jw-python/tools/python/jwutils/auth/ldap/Auth.py

# -*- coding: utf-8 -*-

from typing import Optional, Union

import ldap

from ...log import *
from ...ldap import bind
from ...Config import Config
from .. import Access
from .. import Auth as AuthBase
from .. import Group as GroupBase
from .. import User as UserBase
from .. import ProjectFlags

class Group(GroupBase): # export

    def __init__(self, auth: AuthBase, name: str):
        self.__name = name
        self.__auth = auth

    def _name(self) -> str:
        return self.__name

class User(UserBase):

    def __init__(
                     self,
                     auth: AuthBase,
                     name: str,
                     cn: str,
                     email: str
                 ):

        self.__auth = auth
        self.__name = name
        self.__cn = cn
        self.__email = email
        self.__groups: Optional[list[GroupBase]] = None

    def _name(self) -> str:
        return self.__name

    def _groups(self) -> list[GroupBase]:
        raise NotImplementedError

    def _email(self) -> str:
        return self.__email

    def _display_name(self) -> str:
        return self.__cn

class Auth(AuthBase): # export

    def __init__(self, conf: Config):
        super().__init__(conf)
        self.___users: Optional[dict[str, UserBase]] = None
        self.___user_by_email: Optional[dict[str, User]] = None
        self.__groups = None
        self.__current_user: User|None = None
        self.__user_base_dn = conf['user_base_dn']
        self.__conn = self.__bind()
        self.__dummy = self.load(conf, 'dummy')

    def __bind(self):
        return bind(self.conf)

    @property
    def __users(self) -> dict[str, UserBase]:
        if self.___users is None:
            ret: dict[str, UserBase] = {}
            ret_by_email: dict[str, User] = {}
            for res in self.__conn.find(
                    self.__user_base_dn,
                    ldap.SCOPE_SUBTREE,
                    "objectClass=inetOrgPerson",
                    ('uid', 'cn', 'uidNumber', 'mail', 'maildrop')
                ):
                try:
                    display_name = None
                    if 'displayName' in res[1]:
                        cn = res[1]['displayName'][0].decode('utf-8')
                    else:
                        cn = res[1]['cn'][0].decode('utf-8')
                    uid = res[1]['uid'][0].decode('utf-8')
                    uidNumber = res[1]['uidNumber'][0].decode('utf-8')
                    emails = []
                    #for attr in ['mail', 'maildrop']:
                    for attr in ['mail']:
                        if attr in res[1]:
                            for entry in res[1][attr]:
                                emails.append(entry.decode('utf-8'))
                    if not emails:
                        slog(DEBUG, f'No email for user "{uid}", skipping')
                        continue
                    user = User(self, name=uid, cn=cn, email=emails[0])
                    ret[uid] = user
                    for email in emails:
                        ret_by_email[email] = user
                except Exception as e:
                    slog(WARNING, f'Exception {e}')
                    raise
                    continue
            for dummy_user in self.__dummy.users.values():
                ret[dummy_user.name] = dummy_user
            self.___users = ret
            self.___user_by_email = ret_by_email
        return self.___users

    @property
    def __user_by_email(self) -> dict[str, UserBase]:
        if self.___user_by_email is None:
            self.__users
        return self.___user_by_email # type: ignore # We are sure that ___user_by_email is not None at this point

    def _access(self, what: str, access_type: Optional[Access], who: User|GroupBase|None) -> bool: # type: ignore
        slog(WARNING, f'Returning False for {access_type} access to resource {what} by {who}')
        return False

    def _user(self, name) -> UserBase:
        try:
            return self.__users[name]
        except:
            slog(ERR, f'No such user: "{name}"')
            raise

    def _user_by_email(self, email: str) -> UserBase:
        return self.__user_by_email[email]

    def _current_user(self) -> User:
        raise NotImplementedError

    def _users(self) -> dict[str, UserBase]:
        return self.__users

    def _projects(self, name, flags: ProjectFlags) -> list[str]:
        if flags & ProjectFlags.Contributing:
            # TODO: Ask LDAP
            slog(WARNING, f'Querying LDAP for projects a user contributes to is not implemented, ignoring')
        return []
auth: Add LDAP support Signed-off-by: Jan Lindemann <jan@janware.com> 2025-06-05 20:48:14 +02:00			`# -- coding: utf-8 --`

