回给处理程序.

So basically provided the user enters valid LDAP credentials it goes to AD to retrieve their group memberships and its a simple if 'group-goes-here' in data.get("memberOf"): determines whether to save the user in my User model and return it back to the handler.

@auth.route('/login', methods=['GET', 'POST'])
def login():
    # Redirect users who are not logged in.
    form = LDAPLoginForm()
    if form.validate_on_submit():
        if form.user:
            login_user(form.user)
        else:
            flash('Login Failed', 'warning')
            return redirect(url_for('auth.login'))
        return redirect(url_for('main.home'))

希望这会有所帮助!

相关文章