Compare commits
4 Commits
6931bfbe82
...
ee64059f84
Author | SHA1 | Date | |
---|---|---|---|
ee64059f84 | |||
9962313f31 | |||
89672b1306 | |||
c9b82bfe81 |
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
env/
|
||||
src/__pycache__/
|
10
Dockerfile
Normal file
10
Dockerfile
Normal file
@ -0,0 +1,10 @@
|
||||
FROM python:3.9-alpine
|
||||
|
||||
WORKDIR /opt/self-service
|
||||
|
||||
COPY requirements.txt ./
|
||||
RUN apk add --no-cache build-base openldap-dev python2-dev python3-dev
|
||||
RUN pip install --no-cache-dir -r requirements.txt
|
||||
|
||||
COPY ./src ./src
|
||||
CMD ["/usr/local/bin/uvicorn", "src.main:app"]
|
2
config.py
Normal file
2
config.py
Normal file
@ -0,0 +1,2 @@
|
||||
LDAP_URI = "ldap://127.0.0.1:389"
|
||||
LDAP_BASE_DN = "ou=accounts,dc=example,dc=org"
|
10
requirements.txt
Normal file
10
requirements.txt
Normal file
@ -0,0 +1,10 @@
|
||||
click==7.1.2
|
||||
fastapi==0.65.1
|
||||
h11==0.12.0
|
||||
pyasn1==0.4.8
|
||||
pyasn1-modules==0.2.8
|
||||
pydantic==1.8.2
|
||||
python-ldap==3.3.1
|
||||
starlette==0.14.2
|
||||
typing-extensions==3.10.0.0
|
||||
uvicorn==0.13.4
|
26
src/main.py
26
src/main.py
@ -1,9 +1,10 @@
|
||||
import ldap
|
||||
|
||||
from fastapi import FastAPI
|
||||
from fastapi import FastAPI, HTTPException, Response
|
||||
from pydantic import BaseModel
|
||||
from ldap import modlist
|
||||
|
||||
LDAP_URI = "ldap://127.0.0.1:389"
|
||||
from config import LDAP_URI, LDAP_BASE_DN
|
||||
|
||||
app = FastAPI()
|
||||
|
||||
@ -11,19 +12,20 @@ class PasswordUpdate(BaseModel):
|
||||
bind_pw: str
|
||||
userPassword: str
|
||||
|
||||
@app.post("/users/{dn}/updatePassword")
|
||||
def change_password(dn: str, updateRequest: PasswordUpdate):
|
||||
ldap_conn = _connect_ldap_simple_bind(LDAP_URI, dn, updateRequest.bind_pw)
|
||||
_update_ldap_userPassword(ldap_conn, updateRequest.userPassword)
|
||||
@app.post("/users/{rdn}/updatePassword", status_code=204, response_class=Response)
|
||||
def change_password(rdn: str, updateRequest: PasswordUpdate):
|
||||
try:
|
||||
ldap_conn = _connect_ldap_simple_bind(LDAP_URI, f"{rdn},{LDAP_BASE_DN}", updateRequest.bind_pw)
|
||||
except ldap.INVALID_CREDENTIALS as e:
|
||||
raise HTTPException(status_code=401, detail=str(e))
|
||||
_update_ldap_userPassword(ldap_conn, f"{rdn},{LDAP_BASE_DN}", updateRequest.userPassword)
|
||||
|
||||
def _connect_ldap_simple_bind(server_uri: str, bind_dn: str, bind_pw: str) -> LDAPObject:
|
||||
def _connect_ldap_simple_bind(server_uri: str, bind_dn: str, bind_pw: str):
|
||||
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
|
||||
conn = ldap.initialize(server_uri)
|
||||
conn.simple_bind_s(bind_dn, bind_pw)
|
||||
return conn
|
||||
|
||||
def _update_ldap_userPassword(conn: LDAPObject, new_pass: str):
|
||||
modlist = [( ldap.MOD_REPLACE, 'userPassword', new_pass )]
|
||||
ldap.connection.modify_s(ldap.dn, modlist)
|
||||
|
||||
|
||||
def _update_ldap_userPassword(conn, dn: str, new_pass: str):
|
||||
changes = [( ldap.MOD_REPLACE, 'userPassword', bytes(str(new_pass), 'utf-8') )]
|
||||
result = conn.modify_ext_s(dn, changes)
|
||||
|
Loading…
Reference in New Issue
Block a user