feat: deploy in a docker container

chore: cleanup
feat: move to external config
2021-05-23 13:00:15 +02:00 · 2021-05-23 13:00:12 +02:00 · 2021-05-23 12:28:13 +02:00 · 2021-05-23 12:23:50 +02:00
5 changed files with 38 additions and 12 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+env/
+src/__pycache__/
--- a/10
+++ b/10
@ -0,0 +1,10 @@
+FROM python:3.9-alpine
+
+WORKDIR /opt/self-service
+
+COPY requirements.txt ./
+RUN apk add --no-cache build-base openldap-dev python2-dev python3-dev
+RUN pip install --no-cache-dir -r requirements.txt
+
+COPY ./src ./src
+CMD ["/usr/local/bin/uvicorn", "src.main:app"]
--- a/config.py
+++ b/config.py
@ -0,0 +1,2 @@
+LDAP_URI = "ldap://127.0.0.1:389"
+LDAP_BASE_DN = "ou=accounts,dc=example,dc=org"
--- a/requirements.txt
+++ b/requirements.txt
@ -0,0 +1,10 @@
+click==7.1.2
+fastapi==0.65.1
+h11==0.12.0
+pyasn1==0.4.8
+pyasn1-modules==0.2.8
+pydantic==1.8.2
+python-ldap==3.3.1
+starlette==0.14.2
+typing-extensions==3.10.0.0
+uvicorn==0.13.4
--- a/src/main.py
+++ b/src/main.py
@ -1,9 +1,10 @@
 import ldap

-from fastapi import FastAPI
+from fastapi import FastAPI, HTTPException, Response
 from pydantic import BaseModel
+from ldap import modlist

-LDAP_URI = "ldap://127.0.0.1:389"
+from config import LDAP_URI, LDAP_BASE_DN

 app = FastAPI()

@ -11,19 +12,20 @@ class PasswordUpdate(BaseModel):
  bind_pw: str
  userPassword: str

-@app.post("/users/{dn}/updatePassword")
-def change_password(dn: str, updateRequest: PasswordUpdate):
-  ldap_conn = _connect_ldap_simple_bind(LDAP_URI, dn, updateRequest.bind_pw)
-  _update_ldap_userPassword(ldap_conn, updateRequest.userPassword)
+@app.post("/users/{rdn}/updatePassword", status_code=204, response_class=Response)
+def change_password(rdn: str, updateRequest: PasswordUpdate):
+  try:
+    ldap_conn = _connect_ldap_simple_bind(LDAP_URI, f"{rdn},{LDAP_BASE_DN}", updateRequest.bind_pw)
+  except ldap.INVALID_CREDENTIALS as e:
+    raise HTTPException(status_code=401, detail=str(e))
+  _update_ldap_userPassword(ldap_conn, f"{rdn},{LDAP_BASE_DN}", updateRequest.userPassword)

-def _connect_ldap_simple_bind(server_uri: str, bind_dn: str, bind_pw: str) -> LDAPObject:
+def _connect_ldap_simple_bind(server_uri: str, bind_dn: str, bind_pw: str):
  ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
  conn = ldap.initialize(server_uri)
  conn.simple_bind_s(bind_dn, bind_pw)
  return conn

-def _update_ldap_userPassword(conn: LDAPObject, new_pass: str):
-  modlist = [( ldap.MOD_REPLACE, 'userPassword', new_pass )]
-  ldap.connection.modify_s(ldap.dn, modlist)
-
-
+def _update_ldap_userPassword(conn, dn: str, new_pass: str):
+  changes = [( ldap.MOD_REPLACE, 'userPassword', bytes(str(new_pass), 'utf-8') )]
+  result = conn.modify_ext_s(dn, changes)
Author	SHA1	Message	Date
transcaffeine	ee64059f84	feat: deploy in a docker container	2021-05-23 13:00:15 +02:00
transcaffeine	9962313f31	chore: cleanup	2021-05-23 13:00:12 +02:00
transcaffeine	89672b1306	feat: move to external config	2021-05-23 12:28:13 +02:00
transcaffeine	c9b82bfe81	feat: first working draft	2021-05-23 12:23:50 +02:00