add bcrypt password hashing and clean up code #1
14
src/main.py
14
src/main.py
@ -1,24 +1,25 @@
|
||||
import ldap
|
||||
|
||||
from fastapi import FastAPI, HTTPException, Response
|
||||
from pydantic import BaseModel
|
||||
from ldap import modlist
|
||||
|
||||
from config import LDAP_URI, LDAP_BASE_DN
|
||||
from config import LDAP_BASE_DN, LDAP_URI
|
||||
|
||||
app = FastAPI()
|
||||
|
||||
|
||||
class PasswordUpdate(BaseModel):
|
||||
bind_pw: str
|
||||
userPassword: str
|
||||
|
||||
|
||||
@app.post("/users/{rdn}/updatePassword", status_code=204, response_class=Response)
|
||||
def change_password(rdn: str, updateRequest: PasswordUpdate):
|
||||
def change_password(rdn: str, update_request: PasswordUpdate):
|
||||
try:
|
||||
ldap_conn = _connect_ldap_simple_bind(LDAP_URI, f"{rdn},{LDAP_BASE_DN}", updateRequest.bind_pw)
|
||||
ldap_conn = _connect_ldap_simple_bind(LDAP_URI, f"{rdn},{LDAP_BASE_DN}", update_request.bind_pw)
|
||||
except ldap.INVALID_CREDENTIALS as e:
|
||||
raise HTTPException(status_code=401, detail=str(e))
|
||||
_update_ldap_userPassword(ldap_conn, f"{rdn},{LDAP_BASE_DN}", updateRequest.userPassword)
|
||||
_update_ldap_userPassword(ldap_conn, f"{rdn},{LDAP_BASE_DN}", update_request.userPassword)
|
||||
|
||||
|
||||
def _connect_ldap_simple_bind(server_uri: str, bind_dn: str, bind_pw: str):
|
||||
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
|
||||
@ -26,6 +27,7 @@ def _connect_ldap_simple_bind(server_uri: str, bind_dn: str, bind_pw: str):
|
||||
conn.simple_bind_s(bind_dn, bind_pw)
|
||||
return conn
|
||||
|
||||
|
||||
def _update_ldap_userPassword(conn, dn: str, new_pass: str):
|
||||
changes = [( ldap.MOD_REPLACE, 'userPassword', bytes(str(new_pass), 'utf-8') )]
|
||||
result = conn.modify_ext_s(dn, changes)
|
||||
|
Loading…
Reference in New Issue
Block a user