			`from typing import Optional, Union`

			`import ldap`

			`from ...log import *`
jwutils.ldap: Add module Signed-off-by: Jan Lindemann <jan@janware.com> 2025-07-26 13:51:42 +02:00			`from ...ldap import bind`
ldap.Auth: Fix half-baked use of jwutils.ldap module ldap.Auth lost a lot of code when jwutils.ldap was introduced, and rightfully so, because jwutils.ldap contains most of it. OTOH, it was used wrongly, fix that. Signed-off-by: Jan Lindemann <jan@janware.com> 2025-09-11 21:35:01 +02:00			`from ...Config import Config`
auth: Add LDAP support Signed-off-by: Jan Lindemann <jan@janware.com> 2025-06-05 20:48:14 +02:00			`from .. import Access`
			`from .. import Auth as AuthBase`
			`from .. import Group as GroupBase`
			`from .. import User as UserBase`
			`from .. import ProjectFlags`

			`class Group(GroupBase): # export`

			`def __init__(self, auth: AuthBase, name: str):`
			`self.__name = name`
			`self.__auth = auth`

			`def _name(self) -> str:`
			`return self.__name`

			`class User(UserBase):`

			`def __init__(`
			`self,`
			`auth: AuthBase,`
			`name: str,`
			`cn: str,`
			`email: str`
			`):`

			`self.__auth = auth`
			`self.__name = name`
			`self.__cn = cn`
			`self.__email = email`
			`self.__groups: Optional[list[GroupBase]] = None`

			`def _name(self) -> str:`
			`return self.__name`

			`def _groups(self) -> list[GroupBase]:`
			`raise NotImplementedError`

			`def _email(self) -> str:`
			`return self.__email`

			`def _display_name(self) -> str:`
			`return self.__cn`

			`class Auth(AuthBase): # export`

			`def __init__(self, conf: Config):`
			`super().__init__(conf)`
Fix errors reported by mypy Signed-off-by: Jan Lindemann <jan@janware.com> 2025-10-13 12:45:51 +02:00			`self.___users: Optional[dict[str, UserBase]] = None`
auth: Add LDAP support Signed-off-by: Jan Lindemann <jan@janware.com> 2025-06-05 20:48:14 +02:00			`self.___user_by_email: Optional[dict[str, User]] = None`
			`self.__groups = None`
			`self.__current_user: User\|None = None`
			`self.__user_base_dn = conf['user_base_dn']`
			`self.__conn = self.__bind()`
ldap.Auth: Fix commit 72d56d9 Commit 72d56d9 (Move type argument into config) swapped the order of arguments in Auth.load(), but the ctor of ldap.Auth didn't follow the change, fix that. Signed-off-by: Jan Lindemann <jan@janware.com> 2025-09-18 23:11:22 +02:00			`self.__dummy = self.load(conf, 'dummy')`
auth: Add LDAP support Signed-off-by: Jan Lindemann <jan@janware.com> 2025-06-05 20:48:14 +02:00
			`def __bind(self):`
jwutils.ldap: Add module Signed-off-by: Jan Lindemann <jan@janware.com> 2025-07-26 13:51:42 +02:00			`return bind(self.conf)`
auth: Add LDAP support Signed-off-by: Jan Lindemann <jan@janware.com> 2025-06-05 20:48:14 +02:00
			`@property`
Fix errors reported by mypy Signed-off-by: Jan Lindemann <jan@janware.com> 2025-10-13 12:45:51 +02:00			`def __users(self) -> dict[str, UserBase]:`
auth: Add LDAP support Signed-off-by: Jan Lindemann <jan@janware.com> 2025-06-05 20:48:14 +02:00			`if self.___users is None:`
Fix errors reported by mypy Signed-off-by: Jan Lindemann <jan@janware.com> 2025-10-13 12:45:51 +02:00			`ret: dict[str, UserBase] = {}`
auth: Add LDAP support Signed-off-by: Jan Lindemann <jan@janware.com> 2025-06-05 20:48:14 +02:00			`ret_by_email: dict[str, User] = {}`
ldap.Auth: Fix half-baked use of jwutils.ldap module ldap.Auth lost a lot of code when jwutils.ldap was introduced, and rightfully so, because jwutils.ldap contains most of it. OTOH, it was used wrongly, fix that. Signed-off-by: Jan Lindemann <jan@janware.com> 2025-09-11 21:35:01 +02:00			`for res in self.__conn.find(`
auth: Add LDAP support Signed-off-by: Jan Lindemann <jan@janware.com> 2025-06-05 20:48:14 +02:00			`self.__user_base_dn,`
			`ldap.SCOPE_SUBTREE,`
			`"objectClass=inetOrgPerson",`
			`('uid', 'cn', 'uidNumber', 'mail', 'maildrop')`
ldap.Auth: Fix half-baked use of jwutils.ldap module ldap.Auth lost a lot of code when jwutils.ldap was introduced, and rightfully so, because jwutils.ldap contains most of it. OTOH, it was used wrongly, fix that. Signed-off-by: Jan Lindemann <jan@janware.com> 2025-09-11 21:35:01 +02:00			`):`
			`try:`
			`display_name = None`
			`if 'displayName' in res[1]:`
			`cn = res[1]['displayName'][0].decode('utf-8')`
			`else:`
			`cn = res[1]['cn'][0].decode('utf-8')`
			`uid = res[1]['uid'][0].decode('utf-8')`
			`uidNumber = res[1]['uidNumber'][0].decode('utf-8')`
			`emails = []`
			`#for attr in ['mail', 'maildrop']:`
			`for attr in ['mail']:`
			`if attr in res[1]:`
			`for entry in res[1][attr]:`
			`emails.append(entry.decode('utf-8'))`
			`if not emails:`
			`slog(DEBUG, f'No email for user "{uid}", skipping')`
auth: Add LDAP support Signed-off-by: Jan Lindemann <jan@janware.com> 2025-06-05 20:48:14 +02:00			`continue`
ldap.Auth: Fix half-baked use of jwutils.ldap module ldap.Auth lost a lot of code when jwutils.ldap was introduced, and rightfully so, because jwutils.ldap contains most of it. OTOH, it was used wrongly, fix that. Signed-off-by: Jan Lindemann <jan@janware.com> 2025-09-11 21:35:01 +02:00			`user = User(self, name=uid, cn=cn, email=emails[0])`
			`ret[uid] = user`
			`for email in emails:`
			`ret_by_email[email] = user`
			`except Exception as e:`
			`slog(WARNING, f'Exception {e}')`
			`raise`
			`continue`
Fix errors reported by mypy Signed-off-by: Jan Lindemann <jan@janware.com> 2025-10-13 12:45:51 +02:00			`for dummy_user in self.__dummy.users.values():`
			`ret[dummy_user.name] = dummy_user`
auth: Add LDAP support Signed-off-by: Jan Lindemann <jan@janware.com> 2025-06-05 20:48:14 +02:00			`self.___users = ret`
			`self.___user_by_email = ret_by_email`
			`return self.___users`

			`@property`
Fix errors reported by mypy Signed-off-by: Jan Lindemann <jan@janware.com> 2025-10-13 12:45:51 +02:00			`def __user_by_email(self) -> dict[str, UserBase]:`
auth: Add LDAP support Signed-off-by: Jan Lindemann <jan@janware.com> 2025-06-05 20:48:14 +02:00			`if self.___user_by_email is None:`
			`self.__users`
Fix errors reported by mypy Signed-off-by: Jan Lindemann <jan@janware.com> 2025-10-13 12:45:51 +02:00			`return self.___user_by_email # type: ignore # We are sure that ___user_by_email is not None at this point`
auth: Add LDAP support Signed-off-by: Jan Lindemann <jan@janware.com> 2025-06-05 20:48:14 +02:00
			`def _access(self, what: str, access_type: Optional[Access], who: User\|GroupBase\|None) -> bool: # type: ignore`
			`slog(WARNING, f'Returning False for {access_type} access to resource {what} by {who}')`
			`return False`

Fix errors reported by mypy Signed-off-by: Jan Lindemann <jan@janware.com> 2025-10-13 12:45:51 +02:00			`def _user(self, name) -> UserBase:`
auth: Add LDAP support Signed-off-by: Jan Lindemann <jan@janware.com> 2025-06-05 20:48:14 +02:00			`try:`
			`return self.__users[name]`
			`except:`
			`slog(ERR, f'No such user: "{name}"')`
			`raise`

Fix errors reported by mypy Signed-off-by: Jan Lindemann <jan@janware.com> 2025-10-13 12:45:51 +02:00			`def _user_by_email(self, email: str) -> UserBase:`
auth: Add LDAP support Signed-off-by: Jan Lindemann <jan@janware.com> 2025-06-05 20:48:14 +02:00			`return self.__user_by_email[email]`

			`def _current_user(self) -> User:`
			`raise NotImplementedError`

Fix errors reported by mypy Signed-off-by: Jan Lindemann <jan@janware.com> 2025-10-13 12:45:51 +02:00			`def _users(self) -> dict[str, UserBase]:`
auth: Add LDAP support Signed-off-by: Jan Lindemann <jan@janware.com> 2025-06-05 20:48:14 +02:00			`return self.__users`

			`def _projects(self, name, flags: ProjectFlags) -> list[str]:`
			`if flags & ProjectFlags.Contributing:`
			`# TODO: Ask LDAP`
Fix errors reported by mypy Signed-off-by: Jan Lindemann <jan@janware.com> 2025-10-13 12:45:51 +02:00			`slog(WARNING, f'Querying LDAP for projects a user contributes to is not implemented, ignoring')`
			`return []`